Values for content-security-policy-report-only:
script-src https: blob: 'unsafe-inline' 'unsafe-eval' 'self';base-uri 'self';report-uri https://reporting-api.gannettinnovation.com;report-to default 261
frame-ancestors 'self'; report-uri /csp_logger 136
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report 135
script-src 'none';form-action 'none';frame-src 'none'; report-uri https://csp.withgoogle.com/csp/httpsserver2/sorry 116
104
frame-ancestors 'self' 60
default-src 'self' 'unsafe-eval' 'unsafe-inline' https: blob:; frame-ancestors 'self'; style-src https: 'unsafe-inline'; connect-src https:; frame-src https:; script-src 'unsafe-eval' 'unsafe-inline' 'self' https: blob: data:; font-src https: data:; img-src https: data:; media-src https: blob:; object-src 'none'; report-uri https://o144486.ingest.sentry.io/api/5543380/security/?sentry_key=e66dfe54be8e47219dd8103b4deb2f1a&sentry_environment=policy_reports 56
default-src 'self' blob: https: data: mediastream: 'unsafe-eval' 'unsafe-inline';report-uri https://metrics.media-amazon.com/ 45
default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; report-to blogspot; report-uri https://www.blogger.com/cspreport 42
script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://ajax.googleapis.com/ajax/libs/jquery/3.6.4/jquery.min.js https://translate.google.com/translate_a/element.js https://www.google.com/recaptcha/api.js https://www.google.com/tools/feedback/chat_load.js https://www.google.com/tools/feedback/help_api.js https://www.google.com/tools/feedback/load.js https://www.google.com/tools/feedback/open.js https://www.google.com/tools/feedback/open_to_help_guide_lazy.js https://www.gstatic.com/feedback/js/ https://www.gstatic.com/feedback/js/help/prod/service/lazy.min.js https://www.gstatic.com/inproduct_help/api/main.min.js https://www.gstatic.com/inproduct_help/chatsupport/chatsupport_button_v2.js https://www.gstatic.com/inproduct_help/service/lazy.min.js https://www.gstatic.com/uservoice/feedback/client/web/live/ https://www.gstatic.com/uservoice/surveys/resources/prod/js/survey/ https://www.gstatic.com/_/mss/boq-one-google/_/ https://www.gstatic.com/og/_/js/ https://apis.google.com/js/api.js https://apis.google.com/js/client.js https://www.googletagmanager.com/gtag/js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/destination https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.UidWP-iLDKI.es5.O/ https://apis.google.com/_/scs/abc-static/_/js/ https://translate.googleapis.com/_/translate_http/_/js/ https://www.gstatic.com/recaptcha/releases/;report-uri /v3/signin/_/AccountsSignInUi/cspreport/fine-allowlist 38
report-uri /report-csp-violation 35
default-src https: wss: 'unsafe-inline' 'unsafe-eval'; font-src https: data: ; img-src  https: data: blob: ; media-src https: blob: ; worker-src https: blob: ; report-uri https://www.netflix.com/log/www/csp/1; 27
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri  /csp-report 23
block-all-mixed-content; report-uri https://blog.hatena.ne.jp/api/csp_report 21
script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://www.google.com/recaptcha/api.js https://payments.google.com/payments/v4/js/integrator.js https://clients2.google.com/gr/gr_full_2.0.6.js https://ssl.gstatic.com/external_hosted/lottie/lottie.js https://clients2.google.com/gr/gr_sync.js https://www.google-analytics.com/analytics.js https://payments.sandbox.google.com/payments/v4/js/integrator.js https://translate.google.com/translate_a/element.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/destination https://www.gstatic.com/_/mss/boq-one-google/_/ https://www.gstatic.com/og/_/js/ https://apis.google.com/js/api.js https://apis.google.com/js/client.js https://www.google.com/tools/feedback/chat_load.js https://www.google.com/tools/feedback/help_api.js https://www.google.com/tools/feedback/load.js https://www.google.com/tools/feedback/open.js https://www.google.com/tools/feedback/open_to_help_guide_lazy.js https://www.gstatic.com/feedback/js/ https://www.gstatic.com/feedback/js/help/prod/service/lazy.min.js https://www.gstatic.com/inproduct_help/api/main.min.js https://www.gstatic.com/inproduct_help/chatsupport/chatsupport_button_v2.js https://www.gstatic.com/inproduct_help/service/lazy.min.js https://www.gstatic.com/uservoice/feedback/client/web/live/ https://www.gstatic.com/uservoice/surveys/resources/prod/js/survey/ https://www.google.com/js/bg/ https://www.gstatic.com/_/boq-play/_/js/k=boq-play.PlayStoreUi.en_US.3iSJd6VfqTY.2021.O/ https://apis.google.com/_/scs/abc-static/_/js/ https://translate.googleapis.com/_/translate_http/_/js/ https://www.gstatic.com/recaptcha/releases/ https://payments.youtube.com/payments/v4/js/integrator.js https://payments.cloud.google/payments/v4/js/integrator.js;report-uri /_/PlayStoreUi/cspreport/fine-allowlist 20
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: ; form-action 'none' ; frame-ancestors 'self' ; script-src 'unsafe-eval' 'unsafe-hashes' 'report-sample'; report-uri /csp_report 19
default-src 'self' 18
frame-ancestors 'self' https://skybox.eskypartners.com; report-uri https://esky.report-uri.com/r/t/csp/enforce 18
default-src 'self'; 17
font-src fonts.gstatic.com use.typekit.net *.fontawesome.com lampenlicht.nl *.lampenlicht.nl data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com https://plumrocket.com consentcdn.cookiebot.com gum.criteo.com qlfbrands.my.salesforce.com td.doubleclick.net fledge.eu.criteo.com www.facebook.com static.criteo.net qlflivechat.secure.force.com qlfbrands.my.salesforce-sites.com www.paypalobjects.com gumi.criteo.com www.awin1.com 'self' 'unsafe-inline'; img-src cdn.lampenlicht.nl widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.adyen.com https://images.unsplash.com lampenlicht.nl *.lampenlicht.nl eprel.ec.europa.eu cdn.flbx.io *.cloudfront.net imgsct.cookiebot.com www.keurmerk.info *.fittinq.com bat.bing.com px.ads.linkedin.com *.google.com www.google.de www.google.pl www.google.nl www.google.fr www.google.gr www.google.be www.google.si www.google.hu www.google.ie www.google.lt www.google.ro www.google.se www.google.hr www.google.es www.google.it www.google.rs www.google.lv www.google.bg www.google.ba www.google.ch www.google.sk www.google.pt www.google.ee www.google.cz www.google.at www.google.co.uk www.google.co.in www.google.dk www.google.no www.google.com.ua www.google.fi www.facebook.com *.clarity.ms stats.g.doubleclick.net lantern.roeye.com www.zenaps.com www.instagram.com www.bizrate.com www.wepowerconnections.com www.awin1.com www.webshoptrustmark.be csm.nl3.eu.criteo.net *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: https: 'self' 'unsafe-inline'; script-src geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.adyen.com *.avada.io lampenlicht.nl *.lampenlicht.nl *.webeyez.com firehose.eu-west-1.amazonaws.com cognito-identity.eu-west-1.amazonaws.com consent.cookiebot.com mintminds.fittinq.com cdn.evgnet.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com *.fontawesome.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src cdn.flbx.io 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.adyen.com https://get.geojs.io *.avada.io lampenlicht.nl *.lampenlicht.nl *.webeyez.com *.evergage.com firehose.eu-west-1.amazonaws.com cognito-identity.eu-west-1.amazonaws.com *.getflowbox.com eu.api.fpjs.io maps.googleapis.com pagead2.googlesyndication.com consentcdn.cookiebot.com *.clarity.ms p.biano.nl p.biano.hu p.biano.ro p.biano.pt p.biano.it p.biano.sk p.biano.cz www.google.com www.google.nl px.ads.linkedin.com *.criteo.com bat.bing.com cdn.growthbook.io www.facebook.com ct.beslist.nl stats.g.doubleclick.net vc.hotjar.io consent.cookiebot.com the.sciencebehindecommerce.com www.wepowerconnections.com qlfbrands-communities.force.com c.bannerflow.net *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 17
report-uri /report-csp-violation; upgrade-insecure-requests 16
default-src none; script-src 'unsafe-inline' 'unsafe-eval' *.alicdn.com *.aliyun.com ynuf.alipay.com; style-src 'unsafe-inline' *.alicdn.com *.aliyun.com; img-src data: blob: *.alicdn.com *.aliyuncs.com *.aliyun.com *.mmstat.com; connect-src *.aliyun.com wss://*.aliyun.com *.aliyuncs.com *.alicdn.com *.mmstat.com gw.alipayobjects.com ynuf.aliapp.org bdc.alibabachengdun.com ynuf.alipay.com; font-src data: *.alicdn.com *.aliyun.com; frame-src *.aliyun.com *.alicdn.com *.alibabacloud.com; media-src data: blob: *.alicdn.com *.aliyun.com *.taobao.com; report-uri //www.aliyun.com/api/log/csp-report 16
script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://www.google.com/recaptcha/enterprise.js https://www.gstatic.com/_/mss/boq-one-google/_/ https://www.gstatic.com/og/_/js/ https://apis.google.com/js/api.js https://apis.google.com/js/client.js https://www.googletagmanager.com/gtag/js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/destination https://www.gstatic.com/_/mss/boq-recaptcha/_/js/k=boq-recaptcha.RecaptchaChallengePageUi.en_US.p-lCi35WpTw.es5.O/ https://apis.google.com/_/scs/abc-static/_/js/ https://www.gstatic.com/recaptcha/releases/;report-uri /recaptcha/challengepage/_/RecaptchaChallengePageUi/cspreport/fine-allowlist 15
font-src www.paypalobjects.com *.googleapis.com *.gstatic.com *.cloudflare.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com pay.google.com payments-eu.amazon.com *.amazon.de https://www.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src https://www.youtube.com/ *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com *.youtube.com https://www.google.com/ bid.g.doubleclick.net *.adyen.com pay.google.com *.paypal.com www.google.com https://www.facebook.com https://googleads.g.doubleclick.net https://bid.g.doubleclick.net https://td.doubleclick.net/ https://www.google.com.ua/ https://www.google.bg/ https://ct.pinterest.com/ https://www.googletagmanager.com/ 'self' 'unsafe-inline'; img-src data: widgets.magentocommerce.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com validator.swagger.io *.adyen.com pay.google.com *.payments-amazon.com *.media-amazon.com *.paypalobjects.com *.googleapis.com *.gstatic.com https://images.unsplash.com https://www.google.com https://bat.bing.com/ https://www.facebook.com https://cdn.kaffekapslen.be https://www.google.com.ua/ https://www.google.bg/ https://www.google.dk/ https://googleads.g.doubleclick.net https://bid.g.doubleclick.net https://kaffekapslen.dk/ https://kaffekapslen.media https://www.googletagmanager.com/ https://app.usercentrics.eu/ https://connect.facebook.net/ https://firebasestorage.googleapis.com data: 'self' 'unsafe-inline'; script-src www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://maps.googleapis.com cdn.jsdelivr.net https://kaffekapslen.media/ https://app.usercentrics.eu/ https://connect.facebook.net/ https://bat.bing.com/ https://www.clarity.ms/ *.avada.io *.shopify.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com cdn.jsdelivr.net *.cloudflare.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.googleadservices.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com *.adyen.com *.google.com https://www.google.com payments-eu.amazon.com *.paypal.com *.googleapis.com https://maps.googleapis.com https://player.vimeo.com https://www.facebook.com eu.playground.klarnaevt.com https://www.kaffekapslen.dk/ https://az-apim-st-kaffekapslen.azure-api.net/ api.kaffekapslen.com https://googleads.g.doubleclick.net https://bat.bing.com/ https://kaffekapslen.matomo.cloud/ https://api.usercentrics.eu/ https://pagead2.googlesyndication.com/ https://graphql.usercentrics.eu/graphql https://monitor.kaffekapslen.com/ https://google.com/pay https://region1.google-analytics.com https://www.google.bg/ https://capig.kaffekapslen.dk/ https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 15
upgrade-insecure-requests; 14
default-src https: 'self' *.facebook.net *.googletagmanager.com *.bizibly.com *.doubleclick.net https://*.intercomcdn.com https://*.datadoghq-browser-agent.com; font-src 'self' https://*.intercomcdn.com *.fontawesome.com data:; base-uri 'none'; object-src data: 'unsafe-eval'; img-src 'self' data: * ; script-src https: 'self' 'unsafe-eval' 'unsafe-inline' http://*.google-analytics.com http://*.gstatic.com http://*.bing.com http://*.googleadservices.com http://*.hs-scripts.com http://*.bizible.com *.facebook.net *.googletagmanager.com http://*.fontawesome.com http://*.outbrain.com blob:; style-src https: 'self' *.fontawesome.com 'unsafe-inline'; report-uri /rest/trackers/csp; 12
default-src 'self'; script-src 'self' unpkg.com/react-scan/ acdn.adnxs.com analytics.tiktok.com bat.bing.com cdn.attn.tv cdn.cookielaw.org cdn.shopify.com cdn-scripts.signifyd.com connect.facebook.net cdn.kustomerapp.com ct.pinterest.com js-agent.newrelic.com googleads.g.doubleclick.net imgs.signifyd.com js.klarna.com lantern.roeyecdn.com maps.googleapis.com pixel.byspotify.com rapid-cdn.yottaa.com s.pinimg.com script.crazyegg.com script.hotjar.com sc-static.net static.klaviyo.com static-tracking.klaviyo.com static.kyc.red str.rise-ai.com static.hotjar.com the.sciencebehindecommerce.com tr.snapchat.com track.sv.rkdms.com try.abtasty.com track.securedvisit.com www.dwin1.com www.google.com www.googleadservices.com www.googletagmanager.com www.gstatic.com www.powr.io www.youtube.com *.afterpay.com *.bglobale.com *.forter.com *.cloudfront.net *.contentsquare.net *.global-e.com *.liadm.com *.online-metrix.net *.outbrain.com *.yotpo.com 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline' fonts.googleapis.com maxcdn.bootstrapcdn.com static.klaviyo.com static-tracking.klaviyo.com x.klarnacdn.net www.gstatic.com *.global-e.com *.bglobale.com *.yotpo.com; img-src 'self' assets.rise-ai.com bat.bing.com cdn.bfldr.com cdn.cookielaw.org cdn.kustomerhostedcontent.com cdn.shopify.com events.attentivemobile.com googleads.g.doubleclick.net i.geistm.com i.ytimg.com images.contentstack.io imgs.signifyd.com ib.adnxs.com kustomer-prod1-attachments.s3.amazonaws.com lantern.roeye.com maps.googleapis.com maps.gstatic.com segment.prod.bidr.io track.securedvisit.com tr.snapchat.com verifi.podscribe.com vuoriclothing.com www.facebook.com www.googleadservices.com www.googletagmanager.com www.gstatic.com www.wepowerconnections.com www.google.com www.google.co.uk www.google.ae www.google.com.sg www.google.nl www.google.com.mx www.google.ie www.google.com.hk www.google.de www.google.fr www.google.ca www.google.com.au www.google.co.in www.google.com.pk www.powrcdn.com *.afterpay.com *.bglobale.com *.contentsquare.net *.cloudfront.net *.liadm.com *.online-metrix.net *.global-e.com *.yotpo.com data: blob:; font-src 'self' cdn.kustomerapp.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdn.shopify.com static.klaviyo.com use.fontawesome.com x.klarnacdn.net data:; connect-src 'self' api.nosto.com api-js.datadome.co application.rise-ai.com analytics.google.com analytics.tiktok.com bam.nr-data.net bat.bing.com browser-intake-us5-datadoghq.com cdn.contentstack.io cdn.cookielaw.org content.hotjar.io ct.pinterest.com events.attentivemobile.com geolocation.onetrust.com google.com gtmss.vuoriclothing.com ib.adnxs.com insights.algolia.io ingesteer.services-prod.nsvcs.net imgs.signifyd.com o311874.ingest.sentry.io ipv4.podscribe.com js.klarna.com metrics.hotjar.io pixels.spotify.com play.google.com privacyportal.onetrust.com script.crazyegg.com s3.amazonaws.com stats.g.doubleclick.net the.sciencebehindecommerce.com vc.hotjar.io vuori.api.kustomerapp.com www.wepowerconnections.com www.facebook.com www.googleadservices.com www.google.com www.googletagmanager.com www.google.co.in www.google-analytics.com www.powr.io *.abtasty.com *.afterpay.com *.algolianet.com *.algolia.net *.attn.tv *.boldmetrics.io *.bglobale.com *.cloudfront.net *.cloudflare.com *.contentsquare.net *.crazyegg.com *.forter.com wss://*.forter.com wss://ws.hotjar.com *.googleapis.com *.global-e.com *.browser-intake-datadoghq.com *.jsdelivr.net *.klaviyo.com *.klarnaevt.com *.liadm.com *.myshopify.com *.outbrain.com *.pndsn.com *.snapchat.com *.telemetry.vaultdcr.com *.yotpo.com *.yottaa.net https://func-ranger-westus-dev.azurewebsites.net; https://func-ranger-westus-prod.azurewebsites.net; https://func-ranger-westus-stg.azurewebsites.net; media-src 'self' cdn.bfldr.com kustomer-prod1-attachments.s3.amazonaws.com *.checkout.vuoriclothing.com *.vuoriclothing.com data blob:; frame-src 'self' app.netlify.com ct.pinterest.com e.issuu.com imgs.signifyd.com geo-ipv6.captcha-delivery.com gtmss.vuoriclothing.com js.klarna.com static.kyc.red str.rise-ai.com td.doubleclick.net tr.snapchat.com www.facebook.com www.google.com www.googletagmanager.com www.powr.io www.youtube.com *.attn.tv *.online-metrix.net; worker-src 'self' https://imgs.signifyd.com blob:; frame-ancestors 'none'; object-src 'none'; base-uri 'self'; report-uri /api/csp-report; 12
script-src 'self' 'report-sample'; report-uri https://events.mercadolibre.com/csp/reports?identifier=XX6LqlNtzBq3rUunlqLi0k62RTpvIoDoem-VazsBsyv5_g08YyAfB0YaKg==&policy_id=14; report-to csp-endpoint 11
default-src 'self';base-uri 'none';frame-ancestors 'self';frame-src 'self' 5164101.fls.doubleclick.net apps.rokt.com audible.demdex.net bs.serving-sys.com s.amazon-adsystem.com td.doubleclick.net tr.snapchat.com www.facebook.com;style-src 'self' 'unsafe-inline' images-na.ssl-images-amazon.com;script-src 'self' 'unsafe-inline' apps.rokt.com audible.sc.omtrdc.net bat.bing.com/bat.js bat.bing.com/p/action/4004590.js bat.bing.com/p/insights/s/0.7.20 bat.bing.com/p/insights/t/4004590 connect.facebook.net d.impactradius-event.com d1g3myji5lplsh.cloudfront.net d2nttevkh1mtzs.cloudfront.net googleads.g.doubleclick.net images-na.ssl-images-amazon.com sc-static.net siteintercept.qualtrics.com tr.snapchat.com www.googleadservices.com/pagead/conversion/ www.googletagmanager.com zn5ygnnjlk4oo0dy1-audible.siteintercept.qualtrics.com;media-src 'self' images-na.ssl-images-amazon.com/images/ m.media-amazon.com samples.audible.co.uk samples.audible.com;object-src 'none';connect-src 'self' adservice.google.com/pagead/regclk api.audible.com audible.sc.omtrdc.net/b/ss/ audible.tt.omtrdc.net/rest/v1/delivery bat.bing.com/p/insights/c/ dpm.demdex.net fls-na.amazon.com m.media-amazon.com pagead2.googlesyndication.com/pagead/buyside_topics/set/ siteintercept.qualtrics.com tr.snapchat.com unagi-na.amazon.com unagi.amazon.com www.audible.com www.facebook.com/tr/ www.google.com/pagead/landing;font-src www.audible.com m.media-amazon.com;img-src 'self' ad.doubleclick.net bat.bing.com/action/0 fls-na.amazon.com googleads.g.doubleclick.net/pagead/viewthroughconversion/ images-eu.ssl-images-amazon.com images-na.ssl-images-amazon.com m.media-amazon.com s.amazon-adsystem.com/iui3 www.facebook.com www.google.ca/pagead/1p-user-list/ www.google.ch/pagead/1p-user-list/ www.google.ee/pagead/1p-user-list/ www.google.pt/pagead/1p-user-list/ www.google.ro/pagead/1p-user-list/ www.google.se/pagead/1p-user-list/ www.google.co.cr/pagead/1p-user-list/ www.google.co.il/pagead/1p-user-list/ www.google.co.in/pagead/1p-user-list/ www.google.co.ke/pagead/1p-user-list/ www.google.co.kr/pagead/1p-user-list/ www.google.co.nz/pagead/1p-user-list/ www.google.co.th/pagead/1p-user-list/ www.google.co.uk/pagead/1p-user-list/ www.google.co.za/pagead/1p-user-list/ www.google.com.ar/pagead/1p-user-list/ www.google.com.br/pagead/1p-user-list/ www.google.com.co/pagead/1p-user-list/ www.google.com.do/pagead/1p-user-list/ www.google.com.ec/pagead/1p-user-list/ www.google.com.hk/pagead/1p-user-list/ www.google.com.jm/pagead/1p-user-list/ www.google.com.mx/pagead/1p-user-list/ www.google.com.my/pagead/1p-user-list/ www.google.com.ng/pagead/1p-user-list/ www.google.com.pa/pagead/1p-user-list/ www.google.com.pe/pagead/1p-user-list/ www.google.com.ph/pagead/1p-user-list/ www.google.com.pk/pagead/1p-user-list/ www.google.com.sg/pagead/1p-user-list/ www.google.com/pagead/1p-user-list/ www.google.de/pagead/1p-user-list/ www.google.dk/pagead/1p-user-list/ www.google.es/pagead/1p-user-list/ www.google.ie/pagead/1p-user-list/ www.google.no/pagead/1p-user-list/ www.googleadservices.com/pagead/conversion/ www.googletagmanager.com 11
default-src 'self'; connect-src 'self' https://www.google-analytics.com https://*.newrelic.com https://*.nr-data.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.googletagmanager.com; font-src 'self' https://themes.googleusercontent.com fonts.gstatic.com https://cdn.jsdelivr.net data:; frame-src 'self' https://www.youtube.com https://www.vimeo.com; img-src 'self' https://translate.google.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.jsdelivr.net https://i.ytimg.com https://www.gstatic.com https://maps.gstatic.com https://maps.googleapis.com https://*.google-analytics.com https://*.googletagmanager.com data:; script-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://*.newrelic.com https://*.nr-data.net https://*.googletagmanager.com cdn.jsdelivr.net cdnjs.cloudflare.com https://cdn.ckeditor.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com maps.googleapis.com unpkg.com; script-src-attr 'self'; script-src-elem 'self' https://www.googletagmanager.com https://www.google-analytics.com https://*.newrelic.com https://*.nr-data.net cdn.jsdelivr.net cdnjs.cloudflare.com https://cdn.ckeditor.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com maps.googleapis.com unpkg.com; style-src 'self' cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com unpkg.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com unpkg.com; block-all-mixed-content 11
frame-ancestors 'self' https://*.yahooinc.com; object-src 'none'; script-src 'none'; report-uri https://csp.yahoo.com/beacon/csp?src=yahooinc; 10
default-src https: data: 'unsafe-inline' 'unsafe-eval' 10
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ntdsgswbsc:55:0 10
font-src *.typekit.net fonts.gstatic.com use.typekit.net *.googleapis.com *.gstatic.com data: maxcdn.bootstrapcdn.com 'self' data: *.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.facebook.com *.facebook.net *.clarity.ms get.geojs.io stats.g.doubleclick.net *.zdassets.com *.zendesk.com rum-collector-2.pingdom.net bam.nr-data.net *.klaviyo.com *.xtento.com *.tiktok.com *.google.com *.sportline.com.pa *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.instagram.com www.google.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com pay.google.com sandbox.secure.checkout.visa.com secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com *.blob.core.windows.net/* *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.facebook.com *.facebook.net *.clarity.ms get.geojs.io stats.g.doubleclick.net *.zdassets.com *.zendesk.com rum-collector-2.pingdom.net bam.nr-data.net *.klaviyo.com *.xtento.com *.tiktok.com *.google.com *.sportline.com.pa *.weltpixel.com *.wesupply.xyz https://wesupplylabs.com c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com *.paypal.com * www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.ftcdn.net *.behance.net *.gstatic.com *.googleapis.com *.cdninstagram.com www.gstatic.com sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.facebook.com *.facebook.net *.clarity.ms get.geojs.io stats.g.doubleclick.net *.zdassets.com *.zendesk.com rum-collector-2.pingdom.net bam.nr-data.net *.klaviyo.com *.xtento.com *.tiktok.com *.google.com *.google.com.pa *.sportline.com.pa 'self' data: *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.paypal.com *.apptrian.com https://www.google.com https://www.google.com.co maps.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com beacon-qa.magento-datasolutions.com beacon-stage.magento-ds.com beacon.magento-ds.com beacon-audiences.magento-ds.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.googleapis.com *.gstatic.com *.instagram.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.online-metrix.net testflex.cybersource.com flex.cybersource.com pay.google.com x.klarnacdn.net sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com chimpstatic.com downloads.mailchimp.com *.list-manage.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.blob.core.windows.net/* *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.facebook.com *.facebook.net *.clarity.ms get.geojs.io stats.g.doubleclick.net *.zdassets.com *.zendesk.com rum-collector-2.pingdom.net bam.nr-data.net *.klaviyo.com *.hotjar.com *.xtento.com *.tiktok.com *.sportline.com.pa *.pangle-ads.com *.adobedtm.com *.google.com *.google-analytics.com *.cloudflare.com maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com beacon-audiences.magento-ds.com fonts.googleapis.com downloads.mailchimp.com https://static.klaviyo.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com maxcdn.bootstrapcdn.com *.google.com *.typekit.net *.googleapis.com *.gstatic.com *.bootstrapcdn.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.snplow.net commerce.adobedc.net p13n-mr.adobe.io beacon-audiences.magento-ds.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobedc.net *.demdex.net *.adobe.io performance.typekit.net *.sentry.io *.googleapis.com thm.visa.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.sistecredito.com/* *.blob.core.windows.net/* *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.facebook.com *.facebook.net *.clarity.ms get.geojs.io stats.g.doubleclick.net *.zdassets.com *.zendesk.com rum-collector-2.pingdom.net bam.nr-data.net *.klaviyo.com *.hotjar.com *.xtento.com *.tiktok.com *.google.com *.sportline.com.pa *.pangle-ads.com assets.adobedtm.com *.adobedtm.com *.google-analytics.com *.paypal.com api.mercadopago.com tm.filter:* maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com google.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 10
connect-src 'self' wss: ws: *.doubleclick.net *.googlesyndication.com *.klaviyo.com *.klarnacdn.net *.cookiebot.com *.termly.io cloudflareinsights.com *.facebook.com *.dojo.tech *.salesfire.co.uk *.onlinesizing.bike *.tawk.to cdn-cookieyes.com *.cookieyes.com *.klaviyo.com *.appspot-preview.com *.bing.com *.clarity.ms *.fontawesome.com *.google-analytics.com *.google.com *.google.co.uk *.googleapis.com *.googletagmanager.com *.hotjar.com *.iubenda.com *.klarna.com *.klarnaservices.com *.luckyorange.com *.luckyorange.net *.nr-data.net *.paymentsense.cloud *.pushsales.app *.salesfire.co.uk *.sharethis.com *.smartlook.cloud *.visitors.live api.getaddress.io bat.bing.com content.hotjar.io eu.klarnaevt.com js.klarna.com live.smartmetrics.co.uk manager.eu.smartlook.cloud maps.googleapis.com metrics.hotjar.io na.klarnaevt.com stats.g.doubleclick.net vc.hotjar.io www.google.se centinelapi.cardinalcommerce.com *.outfindo.com outfindo.com *.promofeatures.com js.stripe.com *.sandbox.paypal.com *.paypal.com consentprotect.com *.accounts.google.com; default-src 'self' *.klaviyo.com  *.dojo.tech *.salesfire.co.uk *.googleapis.com *.trustpilot.com; font-src 'self' *.klaviyo.com *.dojo.tech  *.pushsales.app *.tawk.to *.salesfire.co.uk *.klaviyo.com fonts.gstatic.com *.cloudflare.com *.fontawesome.com *.typekit.net x.klarnacdn.net js.stripe.com *.sandbox.paypal.com *.paypal.com consent.cookiebot.com; form-action 'self' *.list-manage.com translate.googleapis.com pay.realexpayments.com *.klaviyo.com *.dojo.tech *.facebook.com *.paypal.com *.sagepay.com *.worldpay.com eu-library.klarnaservices.com gateway.cardstream.com live.opayo.eu.elavon.com mdepayments.epdq.co.uk test.opayo.eu.elavon.com js.stripe.com *.sandbox.paypal.com *.paypal.com *.accounts.google.com; frame-ancestors 'self'; frame-src *.outfindo.com youtu.be *.klaviyo.com hubtiger.com  app.bikerentalmanager.com connect.garmin.com widgets.sociablekit.com *.paypalobjects.com www.googletagmanager.com bikesizing.cube.eu www.paypal.com bookings.hubtiger.com challenges.cloudflare.com *.onlinesizing.bike consentcdn.cookiebot.com *.termly.io *.doubleclick.net *.facebook.com *.google.com *.google.co.uk *.greencommuteinitiative.uk greencommuteinitiative.uk *.instagram.com *.paymentsense.cloud *.sharethis.com *.strava.com *.trustpilot.com *.vimeo.com *.youtube-nocookie.com *.youtube.com www.komoot.com cdn.salesfire.co.uk jejames.checkfront.co.uk js.klarna.com td.doubleclick.net www.cyclescheme.co.uk osm.klarnaservices.com *.webmaps.co.uk centinelapi.cardinalcommerce.com js.stripe.com forms.office.com ridewithgps.com platform.twitter.com *.webgains.com *.recaptcha.net *.sandbox.paypal.com *.paypal.com consentprotect.com *.accounts.google.com consent.cookiebot.com; img-src 'self' 'unsafe-inline' data: https: *.klaviyo.com *.dojo.tech *.google-analytics.com *.googletagmanager.com *.gravatar.com 0.gravatar.com l.sharethis.com www.gravatar.com www.specialized.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' player.vimeo.com platform.twitter.com *.consentprotect.com www.googletagmanager.com www.youtube.com *.livechatinc.com *.kaspersky-labs.com *.googlesyndication.com analytics.tiktok.com *.googleadservices.com *.paypal.com widget.privy.com *.list-manage.com *.amazonaws.com *.mailchimp.com *.klaviyo.com *.checkfront.co.uk *.klarnacdn.net *.pushsales.co.uk challenges.cloudflare.com static.cloudflareinsights.com ajax.cloudflare.com *.dojo.tech *.cube.eu *.klarnaservices.com *.clarity.ms *.hotjar.com *.bing.com *.salesfire.co.uk js.klarna.com *.onlinesizing.bike *.clarity.ms *.tawk.to *.avln.me *.bing.com *.webgains.io *.klaviyo.com cdn-cookieyes.com *.chimpstatic.com chimpstatic.com *.googleapis.com *.getaddress.io *.iubenda.com *.addthis.com *.cloudflare.com *.cloudfront.net *.doubleclick.net *.facebook.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com *.instagram.com *.klarna.com *.klarnaservices.com *.luckyorange.com *.newrelic.com *.nr-data.net *.paymentsense.cloud *.pushsales.app *.salesfire.co.uk *.sharethis.com *.trustpilot.com *.typekit.net *.vimeo.com cdn.jsdelivr.net cdn.salesfire.co.uk cdnjs.cloudflare.com code.jquery.com *.cookiebot.com *.termly.io hit.salesfire.co.uk js.klarna.com kit.fontawesome.com maps.googleapis.com polyfill-fastly.io script.hotjar.com *.elfsight.com static.hotjar.com unpkg.com web-sdk.smartlook.com www.google.com www.gstatic.com x.klarnacdn.net osm.klarnaservices.com *.webmaps.co.uk centinelapi.cardinalcommerce.com *.outfindo.com outfindo.com *.promofeatures.com js.stripe.com *.sandbox.paypal.com *.paypal.com consentprotect.com *.accounts.google.com consent.cookiebot.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' player.vimeo.com platform.twitter.com *.consentprotect.com www.googletagmanager.com www.youtube.com *.livechatinc.com *.kaspersky-labs.com *.googlesyndication.com analytics.tiktok.com *.googleadservices.com *.paypal.com widget.privy.com *.list-manage.com *.amazonaws.com *.mailchimp.com *.klaviyo.com *.checkfront.co.uk *.klarnacdn.net *.pushsales.co.uk challenges.cloudflare.com static.cloudflareinsights.com ajax.cloudflare.com *.dojo.tech *.cube.eu *.klarnaservices.com *.clarity.ms *.hotjar.com *.bing.com *.salesfire.co.uk js.klarna.com *.onlinesizing.bike *.clarity.ms *.tawk.to *.avln.me *.bing.com *.webgains.io *.klaviyo.com cdn-cookieyes.com *.chimpstatic.com chimpstatic.com *.googleapis.com *.getaddress.io *.iubenda.com *.addthis.com *.cloudflare.com *.cloudfront.net *.doubleclick.net *.facebook.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com *.instagram.com *.klarna.com *.klarnaservices.com *.luckyorange.com *.newrelic.com *.nr-data.net *.paymentsense.cloud *.pushsales.app *.salesfire.co.uk *.sharethis.com *.trustpilot.com *.typekit.net *.vimeo.com cdn.jsdelivr.net cdn.salesfire.co.uk cdnjs.cloudflare.com code.jquery.com *.cookiebot.com *.termly.io hit.salesfire.co.uk js.klarna.com kit.fontawesome.com maps.googleapis.com polyfill-fastly.io script.hotjar.com *.elfsight.com static.hotjar.com unpkg.com web-sdk.smartlook.com www.google.com www.gstatic.com x.klarnacdn.net osm.klarnaservices.com *.webmaps.co.uk centinelapi.cardinalcommerce.com *.outfindo.com outfindo.com *.promofeatures.com js.stripe.com *.sandbox.paypal.com *.paypal.com consentprotect.com *.accounts.google.com consent.cookiebot.com; style-src 'self' 'unsafe-inline' *.google.com www.google.com *.mailchimp.com *.klaviyo.com *.dojo.tech *.paymentsense.cloud *.tawk.to *.salesfire.co.uk *.klaviyo.com *.getaddress.io  *.googleapis.com *.pushsales.app *.typekit.net cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com npkg.com x.klarnacdn.net js.stripe.com *.sandbox.paypal.com *.paypal.com consentprotect.com *.accounts.google.com; style-src-elem 'self' 'unsafe-inline' *.google.com www.google.com *.mailchimp.com *.klaviyo.com *.dojo.tech *.paymentsense.cloud *.tawk.to *.salesfire.co.uk *.klaviyo.com *.getaddress.io  *.googleapis.com *.pushsales.app *.typekit.net cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com npkg.com x.klarnacdn.net js.stripe.com *.sandbox.paypal.com *.paypal.com consentprotect.com *.accounts.google.com; report-to csp-endpoint; 10
report-uri https://cspr.app.rbb-cloud.de/cspr/;frame-ancestors 'self' https://www.rbb24.de https://*.rbb-online.de https://www.radioeins.de https://www.fritz.de https://www.antennebrandenburg.de https://www.inforadio.de https://www.rbb888.de; 9
default-src * 'self'; style-src * 'self' 'unsafe-inline'; img-src * 'self' data: blob:; script-src * 'self' about: 'unsafe-inline' 'unsafe-eval' data:; worker-src * 'self' data: blob: 'unsafe-eval' 'unsafe-inline'; frame-src * 'self'; media-src 'self' blob: *; font-src * 'self' data:; upgrade-insecure-requests; form-action 'self'; frame-ancestors 'self';report-uri /contentsecuritypolicy/report 9
font-src cash-f.squarecdn.com *.fontawesome.com data: *.gstatic.com *.photoslurp.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ * *.facebook.com *.mediquo.com *.hotjar.com *.criteo.com *.google.com *.clic2buy.com *.vimeo.com *.photoslurp.com *.sitescout.com *.criteo.net 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io * cdn.doofinder.com *.cloudfront.net *.amazonaws.com *.bing.com *.facebook.com widget-mediator.zopim.com *.swogo.net *.criteo.com *.googleapis.com *.google.com *.google.es *.google.com.br *.gstatic.com *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net *.photoslurp.com *.googleusercontent.com *.clarity.ms *.smartadserver.com *.bidswitch.net *.adnxs.com *.casalemedia.com *.360yield.com *.media.net *.mediavine.com *.outbrain.com *.pubmatic.com *.rubiconproject.com *.sharethrough.com *.taboola.com *.teads.tv *.3lift.com *.yahoo.com *.adform.net *.omnitagjs.com id5-sync.com *.yieldlab.net *.yieldmo.com *.demdex.net *.krxd.net *.thebrighttag.com *.sitescout.com *.sanity.io data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com cdn.doofinder.com *.naturitas.com naturitas.slgnt.eu static.zdassets.com bat.bing.com connect.facebook.net *.swogo.net *.hotjar.com *.mediquo.com static.criteo.net *.criteo.com *.typeform.com *.clic2buy.com polyfill.io *.googleapis.com *.google.com *.google.es *.google.com.br *.googleoptimize.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net *.photoslurp.com *.clarity.ms *.pixel.ad *.dwin1.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.cash.app *.doofinder.com *.fontawesome.com *.googleapis.com *.photoslurp.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com * *.doofinder.com wss://*.doofinder.com *.naturitas.com *.naturitas.es naturitas-atc.zendesk.com ekr.zdassets.com wss://widget-mediator.zopim.com *.swogo.net *.googlesyndication.com *.hotjar.com *.google.com *.google.es *.google.com.br *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net *.adyen.com *.photoslurp.com *.clarity.ms *.apicdn.sanity.io *.api.sanity.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 9
default-src 'self' data: wss://enu3cdg6tvghrjuahpbe6c6w5i.appsync-api.eu-west-1.amazonaws.com/graphql wss://enu3cdg6tvghrjuahpbe6c6w5i.appsync-realtime-api.eu-west-1.amazonaws.com/graphql s3.eu-west-1.amazonaws.com/uploads.knowbe4.eu/ api-js.mixpanel.com app.pendo.io btb-glossary-bucket-production-us-east-1.s3.amazonaws.com https://browser-intake-datadoghq.com/ cdn.pendo.io data.pendo.io fonts.googleapis.com metrics.articulate.com modstore.knowbe4.com modstore-production-us-east-1.s3.amazonaws.com https://*.knowbe4.com https://*.kb4od.run https://*.ckeditor.com/ https://*.launchdarkly.com/ https://*.zopim.com/ https://api-js.mixpanel.com https://api.mixpanel.com/ https://cdnjs.cloudflare.com/ https://code.highcharts.com/ https://data.pendo.io/ https://ekr.zdassets.com/ https://ekr.zendesk.com/ https://knowbe4.zendesk.com/ https://knowbe4.zendesk.com/embeddable/config https://knowbe4.zendesk.com/embeddable_blip https://knowbe4.zendesk.com/frontendevents/dl https://knowbe4.zendesk.com/frontendevents/pv https://s3.amazonaws.com/development.uploads.knowbe4.com/ https://s3.amazonaws.com/kmsat-development.uploads.knowbe4.com/ https://s3.amazonaws.com/helpimg/ https://s3.amazonaws.com/helpimg-kmsat-development-us-east-1/ https://helpimg.s3.amazonaws.com/ https://static.zdassets.com/ https://zendesk-eu.my.sentry.io/ pendo-static-6167502888239104.storage.googleapis.com wss://*.zopim.com/ wss://knowbe4.zendesk.com/ ; child-src 'self' blob: ; connect-src 'self' data: blob: wss://enu3cdg6tvghrjuahpbe6c6w5i.appsync-api.eu-west-1.amazonaws.com/graphql wss://enu3cdg6tvghrjuahpbe6c6w5i.appsync-realtime-api.eu-west-1.amazonaws.com/graphql s3.eu-west-1.amazonaws.com/uploads.knowbe4.eu/ api-js.mixpanel.com app.pendo.io btb-glossary-bucket-production-us-east-1.s3.amazonaws.com https://browser-intake-datadoghq.com/ cdn.pendo.io data.pendo.io fonts.googleapis.com metrics.articulate.com modstore.knowbe4.com modstore-production-us-east-1.s3.amazonaws.com https://*.knowbe4.com https://*.kb4od.run https://*.ckeditor.com/ https://*.launchdarkly.com/ https://*.zopim.com/ https://api-js.mixpanel.com https://api.mixpanel.com/ https://cdnjs.cloudflare.com/ https://code.highcharts.com/ https://data.pendo.io/ https://ekr.zdassets.com/ https://ekr.zendesk.com/ https://knowbe4.zendesk.com/ https://knowbe4.zendesk.com/embeddable/config https://knowbe4.zendesk.com/embeddable_blip https://knowbe4.zendesk.com/frontendevents/dl https://knowbe4.zendesk.com/frontendevents/pv https://s3.amazonaws.com/development.uploads.knowbe4.com/ https://s3.amazonaws.com/kmsat-development.uploads.knowbe4.com/ https://s3.amazonaws.com/helpimg/ https://s3.amazonaws.com/helpimg-kmsat-development-us-east-1/ https://helpimg.s3.amazonaws.com/ https://static.zdassets.com/ https://zendesk-eu.my.sentry.io/ pendo-static-6167502888239104.storage.googleapis.com wss://*.zopim.com/ wss://knowbe4.zendesk.com/ ; frame-src 'self' blob: wss://enu3cdg6tvghrjuahpbe6c6w5i.appsync-api.eu-west-1.amazonaws.com/graphql wss://enu3cdg6tvghrjuahpbe6c6w5i.appsync-realtime-api.eu-west-1.amazonaws.com/graphql s3.eu-west-1.amazonaws.com/uploads.knowbe4.eu/ api-js.mixpanel.com app.pendo.io btb-glossary-bucket-production-us-east-1.s3.amazonaws.com https://browser-intake-datadoghq.com/ cdn.pendo.io data.pendo.io fonts.googleapis.com metrics.articulate.com modstore.knowbe4.com modstore-production-us-east-1.s3.amazonaws.com https://*.knowbe4.com https://*.kb4od.run https://*.ckeditor.com/ https://*.launchdarkly.com/ https://*.zopim.com/ https://api-js.mixpanel.com https://api.mixpanel.com/ https://cdnjs.cloudflare.com/ https://code.highcharts.com/ https://data.pendo.io/ https://ekr.zdassets.com/ https://ekr.zendesk.com/ https://knowbe4.zendesk.com/ https://knowbe4.zendesk.com/embeddable/config https://knowbe4.zendesk.com/embeddable_blip https://knowbe4.zendesk.com/frontendevents/dl https://knowbe4.zendesk.com/frontendevents/pv https://s3.amazonaws.com/development.uploads.knowbe4.com/ https://s3.amazonaws.com/kmsat-development.uploads.knowbe4.com/ https://s3.amazonaws.com/helpimg/ https://s3.amazonaws.com/helpimg-kmsat-development-us-east-1/ https://helpimg.s3.amazonaws.com/ https://static.zdassets.com/ https://zendesk-eu.my.sentry.io/ pendo-static-6167502888239104.storage.googleapis.com wss://*.zopim.com/ wss://knowbe4.zendesk.com/ android-webview-video-poster: https://player.vimeo.com https://*.ccm.knowbe4.com https://*.internal.knowbe4.com https://*.ccm.internal.knowbe4.com ; font-src 'self' data: fonts.gstatic.com helpimg.s3.amazonaws.com use.fontawesome.com use.typekit.net https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/ ; img-src * 'self' blob: cid: data: file: android-webview-video-poster: https://cdn.mxpnl.com/ https://v2assets.zopim.io/ https://static.zdassets.com/ app.pendo.io cdn.pendo.io data.pendo.io pendo-static-6167502888239104.storage.googleapis.com ; media-src 'self' about: blob: data: wss://enu3cdg6tvghrjuahpbe6c6w5i.appsync-api.eu-west-1.amazonaws.com/graphql wss://enu3cdg6tvghrjuahpbe6c6w5i.appsync-realtime-api.eu-west-1.amazonaws.com/graphql s3.eu-west-1.amazonaws.com/uploads.knowbe4.eu/ api-js.mixpanel.com app.pendo.io btb-glossary-bucket-production-us-east-1.s3.amazonaws.com https://browser-intake-datadoghq.com/ cdn.pendo.io data.pendo.io fonts.googleapis.com metrics.articulate.com modstore.knowbe4.com modstore-production-us-east-1.s3.amazonaws.com https://*.knowbe4.com https://*.kb4od.run https://*.ckeditor.com/ https://*.launchdarkly.com/ https://*.zopim.com/ https://api-js.mixpanel.com https://api.mixpanel.com/ https://cdnjs.cloudflare.com/ https://code.highcharts.com/ https://data.pendo.io/ https://ekr.zdassets.com/ https://ekr.zendesk.com/ https://knowbe4.zendesk.com/ https://knowbe4.zendesk.com/embeddable/config https://knowbe4.zendesk.com/embeddable_blip https://knowbe4.zendesk.com/frontendevents/dl https://knowbe4.zendesk.com/frontendevents/pv https://s3.amazonaws.com/development.uploads.knowbe4.com/ https://s3.amazonaws.com/kmsat-development.uploads.knowbe4.com/ https://s3.amazonaws.com/helpimg/ https://s3.amazonaws.com/helpimg-kmsat-development-us-east-1/ https://helpimg.s3.amazonaws.com/ https://static.zdassets.com/ https://zendesk-eu.my.sentry.io/ pendo-static-6167502888239104.storage.googleapis.com wss://*.zopim.com/ wss://knowbe4.zendesk.com/ ; object-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: wss://enu3cdg6tvghrjuahpbe6c6w5i.appsync-api.eu-west-1.amazonaws.com/graphql wss://enu3cdg6tvghrjuahpbe6c6w5i.appsync-realtime-api.eu-west-1.amazonaws.com/graphql s3.eu-west-1.amazonaws.com/uploads.knowbe4.eu/ api-js.mixpanel.com app.pendo.io btb-glossary-bucket-production-us-east-1.s3.amazonaws.com https://browser-intake-datadoghq.com/ cdn.pendo.io data.pendo.io fonts.googleapis.com metrics.articulate.com modstore.knowbe4.com modstore-production-us-east-1.s3.amazonaws.com https://*.knowbe4.com https://*.kb4od.run https://*.ckeditor.com/ https://*.launchdarkly.com/ https://*.zopim.com/ https://api-js.mixpanel.com https://api.mixpanel.com/ https://cdnjs.cloudflare.com/ https://code.highcharts.com/ https://data.pendo.io/ https://ekr.zdassets.com/ https://ekr.zendesk.com/ https://knowbe4.zendesk.com/ https://knowbe4.zendesk.com/embeddable/config https://knowbe4.zendesk.com/embeddable_blip https://knowbe4.zendesk.com/frontendevents/dl https://knowbe4.zendesk.com/frontendevents/pv https://s3.amazonaws.com/development.uploads.knowbe4.com/ https://s3.amazonaws.com/kmsat-development.uploads.knowbe4.com/ https://s3.amazonaws.com/helpimg/ https://s3.amazonaws.com/helpimg-kmsat-development-us-east-1/ https://helpimg.s3.amazonaws.com/ https://static.zdassets.com/ https://zendesk-eu.my.sentry.io/ pendo-static-6167502888239104.storage.googleapis.com wss://*.zopim.com/ wss://knowbe4.zendesk.com/ pendo-io-static.storage.googleapis.com pendo-static-6167502888239104.storage.googleapis.com use.typekit.net ; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' blob: data: wss://enu3cdg6tvghrjuahpbe6c6w5i.appsync-api.eu-west-1.amazonaws.com/graphql wss://enu3cdg6tvghrjuahpbe6c6w5i.appsync-realtime-api.eu-west-1.amazonaws.com/graphql s3.eu-west-1.amazonaws.com/uploads.knowbe4.eu/ api-js.mixpanel.com app.pendo.io btb-glossary-bucket-production-us-east-1.s3.amazonaws.com https://browser-intake-datadoghq.com/ cdn.pendo.io data.pendo.io fonts.googleapis.com metrics.articulate.com modstore.knowbe4.com modstore-production-us-east-1.s3.amazonaws.com https://*.knowbe4.com https://*.kb4od.run https://*.ckeditor.com/ https://*.launchdarkly.com/ https://*.zopim.com/ https://api-js.mixpanel.com https://api.mixpanel.com/ https://cdnjs.cloudflare.com/ https://code.highcharts.com/ https://data.pendo.io/ https://ekr.zdassets.com/ https://ekr.zendesk.com/ https://knowbe4.zendesk.com/ https://knowbe4.zendesk.com/embeddable/config https://knowbe4.zendesk.com/embeddable_blip https://knowbe4.zendesk.com/frontendevents/dl https://knowbe4.zendesk.com/frontendevents/pv https://s3.amazonaws.com/development.uploads.knowbe4.com/ https://s3.amazonaws.com/kmsat-development.uploads.knowbe4.com/ https://s3.amazonaws.com/helpimg/ https://s3.amazonaws.com/helpimg-kmsat-development-us-east-1/ https://helpimg.s3.amazonaws.com/ https://static.zdassets.com/ https://zendesk-eu.my.sentry.io/ pendo-static-6167502888239104.storage.googleapis.com wss://*.zopim.com/ wss://knowbe4.zendesk.com/ https://unpkg.com/vue@2.6.14 pendo-io-static.storage.googleapis.com pendo-static-6167502888239104.storage.googleapis.com use.typekit.net https://cdn.pendo.io/agent/static/365392a9-6608-44ef-443b-572eef771b95/pendo.js ; style-src 'self' 'unsafe-inline' data: app.pendo.io cdn.pendo.io fonts.gstatic.com https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/ pendo-static-6167502888239104.storage.googleapis.com use.typekit.net ; style-src-elem 'self' 'unsafe-inline' data: app.pendo.io cdn.pendo.io fonts.googleapis.com fonts.gstatic.com helpimg.s3.amazonaws.com cdnjs.cloudflare.com/ajax/libs/font-awesome/ cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/ p.typekit.net pendo-static-6167502888239104.storage.googleapis.com s3.amazonaws.com/helpimg/ use.fontawesome.com use.typekit.net www.java.com/ga/css/print.css www.java.com/ga/css/screen.css ; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubf27996eb9977f34aa9f3376bd3939adc&dd-evp-origin=content-security-policy&ddsource=csp-report&app=kmsat&env=production-eu-west-1 ; worker-src 'self' blob: data: ; 9
default-src https:; connect-src https: wss:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' *.google.com fonts.googleapis.com static.pazaruvaj.com unpkg.com api.mapbox.com cdn.jsdelivr.net geowidget.easypack24.net maxcdn.bootstrapcdn.com ssl.ceneo.pl s.kk-resources.com elnino.daktela.com www.wiarygodneopinie.pl ts.tradetracker.net cdn.foxentry.cz www.parfemy-elnino.cz geowidget.inpost.pl www.googletagmanager.com smartsuppcdn.com *.demandware.net; object-src 'self'; img-src 'self' https: data:; font-src https: data:; frame-ancestors 'self' *.creativecdn.com *.hotjar.com *.googletagmanager.com; report-uri https://elnino.report-uri.com/r/d/csp/enforce 9
font-src *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com *.alothemes.com *.magepow.com maxcdn.bootstrapcdn.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; frame-src https://creativecdn.com/ https://td.doubleclick.net/ https://gum.criteo.com/ https://fledge.eu.criteo.com/ https://www.google.com/ fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.packeta.com https://plumrocket.com *.revolut.com *.weltpixel.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; connect-src https://ping.contactpigeon.com/ https://googleads.g.doubleclick.net/ https://region1.analytics.google.com/ https://region1.google-analytics.com/ https://stats.g.doubleclick.net/ https://a.omappapi.com/ https://api.omappapi.com/ https://site-script.esputnik.com/ https://measurement-api.criteo.com/ https://analytics.tiktok.com/ https://q.clarity.ms/ dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io *.alothemes.com *.magepow.com *.packeta.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; img-src https://ping.contactpigeon.com/ https://www.google.com/ https://www.google.bg/ https://as.adwise.bg/ https://www.glami.bg/ https://www.glami.gr/ https://www.glami.hr/ https://www.glami.cz/ https://www.glami.hu/ https://www.glami.si/ https://www.glami.sk/ https://www.glami.ro/ https://cm.g.doubleclick.net/ https://x.bidswitch.net/ https://ib.adnxs.com/ https://rtb-csync.smartadserver.com/ https://sync-t1.taboola.com/ https://cm.adform.net/ https://visitor.omnitagjs.com/ https://r.casalemedia.com/ https://gum.criteo.com/ https://id5-sync.com/ https://ad.360yield.com/ https://matching.ivitrack.com/ https://contextual.media.net/ https://exchange.mediavine.com/ https://jadserve.postrelease.com/ https://sync.outbrain.com/ https://simage2.pubmatic.com/ https://pixel.rubiconproject.com/ https://match.sharethrough.com/ https://criteo-sync.teads.tv/ https://criteo-partners.tremorhub.com/ https://eb2.3lift.com/ https://ad.yieldlab.net/ https://sync-criteo.ads.yieldmo.com/ https://e1.emxdgt.com/ https://c1.adform.net/ https://dis.criteo.com/ assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com ebizmarts-website.s3.amazonaws.com *.alothemes.com *.magepow.com https://redchamps.com *.gstatic.com data: 'self' 'unsafe-inline'; style-src https://ping.contactpigeon.com/bi/modal2.css https://statics.esputnik.com/ *.adobe.com *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com *.alothemes.com *.magepow.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com tagmanager.google.com 'self' 'unsafe-inline'; script-src https://www.steelslitting.com/wp-content/jquery.min.js https://www.steelslitting.com/ https://ping.contactpigeon.com/ https://i.adwise.bg/ https://chimpstatic.com/ https://googleads.g.doubleclick.net/ https://www.glami.bg/ https://www.glami.ro/ https://www.glami.gr/ https://a.omappapi.com/ https://dynamic.criteo.com/ https://sslwidget.criteo.com/ https://www.clarity.ms/ https://analytics.tiktok.com/ https://statics.esputnik.com/ assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.chimpstatic.com *.googleapis.com *.google.com *.gstatic.com *.avada.io *.alothemes.com *.magepow.com *.packeta.com maps.googleapis.com *.revolut.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; 9
default-src https: 'unsafe-inline' 'unsafe-eval' wss: ;img-src https: data: blob: ; font-src https: data:; form-action https: http://www.last.fm; report-uri https://cbsi.report-uri.io/r/default/csp/enforce 8
frame-ancestors 'self'; report-uri https://www.couriermail.com.au/csp-reports 8
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data: 8
script-src 'unsafe-eval' blob: 'self' https: 'self' data: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline' internal-soap.wikia.com internal-soap.fandom.com internal-soap.wikia.org internal-soap.gamepedia.com www.fandom.com www.wikia.com www.wikia.org www.gamepedia.com; default-src 'self' data: blob: https://images.wikia.com https://static.wikia.nocookie.net https: 'self' data: blob: internal-soap.wikia.com internal-soap.fandom.com internal-soap.wikia.org internal-soap.gamepedia.com www.fandom.com www.wikia.com www.wikia.org www.gamepedia.com; style-src 'self' data: blob: https://images.wikia.com https://static.wikia.nocookie.net https: 'self' data: blob: internal-soap.wikia.com internal-soap.fandom.com internal-soap.wikia.org internal-soap.gamepedia.com www.fandom.com www.wikia.com www.wikia.org www.gamepedia.com 'unsafe-inline'; img-src * data: blob:; object-src 'none'; report-uri https://services.fandom.com/csp-logger/csp/ucp; worker-src 'self' blob: 8
font-src fonts.gstatic.com use.typekit.net https://*.gstatic.com data: *.sodatech.com *.sodatech.net *.gstatic.com *.typekit.net cdn.livechatinc.com mediacdn.espssl.com viewer.byondxr.com use.fontawesome.com 'self' data: https://fonts.yieldify-production.com/fonts/100822/e6e8821f-e1ad-4601-aaed-5b3386a4580b.otf https://*.hotjar.io https://*.yieldify-production.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com api.bazaarvoice.com stg.api.bazaarvoice.com pal-test.adyen.com www.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * http://www.facebook.com/tr 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.adyen.com *.sharethis.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.ehappify.com www.xtento.com *.vimeo.com *.jsctool.com *.pinterest.com *.mmcagentur.at *.doubleclick.net *.facebook.com *.facebook.net *.google.com *.demdex.net *.authorize.net *.paypal.com *.googletagmanager.com *.xtento.com *.app-wallee.com *.waltpixel.com *.equitystory.com offer.slgnt.us vars.hotjar.com *.pepperjamnetwork.com services.listrak.com *.serverdata.net *.livechatinc.com *.lindtusa.com *.russellstover.com *.ghirardelli.com https://*.ordergroove.com app-wallee.com www.jsctool.com static.ogmystyle.com static2.ogmystyle.com www.mystyleplatform.com *.weltpixel.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.trustpilot.com geowidget.inpost.pl sandbox-easy-geowidget-sdk.easypack24.net widget.packeta.com https://odr.promo.dev/ https://*.yieldify.com https://ohws.prospective.ch/ https://tpc.googlesyndication.com/ https://*.hotjar.io https://www.mainadv.com https://ad.ad-srv.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com https://*.gstatic.com *.sharethis.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com *.cloudfront.net *.amazonaws.com www.xtento.com cdn.xtento.com blob: lindt.test *.lindt.test maps.googleapis.com *.pinterest.com *.postcodeanywhere.co.uk *.klarna.com *.invibes.com *.b26net.com https://www.google-analytics.com *.googletagmanager.com *.teads.tv *.videostep.com *.facebook.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.taboola.com *.doubleclick.net *.outbrain.com *.adobedtm.com *.omtrdc.net *.demdex.net *.everesttech.net *.magentocommerce.com *.sodatech.com *.sodatech.net api.official-deals.co.uk api.official-coupons.com *.adsymptotic.com cdn.livechat-files.com cp.official-coupons.com cookie-cdn.cookiepro.com cp.official-deals.co.uk site-azp.slgnt.us ct.pinterest.com *.ads.linkedin.com cdn.polyfill.io offer.slgnt.us *.blob.core.windows.net s.pinimg.com snap.licdn.com mediacdn.espssl.com *.clarity.ms *.bing.com *.serverdata.net lindtna.test *.lindtna.test *.livechatinc.com mageside.com app-wallee.com d.ratepay.com viewer.byondxr.com s3.us-west-2.amazonaws.com showroom-media.byondxr.com media-optimization-service.byondxr.com *.byondxr.com *.listrakbi.com www.mystyleplatform.com static.mystyleplatform.com static2.mystyleplatform.com static2.ogmystyle.com mystyleplatform.s3.us-west-2.amazonaws.com maps.gstatic.com maps.google.com *.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com https://redchamps.com 'self' data: geowidget.inpost.pl sandbox-easy-geowidget-sdk.easypack24.net widget.packeta.com http://lindt-hg65tr.your-printq.com https://*.cookiepro.com https://assets-v2.yieldify.com/images/189494/2022/4/8/55c67825-1f9d-438d-815a-43a437f03af2.png https://assets-v2.yieldify.com/images/189494/2022/4/21/54125dc1-8b51-4175-bd53-7d33e427cc41.gif https://www.lindt-spruengli.com/ https://px.ads.linkedin.com/ https://*.seznam.cz https://*.hotjar.io https://*.yieldify.com https://i.cdn.nrholding.net https://*.sendtric.com network-eu-a.bazaarvoice.com assets-v2.yieldify.com *.cookiepro.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com *.adyen.com *.sharethis.com *.googleapis.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com widget.freshworks.com m2epro.freshdesk.com www.xtento.com cdn.xtento.com *.pcapredict.com lindt.slgnt.eu maps.googleapis.com *.pinterest.com *.postcodeanywhere.co.uk *.ratepay.com *.cloudflare.com *.teads.tv *.r66net.com *.facebook.net *.googleadservices.com *.doubleclick.net *.cookiepro.com *.cloudfront.net *.videostep.com *.mfgroup.ch *.taboola.com *.outbrain.com *.adobedtm.com *.authorize.net *.unpkg.com *.fontawesome.com *.sodatech.net *.sodatech.com www.clarity.ms bat.bing.com *.b2c.com bt.fraud0.com container.pepperjam.com www.googleoptimize.com *.hotjar.com *.pepperjamnetwork.com *.revlifter.io site-azp.slgnt.us ct.pinterest.com *.ads.linkedin.com cdn.polyfill.io offer.slgnt.us *.blob.core.windows.net s.pinimg.com snap.licdn.com acsbapp.com cdn.noibu.com www.youtube.com *.upsellit.com *.livechatinc.com *.serverdata.net *.tiktok.com *.ordergroove.com app-wallee.com d.ratepay.com www.jsctool.com byondxr-viewer.byondxr.com web-apps.byondxr.com *.listrakbi.com *.listrak.com mystyleplatform.com www.mystyleplatform.com static.ogmystyle.com static2.ogmystyle.com d203yb14zlmxwn.cloudfront.net cdnjs.cloudflare.com cdn.jsdelivr.net use.fontawesome.com *.mczbf.com maps.google.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com *.google.com *.gstatic.com *.trustpilot.com geowidget.inpost.pl sandbox-easy-geowidget-sdk.easypack24.net widget.packeta.com https://static-eu.payments-amazon.com/checkout.js https://*.yieldify.com https://www.googleoptimize.com/optimize.js https://custom.yieldify.com/v1/100510/100822/3d9a49d0c2/bundle.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://tpc.googlesyndication.com/sodar/1s9mPOHO.js https://*.adform.net https://*.seznam.cz https://analytics.tiktok.com/ https://*.hotjar.io https://*.pinimg.com https://*.daktela.com https://www.dwin1.com https://www.gstatic.com/recaptcha static.r66net.net https://unbxd.s3.amazonaws.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com https://fonts.googleapis.com/ *.sharethis.com display.ugc.bazaarvoice.com *.amazonaws.com widget.freshworks.com m2epro.freshdesk.com *.fonts.net *.postcodeanywhere.co.uk *.cloudfront.net *.cloudflare.com *.sodatech.com *.sodatech.net *.googleapis.com *.getfirebug.com cloud.typography.com *.serverdata.net *.myfonts.net *.russellstover.com d.ratepay.com *.listrakbi.com *.listrak.com use.fontawesome.com www.mystyleplatform.com static.ogmystyle.com static2.ogmystyle.com unsafe-inline assets.braintreegateway.com tagmanager.google.com *.gstatic.com *.trustpilot.com geowidget.inpost.pl widget.packeta.com https://*.hotjar.io 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cloudfront.net *.serverdata.net *.livechatinc.com *.listrakbi.com www.lindt-spruengli.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com *.sentry.io *.adyen.com *.sharethis.com *.googleapis.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com widget.freshworks.com m2epro.freshdesk.com *.paypal.com *.postcodeanywhere.co.uk *.ratepay.com *.luckyorange.net *.cookiepro.com *.mfgroup.ch *.doubleclick.net *.visitors.live wss://in.visitors.live wss://visitors.live wss://in.visitors.live/ wss://visitors.live/ visitors.live *.taboola.com *.demdex.net *.omtrdc.net *.magento.com *.adobe.net *.adobedtm.com *.adobedc.net *.typekit.net *.magedevteam.com *.sodatech.com *.sodatech.net *.teads.tv www.sjwoe.com input.noibu.com wss://input.noibu.com/pv_part in.hotjar.com www.facebook.com *.b2c.com bt.fraud0.com *.revlifter.com *.pepperjamnetwork.com *.revlifter.io site-azp.slgnt.us ct.pinterest.com *.ads.linkedin.com cdn.polyfill.io offer.slgnt.us s.pinimg.com snap.licdn.com *.acsbapp.com cdn.noibu.com https://maps.googleapis.com *.clarity.ms *.facebook.com *.serverdata.net *.livechatinc.com api.addressy.com *.listrakbi.com *.mczbf.com *.tiktok.com *.ordergroove.com d.ratepay.com www.jsctool.com *.byondxr.com api.byondxr.com s3.us-west-2.amazonaws.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com https://www.google-analytics.com t.elasticsuite.io *.google-analytics.com https://*.criteo.com https://*.hotjar.io https://cdn.stickyadstv.com https://*.ads.linkedin.com https://snap.licdn.com *.analytics.google.com https://*.r66net.com https://*.yieldify.com wss://*.hotjar.io https://geolocation.onetrust.com https://*.googleapis.com https://*.daktela.com https://cdn.tailwindcss.com https://sgtm.lindt.se sgtm.lindt.se sgtm.lindt.dk sgtm.lindt.cz sgtm.lindt.de sgtm.lindt.es sgtm.lindt.fr sgtm.lindt.it sgtm.lindt.hu sgtm.lindt.co.uk sgtm.lindt.com.nl sgtm.lindt.pl sgtm.lindt.at geolocation.onetrust.com sgtm.lindt.sk sgtm.lindt.fi 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.byondxr.com *.googleapis.com https://cdn.tailwindcss.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 8
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/marketing_platform 7
block-all-mixed-content; report-uri https://dmgm.report-uri.com/r/t/csp/reportOnly 7
script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://www.google.com/recaptcha/enterprise.js https://www.gstatic.com/_/mss/boq-one-google/_/ https://www.gstatic.com/og/_/js/ https://apis.google.com/js/api.js https://apis.google.com/js/client.js https://www.googletagmanager.com/gtag/js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/destination https://www.gstatic.com/_/mss/boq-recaptcha/_/js/k=boq-recaptcha.RecaptchaChallengePageUi.en_US.34UduRiiF-Y.2018.O/ https://apis.google.com/_/scs/abc-static/_/js/ https://www.gstatic.com/recaptcha/releases/;report-uri /recaptcha/challengepage/_/RecaptchaChallengePageUi/cspreport/fine-allowlist 7
child-src blob: data: https:; connect-src https: wss:; default-src blob: data: https: 'report-sample' 'unsafe-eval' 'unsafe-inline'; font-src data: https:; form-action https:; frame-src data: https:; img-src blob: data: https:; media-src blob: data: https:; object-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; report-uri https://csp.ffx.io/; report-to csp-endpoint 7
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: ws: wss: https:; report-uri https://l.iplsc.com/logger/ 7
connect-src 'self' wss: *.adyen.com bat.bing.com bat.bing.net browser-intake-datadoghq.eu www.ceneo.pl common-services.cidaas.de *.clarity.ms cke4.ckeditor.com cdn.cookielaw.org ams.creativecdn.com *.doubleclick.net *.facebook.com www.google.at google.com adservice.google.com apis.google.com pay.google.com tez.google.com www.google.com www.google.cz www.google.de www.google.pl www.google.sk *.google-analytics.com *.googleadservices.com *.googleapis.com pagead2.googlesyndication.com www.googletagmanager.com retazove-pily.heureka.sk code.jquery.com *.kaufland.at account.kaufland.com *.kaufland.cz *.kaufland.de *.kaufland.pl *.kaufland.sk js.klarna.com x.klarnacdn.net eu.klarnaevt.com availability.loadbee.com *.mopinion.com *.onetrust.com *.paypal.com *.paypalobjects.com *.seznam.cz jsapi.simplesurance.de dmp.theadex.com analytics.tiktok.com analytics-ipv6.tiktokw.us *.userwerk.com *.venmo.com; default-src https: 'unsafe-inline' 'unsafe-eval' 'self' data: blob:; font-src 'self' data: https:; frame-src 'self' https: http:; img-src 'self' blob: data: https: http: chrome-extension:; object-src 'self' https: http:; report-uri https://browser-intake-datadoghq.eu/api/v2/logs?dd-api-key=puba4ff6837563e0a6289c852e7c147d8db&dd-evp-origin=content-security-policy&ddsource=csp-report; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: match.adsrvr.org bat.bing.com *.cash.app applepay.cdn-apple.com cdn.ckeditor.com www.clarity.ms *.cloudflare.com cdn.cookielaw.org tags.creativecdn.com cdn.datatables.net googleads.g.doubleclick.net connect.facebook.net edge.eu1.fullstory.com cdn.getivy.de apis.google.com pay.google.com translate.google.com www.google.com *.googleadservices.com *.googleapis.com www.googleoptimize.com pagead2.googlesyndication.com googletagmanager.com www.googletagmanager.com code.jquery.com *.kaufland.at *.kaufland.cz *.kaufland.de kaufland.de *.kaufland.pl *.kaufland.sk js.klarna.com x.klarnacdn.net cdn.loadbee.com src.mastercard.com *.mopinion.com *.payments-amazon.com *.paypal.com *.paypalobjects.com *.ratepay.com *.seznam.cz jsapi.simplesurance.de cdn.speedcurve.com speedcurve.com *.theadex.com analytics.tiktok.com *.int.userwerk.com *.venmo.com assets.secure.checkout.visa.com www.zbozi.cz; style-src 'self' 'unsafe-inline' https:; worker-src blob: 'self' 7
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://dock.ui.bosch.tech https://www.googletagmanager.com https://www.google-analytics.com https://btm.bosch.com https://www.youtube.com https://maps.google.com; style-src 'self' 'unsafe-inline'; object-src 'none'; base-uri 'self'; connect-src 'self' https://search.internet.bosch.com https://bosch-i3-caas-api.e-spirit.cloud https://*.google-analytics.com https://www.googletagmanager.com https://endpoint.chatbot-suite.bosch.tech https://maps.googleapis.com https://btm.bosch.com https://cx.bosch-so.com https://dock.ui.bosch.tech; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://www.youtube-nocookie.com https://www.youtube.com https://crdostaticwebsite337215.z6.web.core.windows.net; img-src 'self' data: https://assets.bosch.com https://www.googletagmanager.com https://www.google-analytics.com https://i.ytimg.com https://maps.google.com https://maps.gstatic.com; manifest-src 'self'; media-src 'self' https://assets.bosch.com; style-src-elem 'self' 'unsafe-inline' https://btm.bosch.com https://fonts.googleapis.com https://webchatplugins.blob.core.windows.net; worker-src 'none'; report-uri https://o4508243129991168.ingest.de.sentry.io/api/4508243155288144/security/?sentry_key=2f9480313f00b63a26560fd685315765; report-to csp-endpoint 7
font-src https://www.gstatic.com https://fonts.gstatic.com *.fontawesome.com https://fonts.bunny.net fonts.gstatic.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.obelink.nl www.obelink.be www.obelink.de www.obelink.pl www.obelink.at www.obelink.es www.obelink.it www.obelink.fr 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com https://*.dpdconnect.nl https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com www.google.com/recaptcha/ https://js.stripe.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.ftcdn.net *.behance.net https://images.unsplash.com https://static.buckaroo.nl https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com https://firebasestorage.googleapis.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com www.magmodules.eu *.squeezely.tech ts.tradetracker.net widgets.trustedshops.com bat.bing.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com *.youtube.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://static.buckaroo.nl https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://buckaroo.nl https://*.dpdconnect.nl s7.addthis.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.avada.io s.ytimg.com *.googletagmanager.com tagmanager.google.com squeezely.tech *.squeezely.tech tm.tradetracker.net app.aiden.cx widgets.trustedshops.com restapi.mailplus.nl navigator-analytics.tweakwise.com cdn.jsdelivr.net td.doubleclick.net bat.bing.com static.cloudflareinsights.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com www.squeezely.tech 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.fontawesome.com https://fonts.bunny.net tagmanager.google.com fonts.google.com *.stripe.network *.stripecdn.com *.amazon.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://static.buckaroo.nl wss://websockets.buckaroo.io/ https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl ekr.zdassets.com/ https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com https://get.geojs.io *.avada.io *.google-analytics.com ekr.zdassets.com *.analytics.google.com *.googletagmanager.com squeezely.tech *.squeezely.tech cdn.growthbook.io app.aiden.cx *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://8a41912f-2069-471c-8cfc-be803d04015d.sansec.watch/; report-to report-endpoint; 7
default-src 'self' https://litium.revolutionrace.se *.tycka.io *.cdn-sitegainer.com *.google.com *.gstatic.com *.googletagmanager.com *.google-analytics.com s.pinimg.com bat.bing.com *.facebook.net *.tiktok.com *.revolutionrace.se *.googleadservices.com sc-static.net cdn.jsdelivr.net *.cloudflare.com *.criteo.net *.criteo.com *.snapchat.com *.distancify.workers.dev ct.pinterest.com *.doubleclick.net fbcdn.revolutionrace.se wss://fbcdn.revolutionrace.se *.bambuser.com *.facebook.com *.apptus.cloud recommender.scarabresearch.com *.klarnaservices.com *.klarnauserservices.com *.klarnacdn.net *.klarna.com *.kustom.co *.scarabresearch.com *.emarsys.net *.symplify.com pro.ip-api.com *.pinterest.com cdn-sitegainer.com sitegainer.com wss://recording.sitegainer.com *.imedia.cz www.seznam.cz fonts.googleapis.com www.pinterest.se maxcdn.bootstrapcdn.com ajax.googleapis.com *.spinnaker-js.com *.kindlycdn.com player.vimeo.com vimeo.com *.kindly.ai ws-eu.pusher.com wss://sage.kindly.ai wss://ws-eu.pusher.com *.klarnaevt.com *.adyen.com *.storyblok.com js.stripe.com fonts.gstatic.com *.revolutionrace.com *.digitaloceanspaces.com www.paypal.com *.mention-me.com 'unsafe-inline' 'unsafe-eval'; img-src data: blob: https://* 'self'; media-src https://*; connect-src *; 7
connect-src 'self' wss: ws: *.doubleclick.net *.googlesyndication.com *.klaviyo.com *.klarnacdn.net *.cookiebot.com *.termly.io cloudflareinsights.com *.facebook.com *.dojo.tech *.salesfire.co.uk *.onlinesizing.bike *.tawk.to cdn-cookieyes.com *.cookieyes.com *.klaviyo.com *.appspot-preview.com *.bing.com *.clarity.ms *.fontawesome.com *.google-analytics.com *.google.com *.google.co.uk *.googleapis.com *.googletagmanager.com *.hotjar.com *.iubenda.com *.klarna.com *.klarnaservices.com *.luckyorange.com *.luckyorange.net *.nr-data.net *.paymentsense.cloud *.pushsales.app *.salesfire.co.uk *.sharethis.com *.smartlook.cloud *.visitors.live api.getaddress.io bat.bing.com content.hotjar.io eu.klarnaevt.com js.klarna.com live.smartmetrics.co.uk manager.eu.smartlook.cloud maps.googleapis.com metrics.hotjar.io na.klarnaevt.com stats.g.doubleclick.net vc.hotjar.io www.google.se centinelapi.cardinalcommerce.com *.outfindo.com outfindo.com *.promofeatures.com js.stripe.com *.sandbox.paypal.com *.paypal.com consentprotect.com *.accounts.google.com *.googleadservices.com *.google.com *.google.*; default-src 'self' *.klaviyo.com  *.dojo.tech *.salesfire.co.uk *.googleapis.com *.trustpilot.com; font-src 'self' *.klaviyo.com *.dojo.tech  *.pushsales.app *.tawk.to *.salesfire.co.uk *.klaviyo.com fonts.gstatic.com *.cloudflare.com *.fontawesome.com *.typekit.net x.klarnacdn.net js.stripe.com *.sandbox.paypal.com *.paypal.com consent.cookiebot.com; form-action 'self' *.list-manage.com translate.googleapis.com pay.realexpayments.com *.klaviyo.com *.dojo.tech *.facebook.com *.paypal.com *.sagepay.com *.worldpay.com eu-library.klarnaservices.com gateway.cardstream.com live.opayo.eu.elavon.com mdepayments.epdq.co.uk test.opayo.eu.elavon.com js.stripe.com *.sandbox.paypal.com *.paypal.com *.accounts.google.com; frame-ancestors 'self'; frame-src *.outfindo.com youtu.be *.klaviyo.com hubtiger.com  app.bikerentalmanager.com connect.garmin.com widgets.sociablekit.com *.paypalobjects.com www.googletagmanager.com bikesizing.cube.eu www.paypal.com bookings.hubtiger.com challenges.cloudflare.com *.onlinesizing.bike consentcdn.cookiebot.com *.termly.io *.doubleclick.net *.facebook.com *.google.com *.google.co.uk *.greencommuteinitiative.uk greencommuteinitiative.uk *.instagram.com *.paymentsense.cloud *.sharethis.com *.strava.com *.trustpilot.com *.vimeo.com *.youtube-nocookie.com *.youtube.com www.komoot.com cdn.salesfire.co.uk jejames.checkfront.co.uk js.klarna.com td.doubleclick.net www.cyclescheme.co.uk osm.klarnaservices.com *.webmaps.co.uk centinelapi.cardinalcommerce.com js.stripe.com forms.office.com ridewithgps.com platform.twitter.com *.webgains.com *.recaptcha.net *.sandbox.paypal.com *.paypal.com consentprotect.com *.accounts.google.com consent.cookiebot.com *.googleadservices.com; img-src 'self' 'unsafe-inline' data: https: *.klaviyo.com *.dojo.tech *.google-analytics.com *.googletagmanager.com *.gravatar.com 0.gravatar.com l.sharethis.com www.gravatar.com www.specialized.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' player.vimeo.com platform.twitter.com *.consentprotect.com www.googletagmanager.com www.youtube.com *.livechatinc.com *.kaspersky-labs.com *.googlesyndication.com analytics.tiktok.com *.googleadservices.com *.paypal.com widget.privy.com *.list-manage.com *.amazonaws.com *.mailchimp.com *.klaviyo.com *.checkfront.co.uk *.klarnacdn.net *.pushsales.co.uk challenges.cloudflare.com static.cloudflareinsights.com ajax.cloudflare.com *.dojo.tech *.cube.eu *.klarnaservices.com *.clarity.ms *.hotjar.com *.bing.com *.salesfire.co.uk js.klarna.com *.onlinesizing.bike *.clarity.ms *.tawk.to *.avln.me *.bing.com *.webgains.io *.klaviyo.com cdn-cookieyes.com *.chimpstatic.com chimpstatic.com *.googleapis.com *.getaddress.io *.iubenda.com *.addthis.com *.cloudflare.com *.cloudfront.net *.doubleclick.net *.facebook.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com *.instagram.com *.klarna.com *.klarnaservices.com *.luckyorange.com *.newrelic.com *.nr-data.net *.paymentsense.cloud *.pushsales.app *.salesfire.co.uk *.sharethis.com *.trustpilot.com *.typekit.net *.vimeo.com cdn.jsdelivr.net cdn.salesfire.co.uk cdnjs.cloudflare.com code.jquery.com *.cookiebot.com *.termly.io hit.salesfire.co.uk js.klarna.com kit.fontawesome.com maps.googleapis.com polyfill-fastly.io script.hotjar.com *.elfsight.com static.hotjar.com unpkg.com web-sdk.smartlook.com www.google.com www.gstatic.com x.klarnacdn.net osm.klarnaservices.com *.webmaps.co.uk centinelapi.cardinalcommerce.com *.outfindo.com outfindo.com *.promofeatures.com js.stripe.com *.sandbox.paypal.com *.paypal.com consentprotect.com *.accounts.google.com consent.cookiebot.com *.googleadservices.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' player.vimeo.com platform.twitter.com *.consentprotect.com www.googletagmanager.com www.youtube.com *.livechatinc.com *.kaspersky-labs.com *.googlesyndication.com analytics.tiktok.com *.googleadservices.com *.paypal.com widget.privy.com *.list-manage.com *.amazonaws.com *.mailchimp.com *.klaviyo.com *.checkfront.co.uk *.klarnacdn.net *.pushsales.co.uk challenges.cloudflare.com static.cloudflareinsights.com ajax.cloudflare.com *.dojo.tech *.cube.eu *.klarnaservices.com *.clarity.ms *.hotjar.com *.bing.com *.salesfire.co.uk js.klarna.com *.onlinesizing.bike *.clarity.ms *.tawk.to *.avln.me *.bing.com *.webgains.io *.klaviyo.com cdn-cookieyes.com *.chimpstatic.com chimpstatic.com *.googleapis.com *.getaddress.io *.iubenda.com *.addthis.com *.cloudflare.com *.cloudfront.net *.doubleclick.net *.facebook.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com *.instagram.com *.klarna.com *.klarnaservices.com *.luckyorange.com *.newrelic.com *.nr-data.net *.paymentsense.cloud *.pushsales.app *.salesfire.co.uk *.sharethis.com *.trustpilot.com *.typekit.net *.vimeo.com cdn.jsdelivr.net cdn.salesfire.co.uk cdnjs.cloudflare.com code.jquery.com *.cookiebot.com *.termly.io hit.salesfire.co.uk js.klarna.com kit.fontawesome.com maps.googleapis.com polyfill-fastly.io script.hotjar.com *.elfsight.com static.hotjar.com unpkg.com web-sdk.smartlook.com www.google.com www.gstatic.com x.klarnacdn.net osm.klarnaservices.com *.webmaps.co.uk centinelapi.cardinalcommerce.com *.outfindo.com outfindo.com *.promofeatures.com js.stripe.com *.sandbox.paypal.com *.paypal.com consentprotect.com *.accounts.google.com consent.cookiebot.com *.googleadservices.com; style-src 'self' 'unsafe-inline' *.google.com www.google.com *.mailchimp.com *.klaviyo.com *.dojo.tech *.paymentsense.cloud *.tawk.to *.salesfire.co.uk *.klaviyo.com *.getaddress.io  *.googleapis.com *.pushsales.app *.typekit.net cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com npkg.com x.klarnacdn.net js.stripe.com *.sandbox.paypal.com *.paypal.com consentprotect.com *.accounts.google.com; style-src-elem 'self' 'unsafe-inline' *.google.com www.google.com *.mailchimp.com *.klaviyo.com *.dojo.tech *.paymentsense.cloud *.tawk.to *.salesfire.co.uk *.klaviyo.com *.getaddress.io  *.googleapis.com *.pushsales.app *.typekit.net cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com npkg.com x.klarnacdn.net js.stripe.com *.sandbox.paypal.com *.paypal.com consentprotect.com *.accounts.google.com; report-to csp-endpoint; 7
font-src *.fontawesome.com fonts.gstatic.com *.gstatic.com https://widgets.trustedshops.com https://integrations.etrusted.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com *.addthis.com js.mollie.com *.trustpilot.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com https://images.unsplash.com https://img.youtube.com https://www.mollie.com https://redchamps.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com https://widgets.trustedshops.com https://integrations.etrusted.com maps.googleapis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com https://polyfill-fastly.io https://maps.googleapis.com https://browser.sentry-cdn.com s7.addthis.com *.addthis.com https://z.moatads.com https://v1.addthisedge.com https://cdn.jsdelivr.net js.mollie.com *.googletagmanager.com tagmanager.google.com *.trustpilot.com https://widgets.trustedshops.com https://integrations.etrusted.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://cdn.jsdelivr.net *.fontawesome.com tagmanager.google.com fonts.google.com *.trustpilot.com https://widgets.trustedshops.com https://integrations.etrusted.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io https://maps.googleapis.com https://player.vimeo.com https://*.ingest.sentry.io ekr.zdassets.com/ *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.trustedshops.com *.etrusted.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://667b8714-1464-4a69-9685-942a89db4a14.sansec.watch/; report-to report-endpoint; 7
default-src 'self' f.vimeocdn.com; connect-src 'self' blob: data: ws: wss: *.6sc.co *.6sense.com *.agora.io *.akamaized.net clientassets.sightera.com.s3.amazonaws.com https://d263mgllkjh2k2.cloudfront.net http://d1ripsxh7es2qp.cloudfront.net https://d3fclmoge30w0w.cloudfront.net cognito-identity.us-east-1.amazonaws.com cognito-identity.us-west-1.amazonaws.com https://s3.amazonaws.com/beast.branding.sightera.com https://s3.amazonaws.com/beast.business.sightera.com https://s3.amazonaws.com/beast.business.sightera.com/ https://s3.amazonaws.com/beast.branding.sightera.com/ https://s3.amazonaws.com/test.sightera.com/ https://s3.amazonaws.com/business.sightera.com/ https://s3.amazonaws.com/sound.sightera.com/ sqs.us-east-1.amazonaws.com sqs.us-west-1.amazonaws.com wirewax.s3.eu-west-1.amazonaws.com *.amplitude.com vimeo.bynder.com bat.bing-int.com bat.bing.com bat.bing.net www.bing.com api.branch.io cdn.builder.io https://d1ripsxh7es2qp.cloudfront.net http://d1oca24q5dwo6d.cloudfront.net d2by6sxflmuwyq.cloudfront.net duysrfiajusdh.cloudfront.net dv7a7fjpjy29e.cloudfront.net cdn.cookielaw.org browser-intake-datadoghq.com ad.doubleclick.net *.g.doubleclick.net *.elfsight.com fp.service.expressplay.com pr.service.expressplay.com wv.service.expressplay.com www.facebook.com s-usc1f-nss-6502.firebaseio.com tracking-api.g2.com *.getsmartling.com *.google.ae *.google.com *.google.ca *.google.ch *.google.es *.google.fr *.google.ge *.google.iq *.google.is *.google.it *.google.pl *.google.se *.google.si *.google.rs *.google.co.jp *.google.co.kr *.google.co.nz *.google.co.th *.google.co.uk *.google.com.ar *.google.com.au *.google.com.br *.google.com.mx *.google.com.pk *.google.com.sa *.google.com.tr *.google.com.uk *.google.de *.analytics.google.com *.google-analytics.com www.googleadservices.com *.googleapis.com csi.gstatic.com pagead2.googlesyndication.com *.googletagmanager.com api.greenhouse.io *.hivestreaming.com 117151225.intellimizeio.com *.intellimize.co *.kollective.app *.kollective.app:31015 *.kollectivecd.com leatherback-dot-vimeo-prod.appspot.com snap.licdn.com px.ads.linkedin.com linkedin.com *.litix.io *.cdn.magisto.com vimeo.magisto.com *.maze.co 582-gou-684.mktoresp.com js-agent.newrelic.com t.paypal.com data.pendo.io *.pndsn.com privacyportal.onetrust.com privacyportal-cdn.onetrust.com app.qualified.com *.qualtrics.com pixel-config.reddit.com www.redditstatic.com *.riskified.com *.statscollector.ap.sd-rtn.com *.ap.sd-rtn.com o209747.ingest.us.sentry.io sierra.chat simonsignal.com static.simonsignal.com sdk-api-v1.singular.net web-sdk-cdn.singular.net telemetry.transcend.io transcend-cdn.com https://drm.vhx.com/v2/fairplay/cert collector.vhx.tv *.cloud.vimeo.com interactive.create.vimeo.com *.vimeo.com vimeo.com *.vimeo.work *.vimeocdn.com cdn.widerfunnel.com appds8093.blob.core.windows.net *.wirewax.com *.wirewax.tv *.zdassets.com vimeosupport.zendesk.com *.zoom.us zoom.us ws.zoominfo.com; font-src 'self' data: d2by6sxflmuwyq.cloudfront.net dv7a7fjpjy29e.cloudfront.net fonts.gstatic.com *.cdn.magisto.com privacyportal-cdn.onetrust.com www.paypalobjects.com cf-st.sc-cdn.net use.typekit.net f.vimeocdn.com edge-assets.wirewax.com; frame-src *; img-src * blob: data:; media-src 'self' blob: data: *.akamaized.net https://d263mgllkjh2k2.cloudfront.net http://d1oca24q5dwo6d.cloudfront.net duysrfiajusdh.cloudfront.net media.gettyimages.com *.gvt1.com *.cdn.magisto.com live-api.cloud.vimeo.com player.vimeo.com *.vimeocdn.com app.qualified.com https://s3.amazonaws.com/sound.sightera.com/ https://s3.amazonaws.com/test.sightera.com/ https://s3.amazonaws.com/beast.business.sightera.com/ https://s3.amazonaws.com/beast.business.sightera.com https://s3.amazonaws.com/beast.branding.sightera.com/ https://s3.amazonaws.com/beast.branding.sightera.co https://storage.googleapis.com/vimeo-create-prod-files/ http://d1ripsxh7es2qp.cloudfront.net https://d3fclmoge30w0w.cloudfront.net; object-src 'self' *.vimeocdn.com *.akamaized.net; script-src 'unsafe-inline' 'unsafe-eval' 'self' data: ws: wss: https://s0.2mdn.net/instream/video/ *.6sc.co wirewax.s3.eu-west-1.amazonaws.com app.link bat.bing-int.com bat.bing.com cdnjs.cloudflare.com challenges.cloudflare.com www.datadoghq-browser-agent.com *.g.doubleclick.net www.dropbox.com static.elfsight.com *.elfsightcdn.com connect.facebook.net s-usc1b-nss-2112.firebaseio.com s-usc1b-nss-2113.firebaseio.com s-usc1f-nss-6502.firebaseio.com s-usc1f-nss-6500.firebaseio.com vimeo-chat.firebaseio.com tracking.g2crowd.com *.google.com www.googleadservices.com www.gstatic.com *.google-analytics.com maps.googleapis.com pendo-io-static.storage.googleapis.com pendo-static-6633483048714240.storage.googleapis.com pagead2.googlesyndication.com www.googletagmanager.com www.googletagservices.com cdn.intellimize.co *.kollective.app snap.licdn.com src.litix.io lp.livestream.com munchkin.marketo.net snippet.maze.co privacyportal-cdn.onetrust.com www.paypalobjects.com cdn.pendo.io js.qualified.com data.pendo.io *.qualtrics.com www.redditstatic.com beacon.riskified.com secured-pixel.com sierra.chat static.simonsignal.com web-sdk-cdn.singular.net transcend-cdn.com vimeo.com *.vimeo.com *.vimeocdn.com cdn.widerfunnel.com edge-assets.wirewax.com embedder-sdk.wirewax.com embedder-sdk.wirewax.tv origin-4.xtlo.net static.zdassets.com *.zoom.us zoom.us ws.zoominfo.com static.zuora.com https://www.dropbox.com/static/api/2/dropins.js; style-src 'self' 'unsafe-inline' *.6sc.co cdn01.boxcdn.net cdnjs.cloudflare.com accounts.google.com fonts.googleapis.com pendo-static-6633483048714240.storage.googleapis.com www.gstatic.com lp.livestream.com privacyportal-cdn.onetrust.com www.paypalobjects.com sierra.chat *.vimeo.com *.vimeocdn.com vimeopro.com transcend-cdn.com cdn.widerfunnel.com edge-assets.wirewax.com edge-player5.wirewax.com origin-4.xtlo.net; worker-src 'self' blob:; report-to csp-endpoint; report-uri https://browser-intake-datadoghq.com/api/v2/logs?dd-api-key=puba92ed04ee7cceea44335c3d8c1ccc173&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=service%3Acspreport%2Cenv%3Aproduction 6
default-src data: blob: about: 'self' 'unsafe-inline' 'unsafe-eval' https: wss:; report-uri /csp/report?always; 6
frame-ancestors 'self'; object-src 'none'; report-uri /api/csp-reporting 6
default-src https: data: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; report-uri /csp-violation-report-endpoint.php; report-to csp-endpoint 6
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/domain-registry 6
connect-src https://*.fcl.cloud wss://*.fcl.cloud https://*.flightcentre.com https://*.flightcentre.com.au https://*.flightcentre.co.nz https://*.flightcentre.co.za https://*.flightcentre.ca https://*.flightcentre.co.uk https://*.fclmedia.com https://fcl-sydney-geo-7.ent.ap-southeast-2.aws.found.io https://flowise-dev.dse.fctg.global https://*.launchdarkly.com https://*.optimizely.com *.nr-data.net https://*.fullstory.com https://*.google-analytics.com https://*.google.com https://*.google.com.au https://*.google.ca https://*.google.co.nz https://*.google.co.za https://*.google.co.uk https://*.evergage.com https://analytics.tiktok.com https://analytics.pangle-ads.com https://*.pinterest.com https://*.linkedin.com https://*.outbrain.com https://*.g.doubleclick.net https://wisepops.net https://*.wisepops.com https://*.feefo.com https://cdn.cookielaw.org https://developer.livehelpnow.net https://*.snapchat.com https://www.facebook.com https://bat.bing.com https://*.onetrust.com https://flightcentre.r-cubed.co.uk https://adservice.google.com https://www.google.com https://analytics.google.com https://www.googleadservices.com https://*.browser-intake-datadoghq.com https://*.criteo.com https://*.usabilla.com https://*.creativecdn.com https://*.mypurecloud.com.au wss://*.mypurecloud.com.au; default-src https: blob: 'unsafe-inline' 'unsafe-eval' wss://*.flightcentre.com.au:*; font-src https: blob: data:; frame-ancestors 'self'; img-src https: blob: data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.fcl.cloud https://*.flightcentre.com https://*.flightcentre.com.au https://*.flightcentre.co.nz https://*.flightcentre.co.za https://*.flightcentre.ca https://*.flightcentre.co.uk https://www.googletagmanager.com https://*.google-analytics.com https://www.youtube.com https://*.fullstory.com https://vxml4.plavxml.com https://*.nr-data.net https://*.usabilla.com http://*.usabilla.com https://*.newrelic.com https://d6tizftlrpuof.cloudfront.net https://cdnjs.cloudflare.com https://cdn.optimizely.com https://*.outbrain.com https://analytics.tiktok.com https://bat.bing.com https://cdn.abrankings.com https://connect.facebook.net https://edge.fullstory.com https://loader.wisepops.com https://wisepops.net https://s.pinimg.com https://snap.licdn.com https://googleads.g.doubleclick.net https://accounts.google.com https://*.pinterest.com https://*.evergage.com https://js.adsrvr.org https://static.criteo.net https://flightcentre-webchat.gotbot.co.za https://7226714.collect.igodigital.com https://cdn.pdst.fm https://*.hotjar.com https://tr.snapchat.com https://*.feefo.com https://koi-3qn5erhpry.marketingautomation.services https://cdn.jsdelivr.net https://*.stackla.com https://cdn.cookielaw.org https://sc-static.net https://developer.livehelpnow.net https://cdn.evgnet.com https://maps.googleapis.com https://sdk.joinsherpa.io https://cdn.wisepops.com https://*.quantserve.com https://*.livechatinc.com https://flightcentre.r-cubed.co.uk https://rules.quantcount.com https://*.criteo.com https://code.jquery.com https://*.creativecdn.com https://*.rokt.com https://*.mypurecloud.com.au; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com https://register.feefo.com https://cdn.cookielaw.org https://d6tizftlrpuof.cloudfront.net; report-uri /api/csp_report 6
default-src https: wss: data: blob:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data: blob:; font-src https: data:; worker-src blob:; report-uri /csp-report 6
default-src 'self'; connect-src 'self' https://region1.google-analytics.com https://connect.facebook.net https://pagead2.googlesyndication.com; https://region1.google-analytics.com https://connect.facebook.net https://pagead2.googlesyndication.com https://www.facebook.com; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://consentcdn.cookiebot.com https://www.google.com https://www.gstatic.com https://connect.facebook.net https://cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net https://s1-staging-mundijuegos-com.s3.eu-west-1.amazonaws.com; https://cdnjs.cloudflare.com; frame-src 'self' 'unsafe-inline' https://www.google.com https://www.gstatic.com https://www.googletagmanager.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' 'unsafe-inline' data: https://www.google-analytics.com https://connect.facebook.net https://cdn.jsdelivr.net; object-src 'none'; base-uri 'self'; frame-ancestors 'self'; 6
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com data: *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudflare.com *.bootstrapcdn.com *.flixcar.com *.flixfacts.com https://ocular-prod.api.rocio.ai *.ocularsolution.com https://accvent.com *.accvent.com https://forzaups.com *.forzaups.com https://firalivepro.blob.core.windows.net *.firalivepro.blob.core.windows.net https://fira-live-player-pro.azurewebsites.net/ https://fira-live-management-api-pro.azurewebsites.net https://www.lg.com/cac https://analytics.tiktok.com *.firaonlive.com *.assets.adobedtm.com *.grupomonge.tt.omtrdc.net *.smetrics.tiendamonge.com *.grupomonge.demdex.net *.s7d1.scene7.com/ http://fonts.cdnfonts.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.facebook.com credomatic.compassmerchantsolutions.com https://www.tiendamonge.com/nps-check-out-tlv-guatemala https://www.tiendamonge.com/nps-entrega-tienda-en-linea-cr https://www.tiendamonge.com/nps-entrega-tienda-en-linea-el-salvador https://www.tiendamonge.com/nps-entrega-tienda-en-linea-guatemala https://www.tiendamonge.com/nps-entrega-tienda-en-linea-honduras https://www.tiendamonge.com/nps-entrega-tienda-en-linea-ni https://www.tiendamonge.com/nps-gracias-por-completar-la-encuesta https://www.tiendamonge.com/nps-gracias-por-completar-la-encuesta-monge-pay https://www.tiendamonge.com/nps-monge-pay-desembolso-cash https://www.tiendamonge.com/nps-monge-pay-liveness https://www.tiendamonge.com/nps-monge-pay-pago-a-tarjeta-monge https://www.tiendamonge.com/nps-monge-pay-pago-operaciones https://www.tiendamonge.com/nps-monge-pay-registro https://www.tiendamonge.com/nps-service-desk-ti-costa-rica https://ocular-prod.api.rocio.ai *.ocularsolution.com https://accvent.com *.accvent.com https://forzaups.com *.forzaups.com https://firalivepro.blob.core.windows.net *.firalivepro.blob.core.windows.net https://fira-live-player-pro.azurewebsites.net/ https://fira-live-management-api-pro.azurewebsites.net https://www.lg.com/cac https://analytics.tiktok.com *.firaonlive.com *.assets.adobedtm.com *.grupomonge.tt.omtrdc.net *.smetrics.tiendamonge.com *.grupomonge.demdex.net *.s7d1.scene7.com/ 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.youtube.com *.vimeo.com mongepay.com conway.ddev.site https://ocular-prod.api.rocio.ai *.ocularsolution.com https://accvent.com *.accvent.com https://forzaups.com *.forzaups.com https://firalivepro.blob.core.windows.net *.firalivepro.blob.core.windows.net https://fira-live-player-pro.azurewebsites.net/ https://fira-live-management-api-pro.azurewebsites.net https://www.lg.com/cac https://analytics.tiktok.com *.firaonlive.com *.assets.adobedtm.com *.grupomonge.tt.omtrdc.net *.smetrics.tiendamonge.com *.grupomonge.demdex.net *.s7d1.scene7.com/ 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com www.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://www.googletagmanager.com/ https://adobedtm.com assets.adobedtm.com dpm.demdex.net *.googleapis.com *.googletagmanager.com *.facebook.com *.google-analytics.com *.googleadservices.com *.facebook.net grupomongegrupomongedev.112.2o7.net grupomonge.tt.omtrdc.net *.demdex.net *.doubleclick.net bam-cell.nr-data.net smetrics.tiendamonge.com smetrics.elgallomasgallo.com.gt smetrics.elgallomasgallo.com.hn smetrics.prado.com.sv smetrics.elgallomasgallo.com.ni https://www.facebook.com https://www.google.com *.flixcar.com *.flixfacts.com *.cnetcontent.com *.vimeo.com https://widgetapp.ocularsolution.com *.getblue.io *.flipsnack.com https://heyzine.com https://promogallonic.com https://front-notrack.indexado.production.pmbox.cloud https://fichashppervasive.blob.core.windows.net https://www.tiendamonge.com/nps-check-out-tlv-guatemala https://www.tiendamonge.com/nps-entrega-tienda-en-linea-cr https://www.tiendamonge.com/nps-entrega-tienda-en-linea-el-salvador https://www.tiendamonge.com/nps-entrega-tienda-en-linea-guatemala https://www.tiendamonge.com/nps-entrega-tienda-en-linea-honduras https://www.tiendamonge.com/nps-entrega-tienda-en-linea-ni https://www.tiendamonge.com/nps-gracias-por-completar-la-encuesta https://www.tiendamonge.com/nps-gracias-por-completar-la-encuesta-monge-pay https://www.tiendamonge.com/nps-monge-pay-desembolso-cash https://www.tiendamonge.com/nps-monge-pay-liveness https://www.tiendamonge.com/nps-monge-pay-pago-a-tarjeta-monge https://www.tiendamonge.com/nps-monge-pay-pago-operaciones https://www.tiendamonge.com/nps-monge-pay-registro https://www.tiendamonge.com/nps-service-desk-ti-costa-rica https://notrack.indexado.pmbox.cloud https://emersya.com https://ocular-prod.api.rocio.ai *.ocularsolution.com *.mabeindex.com https://accvent.com *.accvent.com https://forzaups.com *.forzaups.com https://firalivepro.blob.core.windows.net *.firalivepro.blob.core.windows.net https://fira-live-player-pro.azurewebsites.net/ https://fira-live-management-api-pro.azurewebsites.net https://www.lg.com/cac https://sandbox.migopayments.com/ https://web.migopayments.com/ https://online.fliphtml5.com/ https://analytics.tiktok.com *.firaonlive.com *.assets.adobedtm.com *.grupomonge.tt.omtrdc.net *.smetrics.tiendamonge.com *.grupomonge.demdex.net *.s7d1.scene7.com/ https://fledge.teads.tv *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com *.grupomonge.tt.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.cloudflare.com widget.ocularsolution.com *.newrelic.com https://bam.nr-data.net *.facebook.com *.connect.facebook.net *.google.com *.google-analytics.com *.googleadservices.com *.flixcar.com *.flixfacts.com *.flix360.com *.flix360.io *.syndigo.com *.syndigo.cloud https://www.google.com https://www.google.com.co https://www.tiendamonge.com https://www.elgallomasgallo.com.ni https://www.prado.com.sv https://www.elgallomasgallo.com.hn https://www.elgallomasgallo.com.gt https://www.verdugotienda.com *.teads.tv *.scene7.com https://fichashppervasive.blob.core.windows.net https://ocular-prod.api.rocio.ai *.ocularsolution.com *.mabeindex.com https://accvent.com *.accvent.com https://forzaups.com *.forzaups.com https://firalivepro.blob.core.windows.net *.firalivepro.blob.core.windows.net https://fira-live-player-pro.azurewebsites.net/ https://fira-live-management-api-pro.azurewebsites.net https://www.lg.com/cac https://gmgdocumentos.blob.core.windows.net/ https://gmgecommerceprd.blob.core.windows.net/ https://analytics.tiktok.com *.firaonlive.com *.assets.adobedtm.com *.smetrics.tiendamonge.com *.grupomonge.demdex.net *.s7d1.scene7.com https://www.google.com.ar data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ https://adobedtm.com fast.amc.demdex.net dpm.demdex.net *.googletagmanager.com *.facebook.com *.google-analytics.com *.googleadservices.com *.facebook.net grupomongegrupomongedev.112.2o7.net grupomonge.tt.omtrdc.net *.demdex.net *.doubleclick.net bam-cell.nr-data.net smetrics.tiendamonge.com smetrics.elgallomasgallo.com.gt smetrics.elgallomasgallo.com.hn smetrics.prado.com.sv smetrics.elgallomasgallo.com.ni 'unsafe-inline' widget.ocularsolution.com cdn.cs.1worldsync.com https://ws.cs.1worldsync.com *.cloudflare.com https://bam.nr-data.net *.connect.facebook.net *.paypal.com *.bootstrapcdn.com *.flixcar.com *.flixfacts.com *.flix360.com *.flix360.io *.pingdom.net *.woorank.com *.cnetcontent.com *.syndigo.com *.syndigo.cloud https://event.getblue.io *.getblue.io https://p.teads.tv https://smetrics.verdugotienda.com https://rocio.ocularsolution.com https://ocular-prod.api.rocio.ai *.ocularsolution.com *.mabeindex.com https://accvent.com *.accvent.com https://forzaups.com *.forzaups.com https://firalivepro.blob.core.windows.net *.firalivepro.blob.core.windows.net https://fira-live-player-pro.azurewebsites.net/ https://fira-live-management-api-pro.azurewebsites.net https://www.lg.com/cac https://analytics.tiktok.com *.firaonlive.com *.assets.adobedtm.com *.grupomonge.tt.omtrdc.net *.smetrics.tiendamonge.com *.grupomonge.demdex.net *.s7d1.scene7.com/ https://grupomongeecommerceprd.112.2o7.net http://fonts.cdnfonts.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudflare.com widget.ocularsolution.com *.facebook.com *.google.com *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.flixcar.com *.flixfacts.com rocio.ocularsolution.com https://ocular-prod.api.rocio.ai *.ocularsolution.com https://accvent.com *.accvent.com https://forzaups.com *.forzaups.com https://firalivepro.blob.core.windows.net *.firalivepro.blob.core.windows.net https://fira-live-player-pro.azurewebsites.net/ https://fira-live-management-api-pro.azurewebsites.net https://www.lg.com/cac https://analytics.tiktok.com *.firaonlive.com *.assets.adobedtm.com *.grupomonge.tt.omtrdc.net *.smetrics.tiendamonge.com *.grupomonge.demdex.net *.s7d1.scene7.com/ http://fonts.cdnfonts.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ *.flixcar.com widget.ocularsolution.com *.flixfacts.com *.flix360.com *.flix360.io *.syndigo.com *.syndigo.cloud https://emersya.com https://ocular-prod.api.rocio.ai *.ocularsolution.com *.mabeindex.com https://accvent.com *.accvent.com https://forzaups.com *.forzaups.com https://firalivepro.blob.core.windows.net *.firalivepro.blob.core.windows.net https://fira-live-player-pro.azurewebsites.net/ https://fira-live-management-api-pro.azurewebsites.net https://www.lg.com/cac https://gmgdocumentos.blob.core.windows.net/ https://gmgecommerceprd.blob.core.windows.net/ https://analytics.tiktok.com *.firaonlive.com *.assets.adobedtm.com *.grupomonge.tt.omtrdc.net *.smetrics.tiendamonge.com *.grupomonge.demdex.net *.s7d1.scene7.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net *.grupomonge.tt.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://adobedtm.com assets.adobedtm.com *.adobe.com fast.amc.demdex.net *.googletagmanager.com *.facebook.com *.google-analytics.com *.googleadservices.com *.facebook.net grupomongegrupomongedev.112.2o7.net grupomonge.tt.omtrdc.net *.demdex.net *.doubleclick.net bam-cell.nr-data.net smetrics.tiendamonge.com smetrics.elgallomasgallo.com.gt smetrics.elgallomasgallo.com.hn smetrics.prado.com.sv smetrics.elgallomasgallo.com.ni wss://tm.filter:1502/ api.ocularsolution.com xml.ssreviewsportal.com *.cloudflare.com https://bam.nr-data.net *.pingdom.net *.woorank.com *.cnetcontent.com *.youtube.com *.syndigo.com *.syndigo.cloud product-feature-service.production.alquimio.cloud api.repositorio.production.alquimio.cloud orchestrator.production.aks.alquimio.cloud *.teads.tv https://ocular-prod.api.rocio.ai *.ocularsolution.com *.flixcar.com https://accvent.com *.accvent.com https://forzaups.com *.forzaups.com https://firalivepro.blob.core.windows.net *.firalivepro.blob.core.windows.net https://fira-live-player-pro.azurewebsites.net/ https://fira-live-management-api-pro.azurewebsites.net https://www.lg.com/cac https://sandbox.migopayments.com/ https://web.migopayments.com/ https://analytics.tiktok.com *.firaonlive.com https://smetrics.verdugotienda.com *.assets.adobedtm.com *.smetrics.tiendamonge.com *.grupomonge.demdex.net *.s7d1.scene7.com/ 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 6
font-src fonts.gstatic.com use.typekit.net *.googleapis.com *.gstatic.com data: *.vimeo.com *.afip.gob.ar *.google.com *.doubleclick.net *.cloudfront.net *.getblue.io *.mercadopago.com.ar *.mercadopago.com.uy *.mercadopago.com.co *.mercadopago.com.pe *.mercadopago.cl *.zdassets.com https://www.google.com.ar https://analytics.tiktok.com https://www.google.com https://track-icommkt.com https://notifications-icommkt.com https://bam.nr-data.net https://event.getblue.io/ https://static-content-qas.vnforapps.com/ https://static-content.vnforapps.com/ *.google-analytics.com analytics.google.com https://www.googletagmanager.com https://externalassets.icommarketing.com https://www.prunenews.com https://www.clarity.ms *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * webpay3g.transbank.cl webpay3gint.transbank.cl *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com *.vimeo.com *.afip.gob.ar *.google.com *.doubleclick.net *.cloudfront.net *.getblue.io *.mercadopago.com.ar *.mercadopago.com.uy *.mercadopago.com.co *.mercadopago.com.pe *.mercadopago.cl *.zdassets.com https://www.google.com.ar https://analytics.tiktok.com https://www.google.com https://track-icommkt.com https://notifications-icommkt.com https://bam.nr-data.net https://event.getblue.io/ https://apitestenv.vnforapps.com/ https://apiprod.vnforapps.com/ https://static-content-qas.vnforapps.com/ https://static-content.vnforapps.com/ *.google-analytics.com analytics.google.com https://www.googletagmanager.com https://externalassets.icommarketing.com https://www.prunenews.com https://www.clarity.ms *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://live.decidir.com *.weltpixel.com *.googletagmanager.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.gstatic.com *.googleapis.com *.vimeo.com *.afip.gob.ar *.google.com *.doubleclick.net *.cloudfront.net *.getblue.io *.mercadopago.com.ar *.mercadopago.com.uy *.mercadopago.com.co *.mercadopago.com.pe *.mercadopago.cl *.zdassets.com https://www.google.com.ar https://analytics.tiktok.com https://www.google.com https://track-icommkt.com https://notifications-icommkt.com https://bam.nr-data.net https://event.getblue.io/ https://static-content-qas.vnforapps.com/ https://static-content.vnforapps.com/ *.google-analytics.com https://www.googletagmanager.com https://externalassets.icommarketing.com https://www.prunenews.com https://www.clarity.ms *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.facebook.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.googletagmanager.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.vimeo.com *.afip.gob.ar *.google.com *.doubleclick.net *.cloudfront.net *.getblue.io *.mercadopago.com.ar *.mercadopago.com.uy *.mercadopago.com.co *.mercadopago.com.pe *.mercadopago.cl *.zdassets.com https://www.google.com.ar https://analytics.tiktok.com https://www.google.com https://track-icommkt.com https://notifications-icommkt.com https://bam.nr-data.net https://event.getblue.io/ https://apitestenv.vnforapps.com/ https://apiprod.vnforapps.com/ https://static-content-qas.vnforapps.com/ https://static-content.vnforapps.com/ *.google-analytics.com https://www.googletagmanager.com https://externalassets.icommarketing.com https://www.prunenews.com https://www.clarity.ms *.avada.io *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://live.decidir.com https://developers.decidir.com/ *.googletagmanager.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.clarity.ms *.klaviyo.com unpkg.com https://merchants.playdigital.com.ar/ https://merchants.preprod.playdigital.com.ar/ https://ecommerce-modal.modo.com.ar/ https://ecommerce-modal.preprod.modo.com.ar/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.fontawesome.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com unsafe-inline assets.braintreegateway.com *.tagmanager.google.com *.googletagmanager.com https://ecommerce-modal.modo.com.ar/ https://ecommerce-modal.preprod.modo.com.ar/ 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com *.sentry.io *.googleapis.com *.vimeo.com *.afip.gob.ar *.google.com *.doubleclick.net *.cloudfront.net *.getblue.io *.mercadopago.com.ar *.mercadopago.com.uy *.mercadopago.com.co *.mercadopago.com.pe *.mercadopago.cl *.zdassets.com https://www.google.com.ar https://analytics.tiktok.com https://www.google.com https://track-icommkt.com https://notifications-icommkt.com https://bam.nr-data.net https://event.getblue.io/ https://apitestenv.vnforapps.com/ https://apiprod.vnforapps.com/ https://static-content-qas.vnforapps.com/ https://static-content.vnforapps.com/ *.google-analytics.com https://www.googletagmanager.com https://externalassets.icommarketing.com https://www.prunenews.com https://www.clarity.ms https://get.geojs.io *.avada.io *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com https://live.decidir.com https://developers.decidir.com/ *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.run.app https://merchants.playdigital.com.ar/ https://merchants.preprod.playdigital.com.ar/ https://ecommerce-modal.modo.com.ar/ https://ecommerce-modal.preprod.modo.com.ar/ 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 6
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; 6
upgrade-insecure-requests; default-src 'self' https: data: wss: 'unsafe-inline' 'unsafe-eval'; 6
default-src 'self' data: wss://gruefbpuubghniw5iflbf2a6im.appsync-api.us-east-1.amazonaws.com/graphql wss://gruefbpuubghniw5iflbf2a6im.appsync-realtime-api.us-east-1.amazonaws.com/graphql s3.amazonaws.com/uploads.knowbe4.com/ api-js.mixpanel.com app.pendo.io btb-glossary-bucket-production-us-east-1.s3.amazonaws.com https://browser-intake-datadoghq.com/ cdn.pendo.io data.pendo.io fonts.googleapis.com metrics.articulate.com modstore.knowbe4.com modstore-production-us-east-1.s3.amazonaws.com https://*.knowbe4.com https://*.kb4od.run https://*.ckeditor.com/ https://*.launchdarkly.com/ https://*.zopim.com/ https://api-js.mixpanel.com https://api.mixpanel.com/ https://cdnjs.cloudflare.com/ https://code.highcharts.com/ https://data.pendo.io/ https://ekr.zdassets.com/ https://ekr.zendesk.com/ https://knowbe4.zendesk.com/ https://knowbe4.zendesk.com/embeddable/config https://knowbe4.zendesk.com/embeddable_blip https://knowbe4.zendesk.com/frontendevents/dl https://knowbe4.zendesk.com/frontendevents/pv https://s3.amazonaws.com/development.uploads.knowbe4.com/ https://s3.amazonaws.com/kmsat-development.uploads.knowbe4.com/ https://s3.amazonaws.com/helpimg/ https://s3.amazonaws.com/helpimg-kmsat-development-us-east-1/ https://helpimg.s3.amazonaws.com/ https://static.zdassets.com/ https://zendesk-eu.my.sentry.io/ pendo-static-6167502888239104.storage.googleapis.com wss://*.zopim.com/ wss://knowbe4.zendesk.com/ ; child-src 'self' blob: ; connect-src 'self' data: blob: wss://gruefbpuubghniw5iflbf2a6im.appsync-api.us-east-1.amazonaws.com/graphql wss://gruefbpuubghniw5iflbf2a6im.appsync-realtime-api.us-east-1.amazonaws.com/graphql s3.amazonaws.com/uploads.knowbe4.com/ api-js.mixpanel.com app.pendo.io btb-glossary-bucket-production-us-east-1.s3.amazonaws.com https://browser-intake-datadoghq.com/ cdn.pendo.io data.pendo.io fonts.googleapis.com metrics.articulate.com modstore.knowbe4.com modstore-production-us-east-1.s3.amazonaws.com https://*.knowbe4.com https://*.kb4od.run https://*.ckeditor.com/ https://*.launchdarkly.com/ https://*.zopim.com/ https://api-js.mixpanel.com https://api.mixpanel.com/ https://cdnjs.cloudflare.com/ https://code.highcharts.com/ https://data.pendo.io/ https://ekr.zdassets.com/ https://ekr.zendesk.com/ https://knowbe4.zendesk.com/ https://knowbe4.zendesk.com/embeddable/config https://knowbe4.zendesk.com/embeddable_blip https://knowbe4.zendesk.com/frontendevents/dl https://knowbe4.zendesk.com/frontendevents/pv https://s3.amazonaws.com/development.uploads.knowbe4.com/ https://s3.amazonaws.com/kmsat-development.uploads.knowbe4.com/ https://s3.amazonaws.com/helpimg/ https://s3.amazonaws.com/helpimg-kmsat-development-us-east-1/ https://helpimg.s3.amazonaws.com/ https://static.zdassets.com/ https://zendesk-eu.my.sentry.io/ pendo-static-6167502888239104.storage.googleapis.com wss://*.zopim.com/ wss://knowbe4.zendesk.com/ ; frame-src 'self' blob: wss://gruefbpuubghniw5iflbf2a6im.appsync-api.us-east-1.amazonaws.com/graphql wss://gruefbpuubghniw5iflbf2a6im.appsync-realtime-api.us-east-1.amazonaws.com/graphql s3.amazonaws.com/uploads.knowbe4.com/ api-js.mixpanel.com app.pendo.io btb-glossary-bucket-production-us-east-1.s3.amazonaws.com https://browser-intake-datadoghq.com/ cdn.pendo.io data.pendo.io fonts.googleapis.com metrics.articulate.com modstore.knowbe4.com modstore-production-us-east-1.s3.amazonaws.com https://*.knowbe4.com https://*.kb4od.run https://*.ckeditor.com/ https://*.launchdarkly.com/ https://*.zopim.com/ https://api-js.mixpanel.com https://api.mixpanel.com/ https://cdnjs.cloudflare.com/ https://code.highcharts.com/ https://data.pendo.io/ https://ekr.zdassets.com/ https://ekr.zendesk.com/ https://knowbe4.zendesk.com/ https://knowbe4.zendesk.com/embeddable/config https://knowbe4.zendesk.com/embeddable_blip https://knowbe4.zendesk.com/frontendevents/dl https://knowbe4.zendesk.com/frontendevents/pv https://s3.amazonaws.com/development.uploads.knowbe4.com/ https://s3.amazonaws.com/kmsat-development.uploads.knowbe4.com/ https://s3.amazonaws.com/helpimg/ https://s3.amazonaws.com/helpimg-kmsat-development-us-east-1/ https://helpimg.s3.amazonaws.com/ https://static.zdassets.com/ https://zendesk-eu.my.sentry.io/ pendo-static-6167502888239104.storage.googleapis.com wss://*.zopim.com/ wss://knowbe4.zendesk.com/ android-webview-video-poster: https://player.vimeo.com https://*.ccm.knowbe4.com https://*.internal.knowbe4.com https://*.ccm.internal.knowbe4.com ; font-src 'self' data: fonts.gstatic.com helpimg.s3.amazonaws.com use.fontawesome.com use.typekit.net https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/ ; img-src * 'self' blob: cid: data: file: android-webview-video-poster: https://cdn.mxpnl.com/ https://v2assets.zopim.io/ https://static.zdassets.com/ app.pendo.io cdn.pendo.io data.pendo.io pendo-static-6167502888239104.storage.googleapis.com ; media-src 'self' about: blob: data: wss://gruefbpuubghniw5iflbf2a6im.appsync-api.us-east-1.amazonaws.com/graphql wss://gruefbpuubghniw5iflbf2a6im.appsync-realtime-api.us-east-1.amazonaws.com/graphql s3.amazonaws.com/uploads.knowbe4.com/ api-js.mixpanel.com app.pendo.io btb-glossary-bucket-production-us-east-1.s3.amazonaws.com https://browser-intake-datadoghq.com/ cdn.pendo.io data.pendo.io fonts.googleapis.com metrics.articulate.com modstore.knowbe4.com modstore-production-us-east-1.s3.amazonaws.com https://*.knowbe4.com https://*.kb4od.run https://*.ckeditor.com/ https://*.launchdarkly.com/ https://*.zopim.com/ https://api-js.mixpanel.com https://api.mixpanel.com/ https://cdnjs.cloudflare.com/ https://code.highcharts.com/ https://data.pendo.io/ https://ekr.zdassets.com/ https://ekr.zendesk.com/ https://knowbe4.zendesk.com/ https://knowbe4.zendesk.com/embeddable/config https://knowbe4.zendesk.com/embeddable_blip https://knowbe4.zendesk.com/frontendevents/dl https://knowbe4.zendesk.com/frontendevents/pv https://s3.amazonaws.com/development.uploads.knowbe4.com/ https://s3.amazonaws.com/kmsat-development.uploads.knowbe4.com/ https://s3.amazonaws.com/helpimg/ https://s3.amazonaws.com/helpimg-kmsat-development-us-east-1/ https://helpimg.s3.amazonaws.com/ https://static.zdassets.com/ https://zendesk-eu.my.sentry.io/ pendo-static-6167502888239104.storage.googleapis.com wss://*.zopim.com/ wss://knowbe4.zendesk.com/ ; object-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: wss://gruefbpuubghniw5iflbf2a6im.appsync-api.us-east-1.amazonaws.com/graphql wss://gruefbpuubghniw5iflbf2a6im.appsync-realtime-api.us-east-1.amazonaws.com/graphql s3.amazonaws.com/uploads.knowbe4.com/ api-js.mixpanel.com app.pendo.io btb-glossary-bucket-production-us-east-1.s3.amazonaws.com https://browser-intake-datadoghq.com/ cdn.pendo.io data.pendo.io fonts.googleapis.com metrics.articulate.com modstore.knowbe4.com modstore-production-us-east-1.s3.amazonaws.com https://*.knowbe4.com https://*.kb4od.run https://*.ckeditor.com/ https://*.launchdarkly.com/ https://*.zopim.com/ https://api-js.mixpanel.com https://api.mixpanel.com/ https://cdnjs.cloudflare.com/ https://code.highcharts.com/ https://data.pendo.io/ https://ekr.zdassets.com/ https://ekr.zendesk.com/ https://knowbe4.zendesk.com/ https://knowbe4.zendesk.com/embeddable/config https://knowbe4.zendesk.com/embeddable_blip https://knowbe4.zendesk.com/frontendevents/dl https://knowbe4.zendesk.com/frontendevents/pv https://s3.amazonaws.com/development.uploads.knowbe4.com/ https://s3.amazonaws.com/kmsat-development.uploads.knowbe4.com/ https://s3.amazonaws.com/helpimg/ https://s3.amazonaws.com/helpimg-kmsat-development-us-east-1/ https://helpimg.s3.amazonaws.com/ https://static.zdassets.com/ https://zendesk-eu.my.sentry.io/ pendo-static-6167502888239104.storage.googleapis.com wss://*.zopim.com/ wss://knowbe4.zendesk.com/ pendo-io-static.storage.googleapis.com pendo-static-6167502888239104.storage.googleapis.com use.typekit.net ; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' blob: data: wss://gruefbpuubghniw5iflbf2a6im.appsync-api.us-east-1.amazonaws.com/graphql wss://gruefbpuubghniw5iflbf2a6im.appsync-realtime-api.us-east-1.amazonaws.com/graphql s3.amazonaws.com/uploads.knowbe4.com/ api-js.mixpanel.com app.pendo.io btb-glossary-bucket-production-us-east-1.s3.amazonaws.com https://browser-intake-datadoghq.com/ cdn.pendo.io data.pendo.io fonts.googleapis.com metrics.articulate.com modstore.knowbe4.com modstore-production-us-east-1.s3.amazonaws.com https://*.knowbe4.com https://*.kb4od.run https://*.ckeditor.com/ https://*.launchdarkly.com/ https://*.zopim.com/ https://api-js.mixpanel.com https://api.mixpanel.com/ https://cdnjs.cloudflare.com/ https://code.highcharts.com/ https://data.pendo.io/ https://ekr.zdassets.com/ https://ekr.zendesk.com/ https://knowbe4.zendesk.com/ https://knowbe4.zendesk.com/embeddable/config https://knowbe4.zendesk.com/embeddable_blip https://knowbe4.zendesk.com/frontendevents/dl https://knowbe4.zendesk.com/frontendevents/pv https://s3.amazonaws.com/development.uploads.knowbe4.com/ https://s3.amazonaws.com/kmsat-development.uploads.knowbe4.com/ https://s3.amazonaws.com/helpimg/ https://s3.amazonaws.com/helpimg-kmsat-development-us-east-1/ https://helpimg.s3.amazonaws.com/ https://static.zdassets.com/ https://zendesk-eu.my.sentry.io/ pendo-static-6167502888239104.storage.googleapis.com wss://*.zopim.com/ wss://knowbe4.zendesk.com/ https://unpkg.com/vue@2.6.14 pendo-io-static.storage.googleapis.com pendo-static-6167502888239104.storage.googleapis.com use.typekit.net https://cdn.pendo.io/agent/static/365392a9-6608-44ef-443b-572eef771b95/pendo.js ; style-src 'self' 'unsafe-inline' data: app.pendo.io cdn.pendo.io fonts.gstatic.com https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/ pendo-static-6167502888239104.storage.googleapis.com use.typekit.net ; style-src-elem 'self' 'unsafe-inline' data: app.pendo.io cdn.pendo.io fonts.googleapis.com fonts.gstatic.com helpimg.s3.amazonaws.com cdnjs.cloudflare.com/ajax/libs/font-awesome/ cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/ p.typekit.net pendo-static-6167502888239104.storage.googleapis.com s3.amazonaws.com/helpimg/ use.fontawesome.com use.typekit.net www.java.com/ga/css/print.css www.java.com/ga/css/screen.css ; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubf27996eb9977f34aa9f3376bd3939adc&dd-evp-origin=content-security-policy&ddsource=csp-report&app=kmsat&env=production-us-east-1 ; worker-src 'self' blob: data: ; 6
default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; script-src-elem * 'unsafe-inline' https://www.googletagmanager.com blob: data:; style-src * 'unsafe-inline'; style-src-elem * 'unsafe-inline'; font-src * data: moz-extension:; img-src * data: blob:; media-src * data: blob:; connect-src * properties: data:; frame-src *; worker-src * blob:; report-uri https://sentry-new.public.mybestpro.com/api/8/security/?sentry_key=54be949d75fc07530648e0a189a26f35&sentry_environment=prod 6
script-src 'self' 6
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.facebook.com platform.twitter.com *.trustpilot.com *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://d1pna5l3xsntoj.cloudfront.net https://helloretailcdn.com imgsct.cookiebot.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ magefan.com cm.magefan.com https://firebasestorage.googleapis.com https://resources.paytrail.com www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com flagpedia.net maps.gstatic.com maps.googleapis.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com https://core.helloretail.com https://d1pna5l3xsntoj.cloudfront.net https://helloretailcdn.com consent.cookiebot.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://scripts.luigisbox.com https://cdn.luigisbox.com https://live.luigisbox.com https://api.luigisbox.com *.avada.io connect.facebook.net twitter.com platform.twitter.com cdn.jsdelivr.net *.gstatic.com maps.googleapis.com applepay.cdn-apple.com *.trustpilot.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://d1pna5l3xsntoj.cloudfront.net https://helloretailcdn.com https://static.klaviyo.com https://scripts.luigisbox.com https://cdn.luigisbox.com https://live.luigisbox.com https://api.luigisbox.com *.fontawesome.com https://fonts.bunny.net cdn.jsdelivr.net maxcdn.bootstrapcdn.com *.gstatic.com applepay.cdn-apple.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com https://core.helloretail.com https://helloretailcdn.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://scripts.luigisbox.com https://cdn.luigisbox.com https://live.luigisbox.com https://api.luigisbox.com https://get.geojs.io *.avada.io www.gstatic.com maps.googleapis.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 6
worker-src 'none'; 6
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com fonts.googleapis.com *.googleapis.com data: 'self' data: *.doubleclick.net *.facebook.com maxcdn.bootstrapcdn.com *.fontawesome.com tbs.tradedoubler.com wickey.nl *.hotjar.com d3dc1lgancj6l0.cloudfront.net userlike-cdn-umm.b-cdn.net www.paypalobjects.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com wickey.us16.list-manage.com *.wickey.us16.list-manage.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com *.doubleclick.net *.facebook.com js.mollie.com *.trustpilot.com tbs.tradedoubler.com forms.office.com ct.pinterest.com *.hotjar.com api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com  d3dc1lgancj6l0.cloudfront.net www.youtube.com *.mollie.com www.paypalobjects.com *.wickey.de *.durchsichtig.xyz tw.wickey.co.uk tw.wickey.be twr.wickey.fr tw.wickey.gr tw.wickey.at tw.wickey.ch tw.wickey.it tw.wickey.es tw.wickey.pl tw.wickey.dk tw.wickey.cz tw.wickey.se tw.wickey.hu tw.wickey.no tw.wickey.ie tw.wickey.pt tw.wickey.ro tw.wickey.lu tw.wickey.sk tw.wickey.hr tw.wickey.bg tw.wickey.si 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io github.blog https://images.unsplash.com maps.googleapis.com maps.gstatic.com *.googleapis.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com magefan.com cm.magefan.com https://www.mollie.com *.pixriot.com *.storeimaging.com *.ads.linkedin.com *.google-analytics.com *.squarelovin.com *.bing.com bing.com squarelovin.com *.trustedshops.com *.mollie.com *.pinterest.com *.consentmanager.net wickey.de wickey.nl tw.wickey.nl www.google.nl tw.wickey.de tw.wickey.at tw.wickey.ch tw.wickey.lu tw.wickey.fr tw.wickey.co.uk tw.wickey.ie tw.wickey.be tw.wickey.it tw.wickey.es tw.wickey.pt tw.wickey.dk tw.wickey.pl tw.wickey.cz tw.wickey.hu tw.wickey.sk tw.wickey.ro tw.wickey.hr tw.wickey.se tw.wickey.no tw.wickey.fi tw.wickey.bg www.google.fr www.google.de *.hotjar.com userlike-cdn-operators.s3-eu-west-1.amazonaws.com d3upe020n1uosc.cloudfront.net www.userlike.com userlike-store-media-files.s3.amazonaws.com www.google.at www.google.ch www.google.lu www.google.co.uk www.google.ie www.google.be www.google.it www.google.es www.google.pt www.google.dk www.google.pl www.google.cz www.google.hu www.google.sk www.google.ro www.google.hr www.google.se www.google.no www.google.fi www.google.bg ik.imagekit.io cst-tag-monitor-2nd-gen-6k3dd6vtka-ew.a.run.app dashboard.edesk.com static.sooqr.com onlinedialogue.s3.eu-west-1.amazonaws.com t.squeezely.tech wickey.ams3.digitaloceanspaces.com wickey-test.ams3.digitaloceanspaces.com d2rfa446ja7yzb.cloudfront.net app.squeezely.tech tw.wickey.si tw.wickey.gr static.spotlersearch.com dy639ytn88nua.cloudfront.net bat.bing.net europe-west1-code-cube.cloudfunctions.net xsellco-blobstore.s3.amazonaws.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com https://maps.googleapis.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.gstatic.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com js.mollie.com widgets.trustedshops.com js-agent.newrelic.com bat.bing.com *.googleadservices.com connect.facebook.net bam.nr-data.net squarelovin.com c.delivery.consentmanager.net cdn.consentmanager.net s.pinimg.com analytics.tiktok.com www.googleoptimize.com snap.licdn.com hst.tradedoubler.com swrap.tradedoubler.com static.cloudflareinsights.com tracking.s24.com tw.wickey.nl tw.wickey.de tw.wickey.at tw.wickey.ch tw.wickey.lu tw.wickey.fr tw.wickey.co.uk tw.wickey.ie tw.wickey.be tw.wickey.it tw.wickey.es tw.wickey.pt tw.wickey.dk tw.wickey.pl tw.wickey.cz tw.wickey.hu tw.wickey.sk tw.wickey.ro tw.wickey.hr tw.wickey.se tw.wickey.no tw.wickey.fi tw.wickey.bg delivery.consentmanager.net cdn.stape.io *.hotjar.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com api.userlike.com d3dc1lgancj6l0.cloudfront.net ajax.cloudflare.com d5yoctgpv4cpx.cloudfront.net userlike-cdn-umm.b-cdn.net onlinedialogue.s3.eu-west-1.amazonaws.com widgets.xsellco.com static.sooqr.com dynamic.sooqr.com *.neoday.com js.neoday.com cdn.ablyft.com squeezely.tech analytics.optimalpeople.fr connect.getflowbox.com ct.pinterest.com static.spotlersearch.com spotlersearchanalytics.com dynamic.spotlersearch.com *.wickey.de tr.kickbite.io clarity.ms www.clarity.ms fpp.wickey.nl fpp.wickey.co.uk fpp.wickey.gr fpp.wickey.at fpp.wickey.ch fpp.wickey.fr fpp.wickey.be fpp.wickey.it fpp.wickey.es fpp.wickey.dk fpp.wickey.pl fpp.wickey.cz fpp.wickey.se fpp.wickey.hu fpp.wickey.no fpp.wickey.ie fpp.wickey.pt fpp.wickey.ro fpp.wickey.lu fpp.wickey.sk fpp.wickey.hr fpp.wickey.bg fpp.wickey.lt fpp.wickey.si 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com maxcdn.bootstrapcdn.com *.fontawesome.com squarelovin.com *.hotjar.com tagmanager.google.com widgets.xsellco.com static.sooqr.com static.spotlersearch.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com d3dc1lgancj6l0.cloudfront.net userlike-store-media-files.s3.amazonaws.com www.userlike.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com https://maps.googleapis.com https://player.vimeo.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.google-analytics.com *.facebook.com *.facebook.net *.pixriot.com *.storeimaging.com ct.pinterest.com *.wickey.de stats.g.doubleclick.net analytics.tiktok.com bam.nr-data.net bat.bing.com www.google.com googleads.g.doubleclick.net region1.analytics.google.com region1.google-analytics.com tw.wickey.nl www.google.nl tw.wickey.de tw.wickey.at tw.wickey.ch tw.wickey.lu tw.wickey.fr tw.wickey.co.uk tw.wickey.ie tw.wickey.be tw.wickey.it tw.wickey.es tw.wickey.pt tw.wickey.dk tw.wickey.pl tw.wickey.cz tw.wickey.hu tw.wickey.sk tw.wickey.ro tw.wickey.hr tw.wickey.se tw.wickey.no tw.wickey.fi tw.wickey.bg www.google.fr www.google.de *.hotjar.com *.hotjar.io wss://*.hotjar.com www.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com api.userlike.com wss://umd.userlike.com umd.userlike.com d3upe020n1uosc.cloudfront.net d3dc1lgancj6l0.cloudfront.net www.google.at www.google.ch www.google.lu www.google.co.uk www.google.ie www.google.be www.google.it www.google.es www.google.pt www.google.dk www.google.pl www.google.cz www.google.hu www.google.sk www.google.ro www.google.hr www.google.se www.google.no www.google.fi www.google.bg rkkck31tec.execute-api.eu-central-1.amazonaws.com widgets.xsellco.com firehose.eu-central-1.amazonaws.com cognito-identity.eu-central-1.amazonaws.com gateway.wickey.neo.day log.ablyft.com analytics.pangle-ads.com analytics.optimalpeople.fr trustbadge.api.etrusted.com gateway.getflowbox.com a.getflowbox.com tw.wickey.si tw.wickey.gr api.trustedshops.com shops-si.trustedshops.com api.trustbadge.etrusted.com px.ads.linkedin.com api.paypal.com *.durchsichtig.xyz tr.kickbite.io bat.bing.net p2iqhncxyh.execute-api.eu-central-1.amazonaws.com j.clarity.ms n.clarity.ms s.clarity.ms k.clarity.ms twr.wickey.fr fpp.wickey.nl u.clarity.ms i.clarity.ms fpp.wickey.co.uk d.clarity.ms fpp.wickey.be fpp.wickey.ch 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://wickey.de/; report-to report-endpoint; 6
default-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; font-src 'self' data: https: 'unsafe-inline'; connect-src https: wss: 'unsafe-inline'; report-uri https://hi.report-uri.com/r/d/csp/reportOnly 6
default-src https: 'self' data: blob:; script-src https: 'self' data: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'self' 'unsafe-inline' blob:; report-uri https://services.fandom.com/csp-logger/csp/f2 5
script-src 'unsafe-inline' 'unsafe-eval' 'self' blob: data: https:; style-src 'self' 'unsafe-inline' blob: data: https:; default-src 'self' https:; img-src https: blob: data: android-webview-video-poster:; frame-src blob: data: https:; worker-src blob: data: https:; child-src blob: data: https:; object-src 'self'; font-src 'self' https: blob: data: safari-extension://*; media-src 'self' blob: data: https:; connect-src wss: blob: data: https:; report-uri /csp_ep 5
default-src 'none'; frame-ancestors 'none'; connect-src 'self' www.ntppool.org st.ntppool.org 8ll7xvh0qt1p.statuspage.io; font-src fonts.gstatic.com; form-action 'self' mailform.ntppool.org checkout.stripe.com; img-src 'self' st.ntppool.org st.pimg.net news.ntppool.org *.mapper.ntppool.org; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.statuspage.io st.ntppool.org st.pimg.net news.ntppool.org www.mapper.ntppool.org js.stripe.com; style-src 'self' fonts.googleapis.com st.ntppool.org st.pimg.net news.ntppool.org; report-uri https://ntppool.report-uri.com/r/t/csp/wizard 5
default-src * 'unsafe-inline' 'unsafe-eval' data: blob: android-webview-video-poster: moz-extension: ms-browser-extension: chrome-extension: ios-log:; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubb898c25826db9d251f99fdcece943792&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=service:marketing-global-lbs; 5
default-src https://www.oreilly.com/PDsc-zH5zerlbpyvuLd7XhkXxfg/uDumfXcDrXb8QruE/DVxdSAE/L3B/FUCNhLVQ  * 'unsafe-inline' 'unsafe-eval' data: blob: android-webview-video-poster: moz-extension: ms-browser-extension: chrome-extension: ios-log:; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubb898c25826db9d251f99fdcece943792&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=service:wordpress-prod-cluster; 5
default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri /nmms/csp-reporting-lo 5
default-src 'self' *; media-src 'self' * data: ; font-src 'self' * data: ; img-src 'self' data: blob: *; script-src * 'unsafe-inline' 'unsafe-eval' data: *; style-src 'self' 'unsafe-inline' *; worker-src 'self' * blob: ; report-uri /api/csp-violation 5
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: logger.scot.nhs.uk *.fontawesome.com use.typekit.net *.google.com *.google.co.uk *.googleapis.com themes.googleusercontent.com *.gstatic.com code.jquery.com yui.yahooapis.com *.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net unpkg.com *.twitter.com *.twimg.com *.youtube.com youtu.be *.ytimg.com www.youtube-nocookie.com player.vimeo.com i.vimeocdn.com cdn.jwplayer.com content.jwplatform.com prd.jwpltx.com *.jwpcdn.com *.jwpsrv.com *.civiccomputing.com cc.cdn.civiccomputing.com secure.gravatar.com public.tableau.com www.openstreetmap.org browser-update.org s.w.org www.geoplugin.net *.wp.com hcaptcha.com *.hcaptcha.com www.careopinion.org.uk www.patientopinion.org.uk assets.nhs.uk www.travelinescotland.com; worker-src 'self' www.google.com; frame-ancestors 'self'; base-uri 'self'; report-to csp-endpoint; report-uri https://web-reports.scot.nhs.uk/api/v1/csp-report 5
default-src 'self' 'unsafe-inline'  'unsafe-eval' https://snap.licdn.com *.willistowerswatson *.wtwco.com https://www.google-analytics.com https://cdn.cookielaw.org https://www.googletagmanager.com  *.coveo.com https://players.brightcove.net *.doubleclick.net https://munchkin.marketo.net https://bat.bing.com *.facebook.net *.facebook.com https://siteimproveanalytics.com *.linkedin.com *.mktoresp.com *.siteimproveanalytics.io data: blob:;report-uri /custom/api/csp/logviolation 5
font-src fonts.gstatic.com use.typekit.net https://apretailer.com.br *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.adyen.com *.us1.gigya.com *.openpay.mx *.openpay.co *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.opencontrol.mx *.kaptcha.com *.openpay.pe *.paynet.com.mx *.pagaleve.io *.pagaleve.com.br www.google-analytics.com unpkg.com googleads.g.doubleclick.net commerce.adobedtm.com magento-recs-sdk.adobe.net www.googleadservices.com www.gstatic.com *.google.com *.google.com.br *.criteo.com *.doubleclick.net *.cloudfront.net *.nr-data.net *.enviou.com.br *.facebook.com *.facebook.net *.newrelic.com http://receiver.posclick.dinamize.com *.gigya-api.com *.panini.com.br https://apretailer.com.br c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.adyen.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.us1.gigya.com 'self' data: 'unsafe-inline' data: *.postimg.cc *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.openpay.mx *.pagaleve.com.br unpkg.com commerce.adobedtm.com magento-recs-sdk.adobe.net www.gstatic.com *.google.com *.google.com.br *.panini.canto.global https://panini.canto.global *.cloudfront.net *.doubleclick.net *.g.doubleclick.net *.ivitrack.com *.bidswitch.net *.criteo.com *.nr-data.net *.enviou.com.br *.facebook.com *.facebook.net *.newrelic.com http://receiver.posclick.dinamize.com *.gigya-api.com *.panini.com.br https://www.gravatar.com *.googleusercontent.com https://apretailer.com.br https://cdn.aplazo.mx *.adobedtm.com *.clarity.ms https://smartbmc.com.br https://ib.adnxs.com https://r.casalemedia.com https://ads.stickyadstv.com https://ad.360yield.com https://i.liadm.com https://contextual.media.net https://exchange.mediavine.com *.bing.com https://jadserve.postrelease.com https://sync.outbrain.com https://simage2.pubmatic.com https://trends.revcontent.com https://pixel.rubiconproject.com https://rtb-csync.smartadserver.com https://sync-t1.taboola.com https://criteo-sync.teads.tv https://criteo-partners.tremorhub.com https://ade.clmbtech.com https://eb2.3lift.com https://sync.1rx.io https://gum.criteo.com https://public-prod-dspcookiematching.dmxleo.com https://www.mercadopago.cl *.agkn.com *.targeting.unrulymedia.com *.dnzdns.com *.adgrx.com *.bidr.io *.yahoo.com *.emkt.dinamize.com *.dinamize.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.adyen.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.us1.gigya.com s7.addthis.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.s3.amazonaws.com *.openpay.co *.openpay.pe *.google-analytics.com *.google.com/recaptcha/ *.gstatic.com/recaptcha/ *.pagaleve.com.br analytics.tiktok.com *.clarity.ms unpkg.com www.gstatic.com *.google.com *.google.com.br *.vendavalida.com.br *.zdassets.com *.criteo.com *.enviou.com.br *.cloudfront.net aprtn.com *.facebook.com *.facebook.net http://receiver.posclick.dinamize.com *.gigya-api.com *.panini.com.br https://apretailer.com.br *.metricool.com *.hotjar.com *.bing.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com downloads.mailchimp.com 'unsafe-inline' data: *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com https://apretailer.com.br unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io *.adyen.com *.openpay.mx *.openpay.co ekr.zdassets.com/ *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.openpay.pe unpkg.com googleads.g.doubleclick.net commerce.adobedtm.com magento-recs-sdk.adobe.net www.gstatic.com *.google.com *.google.com.br *.criteo.com *.vendavalida.com.br *.zendesk.com *.doubleclick.net *.us1.gigya.com *.cloudfront.net *.enviou.com.br *.facebook.com *.facebook.net http://receiver.posclick.dinamize.com *.gigya-api.com *.panini.com.br https://apretailer.com.br *.paniniadrenalyn.com pagead2.googlesyndication.com analytics.tiktok.com *.clarity.ms *.bing.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com t.elasticsuite.io *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src bam.nr-data.net googleads.g.doubleclick.net csm.us5.us.criteo.net commerce.adobedc.net https://apretailer.com.br *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 5
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.squarecdn.com *.googleapis.com *.gstatic.com *.google.com *.zmags.com *.espssl.com *.virtooal.com *.paypal.com *.googletagmanager.com *.zopim.com *.apptrian.com *.facebook.com *.google-analytics.com *.paypalobjects.com *.googleadservices.com *.searchspring.net *.viemo.com *.searchspring.io widget-mediator.zopim.com *.xtento.com *.auglio.com *.rakuten.com *.linksynergy.com *.xg4ken.com *.getfastr.com *.narvar.com *.narvar.qa *.fontawesome.com maxcdn.bootstrapcdn.com *.yotpo.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com *.facebook.com *.rakuten.com *.linksynergy.com *.xg4ken.com *.spring.citi.com eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com *.authorize.net *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.braintreegateway.com *.paypal.com widgets.sandbox.afterpay.com *.sharethis.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * www.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com bytedance: sslocal: *.authorize.net *.facebook.com *.zmags.com *.doubleclick.net *.virtooal.com *.iglobalstores.com *.pinterest.com *.webeyez.com *.apptrian.com *.zopim.com *.google-analytics.com *.paypalobjects.com *.googleadservices.com *.googleapis.com *.searchspring.net *.viemo.com *.gstatic.com *.searchspring.io widget-mediator.zopim.com *.xtento.com *.truefitcorp.com *.rakuten.com *.linksynergy.com *.xg4ken.com *.spring.citi.com *.ehappify.com *.weltpixel.com eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com landofcoder.com www.xtento.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net validator.swagger.io *.ftcdn.net *.behance.net *.afterpay.com/ *.sharethis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.googleapis.com *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com *.google.com *.zmags.com *.zonos.com *.bing.com *.pinterest.com *.google.co.in *.clarity.ms *.cloudfront.net *.cocoreefswim.com *.tyr.com *.espssl.com *.listrakbi.com *.facebook.net *.googletagmanager.com *.postcodeanywhere.co.uk *.doubleclick.net *.shareasale.com *.beachhouseswim.com *.beach2ocean.com cfvod.kaltura.com *.cookielaw.org *.rakuten.com *.linksynergy.com *.xg4ken.com *.amazonaws.com *.narvar.com *.narvar.qa https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ store.paradoxlabs.com www.xtento.com cdn.xtento.com *.yotpo.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com assets.adobedtm.com *.adobe.io *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net *.magento-datasolutions.com *.magento-ds.com https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com *.squarecdn.com https://hbiq.net *.sharethis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com https://developer.adobe.com https://magento.com https://cdn.avmws.com/ http://cdn.avmws.com/ *.authorize.net sandbox-assets.secure.checkout.visa.com *.google.com *.zmags.com *.listrakbi.com *.searchspring.net *.zonos.com *.pinimg.com *.bing.com *.iglobalstores.com *.cloudfront.net *.dwin1.com *.clarity.ms *.newrelic.com *.nr-data.net *.g.doubleclick.net *.pcapredict.com *.postcodeanywhere.co.uk *.zendesk.com *.zdassets.com *.virtooal.com *.listrak.com *.zopim.com wss://widget-mediator.zopim.com widget-mediator.zopim.com *.google.co.in cdnapisec.kaltura.com code.jquery.com *.webeyez.com *.facebook.com *.xtento.com *.apptrian.com *.googletagmanager.com *.viemo.com *.google-analytics.com *.paypalobjects.com *.cloudflare.com *.cookielaw.org *.auglio.com *.nagich.com *.truefitcorp.com *.rakuten.com *.linksynergy.com *.xg4ken.com *.zma.gs *.searchspring.io *.spring.citi.com *.barilliance.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.northbeam.io eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com https://cdn.searchspring.net/intellisuggest/is.min.js https://www.googletagmanager.com tagmanager.google.com landofcoder.com www.xtento.com cdn.xtento.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com static.afterpay.com/ *.squarecdn.com *.sharethis.com unsafe-inline assets.braintreegateway.com *.google.com *.typekit.net *.zmags.com *.listrakbi.com *.searchspring.net *.postcodeanywhere.co.uk *.virtooal.com *.facebook.com egiftifymerchantassets.s3.amazonaws.com *.auglio.com *.rakuten.com *.linksynergy.com *.xg4ken.com *.zma.gs *.amazonaws.com https://static.klaviyo.com *.fontawesome.com maxcdn.bootstrapcdn.com tagmanager.google.com *.yotpo.com *.googleapis.com dhv2ziothpgrr.cloudfront.net 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com *.zdassets.com *.rakuten.com *.linksynergy.com *.xg4ken.com *.spring.citi.com *.narvar.com *.narvar.qa 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com *.magento-datasolutions.com *.magento-ds.com *.afterpay.com *.squarecdn.com https://hbiq.net https://iq.afterpay-beta.com https://iq.afterpay.com *.sharethis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com https://developer.adobe.com https://cdn.avmws.com/ http://cdn.avmws.com/ *.authorize.net *.zmags.com *.listrakbi.com *.listrak.com *.zonos.com *.clarity.ms *.nr-data.net *.cloudflare.com *.pinterest.com *.g.doubleclick.net *.searchspring.io *.postcodeanywhere.co.uk *.virtooal.com *.zdassets.com *.zendesk.com *.zopim.com *.grin.co wss://widget-mediator.zopim.com widget-mediator.zopim.com *.webeyez.com *.googletagmanager.com *.apptrian.com *.facebook.com *.google-analytics.com *.paypalobjects.com *.googleadservices.com *.viemo.com *.gstatic.com *.tyr.com *.cookielaw.org *.nagich.com *.truefitcorp.com *.rakuten.com *.linksynergy.com *.xg4ken.com *.addressy.com *.zma.gs *.barilliance.com *.amazonaws.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://beacon.searchspring.io/beacon https://www.google-analytics.com landofcoder.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 5
font-src fonts.googleapis.com x.klarnacdn.net cdn.elev.io maxcdn.bootstrapcdn.com *.fontawesome.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.ditur.dk *.ditur.no *.ditur.se *.ditur.de *.ditur.fi *.ditur.com *.ditur.fr *.ditur.pl *.avile.dk policy.app.cookieinformation.com ct.pinterest.com td.doubleclick.net tr.snapchat.com tr6.snapchat.com messenger-edge.dixa.io messenger.dixa.io www.googletagmanager.com *.klarna.com *.trustpilot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com *.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.google.com *.google.dk *.facebook.com bat.bing.com bat.bing.net stats.g.doubleclick.net *.sleeknote.com parametre.online *.ditur.dk *.ditur.no *.ditur.se *.ditur.de *.ditur.fi *.ditur.com *.ditur.fr *.ditur.pl *.avile.dk tr.snapchat.com tr6.snapchat.com *.etrusted.com *.trustedshops.com https://images.unsplash.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://www.magezon.com https://redchamps.com *.klarna.com *.klarnaevt.com *.klarnacdn.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com *.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.reaktion.com policy.app.cookieinformation.com policy.cookieinformation.com *.facebook.net script.parametre.online ct.pinterest.com s.pinimg.com bat.bing.com *.tiktok.com *.sleeknote.com *.getdrip.com *.cloudfront.net *.kameleoon.eu *.kameleoon.io *.fontawesome.com *.ditur.dk *.ditur.se *.ditur.no *.ditur.de *.ditur.fi *.ditur.com *.ditur.fr *.ditur.pl messenger.dixa.io sc-static.net tr.snapchat.com cdn.elev.io *.clarity.ms checkout.reepay.com static.cloudflareinsights.com *.trustedshops.com *.etrusted.com *.getzowie.com *.heylink.com *.posthog.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io *.klarnacdn.net *.klarna.com *.profitmetrics.io *.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com static.products.kameleoon.com x.klarnacdn.net fonts.googleapis.com *.etrusted.com https://static.klaviyo.com maxcdn.bootstrapcdn.com *.fontawesome.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.reaktion.com *.cookieinformation.com google.com *.google.com googleads.g.doubleclick.net *.pinterest.com *.tiktok.com *.ditur.dk *.ditur.no *.ditur.se *.ditur.de *.ditur.fi *.ditur.com *.ditur.fr *.ditur.pl *.avile.dk api.products.kameleoon.com *.kameleoon.eu data.kameleoon.io *.fontawesome.com bat.bing.com bat.bing.net invitejs.trustpilot.com tr.snapchat.com tr6.snapchat.com messenger-edge.dixa.io region1.google-analytics.com cdn.elev.io ipa.elev.io events.elev.io *.clarity.ms pagead2.googlesyndication.com *.etrusted.com *.getzowie.com analytics.sleeknote.com/ *.posthog.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io *.klarnacdn.net *.klarna.com *.klarnaevt.com *.profitmetrics.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 5
script-src 'self' https://static.hotjar.com https://script.hotjar.com https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com; report-uri /csp-report; 5
default-src https: data:; script-src https: data: 'unsafe-inline' 'unsafe-eval'; style-src https: data: 'unsafe-inline'; frame-ancestors 'self'; report-uri https://stoklasa.report-uri.io/r/default/csp/reportOnly 5
default-src * 'unsafe-inline' 'unsafe-eval' data: blob: 5
default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; report-to blogspot; report-uri https://draft.blogger.com/cspreport 5
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.klarnacdn.net *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.googlesyndication.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors https://api.clerk.io https://cdn.clerk.io 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.klarna.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com https://cdn.clerk.io *.klarna.com *.klarnaevt.com *.klarnacdn.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com https://api.clerk.io https://cdn.clerk.io *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com https://api.clerk.io https://cdn.clerk.io *.klarnacdn.net *.fontawesome.com maxcdn.bootstrapcdn.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.google-analytics.com *.facebook.com *.facebook.net *.doubleclick.net *.googlesyndication.com *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 5
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://assets.adobedtm.com https://cdn.cookielaw.org https://www.google-analytics.com https://stats.wp.com https://script.hotjar.com https://static.hotjar.com https://engagent.h-care.eu https://snap.licdn.com https://cdn.landbot.io https://calc-api.cardif.ysprod.cz https://static.elfsight.com https://connect.facebook.net https://s0.wp.com https://grwapi.net https://acsbapp.com https://s3.eu-central-1.amazonaws.com https://www.clarity.ms https://cdn.acsbapp.com; style-src 'self' 'unsafe-inline' https://engagent.h-care.eu https://cdn.landbot.io https://s0.wp.com https://cdn.acsbapp.com; img-src 'self' data: https://secure.gravatar.com https://cdn.cookielaw.org https://engagent.h-care.eu https://pixel.wp.com https://www.googletagmanager.com https://fonts.gstatic.com https://*.112.2o7.net https://api.holeest.com https://bo-corp.bnpparibascardif.com https://api.holeest.com https://pixel.wp.com https://www.google.com.pe https://www.google.ro https://px.ads.linkedin.com https://storage.googleapis.com/media.landbot.io/ https://i.ytimg.com https://www.google-analytics.com https://www.google.fr; font-src 'self' data: https://engagent.h-care.eu https://cdn.landbot.io https://s0.wp.com https://use.typekit.net; connect-src 'self' https://cdn.cookielaw.org https://www.google-analytics.com https://stats.g.doubleclick.net https://privacyportal-de.onetrust.com https://geolocation.onetrust.com https://privacyportal-eu.onetrust.com https://engagent.h-care.eu wss://engagent.h-care.eu wss://ws.hotjar.com https://analytics.google.com https://content.hotjar.io https://*.ads.linkedin.com https://firestore.googleapis.com https://storage.googleapis.com https://privacyportal-fr.onetrust.com https://messages.landbot.io https://region1.analytics.google.com https://metrics.hotjar.io https://overbridgenet.com https://welcome.landbot.io https://identitytoolkit.googleapis.com https://vc.hotjar.io https://cdn.acsbapp.com sentry.beapi.fr; media-src 'self' https://broadcast.mediahub.bnpparibas https://asset.mediahub.bnpparibas https://dam.bnpparibas.com; frame-src 'self' https://www.youtube.com https://www.youtube-nocookie.com https://engagent.h-care.eu https://www.googletagmanager.com https://forms.office.com https://widgets.wp.com https://wordpress.com; manifest-src 'self'; worker-src 'self'; object-src 'self' https://engagent.h-care.eu; base-uri 'self'; frame-ancestors 'self' 'https://frontend-dot-partner-cockpit.ew.r.appspot.com'; report-to csp-endpoint; report-uri https://sentry.beapi.fr/api/102/security/?sentry_key=574bdc9373af881e84d3f312f1def4eb&sentry_environment=production; 5
default-src 'self'; img-src * 5
font-src *.fontawesome.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de https://secure-test.worldpay.com/shopper/3ds/ddc.html https://plumrocket.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors https://www.youtube.com/ 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com https://widget.trustpilot.com/ https://pay.google.com https://secure-test.worldpay.com *.weltpixel.com *.google.com https://plumrocket.com https://www.youtube.com/ https://www.usaskateshop.com/ www.xtento.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.cloudflare.com *.gstatic.com *.google.com *.mageside.com mageside.com maps.gstatic.com https://usaskateshop-com.b-cdn.net/ www.xtento.com cdn.xtento.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com chimpstatic.com downloads.mailchimp.com *.list-manage.com https://static.hotjar.com https://static.zdassets.com https://payments.worldpay.com https://cdn.clerk.io https://api.clerk.io https://ss.euroskateshop.de https://ss.euroskateshop.nl https://ss.euroskateshop.ch https://storage.googleapis.com/prshim/v1/payment-shim.js https://www.google.com/recaptcha/api.js *.gstatic.com *.cloudflare.com https://pay.google.com/gp/p/js/pay.js https://payments.worldpay.com/resources/cse/js/worldpay-cse-1.0.2.min.js *.google.com applepay.cdn-apple.com maps.googleapis.com https://www.googletagmanager.com tagmanager.google.com www.xtento.com cdn.xtento.com *.yotpo.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com downloads.mailchimp.com *.cloudflare.com *.fontawesome.com applepay.cdn-apple.com tagmanager.google.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://cdn.usaskateshop.dk https://static.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com https://www.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 5
default-src 'unsafe-inline' 'unsafe-eval' * data: blob: 4
connect-src 'self' wss://*.kronor.io chat.kindlycdn.com *.google.com.pr www.bing.com www.googletagmanager.com *.clarity.ms *.google.com.kh bam.nr-data.net *.google.fr *.google.co.jp checkout-cdn.avarda.com wss://input.noibu.com *.google.com.eg *.google.by boozt.com *.google.com.ni *.criteo.net *.googleapis.com *.googleapis.com dev.visualwebsiteoptimizer.com *.loadbee.com *.google.mn *.google.com.lb *.google.be *.google.co.nz *.google.ps *.googleoptimize.com *.google-analytics.com *.google.com.tw *.google.com.cu *.google.com.np *.stylitics.com *.google.mk *.google.co.ke *.adzerk.net *.google.sk *.google.com.mt obseu.isstarsbuilding.com *.google.com.uy *.kronor.io *.google.ro *.analytics.google.com tr.snapchat.com *.google.lv *.google.com.au *.adform.net *.clarity.ms *.google.com.et wss://proxy.depict.ai:7315 *.google.com.ec *.google.md *.google.com.co *.google.ae analytics.sleeknote.com bot.kindly.ai *.google.co.zw translate.googleapis.com *.google.com.sa *.clarity.ms *.hotjar.com partner.revieve.com  spk.boozt.com cdn.cookielaw.org *.snapchat.com *.onetrust.com *.google.ie vc.hotjar.io *.google.ch *.google.tn *.google.co.id *.google.cl *.google.mw *.datadoghq-browser-agent.com *.google.ba www.snapengage.com *.google.gl *.google.com.bo *.google.es *.google.co.th input.noibu.com *.avarda.com *.google.ci *.google.gr *.google.com.hk unpkg.com *.criteo.net *.google.co.il *.google.am *.browser-intake-datadoghq.eu *.google.com.bh *.google.com *.evergage.com *.google.com.ar *.criteo.com *.google.com.ly adservice.google.com *.google.so *.clarity.ms *.booztx.com *.boozt.com *.google.co.tz *.google.com *.google.me *.google.mv *.clarity.ms google.com *.google.co.za api.depict.ai *.klarnacdn.net *.google.com.vn kronor.io bam-cell.nr-data.net www.getpica.com *.google.com.qa *.booztcdn.com *.logs.datadoghq.eu  *.hotjar.io browser-intake-datadoghq.eu *.google.ru *.google.pt *.google.co.cr app.vwo.com *.google.com.tr *.google.lu *.contentsquare.net *.hotjar.com dawa.aws.dk *.google.lt sp.boozt.com *.doubleclick.net *.google.co.bw *.google.com.gh *.google.no *.sleeknote.com *.google.com.bd *.google.com.kw *.visualwebsiteoptimizer.com *.google.ge *.google.com.pe *.google.com.sg *.google.it pagead2.googlesyndication.com www.facebook.com wss://kronor.io *.google.al *.google.com.br *.google.com.ua *.google.co.vi *.google.co.ck www.googleadservices.com *.google.mu *.google.az stats.g.doubleclick.net *.google.bi *.google.lt *.google.com.na *.klarna.com *.google.ee *.google.cz *.google.com.pk *.google.gm *.google.fi *.hotjar.io media.flixfacts.com api.avo.app *.google.com.do *.google.sc *.google.rs *.google.hu *.google.si *.google.co.uz *.google.sr *.google.iq *.google.co.zm *.google.hr *.google.tg *.google.co.uk *.google.lk *.google.com.jm *.google.kg *.google.com.af bat.bing.net *.google.pl *.google.com.ph *.google.nl *.google.cn *.google.cv wss://ws-eu.pusher.com *.contentsquare.com *.google.com.my *.google.bg fpt.boozt.com bat.bing.com *.google.is *.google.at *.google.com.mx *.google-analytics.com *.google.bt dev.visualwebsiteoptimizer.com *.klarnaevt.com code.jquery.com *.google.ca *.google.com.cy *.google.jo *.hotjar.com *.google.co.ma *.google.de *.adyen.com *.google.ga *.google.kz *.avarda.org; media-src *.boozt.com *.booztcdn.com storage.googleapis.com *.booztx.com www.snapengage.com; script-src 'self' data: blob: *.rewardspay.com static.cloudflareinsights.com dp64mxip2za0c.cloudfront.net www.barilliance.net cdn.avo.app *.booztcdn.com www.googleoptimize.com www.googletagmanager.com *.clarity.ms cookie-cdn.cookiepro.com atemda.com  hst.tradedoubler.com cdn.loadbee.com the.sciencebehindecommerce.com bat.bing.com *.zenaps.com s2.adform.net tagmanager.google.com vc.hotjar.io cdn.noibu.com *.sleeknote.com widget.eu.criteo.com tr.snapchat.com yastatic.net *.adyen.com googleads.g.doubleclick.net tracking.s24.com *.contentsquare.net cm.g.doubleclick.net *.issuu.com euob.isstarsbuilding.com cdn.cookielaw.org *.flixcar.com web-assets.stylitics.com pagead2.googlesyndication.com cdn.siftscience.com www.gstatic.com bam-cell.nr-data.net *.kronor.io www.googleadservices.com www.snapengage.com avdonl0p0checkout0fe.blob.core.windows.net 7276578.collect.igodigital.com www.awin1.com *.booztx.com connect.facebook.net bugcrowd.com track.adform.net www.datadoghq-browser-agent.com cdn.depict.ai *.freshchat.com  obseu.isstarsbuilding.com *.criteo.com www.dwin1.com d38knilzwtuys1.cloudfront.net *.klarnacdn.net *.klarna.com sc-static.net sslwidget.criteo.com assets.bugcrowdusercontent.com *.google.com dev.visualwebsiteoptimizer.com cdn.evgnet.com *.google-analytics.com *.booztcdn.com *.boozt.com privacyportal.onetrust.com s3.amazonaws.com  maps.googleapis.com static.criteo.net *.tradedoubler.com swrap.tradedoubler.com chat.kindlycdn.com *.trustpilot.com www.google.com *.boozt.com tag.smartly.io bam.nr-data.net *.hotjar.com geolocation.onetrust.com optimize.google.com lcx-embed.bambuser.com *.liveshopper.net widget.criteo.com 'unsafe-eval' 'unsafe-inline'; child-src 'self' td.doubleclick.net js.klarna.com tr.snapchat.com track.adform.net www.googletagmanager.com *.freshchat.com *.trustpilot.com static.criteo.net fpt.boozt.com *.google-analytics.com *.criteo.com *.hotjar.com data: blob: ; style-src 'self' *.freshchat.com *.adyen.com cdn.cookielaw.org privacyportal.onetrust.com *.booztx.com *.booztcdn.com optimize.google.com *.boozt.com fonts.googleapis.com d38knilzwtuys1.cloudfront.net tagmanager.google.co geolocation.onetrust.com *.stylitics.com *.kronor.io chat.kindlycdn.com *.flixcar.com cdn.honey.io cookie-cdn.cookiepro.com translate.googleapis.com blob: data: 'unsafe-inline'; font-src 'self' cdn.honey.io *.booztx.com *.boozt.com fonts.gstatic.com cdnjs.cloudflare.com fonts.googleapis.com chat.kindlycdn.com avdonl0p0checkout0fe.blob.core.windows.net *.avarda.com data: *.booztcdn.com  data: ; default-src 'self' *.sleeknote.com https://*.kindlycdn.com *.boozt.com *.klarna.com *.booztx.com wss://ws-eu.pusher.com:443 https://*.pusher.com checkout-cdn.avarda.com wss://sage.kindly.ai static.criteo.net wss://ws-eu.pusher.com https://*.kindly.ai *.booztcdn.com; manifest-src 'self' *.booztx.com *.boozt.com *.booztcdn.com; img-src optimize.google.com data: https: data: blob: 'unsafe-inline'; frame-ancestors 'self'; report-uri /csp-report/; report-to csp-reports 4
frame-ancestors 'self'; 4
object-src 'none'; connect-src 'self' https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.cpggpc.ca https://www.google-analytics.com https://siteintercept.qualtrics.com https://www.facebook.com https://sslstats.canadapost.ca https://*.wistia.com https://dpm.demdex.net https://csi.gstatic.com https://adservice.google.com https://*.googlesyndication.com https://*.g.doubleclick.net https://maps.googleapis.com https://vmss.boldchat.com https://www.linkedin.com https://canadapost.tt.omtrdc.net https://services.postcodeanywhere.co.uk https://embedwistia-a.akamaihd.net https://cdn.cookielaw.org https://geolocation.onetrust.com https://px.ads.linkedin.com https://google.com https://www.google.com; font-src 'self' https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://fonts.gstatic.com https://*.arcgis.com; form-action 'self' https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.canadapost.ca  https://*.epost.ca https://www.facebook.com https://google.com; frame-ancestors 'self' https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.canadapost.ca; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.epost.ca https://*.cpggpc.ca https://www.adobetag.com https://assets.adobedtm.com https://siteintercept.qualtrics.com  https://zn0xleir6swszany9-canadapostdigital.siteintercept.qualtrics.com https://connect.facebook.net https://snap.licdn.com https://z.moatads.com https://static.ads-twitter.com https://www.googletagmanager.com https://www.google.com https://www.googletagservices.com https://*.google-analytics.com https://*.googleadservices.com https://www.gstatic.com https://*.googlesyndication.com https://adservice.google.com https://adservice.google.ca https://maps.googleapis.com https://cdn.ampproject.org https://*.doubleclick.net https://*.twitter.com https://cdn.syndication.twimg.com https://dpm.demdex.net https://*.wistia.com https://*.frontlinesvc.com https://*.arcgis.com https://www.linkedin.com https://vmss.boldchat.com https://sb.scorecardresearch.com https://www.rnengage.com https://sjs.bizographics.com https://www.instagram.com https://secure.adnxs.com https://app.five9.com https://cdn.cookielaw.org; style-src 'self' 'unsafe-inline' https://*.frontlinesvc.com https://fonts.googleapis.com https://translate.googleapis.com https://*.twitter.com https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.epost.ca https://*.arcgis.com https://*.arcgisonline.com https://app.five9.com; report-uri https://www.canadapost-postescanada.ca/cwc/components/rs/csp-reports; 4
base-uri 'self'; connect-src 'self' https://*.google.com https://ada.matomo.cloud https://boards-api.greenhouse.io https://images.prismic.io https://o43253.ingest.sentry.io https://pagead2.googlesyndication.com https://www.gstatic.com https://bat.bing.com https://*.clarity.ms; default-src 'self'; font-src 'self'; form-action 'none'; frame-ancestors 'none'; frame-src https://*.enterprise.ada.com https://boards.greenhouse.io https://insight.adsrvr.org https://td.doubleclick.net https://tpc.googlesyndication.com https://www.youtube-nocookie.com; img-src 'self' data: https://ada.matomo.cloud https://adahealth.cdn.prismic.io https://assets.ada.com https://connect.facebook.net https://googleads.g.doubleclick.net https://images.prismic.io https://prismic-io.s3.amazonaws.com https://www.facebook.com https://pagead2.googlesyndication.com https://adservice.google.com https://www.google.com https://www.googletagmanager.com https://bat.bing.com https://*.clarity.ms; manifest-src 'self'; media-src 'self' https://adahealth.cdn.prismic.io; script-src 'self' 'unsafe-inline' https://*.matomo.cloud https://boards.greenhouse.io https://connect.facebook.net https://googleads.g.doubleclick.net https://js.adsrvr.org https://tpc.googlesyndication.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.youtube.com https://bat.bing.com https://www.clarity.ms; style-src 'self' 'unsafe-inline'; 4
default-src 'self'; script-src 'self' 'unsafe-inline' https://cdn-ukwest.onetrust.com/scripttemplates/ https://websdk.appsflyer.com/ https://www.google.com/recaptcha/enterprise.js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://cdn.segment.com https://static.moonpay.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline'; object-src 'none'; base-uri 'self'; connect-src 'self' https://www.moonpay.com https://api.moonpay.com https://api.coingecko.com https://cdn-ukwest.onetrust.com https://*.launchdarkly.com https://geolocation.onetrust.com https://vitals.vercel-insights.com https://*.google-analytics.com https://*.analytics.google.com https://logs.browser-intake-datadoghq.com https://cdn.segment.com https://otel-collector.moonpay.com https://otel-collector.moonpaycloud.com https://otel-collector.moonpay-staging.com; font-src 'self' https://static.moonpay.com; frame-src 'self' https://buy.moonpay.com https://sell.moonpay.com https://www.google.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; img-src 'self' https://cdn-ukwest.onetrust.com https://images.ctfassets.net https://static.moonpay.com; manifest-src 'self'; media-src 'self'; worker-src 'self'; frame-ancestors 'none'; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub4f9819648cf6c369f00daa5b3a3a0ea7&dd-evp-origin=content-security-policy&ddsource=csp-report 4
object-src 'none'; script-src * 'report-sample' 'unsafe-inline' 'unsafe-eval'; style-src * 'report-sample' 'unsafe-inline'; webrtc 'block'; worker-src 'self'; base-uri 'self'; form-action 'self'; frame-ancestors 'self' 4
default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; 4
default-src 'self';script-src 'self' https://cdn-cookieyes.com https://www.googletagmanager.com https://www.influ2.com https://www.youtube.com https://js.hubspot.com https://js.hsforms.net https://script.hotjar.com https://www.google.com https://sc.lfeeder.com https://snap.licdn.com https://static.hotjar.com https://cdn.heapanalytics.com https://connect.facebook.net https://js.hsadspixel.net https://js.hscollectedforms.net https://www.gstatic.com https://js.hs-banner.com https://static.doubleclick.net https://googleads.g.doubleclick.net https://www.googleadservices.com https://js.hs-analytics.net https://js.hs-scripts.com https://static.hsappstatic.net https://js.storylane.io 'unsafe-inline' 'unsafe-eval';connect-src 'self' https://*.hotjar.com https://*.hubspot.com https://cdn.heapanalytics.com https://connect.facebook.net https://sc.lfeeder.com https://www.influ2.com https://snap.licdn.com https://t.influ2.com https://forms.hsforms.com https://log.cookieyes.com https://cdn-cookieyes.com https://www.google.com https://directory.cookieyes.com https://px.ads.linkedin.com https://api.hubapi.com https://forms.hscollectedforms.net https://region1.analytics.google.com https://surveystats.hotjar.io wss://ws.hotjar.com https://content.hotjar.io https://metrics.hotjar.io https://heapanalytics.com https://www.google.pl https://google.com https://region1.google-analytics.com https://ipapi.co https://stats.g.doubleclick.net https://dxp-au-search.funnelback.squiz.cloud https://www.facebook.com;frame-src 'self' https://www.youtube.com https://*.doubleclick.net https://www.google.com https://www.googletagmanager.com https://js.hubspot.com https://www.facebook.com https://forms.hsforms.com https://meetings.hubspot.com https://squiz.storylane.io;img-src 'self' data: https:; style-src 'self' 'unsafe-inline' https:;font-src 'self' https:;object-src 'self' https://www.youtube.com; 4
img-src https: data: blob:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'; 4
default-src 'self' 'unsafe-inline' data: *.marianatek.com *.cookielaw.org *.chilipiper.com *.googletagmanager.com *.google.com *.gstatic.com *.cloudflare.com *.youtube.com *.youtube-nocookie.com *.vimeo.com *.licdn.com *.facebook.net *.clarity.ms *.google-analytics.com *.hs-scripts.com *.doubleclick.net https://unpkg.com/;upgrade-insecure-requests; 4
default-src 'self';  script-src 'report-sample' 'self' 'unsafe-inline'  'unsafe-eval' *.hubspot.com *.cookielaw.org  *.cdntwrk.com *.wistia.com *.wistia.net *.q2.com *.sentry-cdn.com *.clarity.ms *.google.com  *.googletagmanager.com *.googleapis.com *.googleadservices.com *.gstatic.com *.hsappstatic.com *.hsappstatic.net *.hubspot.net *.hs-banner.com *.hsadspixel.com *.hsadspixel.net *.hs-analytics.com *.hs-analytics.net *.licdn.com *.marketo.net *.marketo.com *.zoominfo.com *.bizible.com *.6sc.co *.qualified.com *.segment.com *.bugcrowd.com *.bugcrowdusercontent.com bugcrowd.com *.jsdeliver.net *.jsdelivr.net *.cloudflare.com *.doubleclick.net *.youtube.com *.hubspotusercontent-na1.net *.pathfactory.com *.zuddl.com; style-src 'self' *.q2.com 'report-sample' 'unsafe-inline' *.cdntwrk.com *.googleapis.com *.hsappstatic.net *.hubspot.net *.jsdeliver.net *.jsdelivr.net *.marketo.com 7044196.fs1.hubspotusercontent-na1.net 7044196.fs2.hubspotusercontent-na1.net *.hubspotusercontent-na1.net *.pathfactory.com *.googletagmanager.com *.zuddl.com;   object-src 'none'; base-uri 'self';  connect-src 'self' *.mktoresp.com *.hubspotusercontent-na1.net *.google.com *.hubspot.com *.hs-banner.com *.onetrust.com *.cookielaw.org *.wistia.com *.embed-cloudfront.wistia.com *.wistia.com *.6sc.co *.6sense.com *.qualified.com wss://*.qualified.com *.segment.com *.segment.io *.linkedin.com *.google-analytics.com *.clarity.ms *.hubapi.com *.doubleclick.com https://stats.g.doubleclick.net *.zoominfo.com *.adnxs.com *.litix.io *.marketo.com *.doubleclick.net *.youtube.com *.pathfactory.com *.zuddl.com api.prod.zuddl.com;  font-src 'self' data: *.gstatic.com *.cdntwrk.com *.wistia.com 7044196.fs1.hubspotusercontent-na1.net *.pathfactory.com *.zuddl.com;  frame-src 'self' *.q2.com *.qualified.com *.doubleclick.net *.wistia.net *.gstatic.com *.google.com *.googletagmanager.com *.bugcrowd.com bugcrowd.com *.hubspotvideo.com *.marketo.com *.youtube.com *.pathfactory.com *.uberflip.com *.zuddl.com; img-src 'self' *.q2.com data: *.hubspotusercontent-na1.net *.hsappstatic.net *.6sc.co *.cdntwrk.com *.cookielaw.org *.wistia.com *.hsforms.com *.linkedin.com *.hubspot.com *.hubspot.net *.bizible.com *.cloudinary.com *.clarity.ms *.bing.com *.googletagmanager.com *.placeholder.com *.marketo.com googleads.g.doubleclick.net *.doubleclick.net *.google.com *.doubleclick.net *.youtube.com *.hubspotusercontent40.net *.pathfactory.com *.bizibly.com *.gstatic.com *.zuddl.com *.imgix.net;  manifest-src 'self';  media-src 'self' *.q2.com 7044196.fs1.hubspotusercontent-na1.net 7044196.fs2.hubspotusercontent-na1.net 7044196.fs1.hubspotusercontent-eu1.net 7044196.fs2.hubspotusercontent-eu1.net *.marketo.com blob: *.doubleclick.net *.youtube.com *.pathfactory.com;  form-action 'self' *.marketo.com *.mktoweb.com *.zuddl.com; frame-ancestors 'self' *.q2.com *.pathfactory.com *.lookbookhq.com; report-to https://343747560e392f7a31ae9a0247c09302.report-uri.com/r/d/csp/reportOnly 4
default-src * data: mediastream: blob: filesystem: about: ws: wss: 'unsafe-eval' 'wasm-unsafe-eval' 'unsafe-inline' 4
default-src 'self' *.unrealengine.com *.epicgames.com *.epicgames.net cdn.cookielaw.org *.hcaptcha.com sentry.io *.youtube-nocookie.com epicgames-privacy.my.onetrust.com cloudflare.epicgamescdn.com *.launchdarkly.com player.vimeo.com edc-cdn.net; style-src 'self' 'unsafe-inline' wasm-eval: fonts.googleapis.com *.unrealengine.com *.epicgames.com *.epicgames.net cdn.cookielaw.org *.hcaptcha.com sentry.io *.youtube-nocookie.com epicgames-privacy.my.onetrust.com cloudflare.epicgamescdn.com *.launchdarkly.com player.vimeo.com edc-cdn.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.unrealengine.com *.epicgames.com *.epicgames.net cdn.cookielaw.org *.hcaptcha.com sentry.io *.youtube-nocookie.com epicgames-privacy.my.onetrust.com cloudflare.epicgamescdn.com *.launchdarkly.com player.vimeo.com edc-cdn.net; script-src-elem 'self' 'unsafe-inline' blob: *.unrealengine.com *.epicgames.com *.epicgames.net cdn.cookielaw.org *.hcaptcha.com sentry.io *.youtube-nocookie.com epicgames-privacy.my.onetrust.com cloudflare.epicgamescdn.com *.launchdarkly.com player.vimeo.com edc-cdn.net; font-src 'self' data: fonts.gstatic.com *.unrealengine.com *.epicgames.com *.epicgames.net cdn.cookielaw.org *.hcaptcha.com sentry.io *.youtube-nocookie.com epicgames-privacy.my.onetrust.com cloudflare.epicgamescdn.com *.launchdarkly.com player.vimeo.com edc-cdn.net; connect-src 'self' data: maps.googleapis.com cdnml.global-cache.online *.unrealengine.com *.epicgames.com *.epicgames.net cdn.cookielaw.org *.hcaptcha.com sentry.io *.youtube-nocookie.com epicgames-privacy.my.onetrust.com cloudflare.epicgamescdn.com *.launchdarkly.com player.vimeo.com edc-cdn.net; frame-src 'self' data: *.unrealengine.com *.epicgames.com *.epicgames.net cdn.cookielaw.org *.hcaptcha.com sentry.io *.youtube-nocookie.com epicgames-privacy.my.onetrust.com cloudflare.epicgamescdn.com *.launchdarkly.com player.vimeo.com edc-cdn.net; frame-ancestors 'none'; img-src 'self' data: *.ytimg.com img.youtube.com maps.gstatic.com *.unrealengine.com *.epicgames.com *.epicgames.net cdn.cookielaw.org *.hcaptcha.com sentry.io *.youtube-nocookie.com epicgames-privacy.my.onetrust.com cloudflare.epicgamescdn.com *.launchdarkly.com player.vimeo.com edc-cdn.net; 4
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com cdn.jsdelivr.net cdn.almapay.com *.bglobale.com *.global-e.com *.fontawesome.com fonts.googleapis.com https://cdnjs.cloudflare.com 'self' data: *.cdnfonts.com globale-prod.s3-eu-west-1.amazonaws.com *.iadvize.com *.kameleoon.com ncspublicasset.s3.eu-west-3.amazonaws.com *.onestock-retail.io s3-eu-west-1.amazonaws.com *.sensefuel.live data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.getalma.eu *.almapay.com/ *.stripe.com/ *.checkout.com/ *.adyen.com/ *.bglobale.com *.global-e.com *.google.com/ *.onestock-retail.com/ payment.direct.worldline-solutions.com payment.preprod.direct.worldline-solutions.com payment.anzworldline-solutions.com.au payment.preprod.anzworldline-solutions.com.au payment.payone.com payment.preprod.payone.com *.bing.com *.cookiebot.com *.criteo.com *.criteo.net *.doubleclick.net *.effiliation.com *.facebook.com *.goodays.co *.googletagmanager.com *.iadvize.com *.pinterest.com *.snapchat.com vimeo.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.bglobale.com *.global-e.com *.googleapis.com https://www.magezon.com *.openstreetmap.org maps.googleapis.com maps.gstatic.com https://www.google.fr https://api.mapbox.com *.tile.openstreetmap.org https://maps.googleapis.com https://maps.gstatic.com *.hsforms.net *.hsforms.com 'self' data: *.adform.net *.adnxs.com *.advalo.com *.affilae.com *.batch.com *.bing.com *.bing.net *.bocage.eu *.bocage.fr bucket-ip-website.s3.eu-central-1.amazonaws.com *.contentsquare.net *.cookiebot.com *.criteo.com *.criteo.net d1oco4z2z1fhwp.cloudfront.net d3e54v103j8qbb.cloudfront.net *.doubleclick.net *.ebuyclub.com *.eram.eu *.eram.fr *.facebook.com *.facebook.net *.ggpht.com *.googleadservices.com *.google-analytics.com www.google.ad www.google.ae www.google.al www.google.am www.google.at www.google.az www.google.ba www.google.be www.google.bf www.google.bg www.google.bi www.google.bj www.google.bs www.google.by www.google.ca www.google.cd www.google.cf www.google.cg www.google.ch www.google.ci www.google.cl www.google.cm www.google.co.ao www.google.co.bw www.google.co.ck www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ls www.google.co.ma www.google.com.af www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bh www.google.com.bn www.google.com.bo www.google.com.br www.google.com.co www.google.com.cu www.google.com.cy www.google.com.do www.google.com.ec www.google.com.eg www.google.com.et www.google.com.fj www.google.com.gh www.google.com.gt www.google.com.hk www.google.com.jm www.google.com.kh www.google.com.kw www.google.com.lb www.google.com.ly www.google.com.mm www.google.com.mt www.google.com.mx www.google.com.my www.google.com.na www.google.com.ng www.google.com.ni www.google.com.np www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.com.pr www.google.com.py www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.sl www.google.com.sv www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vn www.google.co.mz www.google.co.nz www.google.co.th www.google.co.tz www.google.co.ug www.google.co.uk www.google.co.uz www.google.co.ve www.google.co.za www.google.co.zm www.google.co.zw www.google.cv www.google.cz www.google.de www.google.dj www.google.dk www.google.dz www.google.ee www.google.es www.google.fi www.google.fr www.google.ga www.google.ge www.google.gg www.google.gl www.google.gm www.google.gr www.google.hn www.google.hr www.google.ht www.google.hu www.google.ie www.google.im www.google.iq www.google.is www.google.it www.google.je www.google.jo www.google.kg www.google.kz www.google.la www.google.li www.google.lk www.google.lt www.google.lu www.google.lv www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.mn www.google.mu www.google.mv www.google.mw www.google.ne www.google.nl www.google.no www.google.pl www.google.ps www.google.pt www.google.ro www.google.rs www.google.ru www.google.rw www.google.sc www.google.se www.google.si www.google.sk www.google.sn www.google.so www.google.sr www.google.st www.google.td www.google.tg www.google.tm www.google.tn www.google.tt www.google.vu *.google.com google.com *.googlesyndication.com *.googletagmanager.com *.googleusercontent.com *.iadvize.com joko-mobile-app-media.s3.eu-west-1.amazonaws.com *.kameleoon.com *.kameleoon.eu *.lgw.io *.mellowyellow.com *.mellowyellow.eu *.mmtro.com mmtro.com *.onestock-retail.io *.openx.net *.outbrain.com *.pinterest.com s3-eu-west-1.amazonaws.com *.sensefuel.live *.smartadserver.com *.snapchat.com *.taboola.com *.teads.tv *.tiktok.com *.twiago.com us-central1-shopmyinfluens.cloudfunctions.net *.xiti.com data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com cdn.jsdelivr.net *.bglobale.com *.global-e.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com https://cdnjs.cloudflare.com https://maps.googleapis.com *.hsforms.net *.hsforms.com *.gstatic.com *.addthis.com payment.direct.worldline-solutions.com payment.preprod.direct.worldline-solutions.com payment.anzworldline-solutions.com.au payment.preprod.anzworldline-solutions.com.au payment.payone.com payment.preprod.payone.com *.adform.net *.affilae.com *.aticdn.net *.batch.com *.bing.com *.contentsquare.net *.cookiebot.com *.criteo.com *.criteo.net critizr.com d3e54v103j8qbb.cloudfront.net *.doubleclick.net dqfw2hlp4tfww.cloudfront.net *.eram.fr *.facebook.net *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.hotjar.com *.iadvize.com *.jquery.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io *.lgw.io *.mmtro.com mmtro.com *.onestock-retail.io *.pinimg.com *.pinterest.com sc-static.net *.sensefuel.com *.sensefuel.live *.snapchat.com *.taboola.com *.tiktok.com *.vimeo.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; style-src *.adobe.com fonts.googleapis.com cdn.jsdelivr.net *.bglobale.com *.global-e.com *.gstatic.com *.googleapis.com *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com *.goodays.co *.googletagmanager.com *.iadvize.com *.kameleoon.com *.onestock-retail.io semji.github.io *.sensefuel.live *.typekit.net 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.bing.com *.fbcdn.net *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.getalma.eu *.almapay.com maps.googleapis.com https://nominatim.openstreetmap.org https://maps.googleapis.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com payment.direct.worldline-solutions.com payment.preprod.direct.worldline-solutions.com payment.anzworldline-solutions.com.au payment.preprod.anzworldline-solutions.com.au payment.payone.com payment.preprod.payone.com *.adnxs.com *.advalo.com *.affilae.com *.batch.com *.bing.com *.bing.net *.contentsquare.net *.cookiebot.com *.criteo.com *.doubleclick.net *.eram.fr *.facebook.com *.facebook.net *.goodays.co *.googleadservices.com *.googleapis.com www.google.be www.google.ca www.google.co.id www.google.es www.google.fr www.google.ge www.google.it *.googlesyndication.com *.gstatic.com *.hotjar.com *.hotjar.io *.iadvize.com *.instagram.com *.jquery.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io *.onestock-retail.io *.pinterest.com *.sensefuel.live *.snapchat.com *.taboola.com *.teads.tv *.tiktok.com *.typekit.net 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://ab48b69d-84be-485e-b94f-4ed50b3a5780.sansec.watch/; report-to report-endpoint; 4
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri https://csp-report.envytools.com 4
font-src data: *.gstatic.com *.tryggehandel.net tryggehandel.net *.googleapis.com googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.collector.se *.cardinalcommerce.com *.jobylon.com *.doubleclick.net *.proffs.se *.walleydev.com *.walleypay.com doubleclick.net *.dotdigital-pages.com *.dotdigital.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com googleadservices.com google-analytics.com *.magentocommerce.com *.s.ytimg.com *.googleadservices.com *.google-analytics.com *.googleapis.com googleapis.com *.gstatic.com *.collector.se *.adnxs.com *.byggmax.se *.byggmax.no *.byggmax.fi *.byggmax.dk *.byggmax.com byggmax.se byggmax.no byggmax.fi byggmax.com byggmax.dk www.byggmax.se www.byggmax.no www.byggmax.fi www.byggmax.dk *.bing.com bing.com *.teads.tv teads.tv *.smartadserver.com smartadserver.com *.rubiconproject.com rubiconproject.com *.3lift.com 3lift.com *.smaato.net *.taboola.com taboola.com *.doubleclick.com *.360yield.com 360yield.com *.yahoo.com *.casalemedia.com casalemedia.com *.openx.net *.sharethrough.com sharethrough.com *.bidswitch.net *.pubmatic.com pubmatic.com *.omnitagjs.com omnitagjs.com *.yieldmo.com yieldmo.com *.ivitrack.com ivitrack.com *.advertising.com *.stickyadstv.com *.media.net media.net *.doubleclick.net *.e-planning.net *.clmbtech.com *.adform.net adform.net *.liadm.com *.postrelease.com postrelease.com *.smartclip.net *.krxd.net *.ad-stir.com *.outbrain.com outbrain.com *.tremorhub.com tremorhub.com *.demdex.net *.pingdom.net *.adscale.de *.twiago.com *.google.com *.google.se *.bluekai.com *.wisepops.com *.tapad.com *.mgid.com *.rambler.ru *.thebrighttag.com *.walleypay.com *.1rx.io 1rx.io id5-sync.com *.id5-sync.com *.mediavine.com mediavine.com *.yieldlab.net yieldlab.net *.emxdgt.com emxdgt.com *.unrulymedia.com unrulymedia.com *.tryggehandel.net tryggehandel.net adnxs.com cm.g.doubleclick.net bidswitch.net www.facebook.com *.quantserve.com quantserve.com *.trackedlink.net https://cdn.flbx.io data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google-analytics.com *.collector.se *.assets.adobedtm.com *.authorize.net *.geostag.cardinalcommerce.com *.paypal.com *.vimeo.com *.ccdc02.com google.com *.braintreegateway.com *.ytimg.com *.signifyd.com *.adnxs.com adnxs.com adtr.io *.googletagmanager.com *.trackedlink.net *.jobylon.com *.doubleclick.net doubleclick.net *.googleapis.com googleapis.com *.byggmax.se *.byggmax.no *.byggmax.fi *.byggmax.com *.byggmax.dk byggmax.se byggmax.no byggmax.fi byggmax.com byggmax.dk www.byggmax.se www.byggmax.no www.byggmax.fi www.byggmax.dk *.bing.com *.hotjar.com hotjar.com bing.com *.cloudflare.com *.wisepops.com *.facebook.net facebook.net *.quantserve.com quantserve.com *.quantcount.com *.cloudflareinsights.com *.pingdom.net pingdom.net *.getflowbox.net *.kuvio.io kuvio.io *.walleydev.com *.tryggehandel.net tryggehandel.net *.dynamicyield.com dynamicyield.com *.testfreaks.com testfreaks.com *.walleypay.com *.videoly.co dialogtrail.com *.dialogtrail.com wisepops.net *.wisepops.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal https://cdn.flbx.io https://connect.getflowbox.com http://connect.getflowbox.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com googleapis.com *.byggmax.se *.byggmax.no *.byggmax.fi *.byggmax.dk www.byggmax.se www.byggmax.no www.byggmax.fi www.byggmax.dk 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.flbx.io flbx.io 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com *.wisepops.com *.google-analytics.com google-analytics.com *.collector.se *.pingdom.net pingdom.net *.adnxs.com adnxs.com *.walleydev.com *.walleypay.com *.dynamicyield.com dynamicyield.com www.google.com google.com *.google.com *.doubleclick.net doubleclick.net *.dialogtrail.com dialogtrail.com *.ebbot.app ebbot.app *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com https://*.amazonaws.com https://cdn.flbx.io https://connect.getflowbox.com http://connect.getflowbox.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 4
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com fonts.googleapis.com *.fontawesome.com data: https://fonts.gstatic.com https://fonts.googleapis.com https://*.sovendus.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.adyen.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.adyen.com js.mollie.com https://vars.hotjar.com https://www.pinterest.fr https://www.pinterest.com https://www.google.com https://*.sovendus.com https://www.sovendus-benefits.com https://www.sovendus-campaign.com https://www.sovendus-connect.com https://www.sovendus-network.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.adyen.com *.bird.eu a.tile.openstreetmap.org b.tile.openstreetmap.org c.tile.openstreetmap.org *.openstreetmap.org maps.googleapis.com maps.gstatic.com https://cdn.flbx.io magefan.com cm.magefan.com https://www.mollie.com https://www.google-analytics.com https://www.google.com https://www.google.fr *.ggpht.com *.googleapis.com https://maps.gstatic.com https://log.pinterest.com *.mondialtissus.fr *.mondialtissus.de *.mondialtissus.es *.mondialtissus.it *.mondialtissus.nl *.mondialtissus.se data: https://*.sovendus.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com https://www.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.adyen.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com https://cdn.flbx.io *.getflowbox.com http://connect.getflowbox.com js.mollie.com https://sdk.privacy-center.org https://www.google-analytics.com https://www.analytics.google.com https://www.googleadservices.com https://www.googletagmanager.com https://wwww.paypalobjects.com https://s.ytimg.com https://maps.googleapis.com https://www.gstatic.com/recaptcha https://js.mollie.com https://france.mondialtissus.fr https://cdnjs.cloudflare.com https://assets.pinterest.com https://static.zdassets.com https://ekr.zdassets.com https://apis.google.com https://mondialtissus.zendesk.com https://admin.mondialtissus.fr 'unsafe-inline' https://*.sovendus.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com https://fonts.googleapis.com 'unsafe-inline' https://*.sovendus.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.adyen.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io maps.googleapis.com https://*.amazonaws.com https://cdn.flbx.io https://connect.getflowbox.com http://connect.getflowbox.com https://www.google-analytics.com *.hotjar.com https://ekr.zdassets.com https://maps.googleapis.com https://mondialtissus.zendesk.com https://a.getflowbox.com https://*.sovendus.com https://www.sovendus-benefits.com https://www.sovendus-campaign.com https://www.sovendus-connect.com https://www.sovendus-network.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri https://d6tizftlrpuof.cloudfront.net 'self' 'unsafe-inline'; 4
font-src *.fontawesome.com cdnjs.cloudflare.com *.typekit.net fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com api.bazaarvoice.com stg.api.bazaarvoice.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.zuora.com *.worldpay.com theteachingcompanysalesllc.demdex.net *.pinterest.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com theteachingcompany.d1.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com https://images.unsplash.com *.teach12.com *.thegreatcoursesplus.com prd.jwpltx.com *.pinterest.com bat.bing.com *.amazon-adsystem.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com *.avada.io cdnjs.cloudflare.com *.fontawesome.com acsbap.com acsbapp.com *.acsbap.com *.acsbapp.com *.teach12.com *.tiqcdn.com cltgtstor001.blob.core.windows.net *.gstatic.com *.zuora.com *.worldpay.com *.jwpcdn.com analytics.tiktok.com *.bitmovin.com *.visioncritical.com bat.bing.com www.dwin1.com *.amazon-adsystem.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com display.ugc.bazaarvoice.com *.fontawesome.com cdnjs.cloudflare.com *.typekit.net fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.teach12.com *.bitmovin.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com https://get.geojs.io *.avada.io theteachingcompany.d1.sc.omtrdc.net *.fontawesome.com *.acsbap.com *.acsbapp.com *.bitmovin.com *.slgnt.us *.tgcmag.com *.thegreatcourses.com *.theplatform.com teachco-mp4.akamaized.net *.cloudfunctions.net *.pinterest.com analytics.tiktok.com *.tealiumiq.com *.amazon-adsystem.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 4
worker-src 'self' blob: *.logrocket.com *.logrocket.io; font-src https://*.gstatic.com data: *.adyen.com *.bootstrapcdn.com *.googleapis.com *.gstatic.com *.bounceexchange.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.bounceexchange.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net player.vimeo.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' *.bing.com *.doubleclick.net *.omtrdc.net *.criteo.net *.bounceexchange.com *.onetrust.com *.cookielaw.org www.xtento.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * zip.co sandbox.zip.co zipmoney.com.au sandbox.zipmoney.com.au checkout.gb.zip.co checkout.quadpay.com checkout-sandbox.quadpay.com 'self' 'unsafe-inline'; img-src *.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com validator.swagger.io *.adyen.com https://*.gstatic.com https://static.afterpay.com https://site-assets.afterpay.com/ *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.doubleclick.net *.bing.com *.omtrdc.net *.paypal.com www.xtento.com *.afterpay.com *.scarabresearch.com *.emarsys.net *.tiktok.com *.riskified.com *.bounceexchange.com *.bouncex.net *.micpn.com *.gstatic.com *.equalweb.com *.snapchat.com *.onetrust.com *.cookielaw.org cdn.xtento.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: t.zip.co static.zipmoney.com.au data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com https://js.sandbox.afterpay.com https://js.afterpay.com *.plugins.emarsys.net *.scarabresearch.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' *.bootstrapcdn.com *.cloudflare.com *.cloudfront.net *.attraqt.io *.logrocket.io *.agilone.com/ *.wknd.ai *.micpn.com *.tiktok.com *.bing.com *.usabilla.com *.doubleclick.net *.omtrdc.net *.mastercard.com *.visa.com *.zipmoney.com.au *.riskified.com *.google.com *.emarsys.net *.inside-graph.com *.criteo.net *.zip.co *.trendii.com *.pinimg.com *.pinterest.com *.quantserve.com *.criteo.com *.snapchat.com sc-static.net *.qualtrics.com *.quantcount.com *.bounceexchange.com *.rmtag.com *.logrocket.com *.equalweb.com *.weglot.com *.onetrust.com *.cookielaw.org www.xtento.com cdn.xtento.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com static.zipmoney.com.au zip.co 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://fonts.googleapis.com/ static.afterpay.com/ js.sandbox.afterpay.com js.afterpay.com 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' *.adyen.com *.bootstrapcdn.com *.riskified.com *.googleapis.com *.quantserve.com *.bounceexchange.com *.equalweb.com *.weglot.com *.onetrust.com *.cookielaw.org unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'self' 'unsafe-inline'; manifest-src 'self' 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com static.afterpay.com static.sandbox.afterpay.com js.sandbox.afterpay.com js.afterpay.com *.scarabresearch.com *.eservice.emarsys.net *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' *.bing.com *.doubleclick.net *.omtrdc.net *.tiktok.com *.riskified.com *.criteo.net *.criteo.com *.snapchat.com sc-static.net *.trendii.com *.quantcount.com *.bounceexchange.com *.logrocket.io *.google.com *.logrocket.com *.quantserve.com *.bouncex.net *.equalweb.com *.weglot.com *.onetrust.com *.cookielaw.org api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 4
font-src * data:;img-src * data:;frame-src	'self'    *.sevenrooms.com    *.doubleclick.net     *.smartrecruiters.com     *.adyen.com     *.pinterest.com    *.googleadservices.com    *.google.com	*.googletagmanager.com	*.cardinalcommerce.com	sevenrooms.com	*.americanexpress.com	*.securesuite.co.uk	secure7.arcot.com	*.rsa3dsauth.co.uk	mycardsecure.com	www.mycardsecure.com	dupe.com	*.opentable.com.au;script-src    'self'	*.curator.io 	*.google-analytics.com 	*.googletagmanager.com	*.google.com	*.licdn.com 	*.clarity.ms	*.gstatic.com	*.facebook.net	*.pinimg.com	*.smartrecruiters.com	*.hotjar.com	cdn-cookieyes.com    'unsafe-eval'    'unsafe-inline'	data:;script-src-elem	'self'	'unsafe-inline' 	*.facebook.net	*.licdn.com	*.google.com	*.googletagmanager.com	https://www.googletagmanager.com	*.googleadservices.com	*.google-analytics.com	*.gstatic.com	*.smartrecruiters.com	*.curator.io	*.clarity.ms	*.pinimg.com	*.hotjar.com	cdn-cookieyes.com;style-src-elem    'self'	*.honey.io	*.google.com    *.curator.io	*.smartrecruiters.com	*.facebook.net	*.clarity.ms    'unsafe-inline';connect-src	'self'    *.facebook.com	*.google.com	*.google-analytics.com	*.googleapis.com	melprdwebsite.azurewebsites.net	crownkentico-prd-as-csearch.search.windows.net	*.pinterest.com	*.doubleclick.net    *.curator.io	*.clarity.ms	*.linkedin.com	*.datatoolscloud.net.au	*.hotjar.io 	*.adyen.com	*.cookieyes.com	cdn-cookieyes.com	ws://localhost:12387	wss://ws.hotjar.com	https://www.google.com/	data:;report-uri /api/logs/csp-report;report-to csp-endpoint; 4
font-src fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com *.authorize.net *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com pay.google.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com *.authorize.net *.weltpixel.com *.googletagmanager.com *.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.gstatic.com magefan.com cm.magefan.com *.disqus.com https://img.youtube.com mageside.com *.gstatic.com *.facebook.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.online-metrix.net testflex.cybersource.com flex.cybersource.com pay.google.com x.klarnacdn.net centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.kaptcha.com *.disqus.com *.authorize.net *.googletagmanager.com *.googleadservices.com *.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.clarity.ms *.klaviyo.com unpkg.com *.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.tagmanager.google.com *.googletagmanager.com fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.kaptcha.com *.authorize.net www.googleapis.com *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.doubleclick.net *.run.app 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 4
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.googleapis.net data: *.acsbapp.com *.bootstrapcdn.com *.fontawesome.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com api.bazaarvoice.com stg.api.bazaarvoice.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.adyen.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.pinterest.com *.hotjar.com www.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.xtento.com *.google.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.adyen.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com *.facebook.com *.b0e8.com *.dynamicyield.com *.pinterest.com *.e.aa.online-metrix.net *.acsbapp.com *.cookielaw.org *.bing.com *.yahoo.com *.google.co.in google.co.in *.listrakbi.com *.gstatic.com all-clad.com *.all-clad.com emjcd.com *.emjcd.com *.dotomi.com *.espssl.com *.clarity.ms *.tagcommander.com *.adsrvr.org *.rubiconproject.com *.g.doubleclick.net https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com www.xtento.com cdn.xtento.com 'self' data: https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com *.magento-datasolutions.com *.magento-ds.com *.adyen.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com *.ugc.bazaarvoice.com *.listrakbi.com *.nr-data.net *.facebook.net *.b0e8.com *.bc0a.com *.cookielaw.org *.dynamicyield.com *.tagcommander.com *.cloudflare.com *.newrelic.com *.yimg.com *.pinimg.com *.hotjar.com www.google.com *.mczbf.com analytics.tiktok.com *.acsbapp.com acsbapp.com *.salesforceliveagent.com *.force.com *.curalate.com *.noibu.com *.pinterest.com *.online-metrix.net *.googleapis.com *.bing.com *.vimeo.com *.amazonaws.com *.clarity.ms click2cart.com *.adsrvr.org *.aggregated-data.com *.cloudfront.net *.amazon-adsystem.com *.tkrconnector.com s7.addthis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com www.xtento.com cdn.xtento.com *.google.com *.gstatic.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com https://h64.online-metrix.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com *.magento-datasolutions.com *.magento-ds.com display.ugc.bazaarvoice.com *.listrakbi.com *.ugc.bazaarvoice.com *.typekit.net *.force.com *.bootstrapcdn.com *.espssl.com *.cloudfront.net *.fontawesome.com unsafe-inline assets.braintreegateway.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com *.snplow.net commerce.adobedc.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com commerce.adobe.io performance.typekit.net *.magento-datasolutions.com *.magento-ds.com *.adobe.io *.adyen.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.dynamicyield.com *.cookielaw.org *.nr-data.net *.g.doubleclick.net *.listrak.com *.listrakbi.com analytics.tiktok.com *.pinterest.com *.hotjar.com *.yimg.com google.co.in *.mczbf.com *.bc0a.com *.googleapis.com facebook.com *.acsbapp.com *.click2cart.com *.clarity.ms *.aggregated-data.com *.curalate.com *.noibu.com wss://input.noibu.com *.onetrust.com *.bing.com ekr.zdassets.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.google-analytics.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com account.groupeseb.com *.salesforceliveagent.com *.salesforce.com *.force.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 4
script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://googleads.g.doubleclick.net/pagead/viewthroughconversion/ https://translate.google.com/translate_a/element.js https://www.youtube.com/iframe_api https://www.googletagmanager.com/gtag/js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/destination https://www.gstatic.com/_/mss/boq-one-google/_/ https://www.gstatic.com/og/_/js/ https://apis.google.com/js/api.js https://apis.google.com/js/client.js https://www.google.com/tools/feedback/chat_load.js https://www.google.com/tools/feedback/help_api.js https://www.google.com/tools/feedback/load.js https://www.google.com/tools/feedback/open.js https://www.google.com/tools/feedback/open_to_help_guide_lazy.js https://www.gstatic.com/feedback/js/ https://www.gstatic.com/feedback/js/help/prod/service/lazy.min.js https://www.gstatic.com/inproduct_help/api/main.min.js https://www.gstatic.com/inproduct_help/chatsupport/chatsupport_button_v2.js https://www.gstatic.com/inproduct_help/service/lazy.min.js https://www.gstatic.com/uservoice/feedback/client/web/live/ https://www.gstatic.com/uservoice/surveys/resources/prod/js/survey/ https://www.gstatic.com/_/mss/boq-chrome-webstore/_/js/k=boq-chrome-webstore.ChromeWebStoreConsumerFeUi.en_US.1zGTqRg4qqQ.es5.O/ https://apis.google.com/_/scs/abc-static/_/js/ https://www.youtube.com/s/player/ https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/ChromeWebStoreConsumerFeUi/cspreport/fine-allowlist 4
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.klevu.com *.ksearchnet.com *.fontawesome.com *.cloudflare.com *.googleapis.com *.zopim.com *.tawk.to *.jsdelivr.net media.flixfacts.com 'unsafe-inline' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com oppwa.com *.oppwa.com peachpayments.com *.peachpayments.com *.facebook.com webchat.jdg.co.za *.jdg.co.za 'self' 'unsafe-inline'; frame-ancestors *.hana.ondemand.com 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com oppwa.com *.oppwa.com peachpayments.com *.peachpayments.com *.nosto.com *.issuu.com *.hotjar.com *.hotjar.io *.googletagmanager.com *.criteo.net *.criteo.com *.addthis.com *.facebook.com webchat.jdg.co.za *.jdg.co.za map.pargo.co.za 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com 'unsafe-inline' data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com https://widgets.payflex.co.za oppwa.com *.oppwa.com *.peachpayments.com *.eu-west-1.amazonaws.com *.cloudflare.com *.google.com *.google.lv *.google.co.za *.google.com.na *.google.na *.zopim.com *.nosto.com *.hotjar.com *.hotjar.io *.googletagmanager.com *.zopim.io *.sfdr.co sfdr.co *.tawk.to tawk.link *.tawk.link *.addthis.com *.jsdelivr.net *.facebook.com *.azurewebsites.net maps.googleapis.com app.mobicredwidget.co.za amcglobal.sc.omtrdc.net media.flixcar.com rt.flix360.com assets.secure.checkout.visa.com data: 'self' 'unsafe-inline'; script-src geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://browser.sentry-cdn.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com https://widgets.payflex.co.za https://partpayassets.blob.core.windows.net *.oppwa.com oppwa.com *.peachpayments.com worldtimeapi.org *.zopim.com *.videoly.co sfdr.co *.cnetcontent.com *.cloudfront.net *.newrelic.com *.google.lv *.google.co.za *.google.com.na *.google.na *.cloudflare.com *.cloudflareinsights.com *.nosto.com *.hotjar.com *.googletagmanager.com *.criteo.net *.criteo.com *.sfdr.co *.tawk.to *.tawk.link *.jsdelivr.net *.addthis.com *.addthisedge.com *.moatads.com *.mouseflow.com *.nr-data.net *.facebook.com *.what3words.com maps.googleapis.com commerce.adobedtm.com magento-recs-sdk.adobe.net static.zdassets.com app.mobicredwidget.co.za www.gstatic.com bam.nr-data.net js.testfreaks.com media.flixfacts.com media.flixcar.com security-hub.vaimo.network https://js.klevu.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com https://static.klaviyo.com *.klevu.com *.ksearchnet.com *.fontawesome.com oppwa.com *.oppwa.com *.peachpayments.com *.cloudflare.com *.googleapis.com *.jsdelivr.net www.gstatic.com media.flixcar.com 'unsafe-inline' data: https://statsjs.klevu.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://*.ingest.sentry.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com oppwa.com *.oppwa.com *.peachpayments.com *.testfreaks.com *.nosto.com *.hotjar.io *.hotjar.com *.doubleclick.net *.zendesk.com *.tawk.to wss://*.tawk.to *.tawk.link *.addthis.com *.addthisedge.com *.nr-data.net *.what3words.com *.googleapis.com vsb111.tawk.to ekr.zdassets.com api.magento.com commerce.adobedc.net app.mobicredwidget.co.za wss://widget-mediator.zopim.com bam.nr-data.net *.googletagmanager.com security-hub.vaimo.network 'unsafe-eval' data: 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 4
font-src fonts.gstatic.com use.typekit.net *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net connect.bolt.com connect-sandbox.bolt.com s3-us-west-1.amazonaws.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com *.magento-ds.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com *.plugins.emarsys.net *.scarabresearch.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com *.magento-datasolutions.com *.magento-ds.com connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com sessions.bugsnag.com *.scarabresearch.com *.eservice.emarsys.net *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 4
object-src 'none'; script-src 'self' cdn.jsdelivr.net cdnjs.cloudflare.com https://cse.google.com https://js.hsforms.net https://platform-api.sharethis.com https://rebilly.github.io https://unpkg.com https://use.fontawesome.com https://ws.sharethis.com platform.instagram.com platform.twitter.com; script-src-attr 'self'; style-src 'self' https://cloud.typography.com https://use.fontawesome.com; style-src-attr 'self'; frame-ancestors 'self' 4
script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://meet.google.com/_/scs/mss-static/_/js/ https://www.google.com/recaptcha/enterprise.js https://www.gstatic.com/hangouts_echo_detector/release/ https://www.gstatic.com/recaptcha/ https://www.gstatic.com/video_effects/effects/ https://www-onepick-opensocial.googleusercontent.com/gadgets/js/rpc.js https://www.gstatic.com/_/mss/boq-one-google/_/ https://www.gstatic.com/og/_/js/ https://apis.google.com/js/api.js https://apis.google.com/js/client.js https://www.google.com/tools/feedback/chat_load.js https://www.google.com/tools/feedback/help_api.js https://www.google.com/tools/feedback/load.js https://www.google.com/tools/feedback/open.js https://www.google.com/tools/feedback/open_to_help_guide_lazy.js https://www.gstatic.com/feedback/js/ https://www.gstatic.com/feedback/js/help/prod/service/lazy.min.js https://www.gstatic.com/inproduct_help/api/main.min.js https://www.gstatic.com/inproduct_help/chatsupport/chatsupport_button_v2.js https://www.gstatic.com/inproduct_help/service/lazy.min.js https://www.gstatic.com/uservoice/feedback/client/web/live/ https://www.gstatic.com/uservoice/surveys/resources/prod/js/survey/ https://meet.google.com/meetsw.js https://meet.google.com/devicesw.js https://meet.google.com/notrodsw.js https://www.googletagmanager.com/gtag/js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/destination https://maps.googleapis.com/maps/api/js https://meet.google.com/_/scs/mss-static/_/js/k=boq-rtc.MeetingsUi.en_US.sZSAhfU3OZI.2020.O/ https://apis.google.com/_/scs/abc-static/_/js/ https://maps.googleapis.com/maps-api-v3/api/js/ https://maps.googleapis.com/maps/vt https://maps.googleapis.com/maps/api/js/ https://maps.googleapis.com/maps/api/place/js/ https://www.gstatic.com/recaptcha/releases/;report-uri /_/MeetingsUi/cspreport/fine-allowlist 4
frame-ancestors www.gstatic.com *.stripe.com stripe.com 'self'; object-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; upgrade-insecure-requests ; form-action 'self' https://hayward.com/customer/account/logout/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com *.yotpo.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; style-src https://haywardpools.tfaforms.net/ https://stackpath.bootstrapcdn.com/ https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.4.0/css/font-awesome.min.css *.adobe.com fonts.googleapis.com *.yotpo.com *.googleapis.com unsafe-inline assets.braintreegateway.com static.ecorebates.com dhv2ziothpgrr.cloudfront.net 'self' 'unsafe-inline'; script-src https://code.jquery.com/jquery-1.12.4.min.js https://code.jquery.com/jquery-2.2.4.min.js https://code.jquery.com/jquery-3.2.1.min.js https://cdnjs.cloudflare.com/ajax/libs/fancybox/3.3.5/jquery.fancybox.min.js https://html5.dcatalog.com/dcviewer.js https://api.ipify.org/ https://unpkg.com/react@18/umd/react.production.min.js https://unpkg.com/react-dom@18/umd/react-dom.production.min.js https://assets.adobedtm.com/ https://adobedc.demdex.net/ https://edge.adobedc.net https://haywardpools.tfaforms.net/ https://widget-hosts.mavenoid.com https://app.mavenoid.com https://api.mavenoid.com/ https://mavenoidfiles.com/ https://mavenoid.com/ https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net https://www.clarity.ms https://p.clarity.ms https://i.clarity.ms assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.googleapis.com *.gstatic.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com pay.google.com x.klarnacdn.net sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com bam.nr-data.net js-agent.newrelic.com tfaforms.com adobedc.demdex.net *.yotpo.com s7.addthis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com static.ecorebates.com hayward.ecorebates.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; media-src https://www.youtube.com 'self' *.adobe.com www.totallyhayward.com 'self' 'unsafe-inline'; img-src https://hayward-pool-assets.com https://haywardpools.tfaforms.net https://mavenoidfiles.com/ https://mavenoid.com/ https://www.facebook.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.googleapis.com *.gstatic.com www.gstatic.com sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com *.yotpo.com https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; frame-src http://www.haywardnet.com https://html5.dcatalog.com https://haywardpools.tfaforms.net https://maps.google.com/ blob: https://haywardpools.tfaforms.net/72 fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com pay.google.com sandbox.secure.checkout.visa.com secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com haywardpools.tfaforms.net *.yotpo.com c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; font-src https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/ https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.4.0/ *.googleapis.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com static.ecorebates.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; connect-src https://www.haywardnet.com/inground/products/energysolutions/getEnergyCalculatorResults.cfm https://hayward.ecorebates.com/ https://hayward-test-jsons.s3.amazonaws.com/data/locationData.json https://hayward-test-jsons.s3.amazonaws.com/data/featuresData.json https://hayward-test-jsons.s3.amazonaws.com/data/materialData.json https://hayward-test-jsons.s3.amazonaws.com/data/propertyTypeData.json https://hayward-test-jsons.s3.amazonaws.com/data/shapeSizeData.json https://hayward-test-jsons.s3.amazonaws.com/data/galleryData.json https://www.youtube.com https://assets.adobedtm.com/ https://adobedc.demdex.net/ https://edge.adobedc.net https://us-east-1-otel.formassembly.com/v1/traces https://stats.g.doubleclick.net/g/collect https://widget-hosts.mavenoid.com https://app.mavenoid.com https://api.mavenoid.com/ https://mavenoidfiles.com/ https://mavenoid.com/ https://commerce.hayward-pool-assets.com/magento/ https://haywardpools.tfaforms.net/72 https://i.clarity.ms https://e.clarity.ms dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com thm.visa.com api.addressy.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com bam.nr-data.net js-agent.newrelic.com *.yotpo.com ekr.zdassets.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com 'self' 'unsafe-inline'; default-src  'self' 'unsafe-inline' 'unsafe-eval'; 4
font-src https://cdn.checkout.com *.fontawesome.com maxcdn.bootstrapcdn.com fonts.gstatic.com https://fonts.gstatic.com *.typekit.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * sandbox.przelewy24.pl secure.przelewy24.pl 'self' 'unsafe-inline'; frame-ancestors 'self' *.maksekeskus.ee *.test.maksekeskus.ee localhost *.local *.scandipwa.cloud *.readymage.com sportland.com *.sportland.com sportland.lv *.sportland.lv sportland.ee *.sportland.ee sportland.lt *.sportland.lt sportland.fi *.sportland.fi sportland.pl *.sportland.pl sportland.de *.sportland.de 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com https://js.checkout.com *.klarna.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' *.maksekeskus.ee *.test.maksekeskus.ee c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.google.com https://optimize.google.com https://play.google.com localhost *.local *.scandipwa.cloud *.readymage.com sportland.com *.sportland.com sportland.lv *.sportland.lv sportland.ee *.sportland.ee sportland.lt *.sportland.lt sportland.fi *.sportland.fi sportland.pl *.sportland.pl sportland.de *.sportland.de js.driftt.com *.freshchat.com *.snapchat.com *.askly.me www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://map.plugins.itella.com magefan.com cm.magefan.com *.maksekeskus.ee *.test.maksekeskus.ee https://maps.omnivasiunta.lt www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com static.przelewy24.pl www.gstatic.com gstatic.com https://www.google-analytics.com https://optimize.google.com *.googleapis.com *.gstatic.com www.google.lv localhost *.local *.scandipwa.cloud *.readymage.com sportland.com *.sportland.com sportland.lv *.sportland.lv sportland.ee *.sportland.ee sportland.lt *.sportland.lt sportland.fi *.sportland.fi sportland.pl *.sportland.pl sportland.de *.sportland.de *.cloudfront.net *.snapchat.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://cdn.checkout.com *.klarnacdn.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com s7.addthis.com 'self' *.maksekeskus.ee *.test.maksekeskus.ee data: https://unpkg.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com sandbox.przelewy24.pl secure.przelewy24.pl *.google.com www.googleoptimize.com *.google-analytics.com *.googleapis.com js.driftt.com *.freshchat.com inte.searchnode.io *.clerk.io *.sitescdn.net *.fibbl.com *.hotjar.com sc-static.net *.snapchat.com *.googlesyndication.com *.translatewise.com *.bloomreach.com *.exponea.com *.sizebay.technology www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://cdn.checkout.com https://unpkg.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com *.google.com https://www.google-analytics.com https://fonts.googleapis.com *.typekit.net *.freshchat.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://js.checkout.com *.klarnaevt.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com ekr.zdassets.com/ 'self' *.maksekeskus.ee *.test.maksekeskus.ee https://geocode.arcgis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com sandbox.przelewy24.pl secure.przelewy24.pl wss://sandbox-ws.przelewy24.pl wss://secure-ws.przelewy24.pl apple-pay-gateway.apple.com *.fibblar.com *.fibbl.com www.gstatic.com *.google-analytics.com *.googleapis.com *.g.doubleclick.net *.scandipwa.cloud *.readymage.com *.sportland.com *.sportland.lv *.sportland.ee *.sportland.lt *.sportland.fi *.sportland.pl *.sportland.de blob: *.hotjar.com *.googlesyndication.com *.translatewise.com https://play.google.com *.bloomreach.com *.exponea.com *.sizebay.technology 'self' 'unsafe-inline'; child-src 'self' *.maksekeskus.ee *.test.maksekeskus.ee assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 4
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; report-to csp-endpoint 4
script-src  'self'  'unsafe-inline'  'unsafe-eval'  *.hatraco-shop.de;  4
font-src ctiapi.com s3.amazonaws.com *.fontawesome.com fonts.gstatic.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com ctiapi.com *.hestage.com *.ecklers.com *.ecklerscorvette.com *.macsautoparts.com *.rickscamaros.com *.classicchevy.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.sharethis.com *.doubleclick.net *.clarity.ms *.vantivprelive.com *.google.com *.listrak.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.sharethis.com ctiapi.com s3.amazonaws.com youtube.com *.ecklers.com *.gfycat.com *.imgeng.in *.cloudfront.net *.userid.io *.bing.com *.google.com *.clarity.ms *.listrakbi.com *.riskified.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.sharethis.com us-autocomplete-pro.api.smartystreets.com ctiapi.com *.cloudfront.net *.cloudflare.com *.bc0a.com *.online-metrix.net *.vantivprelive.com *.listrak.com *.listrakbi.com *.listrakbi.net *.userid.io *.bing.com *.datasteam.io *.doubleclick.net *.upsellit.com *.clarity.ms *.murdoog.com *.dwin1.com *.needle.com *.cardinalcommerce.com *.ccdc02.com *.braintreegateway.com *.ytimg.com *.gstatic.com *.ctiapi.com *.riskified.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.sharethis.com ctiapi.com *.fontawesome.com *.cloudfront.net *.listrakbi.net *.listrakbi.com *.googleapis.com unsafe-inline *.gstatic.com 'self' 'unsafe-inline'; object-src ctiapi.com s3.amazonaws.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net *.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.sharethis.com us-autocomplete-pro.api.smartystreets.com ctiapi.com *.bc0a.com *.brontops.com *.ecklers.com *.doubleclick.net *.cloudfront.net *.listrak.com *.clarity.ms *.ecklerscorvette.com *.macsautoparts.com *.rickscamaros.com *.classicchevy.com *.demdex.net *.cardinalcommerce.com *.google.com *.google-analytics.com *.paypalobjects.com *.ctiapi.com *.riskified.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com t.elasticsuite.io 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://humanelement.report-uri.com/r/d/csp/enforce; report-to report-endpoint; 4
default-src 'self' https: data: blob: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: data: blob: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; font-src 'self' https: data: https:; connect-src 'self' https: wss:; frame-src 'self' https: data: blob:; media-src 'self' https: data: blob:; object-src 'self' https: data: blob:; base-uri 'self' https:; form-action 'self' https:; frame-ancestors 'self' https:; worker-src 'self' https: data: blob:; report-uri /csp-report 4
font-src *.fontawesome.com fonts.googleapis.com https://fonts.gstatic.com *.alothemes.com *.magepow.com maxcdn.bootstrapcdn.com fonts.gstatic.com *.petm2.com *.staging.petm2.com *.petiteamelie.nl *.petiteamelie.fr *.petiteamelie.de *.petiteamelie.co.uk *.petiteamelie.com *.petiteamelie.be *.gstatic.com 'self' data: https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.monetico-services.com *.petm2.com *.staging.petm2.com *.petiteamelie.nl *.petiteamelie.fr *.petiteamelie.de *.petiteamelie.co.uk *.petiteamelie.com *.petiteamelie.be 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.monetico-services.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.googletagmanager.com/ *.addthis.com *.multisafepay.com https://pay.google.com static.addtoany.com *.cookiebot.com *.pinterest.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ magefan.com cm.magefan.com *.alothemes.com *.magepow.com *.multisafepay.com *.petm2.com *.staging.petm2.com *.petiteamelie.nl *.petiteamelie.fr *.petiteamelie.de *.petiteamelie.co.uk *.petiteamelie.com *.petiteamelie.be *.facebook.com *.google.pl *.google.com *.bing.com *.cookiebot.com *.clarity.ms *.doubleclick.net www.xtento.com cdn.xtento.com *.hsforms.net *.hsforms.com 'self' data: https://widgets.trustedshops.com https://widgets-qa.trustedshops.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.addthis.com *.moatads.com *.addthisedge.com *.pinterest.com *.avada.io *.alothemes.com *.magepow.com *.multisafepay.com https://pay.google.com *.petm2.com *.staging.petm2.com *.petiteamelie.nl *.petiteamelie.fr *.petiteamelie.de *.petiteamelie.co.uk *.petiteamelie.com *.petiteamelie.be www.clarity.ms connect.getflowbox.com static.addtoany.com cdn-4.convertexperiments.com assets.voyado.com *.cookiebot.com *.beslist.nl *.pinimg.com *.bing.com www.xtento.com cdn.xtento.com *.hsforms.net *.hsforms.com *.google.com *.gstatic.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com *.googleapis.com *.addtoany.com *.alothemes.com *.magepow.com maxcdn.bootstrapcdn.com *.multisafepay.com *.petm2.com *.staging.petm2.com *.petiteamelie.nl *.petiteamelie.fr *.petiteamelie.de *.petiteamelie.co.uk *.petiteamelie.com *.petiteamelie.be fonts.googleapis.com *.gstatic.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ *.petm2.com *.staging.petm2.com *.petiteamelie.nl *.petiteamelie.fr *.petiteamelie.de *.petiteamelie.co.uk *.petiteamelie.com *.petiteamelie.be 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.monetico-services.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.addthis.com https://get.geojs.io *.avada.io http://dpm.demdex.net *.alothemes.com *.magepow.com *.multisafepay.com *.petm2.com *.staging.petm2.com *.petiteamelie.nl *.petiteamelie.fr *.petiteamelie.de *.petiteamelie.co.uk *.petiteamelie.com *.petiteamelie.be testapi.multisafepay.com *.google-analytics.com *.google.com *.googlesyndication.com *.staging.voyado.com *.clarity.ms *.doubleclick.net *.pinterest.com *.cookiebot.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src www.google.com www.youtube.com js-agent.newrelic.com *.petm2.com *.staging.petm2.com *.petiteamelie.nl *.petiteamelie.fr *.petiteamelie.de *.petiteamelie.co.uk *.petiteamelie.com *.petiteamelie.be static.addtoany.com pay.multisafepay.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 4
font-src *.typekit.net data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com www.novaturas.lt dev-lt-novaturas.readymage.com * 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com www.novaturas.lt  https://track.adform.net https://master.d28zlv4dg2b2g7.amplifyapp.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://img.youtube.com 'self' https://localhost https://novaturas-gwe-1661146907.readymage.com https://novaturas-gwe-1661146907.readymage-media.com https://prod-lt-novaturas.readymage.com https://www.google.com https://hatscripts.github.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ s7.addthis.com 'unsafe-inline' 'unsafe-eval' https://static.hotjar.com https://googleads.g.doubleclick.net https://connect.facebook.net https://www.google.com https://s2.adform.net  https://track.adform.net https://cdn.mxapis.com/service-worker.js https://svht.tradedoubler.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.googletagmanager.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://static.klaviyo.com 'unsafe-inline' 'unsafe-eval' *.typekit.net unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ ekr.zdassets.com/ 'self' https://bam.eu01.nr-data.net https://staging.nov.indvp.com https://pim.novatours.eu https://development.nov.indvp.com https://analytics.google.com https://stats.g.doubleclick.net ws: api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' https://dev-lt-novaturas.readymage.com https://stage-lt-novaturas.readymage.com https://staging.nov.indvp.com https://pim.novatours.eu https://development.nov.indvp.com https://novaturas-gwe-1661146907.readymage-media.com https://use.typekit.net https://www.googletagmanager.com https://localhost 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 4
default-src blob: https:;	img-src data: https:;	script-src 'unsafe-inline' 'unsafe-eval' blob: https:;	style-src 'unsafe-inline' https:;	font-src data: https:;	frame-src https:;	media-src data: https:;	object-src 'none';	connect-src https:;	frame-ancestors 'self'; 4
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com https://geowidget.easypack24.net 'self' data: https://widgets.trustedshops.com *.livechatinc.com https://td.doubleclick.net data: 'self' 'unsafe-inline'; form-action *.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.packeta.com secure.payu.com merch-prod.snd.payu.com https://geowidget-app.inpost.pl/ https://sandbox-easy-geowidget.easypack24.net/ *.weltpixel.com *.googletagmanager.com *.doubleclick.net *.livechatinc.com https://consentcdn.cookiebot.com/ api.ratingcaptain.com *.cookiebot.eu 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.paypal.com *.typekit.net *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com magefan.com cm.magefan.com *.disqus.com https://firebasestorage.googleapis.com https://www.magezon.com static.payu.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org *.hsforms.net *.hsforms.com 'self' data: https://maps.googleapis.com/ https://maps.gstatic.com/ https://developers.google.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com *.facebook.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com https://www.google.pl *.seznam.cz *.pricemania.sk https://imgsct.cookiebot.com data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.disqus.com *.avada.io *.shopify.com *.packeta.com secure.payu.com secure.snd.payu.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org *.hsforms.net *.hsforms.com *.gstatic.com https://maps.googleapis.com/ https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.googletagmanager.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.clarity.ms *.klaviyo.com unpkg.com *.doubleclick.net *.livechatinc.com https://www.googletagmanager.com *.seznam.cz https://pixel.biano.cz https://consent.cookiebot.com *.biano.sk *.biano.cz *.biano.ro https://consentcdn.cookiebot.com https://api.ratingcaptain.com *.absulo.ro *.sgtm.absulo.ro *.cookiebot.eu 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.googleapis.com https://geowidget.easypack24.net https://geowidget.inpost.pl *.gstatic.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.tagmanager.google.com *.googletagmanager.com *.pricemania.sk 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://geowidget.easypack24.net *.livechatinc.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://get.geojs.io *.avada.io *.packeta.com secure.payu.com merch-prod.snd.payu.com *.easypack24.net *.inpost.pl *.openstreetmap.org t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com https://maps.googleapis.com/ *.trustedshops.com *.etrusted.com https://integrations.etrusted.site *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.doubleclick.net *.run.app http://www.google-analytics.com *.livechatinc.com *.googlesyndication.com *.biano.cz *.biano.sk *.biano.ro https://consentcdn.cookiebot.com googleads.g.doubleclick.net api.ratingcaptain.com *.cookiebot.eu 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 4
script-src, object-src, base-uri, frame-src 4
font-src fonts.gstatic.com *.biotus.ua *.biotus.kz *.biotus.md *.biotus.ru *.biotus.by *.biotus.az *.biotus.uz *.biotus.ge *.biotus.lt *.biotus.lv *.biotus.ee *.biotus.it *.biotus.ro *.biotusnew.pl portal.bulkgate.com *.gstatic.com *.fontawesome.com https://fonts.bunny.net *.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.facebook.com *.cloudflare.com portal.bulkgate.com *.wayforpay.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com *.facebook.com *.doubleclick.net *.googletagmanager.com portal.bulkgate.com *.binotel.com lottie.host ipinfo.io *.wayforpay.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com https://images.unsplash.com *.clarity.ms *.google.com.ua *.facebook.com blob: *.bing.com *.biotus.ua *.biotus.kz *.biotus.md *.biotus.ru *.biotus.by *.biotus.az *.biotus.uz *.biotus.ge *.biotus.lt *.biotus.lv *.biotus.ee *.biotus.it *.biotus.ro *.biotusnew.pl biotus.ua biotus.kz biotus.md biotus.ru biotus.by biotus.az biotus.uz biotus.ge biotus.lt biotus.lv biotus.ee biotus.it biotus.ro biotusnew.pl *.gstatic.com *.googleapis.com *.rawgit.com *.jsdelivr.net *.esputnik.com portal.bulkgate.com *.binotel.com *.binotel.ua https://firebasestorage.googleapis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.ampproject.org raw.githubusercontent.com https://maps.googleapis.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.clarity.ms *.cloudflare.com *.facebook.net *.facebook.com *.google.com *.tiktok.com *.doubleclick.net *.biotus.ua *.biotus.kz *.biotus.md *.biotus.ru *.biotus.by *.biotus.az *.biotus.uz *.biotus.ge *.biotus.lt *.biotus.lv *.biotus.ee *.biotus.it *.biotus.ro *.biotusnew.pl *.googletagmanager.com *.googleapis.com *.esputnik.com esputnik.com portal.bulkgate.com *.gstatic.com *.binotel.com ipinfo.io analytics.tiktok.com/ *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.biotus.ua *.biotus.kz *.biotus.md *.biotus.ru *.biotus.by *.biotus.az *.biotus.uz *.biotus.ge *.biotus.lt *.biotus.lv *.biotus.ee *.biotus.it *.biotus.ro *.biotusnew.pl *.esputnik.com portal.bulkgate.com *.gstatic.com *.fontawesome.com https://fonts.bunny.net *.bootstrapcdn.com 'self' 'unsafe-inline'; object-src ipinfo.io 'self' 'unsafe-inline'; media-src *.adobe.com *.binotel.com *.binotel.ua 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com cdn.ampproject.org https://maps.googleapis.com https://player.vimeo.com *.clarity.ms *.doubleclick.net *.google.com.ua/ads/* *.google.com/ccm/collect* adservice.google.com/pagead/* *.analytics.google.com/g/collect* *.google.com *.tiktok.com *.facebook.net *.facebook.com *.biotus.ua *.biotus.kz *.biotus.md *.biotus.ru *.biotus.by *.biotus.az *.biotus.uz *.biotus.ge *.biotus.lt *.biotus.lv *.biotus.ee *.biotus.it *.biotus.ro *.biotusnew.pl *.googleapis.com *.esputnik.com esputnik.com portal.bulkgate.com *.gstatic.com wss://*.bulkgate.com *.binotel.com wss://*.binotel.com:9028 ipinfo.io https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 4
default-src * 'unsafe-inline' 'unsafe-eval'; report-to report; report-uri /?_task=background&_action=csp_report 4
font-src *.kueskipay.com *.fontawesome.com maxcdn.bootstrapcdn.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.kueskipay.com eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.kueskipay.com *.mercadolibre.com multicobros.banorte.com supercolchones.gestionplay.com.ar *.opencontrol.mx *.kaptcha.com *.openpay.pe eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.sandbox.paypal.com *.paypalobjects.com landofcoder.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.kueskipay.com *.google.com *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.mercadolivre.com supercolchones.gestionplay.com.ar *.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.sandbox.paypal.com *.paypalobjects.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.kueskipay.com *.googletagmanager.com *.mxpnl.com *.avada.io *.mlstatic.com *.mercadopago.com multicobros.banorte.com supercolchones.gestionplay.com.ar *.facebook.net cdn.connectif.cloud newrelic.com *.s3.amazonaws.com *.openpay.co *.openpay.pe *.google-analytics.com *.google.com/recaptcha/ *.gstatic.com/recaptcha/ eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.sandbox.paypal.com *.paypalobjects.com landofcoder.com *.cloudflare.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com https://static.klaviyo.com *.kueskipay.com *.googletagmanager.com *.mxpnl.com *.fontawesome.com maxcdn.bootstrapcdn.com supercolchones.gestionplay.com.ar fonts.googleapis.com unsafe-inline *.paypal.com *.sandbox.paypal.com *.paypalobjects.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com supercolchones.gestionplay.com.ar 'self' 'unsafe-inline'; manifest-src *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.kueskipay.com *.doubleclick.net https://get.geojs.io *.avada.io *.mercadopago.com *.mercadolibre.com multicobros.banorte.com supercolchones.gestionplay.com.ar *.openpay.mx *.openpay.co *.openpay.pe api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.sandbox.paypal.com *.paypalobjects.com landofcoder.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 4
frame-ancestors 'self' *.appsflyer.com; report-uri https://csp-report.browser-intake-datadoghq.eu/api/v2/logs?dd-api-key=pub077056148e159580585c94fcee3c8801&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=marketing_appsflyer_com 3
require-trusted-types-for 'script';report-uri /us/_/BgcMiscSites/cspreport 3
block-all-mixed-content; report-uri https://events.ocdn.eu/v2/csp-report?_ac=events&_fv=www.onet.pl::KPI_APROD_4_4_2 3
script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://googleads.g.doubleclick.net/pagead/viewthroughconversion/ https://payments.google.com/payments/v4/js/integrator.js https://payments.sandbox.google.com/payments/v4/js/integrator.js https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://www.google-analytics.com/gtm/js https://www.googleadservices.com/pagead/conversion/ https://www.youtube.com/iframe_api https://youtube.googleapis.com/s/player/ https://youtube.googleapis.com/iframe_api https://ssl.gstatic.com/support/realtime/operator/ https://www.gstatic.com/_/mss/boq-one-google/_/ https://www.gstatic.com/og/_/js/ https://apis.google.com/js/api.js https://apis.google.com/js/client.js https://www.google.com/tools/feedback/chat_load.js https://www.google.com/tools/feedback/help_api.js https://www.google.com/tools/feedback/load.js https://www.google.com/tools/feedback/open.js https://www.google.com/tools/feedback/open_to_help_guide_lazy.js https://www.gstatic.com/feedback/js/ https://www.gstatic.com/feedback/js/help/prod/service/lazy.min.js https://www.gstatic.com/inproduct_help/api/main.min.js https://www.gstatic.com/inproduct_help/chatsupport/chatsupport_button_v2.js https://www.gstatic.com/inproduct_help/service/lazy.min.js https://www.gstatic.com/uservoice/feedback/client/web/live/ https://www.gstatic.com/uservoice/surveys/resources/prod/js/survey/ https://www.google.com/js/bg/ https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/destination https://maps.googleapis.com/maps/api/js https://www.gstatic.com/_/mss/boq-gstore/_/js/k=boq-gstore.Gstore.en_US.4wcZ0Tig4AA.2021.O/ https://apis.google.com/_/scs/abc-static/_/js/ https://maps.googleapis.com/maps-api-v3/api/js/ https://maps.googleapis.com/maps/vt https://maps.googleapis.com/maps/api/js/ https://maps.googleapis.com/maps/api/place/js/ https://www.youtube.com/s/player/ https://translate.googleapis.com/_/translate_http/_/js/ https://payments.youtube.com/payments/v4/js/integrator.js https://payments.cloud.google/payments/v4/js/integrator.js;report-uri /_/Gstore/cspreport/fine-allowlist 3
connect-src https://*.adroll.com https://s.yimg.com https://*.google-analytics.com https://*.googletagmanager.com https://translate-pa.googleapis.com https://translate.googleapis.com https://mpsnare.iesnare.com https://ci-mpsnare.iovation.com 'self' https://*.online-metrix.net; default-src 'none'; font-src 'self' https://fonts.gstatic.com; frame-src https://*.adroll.com https://www.google.com https://recaptcha.google.com 'self' https://*.online-metrix.net https://request.eprotect.vantivprelive.com https://request.eprotect.vantivcnp.com; img-src https://oci.dyn.com https://help.dyn.com https://*.adroll.com https://sp.analytics.yahoo.com https://*.en25.com https://*.google-analytics.com https://*.googletagmanager.com https://www.gstatic.com https://fonts.gstatic.com https://translate.google.com 'self' data: https://*.online-metrix.net; script-src 'unsafe-eval' 'eval' https://*.adroll.com https://s.yimg.com https://*.google-analytics.com https://*.googletagmanager.com https://www.google.com https://www.gstatic.com https://mpsnare.iesnare.com https://ci-mpsnare.iovation.com 'self' 'unsafe-inline' https://*.online-metrix.net https://request.eprotect.vantivprelive.com https://request.eprotect.vantivcnp.com; style-src https://www.gstatic.com 'self' 'unsafe-inline'; report-to csp-endpoint; report-uri /_/csp-reports 3
frame-ancestors gofundme.com *.gofundme.com *.hopin.com pillar.io *.pillar.io takethemameal.com *.takethemameal.com kudoboard.com *.kudoboard.com werememberdev.com *.werememberdev.com weremember.com *.weremember.com; 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.mythad.com https://*.kwai-pro.com http://*.kwai-pro.com http://*.kwai.net https://*.kwai.net *.kwai.com *.snackvideo.in *.kwai.me *.kwai.app *.kwimgs.com *.yximgs.com *.cloudfront.net *.kuaishou.com https://*.gifshow.com http://*.gifshow.com https://log-sdk.ksapisrv.com https://www.googletagmanager.com https://gifshow-static.download.ks-cdn.com https://static3.avast.com https://translate.google.com https://www.gstatic.com https://fonts.gstatic.com https://connect.facebook.net www.google-analytics.com hm.baidu.com m.snackvideo.com http://*.ap4r.com https://*.ap4r.com https://*.typekit.net http://*.typekit.net ak-sgp-pic.snackvideo.in tx-sgp-pic.snackvideo.in ws-sgp-pic.snackvideo.in g-us-kampic.golden49.net g-us-kamcdn.golden49.net m.kwai.com sentry.kuaishou.com https://cdn.jsdelivr.net https://at.alicdn.com https://www.facebook.com https://snap.licdn.com https://px.ads.linkedin.com https://cdn.linkedin.oribi.io https://www.linkedin.com https://*.google.com https://*.google-analytics.com https://*.doubleclick.net asset: data: blob: android-webview-video-poster: ikwai: chrome-extension:;img-src http: https: asset: data: blob: android-webview-video-poster: ikwai: chrome-extension:;connect-src http: https: asset: data: blob: android-webview-video-poster: ikwai: chrome-extension:;report-uri https://csplog.kwai-pro.com/log/kwai/wwwkwai 3
require-trusted-types-for 'script';report-uri /_/Gstore/cspreport 3
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.hollywoodreporter.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 3
script-src 'self' cdn.robinhood.com cdn.pdst.fm/ping.min.js www.google-analytics.com www.googletagmanager.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ tagmanager.google.com ssl.google-analytics.com connect.facebook.net sc-static.net d.impactradius-event.com www.redditstatic.com analytics.tiktok.com boards.greenhouse.io bat.bing.com www.googleadservices.com static.ads-twitter.com s.yimg.com *.usercentrics.eu snap.licdn.com collector-47804.us.tvsquared.com/tv2track.js public.flourish.studio/resources/embed.js csi.gstatic.com cdn.parsely.com *.doubleclick.net *.googlesyndication.com *.googletagservices.com platform.twitter.com/ platform.instagram.com/ www.instagram.com/embed.js www.threads.net/embed.js www.tiktok.com/embed.js lf16-tiktok-web.tiktokcdn-us.com/ www.facebook.com/ www.youtube.com/ ak.sail-horizon.com *.celtra.com *.heapanalytics.com heapanalytics.com cdn.us.heap-api.com *.doubleverify.com *.infogram.com cdn.concert.io *.adtrafficquality.google hymnal-prod.vox-cdn.com www.documentcloud.org/notes/loader.js truthsocial.com/embed.js embed.reddit.com/widgets.js embed.bsky.app/static/embed.js *.permutive.app 'unsafe-eval'; report-uri https://o62437.ingest.us.sentry.io/api/4509232895361024/security/?sentry_key=98a8908d38fbd5ecdf8e976a1cb6b404 3
default-src 'self'; report-uri https://csp.loopia.se; connect-src 'self' https://*.analytics.google.com https://*.loopia.com https://*.loopia.no https://*.loopia.rs https://*.loopia.se https://adservice.google.com https://analytics.google.com https://api.exponea.com https://api.infinario.com https://bat.bing.com https://cdn.linkedin.oribi.io https://chat.puzzel.com https://content.hotjar.io https://datainsights.loopia.se https://in.hotjar.com https://sc.lfeeder.com https://stats.g.doubleclick.net https://vc.hotjar.io https://www.facebook.com https://www.google-analytics.com https://www.google.be https://www.google.com https://www.google.se wss://*.hotjar.com; font-src 'self' https://*.loopia.com https://*.loopia.no https://*.loopia.rs https://*.loopia.se https://chat.puzzel.com https://fonts.gstatic.com https://tpc.googlesyndication.com; form-action 'self' https://*.loopia.com https://*.loopia.no https://*.loopia.rs https://*.loopia.se https://bib.eway2pay.com https://payment.architrade.com https://ticket.siriusit.net https://www.facebook.com; frame-src 'self' https://*.facebook.com https://*.mynewsdesk.com https://*.soundcloud.com https://1-vbus-eu.ladesk.com https://active24.ladesk.com https://datainsights.loopia.se https://googleads.g.doubleclick.net https://player.vimeo.com https://tpc.googlesyndication.com https://vars.hotjar.com https://widget.trustpilot.com https://www.googletagmanager.com https://www.youtube.com; img-src 'self' data: https://*.ads.linkedin.com https://*.loopia.com https://*.loopia.no https://*.loopia.rs https://*.loopia.se https://*.ytimg.com https://bat.bing.com https://chat.puzzel.com https://fonts.gstatic.com https://googleads.g.doubleclick.net https://sealserver.trustkeeper.net https://ssl.google-analytics.com https://stats.g.doubleclick.net https://tbs.tradedoubler.com https://tr.lfeeder.com https://track.adform.net https://track.double.net https://www.facebook.com https://www.google-analytics.com https://www.google.be https://www.google.com https://www.google.com.cy https://www.google.es https://www.google.fi https://www.google.gr https://www.google.no https://www.google.rs https://www.google.se https://www.googletagmanager.com https://www.gstatic.com https://www.linkedin.com; media-src 'self' https://*.loopia.com https://*.loopia.no https://*.loopia.rs https://*.loopia.se https://chat.puzzel.com; object-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.loopia.com https://*.loopia.no https://*.loopia.rs https://*.loopia.se https://*.ytimg.com https://active24.ladesk.com https://api.exponea.com https://api.infinario.com https://bat.bing.com https://chat.puzzel.com https://connect.facebook.net https://g.microsoft.com https://googleads.g.doubleclick.net https://sc.lfeeder.com https://script.hotjar.com https://snap.licdn.com https://ssl.google-analytics.com https://static.hotjar.com https://tpc.googlesyndication.com https://widget.trustpilot.com https://www.google-analytics.com https://www.google.com https://www.google.se https://www.googleadservices.com https://www.googletagmanager.com https://www.googletagmanager.com https://www.youtube.com; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' https://*.loopia.com https://*.loopia.no https://*.loopia.rs https://*.loopia.se https://*.ytimg.com https://active24.ladesk.com https://api.exponea.com https://api.infinario.com https://bat.bing.com https://chat.puzzel.com https://connect.facebook.net https://g.microsoft.com https://googleads.g.doubleclick.net https://sc.lfeeder.com https://script.hotjar.com https://snap.licdn.com https://ssl.google-analytics.com https://static.hotjar.com https://tpc.googlesyndication.com https://widget.trustpilot.com https://www.google-analytics.com https://www.google.com https://www.google.se https://www.googleadservices.com https://www.googletagmanager.com https://www.googletagmanager.com https://www.gstatic.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://*.loopia.com https://*.loopia.no https://*.loopia.rs https://*.loopia.se https://chat.puzzel.com https://fonts.googleapis.com 3
default-src 'self' *.pinduoduo.com *.pddpic.com *.yangkeduo.com *.pddugc.com *.pinduoduo.net *.v.smtcdns.net *.ourdvsss.com wss://*.pinduoduo.com wss://*.yangkeduo.com mapstyle.qpic.cn blob: data: 'unsafe-eval' 'unsafe-inline'; report-uri https://tc.pinduoduo.com/x.gif 3
script-src 'self' addtocalendar.com cdn.amcharts.com cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://script.crazyegg.com https://stage-unifiedsearch.geapps.io https://unifiedsearch.geapps.io; script-src-attr 'self'; style-src 'self' addtocalendar.com cdn.jsdelivr.net cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://stage-unifiedsearch.geapps.io https://unifiedsearch.geapps.io maxcdn.bootstrapcdn.com; style-src-attr 'self'; frame-ancestors 'self' 3
base-uri 'self'; default-src 'self' *.atl-paas.net; script-src 'self' 'unsafe-inline' *.atl-paas.net; style-src 'self' 'unsafe-inline' *.atl-paas.net; img-src 'self' *.atl-paas.net; font-src 'self' *.atl-paas.net; frame-ancestors 'none'; form-action 'self'; report-uri https://web-security-reports.services.atlassian.com/csp-report/id-frontend; report-to csp-default-endpoint 3
default-src 'self' 'unsafe-inline' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; img-src 'self' https: data: image/*; frame-ancestors 'self' *.sunrise.ch; frame-src https: mailto:; connect-src https: wss: data:; font-src https: data:; media-src 'self' https:; worker-src blob:; report-uri https://www.sunrise.ch/csp-collector 3
frame-ancestors 'self'; report-uri https://www.dailytelegraph.com.au/csp-reports 3
default-src * data: ; script-src * 'unsafe-inline' 'unsafe-eval'  ; style-src * 'unsafe-inline' data: ; frame-ancestors 'none'; report-uri /csp-violation-report-endpoint/ 3
object-src players.brightcove.net www.realpage.com s.realpage.com vjs.zencdn.net;img-src * blob: data: ; font-src acsbapp.com www.realpage.com s.realpage.com use.typekit.net fonts.gstatic.com vjs.zencdn.net maxcdn.bootstrapcdn.com www.slant.co data:; style-src *.typekit.net *.realpage.com fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' *.realpage.com *.seismic.com www.realpagelearning.com *.yieldstar.com *.mpfyieldstar.com www.on-site.com; report-to csp-report-only; report-uri https://cspreports.realpage.com/api/reports/save/report-only; 3
default-src 'self' https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https: 'unsafe-inline'; img-src 'self' https: data: blob:; font-src 'self' https: data:; connect-src 'self' https: wss:; media-src 'self' https: blob: data:; object-src https: blob:; worker-src 'self' https: blob:; frame-src 'self' https: blob:; form-action 'self' https:; block-all-mixed-content; report-uri /csp-violation-report 3
default-src 'self' blob: https://staffbase.com https://s15952.pcdn.co; report-uri https://casper-de1.staffbase.com/report/staffbase.com; script-src 'report-sample' 'self' blob: 'unsafe-eval' 'unsafe-inline' https://*.google-analytics.com https://analytics.twitter.com https://bat.bing.com https://cdn.cookielaw.org https://cdn.linkedin.oribi.io/34930/ https://cdnjs.cloudflare.com/ajax/libs/dompurify/ https://connect.facebook.net https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.hubspot.com https://js.hscta.net https://*.hubspot.net https://*.hsforms.com https://googleads.g.doubleclick.net https://hackerone.com https://npmcdn.com/pikasso@4.2.0/build/umd.min.js https://pikasso-preview.bananatag.com https://j.6sc.co https://*.hs-analytics.net https://*.hs-banner.com https://*.hs-scripts.com https://*.hsforms.net https://*.hsleadflows.net https://*.qualified.com https://maps.googleapis.com https://okt.to/ping https://snap.licdn.com https://static.ads-twitter.com https://static.oktopost.com/oktrk.js https://tagmanager.google.com https://tags.clickagy.com https://tracking.g2crowd.com https://ws.zoominfo.com https://ws-assets.zoominfo.com https://js.zi-scripts.com https://www.gartner.com/reviews/public/Widget/js/widget.js https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://*.clarity.ms https://api.ipstack.com/check https://cdn.leandata.com https://app.leandata.com https://s15952.pcdn.co; font-src 'self' data: font/woff data: font/woff2 data: font/otf data: font/ttf https://*.google-analytics.com https://cdn.getspeechify.com/hosted-fonts/GreycliffCF-*.woff2 https://fonts.staffbase.com https://www.gartner.com https://cdn.leandata.com https://s15952.pcdn.co; img-src 'self' data: image/svg+xml https: https://s15952.pcdn.co https://c.bing.com https://c.clarity.ms; style-src https: 'self' 'unsafe-inline' 'report-sample'; connect-src https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat  'self' https://*.google-analytics.com https://*.ads.linkedin.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://aorta.clickagy.com https://api.ipstack.com https://app.qualified.com https://bat.bing.com https://*.6sc.co https://cdn.cookielaw.org https://cdn.linkedin.oribi.io/partner/34930/domain/staffbase.com/token https://*.hubapi.com https://js.hscta.net https://*.hsforms.com https://*.hubspot.com https://geolocation.onetrust.com https://hackerone.com https://hemsync.clickagy.com https://hubspot-forms-static-embed.s3.amazonaws.com https://*.6sense.com https://*.hs-banner.com https://*.linkedin.oribi.io/event https://tracking.g2crowd.com https://privacyportal.onetrust.com https://secure.adnxs.com/getuidj https://staffbase-privacy-request.my.onetrust.com/request/v1/consentreceipts https://stats.g.doubleclick.net https://ws.zoominfo.com https://js.zi-scripts.com https://www.facebook.com wss://app.qualified.com wss://ws.qualified.com https://*.clarity.ms https://app.leandata.com https://s15952.pcdn.co; frame-src https:; media-src https:; frame-ancestors 'none'; object-src 'none'; 3
default-src https: 'unsafe-inline' data: 3
default-src 'self' *.roche.com *.roche.net *.gene.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.roche.com *.roche.net *.gene.com snap.licdn.com cdn.walkme.com apis.google.com tpc.googlesyndication.com api.html5media.info workdevapp.com cdn-js.net gdata.youtube.com twitter.com geolocation.onetrust.com api.flickr.com graph.facebook.com sharecdn.social9.com maps.googleapis.com use.typekit.com use.typekit.net munchkin.marketo.net img.en25.com w.likebtn.com cdn.mathjax.org sadmin.brightcove.com cdnjs.cloudflare.com releases.flowplayer.org script.crazyegg.com wi.likebtn.com pepperglobal.com analytics.twitter.com cdn.blueconic.net connect.facebook.net fullstory.com script.hotjar.com gnntch.blueconic.net rules.quantcount.com secure.quantserve.com static.hotjar.com www.youtube.com www.googletagmanager.com www.google-analytics.com google-analytics.com *.gstatic.com static.ads-twitter.com sjs.bizographics.com *.linkedin.com www.google.com w.soundcloud.com s.ytimg.com *.cloudflareaccess.com *.salesforceliveagent.com https://*.roche.com:8080 https://cdnjs.org https://service.force.com/* cdn.cookielaw.org static.cloudflareinsights.com googleads.g.doubleclick.net 7232514.collect.igodigital.com; style-src * 'self' 'unsafe-inline'; img-src * 'self' data:; font-src * 'self' data:; connect-src * 'self'; media-src * 'self' data:; object-src 'self'; child-src 'self' *.roche.com *.roche.net *.gene.com *.facebook.net qpcr.probefinder.com *.force.com *.hotjar.com www.facebook.com www.google.com www.googletagmanager.com www.youtube.com; frame-src 'self' *.roche.com *.roche.net *.gene.com www.youtube.com sites.google.com *.googleapis.com *.cloudfront.net *.facebook.net *.arcot.com live.sagepay.com player.vimeo.com tpc.googlesyndication.com players.brightcove.net qpcr.probefinder.com *.eloqua.com *.hotjar.com *.soundcloud.com *.facebook.com *.google.com *.googletagmanager.com *.youtube-nocookie.com *.youtube.com *.mendeley.com *.force.com https://cdn.walkme.com/*; worker-src 'self' *.roche.com *.roche.net *.gene.com; frame-ancestors 'self' *.roche.com *.roche.net *.gene.com datastudio.google.com sites.google.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com *.cloudflareworkers.com; form-action 'self' *.roche.com *.roche.net *.gene.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com; base-uri 'self' *.roche.com *.roche.net *.gene.com *.secure.roche.com 3
report-uri https://partnerize.com?gdsih-csp-report; 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: cdn.privacy-mgmt.com maps.googleapis.com www.news.co.uk uk-script.dotmetrics.net *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com cdn.privacy-mgmt.com *.tiqcdn.com unpkg.com uk-script.dotmetrics.net *.scorecardresearch.com *.google-analytics.com *.googletagmanager.com *.brightcove.com; style-src 'self' 'unsafe-inline' data: use.fontawesome.com fonts.googleapis.com use.typekit.net maps.google.com unpkg.com; img-src 'self' data: *.googleapis.com *.gstatic.com *.google-analytics.com *.scorecardresearch.com *.news.co.uk www.news.co.uk *.dotmetrics.net newsuk.s3.amazonaws.com *.google.com s.w.org ps.w.org ts.w.org secure.gravatar.com www.gravatar.com; font-src 'self' data: fonts.gstatic.com; frame-src 'self' *.youtube.com *.vimeo.com *.brightcove.com cdn.privacy-mgmt.com; report-uri https://www.news.co.uk?gdsih-csp-report; 3
child-src checkoutshopper-live.adyen.com 'self'; connect-src adservice.google.com ajax.googleapis.com analytics.google.com analytics.twitter.com api-js.mixpanel.com api.mixpanel.com apis.google.com arena.matific.com bam-cell.nr-data.net bam.nr-data.net beaconapi.helpscout.net cdn.linkedin.oribi.io chatapi.helpscout.net checkoutshopper-live.adyen.com code.jquery.com consentcdn.cookiebot.com d3hb14vkzrxvla.cloudfront.net d5c36hgmtufmn.cloudfront.net ekr.zdassets.com episode-fact.matific.com firebase.googleapis.com firebaseinstallations.googleapis.com firestore.googleapis.com fonts.googleapis.com googleads.g.doubleclick.net *.google-analytics.com heapanalytics.com https://*.cardinalcommerce.com https://*.clarity.ms/ https://*.clarity.ms/collect https://customer-h8ynfrgd4l2k01xb.cloudflarestream.com https://embedwistia-a.akamaihd.net https://er0hbf77h9.execute-api.us-east-1.amazonaws.com/production/logVoiceOverEvent https://google.com/ https://google.com/ccm/form-data/ https://*.litix.io https://translate-pa.googleapis.com https://*.wistia.com https://www.google.gr ljifg6p8cd.execute-api.us-east-1.amazonaws.com matific1084.zendesk.com *.matific.ca *.matific.com *.matific.eu matific-generatedpdf-ca.s3.amazonaws.com matific-homepage-production.s3.amazonaws.com pagesense-collect.zoho.com.au pagesense.zoho.com.au/ pi.pardot.com polling.matific.com prod-static-web1.matific.com production-cdn-slatemathweb.s3.amazonaws.com px.ads.linkedin.com region1.analytics.google.com s147nglrj7.execute-api.us-east-1.amazonaws.com securetoken.googleapis.com 'self' *.sentry.io site1.matific.com site2.matific.com site3.matific.com ssl.kaptcha.com static1.matific.com static2.matific.com static3.matific.com stats.g.doubleclick.net *.sumologic.com t.co translate.googleapis.com wa.appsflyer.com wa.onelink.me widget.usersnap.com widget.usersnap.com/api/widget/xhrrpc/* wss://*.pusher.com wss://widget-mediator.zopim.com www.facebook.com www.google.ad www.googleadservices.com www.google.ae www.google.al www.googleapis.com www.google.az www.google.be www.google.by www.google.ca www.google.ch www.google.cl www.google.cn www.google.co.ao www.google.co.bw www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.com www.google.com.ar www.google.com.au www.google.com.bo www.google.com.br www.google.com.co www.google.com.cu www.google.com.do www.google.com.ec www.google.com.fj www.google.com.gh www.google.com.gt www.google.com.hk www.google.com.kh www.google.com.kw www.google.com.lb www.google.com.ly www.google.com.mm www.google.com.mx www.google.com.my www.google.com.na www.google.com.ng www.google.com.ni www.google.com.om www.google.com.pe www.google.com.pr www.google.com.qa www.google.com.sg www.google.com.sv www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vn www.google.co.nz www.google.co.th www.google.co.uk www.google.co.ve www.google.co.za www.google.co.zm www.google.co.zw www.google.cz www.google.de www.google.dk www.google.ee www.google.es www.google.fi www.google.fr www.google.hn www.google.hr www.google.hu www.google.iq www.google.it www.google.jo www.google.kg www.google.li www.google.lu www.google.lv www.google.mn www.google.mv www.google.nl/ www.google.no www.google.ro www.google.rs www.google.ru www.google.se www.google.si www.google.sk www.googletagmanager.com www.google.vg; default-src fonts.googleapis.com https://c.bing.com https://*.clarity.ms https://matific1084.zendesk.com https://*.wistia.com https://*.wistia.net https://*.zdassets.com https://*.zendesk.com https://zendesk-eu.my.sentry.io https://*.zopim.com *.matific.ca *.matific.com *.matific.eu 'self' 'unsafe-inline' wss://matific1084.zendesk.com wss://*.zopim.com; font-src api.couponmate.com cdnjs.cloudflare.com d5c36hgmtufmn.cloudfront.net data: fonts.googleapis.com fonts.gstatic.com gateway.zscalerone.net heapanalytics.com https://beacon-v2.helpscout.net https://*.wistia.com *.matific.ca *.matific.com *.matific.eu maxcdn.bootstrapcdn.com production-cdn-slatemathweb.s3.amazonaws.com 'self' stackpath.bootstrapcdn.com themes.googleusercontent.com use.fontawesome.com use.typekit.net; form-action *.3ds.modirum.com *.bluesnap.com data: lgn.edu.gov.il matific-admintools.auth.us-east-1.amazoncognito.com *.matific.ca *.matific.com *.matific.eu 'self' staging-matific-admintools.auth.us-east-1.amazoncognito.com 'unsafe-eval' www.facebook.com; frame-ancestors *.matific.com 'self' www.instructure.com www.matific.com; frame-src * accounts.google.com app.smartsheet.com bid.g.doubleclick.net *.bluesnap.com challenges.cloudflare.com checkoutshopper-live.adyen.com consentcdn.cookiebot.com customer-h8ynfrgd4l2k01xb.cloudflarestream.com d5c36hgmtufmn.cloudfront.net gateway.zscalerone.net https://beacon-v2.helpscout.net https://*.cardinalcommerce.com https://fast.wistia.com https://fast.wistia.net live.adyen.com live-apse.adyen.com live-au.adyen.com live-us.adyen.com *.matific.ca *.matific.com *.matific.eu matific-prod.firebaseapp.com pagesense.zoho.com.au pay.google.com policies.google.com prod-static-web1.matific.com production-cdn-slatemathweb.s3.amazonaws.com 'self' site1.matific.com site2.matific.com site3.matific.com ssl.kaptcha.com static1.matific.com static2.matific.com static3.matific.com tst.kaptcha.com 'unsafe-eval' us-east-1.quicksight.aws.amazon.com www.facebook.com www.google.com www.gstatic.com; img-src accounts.google.com *.analytics.google.com analytics.google.com analytics.twitter.com bam-cell.nr-data.net bam.nr-data.net blob: *.bluesnap.com c.bing.com code.jquery.com connect.facebook.net csi.gstatic.com cx.atdmt.com d33v4339jhl8k0.cloudfront.net d5c36hgmtufmn.cloudfront.net data: dev.visualwebsiteoptimizer.com files.readme.io gateway.zscalerone.net googleads.g.doubleclick.net *.google-analytics.com *.gstatic.com heapanalytics.com https://beacon-v2.helpscout.net https://c.clarity.ms/ https://c.clarity.ms/c.gif https://chatapi-prod.s3.amazonaws.com/ https://embedwistia-a.akamaihd.net https://*.gravatar.com https://matific1084.zendesk.com https://static.zdassets.com https://v2assets.zopim.io https://*.wistia.com https://*.wistia.net https://www.facebook.com/ https://www.facebook.com/tr/ https://www.google.ge imgsct.cookiebot.com matific-a.akamaihd.net *.matific.ca *.matific.com *.matific.eu p.adsymptotic.com pagesense-collect.zoho.com.au prod-static-web1.matific.com production-cdn-slatemathweb.s3.amazonaws.com p.typekit.net px4.ads.linkedin.com px.ads.linkedin.com resources.usersnap.com 'self' site1.matific.com site2.matific.com site3.matific.com ssl.kaptcha.com static1.matific.com static2.matific.com static3.matific.com static.ads-twitter.com stats.g.doubleclick.net t.co translate.googleapis.com translate.google.com tst.kaptcha.com 'unsafe-eval' 'unsafe-inline' web.facebook.com www.google.ad www.googleadservices.com www.google.ae www.google.al www.google.at www.google.az www.google.be www.google.bg www.google.bs www.google.bt www.google.by www.google.ca www.google.ch www.google.cl www.google.cn www.google.co.ao www.google.co.bw www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.com www.google.co.ma www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bh www.google.com.bn www.google.com.bo www.google.com.br www.google.com.co www.google.com.cu www.google.com.do www.google.com.ec www.google.com.eg www.google.com.fj www.google.com.gh www.google.com.gt www.google.com.hk www.google.com.kh www.google.com.kw www.google.com.lb www.google.com.ly www.google.com.mm www.google.com.mx www.google.com.my www.google.com.na www.google.com.ng www.google.com.ni www.google.com.np www.google.com.om www.google.com.pa www.google.com.pe www.google.com.ph www.google.com.pk www.google.com.pr www.google.com.py www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.sv www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vn www.google.co.nz www.google.co.th www.google.co.uk www.google.co.uz www.google.co.ve www.google.co.za www.google.co.zm www.google.co.zw www.google.cz www.google.de www.google.dk www.google.dz www.google.ee www.google.es www.google.fi www.google.fr www.google.gr www.google.hn www.google.hr www.google.hu www.google.ie www.google.iq www.google.it www.google.jo www.google.kg www.google.kz www.google.li www.google.lk www.google.lt www.google.lu www.google.lv www.google.md www.google.mn www.google.mv www.google.nl www.google.no www.google.pl www.google.ps www.google.pt www.google.ro www.google.rs www.google.ru www.google.se www.google.si www.google.sk www.googletagmanager.com www.google.tt www.google.vg www.google.vu www.kidsafeseal.com www.linkedin.com *.zendesk.com; media-src blob: data: https://beacon-v2.helpscout.net https://customer-h8ynfrgd4l2k01xb.cloudflarestream.com https://embedwistia-a.akamaihd.net https://*.wistia.com https://*.wistia.net *.matific.com 'unsafe-eval' *.zdassets.com; object-src https://beacon-v2.helpscout.net 'self' 'unsafe-eval' 'unsafe-inline'; script-src ajax.googleapis.com analytics.twitter.com apis.google.com appleid.cdn-apple.com bam-cell.nr-data.net bam.nr-data.net beacon-v2.helpscout.net blob: *.bluesnap.com cdn4.mxpnl.com cdn.heapanalytics.com cdnjs.cloudflare.com cdn.mxpnl.com challenges.cloudflare.com checkoutshopper-live.adyen.com code.jquery.com connect.facebook.net consentcdn.cookiebot.com consent.cookiebot.com dev.visualwebsiteoptimizer.com firebase.googleapis.com firstore.googleapis.com gateway.zscalerone.net googleads.g.doubleclick.net *.google-analytics.com *.google.com heapanalytics.com https://appleid.cdn-apple.com https://*.cardinalcommerce.com https://*.clarity.ms https://d12wqas9hcki3z.cloudfront.net https://d33v4339jhl8k0.cloudfront.net https://fast.wistia.com https://src.litix.io https://*.wistia.com https://*.wistia.net js-agent.newrelic.com *.matific.ca *.matific.com *.matific.eu *.pagesense.io pi.pardot.com resources.usersnap.com 'self' snap.licdn.com static.ads-twitter.com static.zdassets.com static.zohocdn.com translate.googleapis.com translate.google.com 'unsafe-eval' 'unsafe-inline' use.typekit.net wa.appsflyer.com websdk.appsflyer.com widget.usersnap.com www.googleadservices.com www.google.al www.google.cn www.google.co.kr www.google.com.kh www.google.com.kw www.google.com.lb www.google.com.na www.google.com.ng www.google.com.ni www.google.com.om www.google.com.sg www.google.co.zw www.google.dk www.google.es www.google.iq www.google.kg www.google.md www.google.mn www.google.mv www.google.rs www.google.se www.google.si www.google.sk www.googletagmanager.com www.gstatic.com; script-src-attr 'unsafe-inline'; script-src-elem ajax.googleapis.com analytics.twitter.com apis.google.com appleid.cdn-apple.com bam-cell.nr-data.net bam.nr-data.net beacon-v2.helpscout.net *.bluesnap.com cdn4.mxpnl.com cdn.heapanalytics.com cdnjs.cloudflare.com cdn.mxpnl.com challenges.cloudflare.com checkoutshopper-live.adyen.com code.jquery.com connect.facebook.net consentcdn.cookiebot.com consent.cookiebot.com dev.visualwebsiteoptimizer.com fast.wistia.com googleads.g.doubleclick.net *.google-analytics.com googletagmanager.com heapanalytics.com https://*.cardinalcommerce.com https://*.clarity.ms https://fast.wistia.com js-agent.newrelic.com *.matific.ca *.matific.com *.matific.eu pagesense-collect.zoho.com.au *.pagesense.io pagesense.zoho.com.au pay.google.com pi.pardot.com plus.google.com resources.usersnap.com 'self' snap.licdn.com ssl.kaptcha.com static.ads-twitter.com static.zdassets.com static.zohocdn.com 'unsafe-inline' use.typekit.net wa.appsflyer.com websdk.appsflyer.com widget.usersnap.com www.googleadservices.com www.google.com www.googletagmanager.com www.gstatic.com; style-src blob: cdnjs.cloudflare.com checkoutshopper-live.adyen.com fonts.googleapis.com heapanalytics.com https://beacon-v2.helpscout.net https://fast.wistia.com https://www.gstatic.com *.matific.ca *.matific.com *.matific.eu 'self' stackpath.bootstrapcdn.com translate.googleapis.com 'unsafe-eval' 'unsafe-inline' use.fontawesome.com; style-src-attr 'unsafe-inline'; style-src-elem apis.google.com cdnjs.cloudflare.com checkoutshopper-live.adyen.com code.jquery.com fonts.googleapis.com heapanalytics.com *.matific.ca *.matific.com *.matific.eu 'self' stackpath.bootstrapcdn.com 'unsafe-inline' use.fontawesome.com; worker-src blob: 'self'; report-uri https://matific.report-uri.com/r/d/csp/reportOnly; report-to default; 3
report-to default; frame-src 'self' *.recaptcha.net *.olark.com; font-src 'self' data: *.olark.com; script-src 'self' 'unsafe-inline' *.true.nl *.googletagmanager.com *.google-analytics.com *.piwik.pro *.recaptcha.net *.gstatic.com *.bing.com *.olark.com *.youtube.com *.vimeo.com *.hotjar.com *.licdn.com *.clarity.ms *.pardot.com *.reddit.com *.redditstatic.com *.twitter.com *.t.co; img-src 'self' data: *.olark.com; media-src 'self' data: *.olark.com; object-src 'self'; default-src 'self' 'unsafe-inline' *.true.nl *.google-analytics.com *.piwik.pro *.olark.com *.pardot.com *.linkedin.com *.clarity.ms *.hotjar.com *.google.com *.doubleclick.net *.reddit.com *.redditstatic.com *.twitter.com *.t.co 3
default-src 'self' https://*.ebizautos.com; img-src *; script-src 'self' 'unsafe-inline' *; font-src *; media-src *; frame-src *; manifest-src 'self'; style-src 'self' 'unsafe-inline' *; connect-src https://*; object-src 'none'; worker-src 'none'; base-uri 'self'; 3
frame-ancestors https://*.walmart.com;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub4ebf0f2c2b22f7e232e33c048c5f3d2b&dd-evp-origin=content-security-policy&env=prod&ddsource=csp-report&ddtags=service:marketing-web 3
font-src 'self' smartphonehoesjes.nl handyhuellen.de ploonk.fr *.smartphonehoesjes.nl *.ploonk.fr *.brandcommerce.nl *.mopinion.com fonts.gstatic.com *.cm.com *.fontawesome.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://www.paypal.com *.acc-smartphonehoesjes.nl *.acc-ploonk.fr *.acc-handyhuellen.de *.acc-brandcommerce.de *.smartphonehoesjes.nl *.ploonk.fr *.coquedetelephone.fr *.handyhuellen.de *.brandcommerce.nl *.doubleclick.net *.facebook.com *.tradedoubler.com *.sovendus-connect.com *.colorlab.io *.printlane.com metrics.smartphonehoesjes.nl metrics.handyhuellen.de metrics.ploonk.fr js.mollie.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.ftcdn.net *.behance.net https://portal.payconiq.com https://static.buckaroo.nl https://www.paypalobjects.com cdn.acc-smartphonehoesjes.nl cdn.acc-brandcommerce.nl cdn.acc-ploonk.fr cdn.acc-handyhuellen.de cdn.smartphonehoesjes.nl cdn.brandcommerce.nl cdn.ploonk.fr cdn.handyhuellen.de *.smartphonehoesjes.nl *.etrusted.com *.google.com *.google.nl *.googlesyndication.com *.facebook.com squeezely.tech *.squeezely.tech *.bing.com *.bing.net *.pointspay.com *.trustedshops.com *.roeyecdn.com *.roeye.com *.doubleclick.net *.zenaps.com *.awin1.com *.facebook.net *.cm.com magefan.com cm.magefan.com *.disqus.com https://img.youtube.com https://firebasestorage.googleapis.com https://www.mollie.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://static.buckaroo.nl https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl *.buckaroo.nl https://www.paypal.com *.localhost *.acc-smartphonehoesjes.nl *.acc-ploonk.fr *.acc-handyhuellen.de *.acc-brandcommerce.nl smartphonehoesjes.nl *.smartphonehoesjes.nl *.ploonk.fr *.handyhuellen.de *.brandcommerce.nl *.analytics.google.com *.googlesyndication.com www.clarity.ms *.google.com *.google.nl *.facebook.net *.tiktok.com *.doubleclick.net *.bing.com *.etrusted.com *.elitechnology.com *.beslist.nl squeezely.tech *.squeezely.tech *.trustedshops.com *.mopinion.com *.dwin1.com *.aiden.cx *.kickbite.io *.colorlab.io *.printlane.com *.hotjar.com *.sovendus.com *.wurflcloud.com fonts.gstatic.com *.cloudfront.net *.roeyecdn.com *.disqus.com *.avada.io js.mollie.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl *.localhost *.googleapis.com *.etrusted.com *.mopinion.com *.fontawesome.com https://fonts.bunny.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.youtube.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com wss://websocketservice-externalapi.prod.buckaroo.io https://static.buckaroo.nl wss://websockets.buckaroo.io/ https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://applepay.buckaroo.io https://www.paypal.com smartphonehoesjes.nl *.smartphonehoesjes.nl *.handyhuellen.de *.ploonk.fr *.brandcommerce.nl wss://*.azurewebsites.net *.google-analytics.com *.wurflcloud.com *.clarity.ms https://get.geojs.io *.amazon.com *.etrusted.com *.demdex.net *.sc.omtrdc.net *.cardinalcommerce.com *.acc-smartphonehoesjes.nl *.acc-ploonk.fr *.acc-handyhuellen.de *.acc-brandcommerce.nl google.com *.google.com google.nl *.google.nl *.googlesyndication.com *.tiktok.com *.hotjar.com *.doubleclick.net *.aiden.cx *.sovendus.com *.trustedshops.com *.youtube.com *.plyr.io noembed.com *.amazonaws.com *.mopinion.com *.beslist.nl *.kickbite.io *.bing.com *.bing.net *.avada.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
frame-ancestors 'self' ; object-src 'none' ; report-uri https://cspreports.realpage.com/api/reports/save/report-only; 3
font-src fonts.googleapis.com fonts.gstatic.com *.googleapis.com *.gstatic.com data: oct8necdneu.azureedge.net *.trustedshops.com *.cloudflare.com https://static.lyra.com/static/ https://widgets.trustedshops.com https://fonts.gstatic.com https://ws.colissimo.fr *.yotpo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com sis-t.redsys.es:* sis.redsys.es sis-t.sermepa.es:* sis.sermepa.es * *.reskyt.com *.bing.com *.pinterest.com *.creativecdn.com *.tiktok.com *.t.co *.twitter.co *.doubleclick.net t.co *.twitter.com *.byspotify.com *.syndigo.com https://secure.lyra.com/vads-payment/ https://api.lyra.com/api-payment/ https://static.lyra.com/static/ *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors https://www.salesmanago.pl https://api.clerk.io https://cdn.clerk.io *.googleapis.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.adyen.com *.vimeo.com *.oct8ne.com *.googletagmanager.com * *.cookiebot.com *.reskyt.com *.bing.com *.pinterest.com *.creativecdn.com *.tiktok.com *.t.co *.twitter.co *.doubleclick.net t.co *.twitter.com *.byspotify.com *.syndigo.com *.hipay-tpp.com *.hipay.com *.paypal.com https://secure.lyra.com/vads-payment/ https://static.lyra.com/static/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com https://www.youtube.com https://form.typeform.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.adyen.com maps.googleapis.com maps.gstatic.com *.gstatic.com *.googleapis.com https://images.unsplash.com *.google.com *.google.es *.google.com.br *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net oct8necdneu.azureedge.net *.trustedshops.com *.bynder.com *.visualwebsiteoptimizer.com *.amazonaws.com *.atida.com *.dosfarma.com *.facebook.com *.zenaps.com *.awin1.com *.reskyt.com *.bing.com *.pinterest.com *.creativecdn.com *.tiktok.com *.t.co t.co *.twitter.co *.twitter.com *.cloudfront.net *.doubleclick.net *.byspotify.com *.cookiebot.com *.googlesyndication.com *.syndigo.com *.assets.efarma.com *.mifarma.co.uk https://secure.lyra.com/static/latest/images/type-carte/ https://static.lyra.com/static/ https://secure.lyra.com/vads-payment/ openstreetmap.org www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://cdn.clerk.io *.ggpht https://maps.googleapis.com https://maps.gstatic.com https://ws.colissimo.fr https://*.tile.openstreetmap.fr https://*.onyourmap.com https://google.fr *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com polyfill.io maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.gstatic.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js *.google.com *.google.es *.google.com.br *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net *.cookiebot.com *.oct8ne.com *.trustedshops.com *.clerk.io *.cloudfront.net *.zdassets.com *.zendesk.com *.api.smooch.io *.visualwebsiteoptimizer.com *.connectif.cloud *.atida.com *.dosfarma.com *.newrelic.com *.nr-data.net *.dwin1.com *.pinimg.com *.ads-twitter.com *.tiktok.com *.kk-resources.com *.bing.com *.creativecdn.com *.facebook.net *.googlesyndication.com *.awin1.com *.zenaps.com *.facebook.com *.wepowerconnections.com *.sciencebehindecommerce.com *.reskyt.com *.pinterest.com *.t.co *.twitter.co *.doubleclick.net t.co *.twitter.com *.byspotify.com *.syndigo.com *.topsort.workers.dev *.cdn-apple.com *.lyra.com *.plugins.emarsys.net *.scarabresearch.com *.hipay-tpp.com *.hipay.com mpsnare.iesnare.com *.paypal.com https://api.lyra.com/api-payment/ https://static.lyra.com/static/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com cdn.scalapay.com b2c-cdn.scalapay.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com https://api.clerk.io https://cdn.clerk.io https://maps.googleapis.com https://www.google.com https://www.gstatic.com https://ws.colissimo.fr https://api.mapbox.com https://*.typeform.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.trustedshops.com *.cloudflare.com *.googletagmanager.com *.reskyt.com *.bing.com *.pinterest.com *.creativecdn.com *.tiktok.com *.t.co *.twitter.co *.doubleclick.net t.co *.twitter.com *.byspotify.com *.syndigo.com *.hipay.com https://static.lyra.com/static/ unsafe-inline assets.braintreegateway.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com https://api.clerk.io https://cdn.clerk.io https://fonts.googleapis.com https://ws.colissimo.fr https://api.mapbox.com https://*.typeform.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com data: mpsnare.iesnare.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.google.com *.google.es *.google.com.br *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net *.oct8ne.com *.google.com/pay *.api.smooch.io *.zdassets.com *.zendesk.com *.connectif.cloud *.atida.com *.dosfarma.com *.algolia.io *.cookiebot.com *.nr-data.net google.com *.googlesyndication.com *.awin1.com *.zenaps.com *.facebook.com *.wepowerconnections.com *.sciencebehindecommerce.com *.reskyt.com *.bing.com *.pinterest.com *.creativecdn.com *.tiktok.com *.t.co *.twitter.co *.doubleclick.net t.co *.twitter.com *.byspotify.com *.syndigo.com *.topsort.workers.dev *.scarabresearch.com *.eservice.emarsys.net *.hipay-tpp.com *.hipay.com wss://mpsnare.iesnare.com https://secure.lyra.com/vads-payment/ https://api.lyra.com/api-payment/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site https://ws.colissimo.fr https://maps.googleapis.com https://nominatim.openstreetmap.org https://*.onyourmap.com https://*.mapbox.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src https://secure.lyra.com/vads-payment/ https://api.lyra.com/api-payment/ https://static.lyra.com/static/ 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
default-src 'self' data: blob: https://*.trustage.com https://*.trustagedem.com https://*.trustagedemo.com; connect-src 'self' data: properties: https://cmfglifeinsurance.us-6.evergage.com https://*.google-analytics.com https://*.google.com https://*.linkedin.com https://*.niceincontact.com https://clientstream.launchdarkly.com/ https://fonts.gstatic.com https://*.optimizely.com https://*.cunamutual.com https://www.nextinsure.com https://geolocation.onetrust.com https://privacyportal.onetrust.com https://*.googlesyndication.com https://*.trustage.com https://us-central1-adaptive-growth.cloudfunctions.net https://cdn.linkedin.oribi.io https://s.yimg.com https://*.doubleclick.net https://*.trustagedem.com https://*.trustagedemo.com https://*.oktacdn.com https://*.bing.com https://*.googleapis.com https://cunamutual.okta.com https://cdn.cookielaw.org https://cunamutual.oktapreview.com/ https://*.googleadservices.com/ https://*.qualtrics.com/ https://dc.services.visualstudio.com/ https://*.levelaccess.net https://www.googletagmanager.com https://facebook.com/ https://*.segment.io https://*.segment.com https://*.permutive.com https://calc-backend-prod.herokuapp.com https://www.facebook.com https://eastus2-0.in.applicationinsights.azure.com; frame-ancestors 'self' https://trustage.com https://*.optimizely.com https://*.trustagedem.com https://*.trustagedemo.com; frame-src 'self' https://trustage.com https://*.googlesyndication.com https://cunamutual.widen.net https://login.microsoftonline.com https://*.widencdn.net https://*.opendns.com https://*.optimizely.com https://www.youtube.com https://chase.hostedpaymentservice.net https://chase-var.hostedpaymentservice.net https://*.doubleclick.net https://*.trustage.com https://*.trustagedem.com https://*.trustagedemo.com https://*.oktacdn.com https://www.googletagmanager.com https://*.trustpilot.com/ https://*.flashtalking.com https://*.google.com https://*.qualtrics.com https://*.affec.tv https://*.opendns.com https://www.facebook.com https://*.ceros.com https://home-c27.incontact.com;  script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https://cmfglifeinsurance.us-6.evergage.com https://*.googlesyndication.com https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com https://static-demo.trustage.cloud https://*.trustage.com https://*.googleadservices.com https://*.trustagedem.com https://*.trustagedemo.com https://cdn.cookielaw.org https://*.signalintent.com https://*.google.com https://chase-var.hostedpaymentservice.net https://chase.hostedpaymentservice.net https://cdn.pdst.fm https://snap.licdn.com https://insurance.mediaalpha.com https://us-central1-adaptive-growth.cloudfunctions.net https://s.yimg.com https://*.facebook.net https://geolocation.onetrust.com https://cdn.linkedin.oribi.io https://privacyportal.onetrust.com https://*.google.com https://sp.analytics.yahoo.com https://*.linkedin.com https://www.pagespeed-mod.com https://*.google-analytics.com https://*.salesforceliveagent.com/ https://*.oktacdn.com/ https://*.trustpilot.com/ https://*.gstatic.com/ https://*.googletagmanager.com/ https://az416426.vo.msecnd.net/ https://*.levelaccess.net/ https://*.qualtrics.com/ https://www.googleoptimize.com https://bat.bing.com https://solutions.invocacdn.com https://pnapi.invoca.net https://*.affec.tv/ https://*.evgnet.com/ https://*.ceros.com https://home-c27.incontact.com https://secure.adnxs.com https://cdn.permutive.com https://trkn.us https://www.facebook.com; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' https://*.trustage.com https://cmfglifeinsurance.us-6.evergage.com https://www.gstatic.com https://*.optimizely.com https://*.affec.tv/ https://chase.hostedpaymentservice.net https://*.bing.com https://*.google.com https://*.doubleclick.net https://*.googleadservices.com https://*.google-analytics.com https://www.googletagmanager.com https://*.googleadservices.com https://*.googlesyndication.com https://cdn.pdst.fm https://cdn.cookielaw.org https://snap.licdn.com https://*.qualtrics.com https://s.yimg.com https://*.salesforceliveagent.com https://*.facebook.com https://connect.facebook.net https://www.youtube.com https://bat.bing.com https://*.evgnet.com/ https://*.levelaccess.net https://chase-var.hostedpaymentservice.net https://*.oktacdn.com https://www.googleoptimize.com https://*.trustpilot.com/ https://az416426.vo.msecnd.net/ https://solutions.invocacdn.com https://secure.adnxs.com https://cdn.permutive.com https://*.signalintent.coms https://*.segment.com https://*.ceros.coms; style-src 'self' 'unsafe-inline' https://cmfglifeinsurance.us-6.evergage.com https://*.trustage.com https://*.trustagedem.com https://*.trustagedemo.com https://*.signalintent.com https://rsms.me https://*.googleapis.com https://*.google.com https://*.googlesyndication.com https://google.ca https://www.googleoptimize.com https://*.google-analytics.com https://*.trustpilot.com/ https://www.youtube.com https://web-modules-de-na1.niceincontact.com  https://pwm-image.trendmicro.com https://cdn.honey.io; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: https:; font-src 'self' data: https://cmfglifeinsurance.us-6.evergage.com https://fonts.gstatic.com https://rsms.me https://maxcdn.bootstrapcdn.com https://fonts.cdnfonts.com https://use.fontawesome.com https://static2.sharepointonline.com https://static.zip.co https://embed.signalintent.com https://appservice.azureedge.net/; report-uri /api/csp/report; 3
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; media-src https: http: rtsp: rtmp: data:; report-uri /csp-report 3
default-src 'self';form-action 'self'; object-src 'self'; frame-ancestors 'self'; connect-src 'self' ely-keskus.fi *.youtube.com *.tyomarkkinatori.fi *.ahtp.fi keha-matomo-sdg-qa-qa.azurewebsites.net *.cookiebot.com wss://*.tyomarkkinatori.fi *.elisa.fi wss://*.elisa.fi tetyomarkkinatori.boost.ai lukija.aimater.com fonts.gstatic.com data:; style-src 'self' 'unsafe-inline' *.elisa.fi fonts.googleapis.com *.youtube.com gstatic.com blob:; img-src * data: blob:; worker-src 'self' blob:; script-src 'self' 'unsafe-inline' *.tyomarkkinatori.fi *.ahtp.fi *.elisa.fi lukija.aimater.com tetyomarkkinatori.boost.ai *.cookiebot.com keha-matomo-sdg-qa-qa.azurewebsites.net youtube.com blob:; frame-src 'self' data: feed.mikle.com *.elisadesk.com *.cookiebot.com *.youtube.com; media-src 'self' data: blob:; font-src 'self' data: fonts.gstatic.com; report-uri https://csp-report-fa-prod.azurewebsites.net/api/csp-report; 3
default-src 'self' *.smartschool.be widgets.wp.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' maps.googleapis.com *.wp.com https://ssl.p.jwpcdn.com *.wp.com use.typekit.net p.jwpcdn.com; script-src-attr 'none'; style-src 'self' *.smartschool.be 'unsafe-inline' *.wp.com; font-src 'self' *.smartschool.be *.typekit.net wordpress.com c0.wp.com s0.wp.com data:; img-src 'self' http://www.smartschool.be pixel.wp.com *.typekit.net data:; connect-src maps.googleapis.com 'self' performance.typekit.net stats.g.doubleclick.net *.google-analytics.com; frame-src player.vimeo.com 'self'; report-uri /csp-violation.php 3
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com *.cloudflare.com *.adbr.io *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.googleapis.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.adabra.com *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com *.doubleclick.net *.facebook.com *.trustpilot.com *.criteo.com *.cookiebot.com *.youtube.com *.hotjar.com *.adbr.io ad4m.at *.ad4m.at service.force.com *.marketingspray.com *.criteo.net *.tncid.app *.clinch.co *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.google.de *.google.it *.bing.com *.adbr.io maps.googleapis.com *.ad4m.at ih.adscale.de rtb-csync.smartadserver.com simage2.pubmatic.com dsum-sec.casalemedia.com *.twiago.com ad.yieldlab.net *.marketingspray.com *.adform.net *.clarity.ms *.bidswitch.net *.adnxs.com *.media.net *.rubiconproject.com *.sharethrough.com *.taboola.com *.teads.tv *.3lift.com *.yahoo.com *.omnitagjs.com *.casalemedia.com *.criteo.com id5-sync.com *.360yield.com *.ivitrack.com *.mediavine.com *.outbrain.com *.tremorhub.com *.yieldmo.com *.krxd.com *.thebrighttag.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.googleapis.com *.hsforms.net *.hsforms.com *.flavedo.io 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.trustpilot.com *.criteo.com *.criteo.net *.newrelic.com *.cookiebot.com bam.nr-data.net *.google.de *.google.it *.bing.com *.hotjar.com *.adbr.io ad4m.at pushpad.xyz service.force.com *.salesforceliveagent.com *.marketingspray.com *.shippypro.com *.kk-resources.com *.farmae.it *.clarity.ms *.googleoptimize.com *.tiktok.com *.dwin1.com sdk.privacy-center.org api.privacy-center.org pmp-sdk.privacy-center.org *.tncid.app *.clinch.co *.visualwebsiteoptimizer.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.connectif.cloud *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.googleapis.com *.hsforms.net *.hsforms.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com tracking.trovaprezzi.it www.trovaprezzi.it 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.fontawesome.com *.cloudflare.com *.adbr.io service.force.com *.shippypro.com cdn.dnky.co webchat.dotdigital.com unsafe-inline *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.stripe.network *.stripecdn.com *.amazon.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.google-analytics.com *.facebook.com *.facebook.net *.google.com bam.nr-data.net *.doubleclick.net *.trustpilot.com pagead2.googlesyndication.com consentcdn.cookiebot.com *.adbr.io *.googleapis.com *.shippypro.com pushpad.xyz *.clarity.ms *.tiktok.com *.criteo.com sdk.privacy-center.org api.privacy-center.org pmp-sdk.privacy-center.org *.hotjar.io *.tncid.app *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com www.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.connectif.cloud t.elasticsuite.io *.hsforms.net *.hsforms.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.citrusad.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
default-src 'self'; script-src 'self' https://cdnjs.cloudflare.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.google.fi https://connect.facebook.net https://support.hostaan.com https://widget.trustmary.com https://embed.trustmary.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com https://www.gstatic.com https://cdnjs.cloudflare.com https://support.hostaan.com 'unsafe-inline' 'unsafe-eval'; font-src 'self' https://fonts.gstatic.com https://support.hostaan.com data:; connect-src 'self' https://region1.google-analytics.com https://embed.trustmary.io https://stats.g.doubleclick.net https://www.google-analytics.com https://*.facebook.com https://www.google.com https://www.googletagmanager.com https://region1.analytics.google.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.google.fi https://support.hostaan.com; media-src 'self' https://support.hostaan.com; img-src 'self' blob: data: https://www.googletagmanager.com https://fonts.gstatic.com https://translate.google.com https://widget.trustmary.com/ https://d2nce6johdc51d.cloudfront.net https://lh3.googleusercontent.com https://www.google.se https://www.google.fi https://www.google.com https://stats.g.doubleclick.net https://www.google.fi https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.facebook.com https://support.hostaan.com; frame-src 'self' https://www.youtube.com https://www.facebook.com https://www.googletagmanager.com https://www.google.com https://support.hostaan.com https://td.doubleclick.net; worker-src 'self' blob:; object-src 'none'; frame-ancestors 'self' https://www.hostaan.fi; report-uri https://n8n.ppweb.fi/webhook/da8630cf-3a65-402b-b95f-6fa58e667ed6; 3
default-src * data:;   script-src * 'unsafe-eval';   script-src-elem * 'unsafe-inline';   script-src-attr *;   style-src * 'unsafe-inline' blob:;   style-src-elem * 'unsafe-inline';   style-src-attr * 'unsafe-inline';   img-src * 'self' data: blob:;   font-src * 'self' data: blob:;   connect-src * 'self' blob:;   media-src * 'self' blob:;   object-src * 'self' 'unsafe-inline' blob:;   prefetch-src * 'self' blob:;   child-src * 'self' blob:;   frame-src * 'self' blob:;   worker-src * 'self' blob:;   frame-ancestors * 'self' blob:;   form-action *;   upgrade-insecure-requests;   base-uri * 'self';   manifest-src * blob: sandbox allow-downloads allow-forms allow-modals allow-popups allow-same-origin allow-scripts allow-top-navigation allow-top-navigation-to-custom-protocols; 3
font-src https://cdn.riverty.design/ cash-f.squarecdn.com fonts.gstatic.com all4running.nl *.all4running.nl all4running.be *.all4running.be 21run.com *.21run.com *.dhlparcel.nl https://widgets.trustedshops.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com uc8.tv * all4running.nl *.all4running.nl all4running.be *.all4running.be 21run.com *.21run.com *.facebook.com *.facebook.net 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.youtube-nocookie.com uc8.tv https://documents.riverty.com/ * all4running.nl *.all4running.nl all4running.be *.all4running.be 21run.com *.21run.com *.doubleclick.net *.facebook.com *.facebook.net 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com https://cdn.myafterpay.com/ uc8.tv https://cdn.riverty.design/ * https://images.unsplash.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com *.imgix.net all4running.nl *.all4running.nl all4running.be *.all4running.be 21run.com *.21run.com maps.gstatic.com *.googleapis.com *.bing.com *.google.nl *.facebook.com *.facebook.net *.hsforms.net *.hsforms.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com *.bazaarvoice.com widgets.trustedshops.com 'self' data: data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.hotjar.com uc8.tv https://cdn.myafterpay.com/ https://cdn.bnpl.riverty.io/ *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com https://maps.googleapis.com *.googletagmanager.com tagmanager.google.com all4running.nl *.all4running.nl all4running.be *.all4running.be 21run.com *.21run.com *.dhlparcel.nl *.googleapis.com *.bing.com *.facebook.com *.facebook.net https://player.vimeo.com/api/player.js cdn.belco.io *.hsforms.net *.hsforms.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.bazaarvoice.com widgets.trustedshops.com *.google.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.cash.app tagmanager.google.com fonts.google.com all4running.nl *.all4running.nl all4running.be *.all4running.be 21run.com *.21run.com *.dhlparcel.nl https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com vimeo.com uc8.tv https://cdn.myafterpay.com/ https://documents.myafterpay.com/ https://documents.riverty.com/ https://www.afterpay.nl/ https://cdn.bnpl.riverty.io/ https://trace-api.newrelic.com/ https://distributions.crowdin.net/ https://api.crowdin.com/ * https://maps.googleapis.com https://player.vimeo.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com all4running.nl *.all4running.nl all4running.be *.all4running.be 21run.com *.21run.com *.dhlparcel.nl *.googleapis.com *.google.com *.doubleclick.net *.googlesyndication.com cdn.belco.io wss://chat.belco.io t.elasticsuite.io *.hsforms.net *.hsforms.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site *.bazaarvoice.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
default-src 'self'; script-src 'self' https://*.cloudflareinsights.com https://*.freshworks.com https://*.tiktok.com https://*.zzgtech.com https://*.facebook.net https://*.ssevt.com https://*.googleapis.com https://*.gstatic.com https://*.google-analytics.com https://*.facebook.com https://*.googletagmanager.com https://*.signalsight.io https://cdn.jsdelivr.net https://kit.fontawesome.com https://*.pinimg.com https://ct.pinterest.com 'unsafe-inline'; img-src 'self' data: https://*.zzgtech.com https://*.pinterest.com https://*.tiktok.com https://*.facebook.net https://*.ssevt.com https://*.googleapis.com https://*.gstatic.com https://*.google-analytics.com https://*.facebook.com https://*.googletagmanager.com https://*.signalsight.io; font-src 'self' https://*.bootstrapcdn.com https://*.sc-static.net https://*.googleapis.com https://*.gstatic.com https://*.fontawesome.com; style-src 'self' https://*.freshworks.com https://*.signalsight.io https://signalsight.io https://*.fontawesome.com https://*.bootstrapcdn.com https://*.googleapis.com 'unsafe-inline'; connect-src 'self' https://*.freshworks.com https://*.zzgtech.com https://*.tiktok.com https://*.facebook.net https://*.ssevt.com https://*.googleapis.com https://*.gstatic.com https://*.google-analytics.com https://*.facebook.com https://*.googletagmanager.com https://*.signalsight.io https://*.fontawesome.com https://*.pinterest.com; frame-src 'self' https://*.zzgtech.com https://*.pinterest.com https://www.google.com; frame-ancestors *.signalsight.io 3
default-src 'self' 'unsafe-inline' https:; report-uri https://reporturi.savagescape.com/report.php; report-to default 3
default-src 'self' blob: *; img-src 'self' data: *; script-src 'self' blob: * 'unsafe-inline' 'unsafe-eval'; style-src 'self' * 'unsafe-inline'; font-src 'self' data: *; connect-src *; frame-ancestors 'self'; base-uri 'self'; form-action 'self' 3
default-src 'self'; script-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' https://www.google-analytics.com https://brandcenter.flex.com; upgrade-insecure-requests; 3
default-src 'self' 'unsafe-inline' 'unsafe-eval';  font-src 'self' data:;  script-src 'self' 'unsafe-inline' 'unsafe-eval';  frame-src 'self' https://cdn.cohesionapps.com/ https://www.googletagmanager.com/;  connect-src 'self' https://cdn.cookielaw.org/ https://www.google-analytics.com/ https://yg3l958nut-dsn.algolia.net https://www.google.com/ https://geolocation.onetrust.com/ https://bam.nr-data.net https://content.cmn.com https://api.mobius.highereducation.com https://www.googletagmanager.com/ https://cdn.cohesionapps.com/ https://www.edx.org/;  img-src 'self' https://res.cloudinary.com https://navi.cohesionapps.com https://cms.psychology.org/ https://simple-storage-server.highereducation.com/ https://content.cmn.com data:;  script-src-elem 'self' 'unsafe-inline' https://content.cmn.com/ https://js-agent.newrelic.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://sb.scorecardresearch.com https://www.edx.org/beam.js 3
script-src 'unsafe-eval' 'unsafe-inline' data: 'self' blob: www.google-analytics.com www.googletagmanager.com ajax.googleapis.com www.google.com js.klevu.com www.gstatic.com *.cloudmaestro.com www.googleadservices.com googleads.g.doubleclick.net r2-t.trackedlink.net static.hotjar.com wchat.freshchat.com staticw2.yotpo.com browser-update.org script.hotjar.com dev.visualwebsiteoptimizer.com js-agent.newrelic.com bam-cell.nr-data.net *.freshchat.com maps.googleapis.com assets.adobedtm.com www.googleoptimize.com h.online-metrix.net *.cardinalcommerce.com html5.dcatalog.com unpkg.com commerce.adobedtm.com cdnjs.cloudflare.com web-sdk.aptrinsic.com commerce.adobe.net fonts.googleapis.com magento-recs-sdk.adobe.net static.trackedweb.net tags.srv.stackadapt.com snap.licdn.com tags.srv.stackadapt.com bat.bing.com e.performancehealth.com f.vimeocdn.com tags.srv.stackadapt.com bam.nr-data.net services-connector-ui.magento-ds.com r2.dotdigital-pages.com *.punchout2go.com *.tradecentric.com *.pinterest.com *.facebook.net *.facebook.com *.licdn.com *.userway.org cdn.optimizely.com optimizely.com; style-src 'self' 'unsafe-inline' wchat.freshchat.com fonts.googleapis.com js.klevu.com tags.srv.stackadapt.com staticw2.yotpo.com; report-uri /.webscale/csp-report 3
default-src 'self' 'unsafe-inline'; connect-src 'self' cdn-ds.com solera.chatbot.aisera.net *.web-aws.dealersocket.com analytics.dealerfire.com *.google-analytics.com *.googletagmanager.com www.googleadservices.com *.googleadservices.com *.g.doubleclick.net www.google.com *.snapchat.com s.yimg.com tagging-staging.shiftdigitalapps.io bam.nr-data.net sentry-dev.dealersocket.engineering ws:; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.youtube.com connect.facebook.net *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.g.doubleclick.net www.google.com www.gstatic.com js-agent.newrelic.com tagging-staging.shiftdigitalapps.io autoleadstar.com *.autoleadstar.com *.snapchat.com sp.analytics.yahoo.com s.yimg.com sc-static.net assets.adobedtm.com cdn-ds.com solera.chatbot.aisera.net *.web-aws.dealersocket.com; style-src 'self' 'unsafe-inline' cdn-ds.com; font-src 'self' cdn-ds.com fonts.gstatic.com cdn.autoleadstar.com; img-src 'self' cdn-ds.com analytics.dealerfire.com *.googletagmanager.com *.g.doubleclick.net www.google.com www.google.co.* www.facebook.com tagging-staging.shiftdigitalapps.io nissanheliosna.d3.sc.omtrdc.net data:; frame-src 'self' solera.chatbot.aisera.net *.googletagmanager.com dai.autoleadstar.com mailto:; object-src 'self'; frame-ancestors 'self' cdn-ds.com; 3
font-src fonts.gstatic.com use.typekit.net fonts.googleapis.com *.narvar.com *.narvar.qa *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.klaviyo.com/ data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com *.reviews.io *.reviews.co.uk *.facebook.net/ 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.online-metrix.net www.xtento.com testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com pay.google.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com *.narvar.com *.narvar.qa *.reviews.io *.reviews.co.uk *.doubleclick.net/ https://insight.adsrvr.org/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io maps.googleapis.com maps.gstatic.com *.narvar.com *.narvar.qa www.xtento.com cdn.xtento.com www.gstatic.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://img.youtube.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.doubleclick.net/ https://bat.bing.com/ data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com https://api.addressfinder.io polyfill.io maps.googleapis.com maps.gstatic.com fonts.googleapis.com s7.addthis.com *.online-metrix.net www.xtento.com cdn.xtento.com testflex.cybersource.com flex.cybersource.com pay.google.com x.klarnacdn.net centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io *.narvar.com *.narvar.qa *.reviews.io *.reviews.co.uk https://snap.licdn.com/ https://js.adsrvr.org/ *.facebook.net/ *.hotjar.com/ https://unpkg.com/ https://bat.bing.com/ *.cloudflare.com *.newrelic.com/ *.trackjs.com/ *.cookiepro.com/ *.clarity.ms/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com https://api.addressfinder.io https://static.klaviyo.com *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.typekit.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.narvar.com *.narvar.qa 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com *.sentry.io https://api.addressfinder.io *.algolia.net *.algolia.com *.algolianet.com ekr.zdassets.com/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io *.cloudfront.net *.reviews.io *.reviews.co.uk *.doubleclick.net/ *.hotjar.io/ *.cookiepro.com/ *.clarity.ms/ https://bam.nr-data.net/ *.blundstone.com.au/ 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
base-uri 'self'; default-src 'self' https://*.google-analytics.com *.google-analytics.com https://*.analytics.google.com *.analytics.google.com https://stats.g.doubleclick.com stats.g.doubleclick.com https://*.googleapis.com *.googleapis.com https://*.cookielaw.com *.cookielaw.com https://*.cookielaw.org *.cookielaw.org https://*.cloudapi.de *.cloudapi.de https://*.onetrust.com *.onetrust.com 'unsafe-inline' 'unsafe-eval'; child-src; connect-src 'self' https://cdn.cookielaw.org cdn.cookielaw.org https://privacyportal-eu.onetrust.com privacyportal-eu.onetrust.com https://api.userway.org api.userway.org https://pagead2.googlesyndication.com pagead2.googlesyndication.com https://*.google.com *.google.com https://cdn.userway.org cdn.userway.org https://*.api.userway.org *.api.userway.org https://sessions.bugsnag.com sessions.bugsnag.com https://px.ads.linkedin.com px.ads.linkedin.com https://*.facebook.com *.facebook.com https://region1.google-analytics.com region1.google-analytics.com https://geolocation.onetrust.com geolocation.onetrust.com; font-src 'self' https://privacyportal-eu-cdn.onetrust.com privacyportal-eu-cdn.onetrust.com https://cdn.userway.org cdn.userway.org data:; form-action 'self'; frame-ancestors 'none'; frame-src 'self' https://sidebar.bugherd.com sidebar.bugherd.com https://*.googletagmanager.com *.googletagmanager.com https://challenges.cloudflare.com challenges.cloudflare.com https://cdn.userway.org cdn.userway.org; img-src 'self' https://*.google-analytics.com *.google-analytics.com https://*.analytics.google.com *.analytics.google.com https://*.googletagmanager.com *.googletagmanager.com https://googleads.g.doubleclick.net googleads.g.doubleclick.net https://stats.g.doubleclick.com stats.g.doubleclick.com https://stats.g.doubleclick.net stats.g.doubleclick.net https://*.google.com *.google.com https://*.google.co.uk *.google.co.uk https://*.cookielaw.org *.cookielaw.org https://px.ads.linkedin.com px.ads.linkedin.com https://*.linkedin.com *.linkedin.com https://*.facebook.com *.facebook.com https://cdn.userway.org cdn.userway.org https://d2iiunr5ws5ch1.cloudfront.net d2iiunr5ws5ch1.cloudfront.net blob: data:; media-src https://youtube.com youtube.com https://ddo8pjvnj55tt.cloudfront.net ddo8pjvnj55tt.cloudfront.net; object-src 'none'; manifest-src 'self'; script-src 'self' https://*.licdn.com *.licdn.com https://*.googleapis.com *.googleapis.com https://*.google.com *.google.com https://*.googletagmanager.com *.googletagmanager.com https://*.google-analytics.com *.google-analytics.com https://*.analytics.google.com *.analytics.google.com https://pagead2.googlesyndication.com pagead2.googlesyndication.com https://*.cookielaw.com *.cookielaw.com https://*.cookielaw.org *.cookielaw.org https://*.onetrust.com *.onetrust.com https://connect.facebook.net connect.facebook.net https://sidebar.bugherd.com sidebar.bugherd.com https://cdn.userway.org cdn.userway.org https://*.bugherd.com *.bugherd.com https://static.cloudflareinsights.com static.cloudflareinsights.com https://challenges.cloudflare.com challenges.cloudflare.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://cdn.userway.org cdn.userway.org 'unsafe-inline'; upgrade-insecure-requests 3
font-src *.gstatic.com *.googleapis.com *.yotpo.com 'self' data: *.typekit.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.google.com *.hotjar.com *.doubleclick.net *.mercadolibre.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.weltpixel.com www.xtento.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.yotpo.com *.google.com *.google.com.ar *.facebook.com *.doubleclick.net *.sparta.cl newbalance.cl 'self' data: *.gstatic.com *.googleapis.com *.yandex.ru *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.mercadolivre.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ http://sparta.sparta.test *.google.com *.googleoptimize.com *.gstatic.com *.googletagmanager.com *.googleapis.com *.fanplayr.com *.facebook.net *.yotpo.com *.newrelic.com *.nr-data.net *.doubleclick.net *.magentosite.cloud *.freshworks.com *.hotjar.com *.retailrocket.net *.yandex.ru *.api.useinsider.com *.mlstatic.com *.mercadopago.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com unpkg.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.sparta.cl *.newbalance.cl *.yotpo.com *.fonts.net *.magentosite.cloud *.freshworks.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com *.yotpo.com *.nr-data.net *.freshworks.com *.googleapis.com stats.g.doubleclick.net *.yandex.ru *.mercadopago.com *.mercadolibre.com *.retailrocket.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.facebook.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://spartacl.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 3
object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' metrics.mastercard.com smetrics.mastercard.com assets.adobedtm.com cdn.cookielaw.org www.onetrust.com onetrust.com geolocation.onetrust.com privacyportal.onetrust.com www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com cdn.jsdelivr.net https://asset.forms.mastercard.com https://assets.adobedtm.com https://cdn.cookielaw.org https://play.vidyard.com https://unpkg.com platform.instagram.com platform.twitter.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-hashes'; script-src-elem 'self' 'unsafe-inline' metrics.mastercard.com smetrics.mastercard.com assets.adobedtm.com cdn.cookielaw.org www.onetrust.com onetrust.com geolocation.onetrust.com privacyportal.onetrust.com st.dynamicyield.com go.mastercardservices.com pi.pardot.com snap.licdn.com assets.adobetm.com api-mastercard-dxp.nd.nudatasecurity.com s.go-mpulse.net 6sc.co 6sense.com *.6sc.co *.6sense.com www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com cdn.jsdelivr.net https://asset.forms.mastercard.com https://assets.adobedtm.com https://cdn.cookielaw.org https://play.vidyard.com https://unpkg.com platform.instagram.com platform.twitter.com; style-src 'self' 'unsafe-inline' https://asset.forms.mastercard.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://cdn.dynamicyield.com https://asset.forms.mastercard.com; frame-ancestors 'self' 3
worker-src blob:; font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com cash-f.squarecdn.com https://fonts.gstatic.com *.fontawesome.com save.local *.save.local tsf.local vbs.local vce.local vrn.local aeroportoverona.it trevisoairport.it veneziaairport.it aeroportodibrescia.it grupposave.it *.aeroportoverona.it *.trevisoairport.it *.veneziaairport.it *.aeroportodibrescia.it *.grupposave.it integration-5ojmyuq-xk54vbr4g326g.eu-3.magentosite.cloud integration2-hohc4oi-xk54vbr4g326g.eu-3.magentosite.cloud acsbapp.com *.acsbapp.com *.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com * https://0merchantacsstag.cardinalcommerce.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com * *.sharethis.com https://assets.braintreegateway.com https://c.paypal.com https://tst.kaptcha.com https://geostag.cardinalcommerce.com https://0merchantacsstag.cardinalcommerce.com https://centinelapistag.cardinalcommerce.com https://checkout.paypal.com https://www.google.com https://player.vimeo.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com save.local *.save.local tsf.local vbs.local vce.local vrn.local aeroportoverona.it trevisoairport.it veneziaairport.it aeroportodibrescia.it grupposave.it *.aeroportoverona.it *.trevisoairport.it *.veneziaairport.it *.aeroportodibrescia.it *.grupposave.it integration-5ojmyuq-xk54vbr4g326g.eu-3.magentosite.cloud integration2-hohc4oi-xk54vbr4g326g.eu-3.magentosite.cloud static.addtoany.com *.addthis.com *.gestpay.net ecomm.sella.it ecomms2s.sella.it *.cookiebot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net * *.sharethis.com https://www.google.it https://b.stats.paypal.com https://c.paypal.com https://dub.stats.paypal.com blob: https://maps.google.com https://maps.gstatic.com *.bird.eu https://maps.googleapis.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com save.local *.save.local tsf.local vbs.local vce.local vrn.local aeroportoverona.it trevisoairport.it veneziaairport.it aeroportodibrescia.it grupposave.it *.aeroportoverona.it *.trevisoairport.it *.veneziaairport.it *.aeroportodibrescia.it *.grupposave.it integration-5ojmyuq-xk54vbr4g326g.eu-3.magentosite.cloud integration2-hohc4oi-xk54vbr4g326g.eu-3.magentosite.cloud 'self' data: blob: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com *.sharethis.com https://www.google.com https://www.gstatic.com https://c.paypal.com https://songbirdstag.cardinalcommerce.com https://maps.google.com https://maps.googleapis.com chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com save.local *.save.local tsf.local vbs.local vce.local vrn.local aeroportoverona.it trevisoairport.it veneziaairport.it aeroportodibrescia.it grupposave.it *.aeroportoverona.it *.trevisoairport.it *.veneziaairport.it *.aeroportodibrescia.it *.grupposave.it integration-5ojmyuq-xk54vbr4g326g.eu-3.magentosite.cloud integration2-hohc4oi-xk54vbr4g326g.eu-3.magentosite.cloud static.addtoany.com connect.facebook.net *.addthis.com *.moatads.com *.addthisedge.com acsbapp.com *.acsbapp.com ecomm.sella.it ecomms2s.sella.it external.airport.ai *.cookiebot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.cash.app *.sharethis.com https://fonts.googleapis.com https://www.gstatic.com downloads.mailchimp.com *.fontawesome.com assets.braintreegateway.com save.local *.save.local tsf.local vbs.local vce.local vrn.local aeroportoverona.it trevisoairport.it veneziaairport.it aeroportodibrescia.it grupposave.it *.aeroportoverona.it *.trevisoairport.it *.veneziaairport.it *.aeroportodibrescia.it *.grupposave.it integration-5ojmyuq-xk54vbr4g326g.eu-3.magentosite.cloud integration2-hohc4oi-xk54vbr4g326g.eu-3.magentosite.cloud *.cloudflare.com external.airport.ai 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com save.local *.save.local tsf.local vbs.local vce.local vrn.local aeroportoverona.it trevisoairport.it veneziaairport.it aeroportodibrescia.it grupposave.it *.aeroportoverona.it *.trevisoairport.it *.veneziaairport.it *.aeroportodibrescia.it *.grupposave.it integration-5ojmyuq-xk54vbr4g326g.eu-3.magentosite.cloud integration2-hohc4oi-xk54vbr4g326g.eu-3.magentosite.cloud 'self' data: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com * *.sharethis.com https://payments.sandbox.braintree-api.com api.sandbox.braintreegateway.com https://origin-analytics-sand.sandbox.braintree-api.com https://kg668dbov0.execute-api.us-east-1.amazonaws.com https://writer.cardinalcommerce.com https://vimeo.com https://maps.googleapis.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com api.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com save.local *.save.local tsf.local vbs.local vce.local vrn.local aeroportoverona.it trevisoairport.it veneziaairport.it aeroportodibrescia.it grupposave.it *.aeroportoverona.it *.trevisoairport.it *.veneziaairport.it *.aeroportodibrescia.it *.grupposave.it integration-5ojmyuq-xk54vbr4g326g.eu-3.magentosite.cloud integration2-hohc4oi-xk54vbr4g326g.eu-3.magentosite.cloud acsbapp.com *.acsbapp.com *.addthis.com *.googleapis.com *.amcglobal.sc.omtrdc.net *.dpm.demdex.net *.geostag.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.dotdigital-pages.com webchat.dotdigital.com *.yotpo.com *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es ecomm.sella.it ecomms2s.sella.it *.cookiebot.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
font-src maxcdn.bootstrapcdn.com fonts.googleapis.com fonts.gstatic.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.youtube-nocookie.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de cdn.chatbot.com ct.pinterest.com *.criteo.com *.criteo.net www.facebook.com shop4runners.cr.rlvs.co.uk www.awin1.com d.c.cdnsrv.de mea.shop4runners.com mea.shop4runners.eu mea.shop4runners.at mea.shop4runners.ch mea.shop4runners.fr mea.runnershub.de mea.runnershub.bg mea.runnershub.eu *.attrxs.de *.getblue.io bid.g.doubleclick.net td.doubleclick.net www.googletagmanager.com *.ad-srv.net js.mollie.com *.loadbee.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com magefan.com cm.magefan.com https: www.googleadservices.com *.g.doubleclick.net *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.gstatic.com *.google.com *.google.de *.google.at *.google.ch *.google.eu *.google.fr https://images.unsplash.com img.metaffiliation.com action.metaffiliation.com https://www.mollie.com https://api.mapbox.com data: 'self' 'unsafe-inline'; script-src geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.onefid.com maps.googleapis.com api.recova.ai assets.revlifter.io bat.bing.com cdn.chatbot.com *.consentmanager.net connect.facebook.net ct.pinterest.com s.pinimg.com *.criteo.com www.awin1.com www.dwin1.com the.sciencebehindecommerce.com www.ladenzeile.de tracking.s24.com d.c.cdnsrv.de smct.co s.uicdn.com *.attrxs.de *.gsitrix.com *.corporate-benefits.eu *.getblue.io *.wewomedia.com googleads.g.doubleclick.net www.google.com www.googleadservices.com www.google-analytics.com analytics.google.com *.googletagmanager.com tagmanager.google.com *.ad-srv.net action.metaffiliation.com img.metaffiliation.com s7.addthis.com js.mollie.com *.loadbee.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src maxcdn.bootstrapcdn.com fonts.googleapis.com *.googletagmanager.com tagmanager.google.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com vimeo.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.salesmanago.pl *.salesmanago.es *.salesmanago.com https://api.batteryincluded.io api.paypal.com maps.googleapis.com api.recova.ai devt.revlifter.com bat.bing.com bat.bing.net cdn.chatbot.com *.consentmanager.net www.facebook.com connect.facebook.net ct.pinterest.com www.pinterest.com *.criteo.com the.sciencebehindecommerce.com www.wepowerconnections.com tracking.s24.com mea.shop4runners.com mea.shop4runners.eu mea.shop4runners.at mea.shop4runners.ch mea.shop4runners.fr mea.runnershub.de mea.runnershub.bg mea.runnershub.eu r.nunami.ai *.gsitrix.com *.wewomedia.com www.googleadservices.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.de *.google.at *.google.ch *.google.eu *.google.fr *.googlesyndication.com action.metaffiliation.com img.metaffiliation.com ekr.zdassets.com/ autocomplete2.postdirekt.de *.loadbee.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.salesmanago.pl *.salesmanago.es *.salesmanago.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
default-src 'self' https://*.zdassets.com https://*.zopim.com https://*.zendesk.com wss://*.zendesk.com wss://*.zopim.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js.squarecdn.com/ https://api.smooch.io/ https://applepay.cdn-apple.com/ https://*.googleadservices.com/ https://assets.braintreegateway.com/web/ https://*.bazaarvoice.com/ https://*.doubleclick.net/ https://storage.googleapis.com/workbox-cdn/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://cfjump.vans.com.au/ https://cfjump.vans.co.nz/ https://*.fullstory.com https://www.googletagmanager.com/ https://analytics.tiktok.com https://cdn.unidays.world https://*.truefitcorp.com https://www.paypalobjects.com/api/checkout.min.js https://*.klaviyo.com https://t.cfjump.com/ https://*.zdassets.com https://connect.facebook.net/ https://maps.googleapis.com/ https://dma-cdn.staging.truefitcorp.com/fitrec/dma/js/tracker.js https://js-agent.newrelic.com/ js.datadome.co ct.captcha-delivery.com https://*.adobedtm.com https://*.afterpay.com https://*.demdex.net https://*.forter.com https://dlthst9q2beh8.cloudfront.net https://d2nww8zpyj5pk0.cloudfront.net https://*.google-analytics.com https://*.paypal.com afterpay.com https://foursixty.com https://*.useinsider.com https://*.roymorgan.com https://lantern.roeyecdn.com https://js-sandbox.squarecdn.com/ https://player.vimeo.com/ ; style-src 'self' 'unsafe-inline' https://display.ugc.bazaarvoice.com/ https://maxcdn.bootstrapcdn.com/font-awesome/ https://*.typekit.net/ https://fonts.googleapis.com/ https://assets.braintreegateway.com/web/dropin/1.43.0/css/dropin.css https://assets.braintreegateway.com/web/dropin/1.16.0/css/dropin.css https://*.adobetm.com https://foursixty.com https://*.adobemc.com https://static.klaviyo.com/onsite/js/ https://static-tracking.klaviyo.com/onsite/js/ ; img-src data: 'self' https://*.zendesk.com/ https://dpm.demdex.net/ https://www.googleadservices.com/ccm/ https://www.magentocommerce.com/products/media/ https://*.vans.co.nz/ https://*.vans.com.au/ https://googleads.g.doubleclick.net/ https://ad.doubleclick.net/ https://www.google.com/ccm/ https://www.paypalobjects.com https://www.google.com/ https://www.google.com.au/ https://www.google.co.nz/ https://www.google.com.vn/ https://maps.gstatic.com/mapfiles/ https://scontent.cdninstagram.com/ https://*.afterpay.com/ https://*.accentgra.com https://www.googletagmanager.com/ https://www.facebook.com/ https://*.bazaarvoice.com https://t.paypal.com/ https://duuytoqss3gu4.cloudfront.net/ https://df45ay5pw60dy.cloudfront.net/ https://d3nocrch4qti4v.cloudfront.net/ https://*.google-analytics.com https://*.pinterest.com https://*.tiktok.com https://*.useinsider.com https://maps.googleapis.com/maps/ https://developers.google.com https://*.zopim.io https://*.zdassets.com https://adservice.google.com https://lantern.roeye.com/ https://d3k81ch9hvuctc.cloudfront.net/ ; object-src 'none' ; base-uri 'self' ; child-src 'self' blob: ; connect-src 'self' https://analytics.google.com/g/collect https://iq.afterpay.com/us/v1/ https://iq.afterpay-beta.com/us/v1/ https://*.my.sentry.io/ wss://api.smooch.io/ https://*.accentgra.com/ https://www.facebook.com/tr/ https://google.com/ https://www.google.com/ https://collect-ap2.attraqt.io/ https://smetrics.vans.co.nz/ https://*.fullstory.com https://*.klaviyo.com https://smetrics.vans.com.au/ https://api-js.datadome.co https://*.adobedc.net https://*.afterpay.com https://*.bazaarvoice.com https://*.braintree-api.com https://*.braintreegateway.com https://*.demdex.net https://*.forter.com https://*.foursixty.com https://google.com/ccm/ https://www.google.com/ccm/ https://*.google-analytics.com https://*.googleapis.com https://*.nr-data.net https://*.paypal.com https://*.truefitcorp.com https://*.zdassets.com https://*.zendesk.com https://*.zopim.com https://accentgroupxpdev.112.2o7.net https://afterpay.com https://analytics.tiktok.com https://facebook.com foursixty.com https://kleber.datatoolscloud.net.au https://sentry.io smetrics.hypedc.com https://vimeo.com wss://widget-mediator.zopim.com https://d2o5idwacg3gyw.cloudfront.net https://dz8rit8v72mig.cloudfront.net https://d2lxqodqbpy7c2.cloudfront.net https://d6rak4b14t5gp.cloudfront.net https://d3k4bt74u9esq1.cloudfront.net wss://cdn0.forter.com api.useinsider.com api.myunidays.com https://o19233.ingest.sentry.io/api/1188273/store/ https://ct.pinterest.com/ https://opreq.observepoint.com/ https://*.api.useinsider.com ; font-src data: 'self' https://maxcdn.bootstrapcdn.com/font-awesome/ https://fonts.gstatic.com https://*.truefitcorp.com https://*.useinsider.com static.klaviyo.com use.typekit.net https://shopping.qantas.com/static/fonts/ ; frame-src 'self' https://www.googletagmanager.com/ geo.captcha-delivery.com https://*.formstack.com https://*.afterpay.com https://*.bazaarvoice.com https://*.demdex.net https://*.doubleclick.net https://*.facebook.com https://*.myunidays.com https://*.omniparcelreturns.com https://*.paypal.com https://*.paypalobjects.com https://*.truefitcorp.com https://*.useinsider.com https://*.vimeo.com https://*.youtu.be https://*.youtube.com https://afterpay.com https://assets.braintreegateway.com https://facebook.com https://foursixty.com https://google.com https://www.google.com/ vimeo.com ; worker-src 'self' blob: https://*.accentgra.com https://*.vans.co.nz https://*.vans.com.au; 3
default-src https: wss:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report 3
default-src 'self' *.veritext.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.googleapis.com https://www.google.com https://www.gstatic.com *.veritext.com https://browser.sentry-cdn.com https://*.hotjar.com https://www.googletagmanager.com https://*.wistia.com https://js.sentry-cdn.com https://code.jquery.com; style-src 'self' 'unsafe-hashes' 'unsafe-inline' *.veritext.com https://code.jquery.com *.googleapis.com https://script.hotjar.com; img-src 'self' data: https://*.gstatic.com https://*.googleapis.com *.veritext.com *.googletagmanager.com https://*.wistia.com https://www.google.com.co; connect-src 'self' wss: https://*.hotjar.io https://*.googleapis.com *.google.com https://*.wistia.com https://*.wistia.net; font-src 'self' data: https://*.wistia.com *.gstatic.com; media-src 'self' blob: https://*.wistia.com; frame-src 'self' https://airtable *.veritext.com https://td.doubleclick.net https://www.google.com/ 3
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com *.fontawesome.com https://fonts.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com 'self' https://webpay3gint.transbank.cl https://webpay3g.transbank.cl https://www.facebook.com/* pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self' 'unsafe-inline'; frame-ancestors *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com bytedance: sslocal: www.google.com https://player.vimeo.com https://www.youtube.com https://www.googletagmanager.com https://tagmanager.google.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com https://www.youtube-nocookie.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com bat.bing.com *.bat.bing.com *.msn.com *.bing.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com blob: https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com https://img.youtube.com http://live.staticflickr.com https://live.staticflickr.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net *.commerce-payment-services.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.typekit.net google.com *.google.com *.cdn-apple.com *.googleapis.com *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com www.google.com www.gstatic.com *.avada.io https://www.googletagmanager.com https://tagmanager.google.com https://546002994.collect.igodigital.com https://assets.adobedtm.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com https://player.vimeo.com https://www.youtube.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com https://fonts.googleapis.com http://fonts.googleapis.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com static.zdassets.com blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.snplow.net commerce.adobedc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net commerce.adobe.io commerce.adobe.net *.sentry.io *.paypal.com google.com *.google.com qa-api.magedevteam.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com https://dpm.demdex.net https://amcglobal.sc.omtrdc.net https://geostag.cardinalcommerce.com https://geo.cardinalcommerce.com https://1eafstag.cardinalcommerce.com https://1eaf.cardinalcommerce.com https://centinelapistag.cardinalcommerce.com https://centinelapi.cardinalcommerce.com https://commerce.adobedc.net https://analytics.google.com https://vimeo.com https://api.magento.com https://performance.typekit.net https://pilot-payflowlink.paypal.com https://commerce.adobe.io https://commerce.adobe.net https://google.com https://qa-api.magedevteam.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br *.mercadopago.com.br *.mlstatic.com 'self' 'unsafe-inline' https://mercadopago.com.br https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com https://use.typekit.net https://www.gstatic.com https://fonts.gstatic.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action *.paypal.com *.facebook.com *.googlesyndication.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com https://*.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.dotdigital-pages.com *.dotdigital.com https://www.facebook.com https://tpc.googlesyndication.com https://consentcdn.cookiebot.com https://assets.braintreegateway.com https://*.paypal.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net 'self' data: https://*.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.trackedlink.net https://www.google.fi https://maps.gstatic.com https://maps.googleapis.com https://log.pinterest.com https://eckerolinechatbottest.blob.core.windows.net https://fonts.gstatic.com https://assets.braintreegateway.com https://*.paypal.com https://imgsct.cookiebot.com https://px.ads.linkedin.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com https://*.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal https://ajax.cloudflare.com https://js-agent.newrelic.com https://bam-cell.nr-data.net https://bam.eu01.nr-data.net https://bam.nr-data.net https://assets.pinterest.com https://maps.googleapis.com https://eckerolinechatbottest.blob.core.windows.net https://api.videoly.co https://www.google.fi https://www.googleadservices.com https://tpc.googlesyndication.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://js.braintreegateway.com https://assets.braintreegateway.com https://www.paypalobjects.com https://*.paypal.com https://snap.licdn.com https://interfaces.zapier.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com https://fast.fonts.net https://eckerolinechatbottest.blob.core.windows.net https://use.typekit.net https://p.typekit.net https://assets.braintreegateway.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.google-analytics.com *.facebook.com *.facebook.net https://*.google.com *.doubleclick.net *.googlesyndication.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com https://bam-cell.nr-data.net https://bam.eu01.nr-data.net https://bam.nr-data.net https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://maps.googleapis.com https://fonts.gstatic.com https://vimeo.com https://consentcdn.cookiebot.com https://api.sandbox.braintreegateway.com https://client-analytics.sandbox.braintreegateway.com https://*.braintree-api.com https://api.braintreegateway.com https://client-analytics.braintreegateway.com https://*.paypal.com https://px.ads.linkedin.com https://ipinfo.io https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com 'self' 'unsafe-inline'; child-src https://assets.braintreegateway.com https://*.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
script-src-elem payment-widget.avarda.com *.payment-widget.avarda.com payment-widget.stage.avarda.com *.payment-widget.stage.avarda.com data: 'self'; font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com cash-f.squarecdn.com 'self' data: *.doubleclick.net *.facebook.com payment-widget.avarda.com *.payment-widget.avarda.com payment-widget.stage.avarda.com *.payment-widget.stage.avarda.com static.runconverge.com *.facebook.net *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.google.com *.pinimg.com ssl.gstatic.com www.gstatic.com *.klarnacdn.net *.cloudflare.com *.trustedshops.com *.googleapis.com *.klaviyo.com maxcdn.bootstrapcdn.com cdn1.stamped.io stamped.io *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com * *.runconverge.com *.facebook.net *.facebook.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.google.com *.pinimg.com ssl.gstatic.com www.gstatic.com *.twitter.com services.paytrail.com paytrail.com *.paytrail.com epmt.nordea.fi *.nordea.com verkkopankki.danskebank.fi online.s-pankki.fi verkkomaksu.poppankki.fi verkkomaksu.omasp.fi auth.aktia.fi verkkomaksu.handelsbanken.fi verkkomaksu.saastopankki.fi online.alandsbanken.fi maksu.pivo.fi qa-maksu.pivo.fi v1-hub-staging.sph-test-solinor.com v1.api.paymenthighway.io *.paymenthighway.io *.mobilepay.fi *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com * *.doubleclick.net *.facebook.com *.runconverge.com *.facebook.net *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.pinimg.com ssl.gstatic.com www.gstatic.com *.freshchat.com *.twitter.com *.pinterest.com *.trustpilot.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com 'self' 'unsafe-inline'; img-src 'self' data: widgets.magentocommerce.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io * https://images.unsplash.com *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com payment-widget.avarda.com *.payment-widget.avarda.com payment-widget.stage.avarda.com *.payment-widget.stage.avarda.com static.runconverge.com *.pinimg.com ssl.gstatic.com www.gstatic.com *.cloudfront.net/ *.criteo.net *.stamped.io *.freshchat.com/ *.cloudflare.com *.klarna.com *.ytimg.com *.bing.com/ *.clarity.ms/ *.google.al/ *.google.am/ *.google.at/ *.google.az/ *.google.ba/ *.google.be/ *.google.bg/ *.google.by/ *.google.ch/ *.google.cz/ *.google.de/ *.google.dk/ *.google.ee/ *.google.es/ *.google.fi/ *.google.fr/ *.google.ge/ *.google.gr/ *.google.hr/ *.google.hu/ *.google.ie/ *.google.is/ *.google.it/ *.google.kz/ *.google.li/ *.google.lt/ *.google.lu/ *.google.lv/ *.google.md/ *.google.me/ *.google.mk/ *.google.mt/ *.google.nl/ *.google.no/ *.google.pl/ *.google.pt/ *.google.ro/ *.google.rs/ *.google.ru/ *.google.se/ *.google.si/ *.google.sk/ *.google.sm/ *.google.tr/ *.google.ua/ *.google.uk/ *.google.com.ua/ *.google.com.tr/ *.google.com.gr/ *.google.com.pt/ *.google.com.pl/ cdn2.hubspot.net resources.paytrail.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ magefan.com cm.magefan.com https://img.youtube.com *.unifaun.com/ openstreetmap.org *.openstreetmap.org cdn1.stamped.io stamped.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com https://maps.googleapis.com polyfill.io *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com payment-widget.avarda.com *.payment-widget.avarda.com payment-widget.stage.avarda.com *.payment-widget.stage.avarda.com *.runconverge.com *.analytics.google.com *.pinimg.com ssl.gstatic.com www.gstatic.com *.kk-resources.com/ *.shopalike.fi/ *.chatbotize.com/ qanuk-stage.vercel.app *.tradedoubler.com *.criteo.com *.cookiefirst.com *.omappapi.com *.googleoptimize.com *.klaviyo.com reviewsonmywebsite.com 'self' data: *.fontawesome.com *.videoly.co/ *.freshchat.com cdnjs.cloudflare.com/ *.googleapis.com/ *.noibu.com/ *.pinimg.com/ *.bing.com/ *.tiktok.com/ *.pinterest.com/ *.intercom.io/ *.intercomcdn.com/ *.clarity.ms/ *.klarnaservices.com/ *.klarna.com/ polyfill-fastly.io/ services.paytrail.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ unpkg.com/ *.trustpilot.com s7.addthis.com https://cdn.jsdelivr.net cdn1.stamped.io stamped.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com *.cash.app *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com static.runconverge.com *.facebook.net *.google-analytics.com *.analytics.google.com *.google.com *.pinimg.com ssl.gstatic.com www.gstatic.com *.cookiefirst.com *.klarnacdn.net *.omappapi.com reviewsonmywebsite.com *.typekit.net *.freshchat.com/ *.cloudflare.com/ *.klaviyo.com/ https://static.klaviyo.com maxcdn.bootstrapcdn.com unpkg.com/ *.trustpilot.com https://cdn.jsdelivr.net cdn1.stamped.io stamped.io *.fontawesome.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src cdn1.stamped.io stamped.io 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com * https://maps.googleapis.com https://player.vimeo.com *.algolia.net *.algolia.com/ *.algolianet.com *.facebook.com *.facebook.net *.google.com/ payment-widget.avarda.com *.payment-widget.avarda.com payment-widget.stage.avarda.com *.payment-widget.stage.avarda.com *.runconverge.com *.googletagmanager.com *.pinimg.com ssl.gstatic.com www.gstatic.com *.criteo.com *.kelkoogroup.net/ *.chatbotize.com *.klarnaservices.com *.doubleclick.net *.qanuk.app *.cookiefirst.com *.omappapi.com *.googlesyndication.com reviewsonmywebsite.com *.cloudflare.com *.pinterest.com *.tiktok.com/ *.clarity.ms/ *.noibu.com/ wss://input.noibu.com/ wss://nexus-websocket-a.intercom.io/ *.intercom.io/ *.bing.com/ *.algolia.io/ *.klarna.com/ *.paytrail.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ ekr.zdassets.com/ cdn1.stamped.io stamped.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.trustpilot.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
default-src https://d3tw2v68rmxuj7.cloudfront.net; connect-src 'self' https: wss://*.zopim.com; font-src data: https:; frame-src https://js.stripe.com https://m.stripe.network https://www.google.com https://www.youtube.com https://googleads.g.doubleclick.net https://bid.g.doubleclick.net https://platform.twitter.com https://x.adroll.com https://15347100.fls.doubleclick.net https://td.doubleclick.net; img-src https:; media-src https://static.zdassets.com/web_widget/classic/latest/fda6cd35495c75f83508d9d2e77ee33d.mp3 https://d3tw2v68rmxuj7.cloudfront.net;script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https://d3tw2v68rmxuj7.cloudfront.net https://fonts.googleapis.com https://cdnjs.cloudflare.com/ajax/libs/ionicons/4.5.6/css/ionicons.min.css https://use.typekit.net https://p.typekit.net; report-uri /csp 3
font-src fonts.gstatic.com use.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.klarnacdn.net data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com pay.google.com payments-eu.amazon.com *.amazon.de *.facebook.com *.googlesyndication.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com pay.google.com *.paypal.com www.google.com *.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com bytedance: sslocal: *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.klarna.com www.xtento.com https://gum.criteo.com/ https://fledge.eu.criteo.com/ https://fledge.criteo.com https://fledge.criteo.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.adyen.com pay.google.com *.payments-amazon.com *.media-amazon.com *.paypalobjects.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.googlesyndication.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com *.trackedlink.net *.klarna.com *.klarnaevt.com *.klarnacdn.net www.xtento.com cdn.xtento.com https://www.google.pl/pagead/1p-user-list/999999999/ https://bat.bing.com/action/0 https://www.google.pl/pagead/1p-user-list/9999999999/ https://bat.bing.com/ https://bat.bing.net/ https://www.google.co.uk/ data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com commerce.adobe.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com s.pinimg.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.klarna.com *.klarnacdn.net *.klarnaservices.com www.xtento.com cdn.xtento.com https://bat.bing.com/bat.js https://dynamic.criteo.com/js/ld/ld.js https://v2.zopim.com/ https://mmgtr11111.pcapredict.com/js/sensor.js https://bat.bing.com/p/action/99999999.js https://static.zdassets.com/ekr/asset_composer.js https://services.postcodeanywhere.co.uk/js/platformcaptureplus-2.20.min.js https://sslwidget.criteo.com/event https://static.zdassets.com/ekr/sentry-browser.min.js https://static.zdassets.com/web_widget/classic/latest/web-widget-main-67c35ac.js https://static.zdassets.com/ *.criteo.com *.criteo.net https://bat.bing.com/ *.bing.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.klarnacdn.net https://services.postcodeanywhere.co.uk/css/platformcaptureplus-2.20.min.css 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com https://static.zdassets.com/web_widget/classic/latest/fda6cd35495c75f83508d9d2e77ee33d.mp3 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.magento-datasolutions.com *.magento-ds.com *.adyen.com *.google.com payments-eu.amazon.com *.paypal.com *.google-analytics.com *.facebook.com *.facebook.net *.doubleclick.net *.googlesyndication.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com https://services.postcodeanywhere.co.uk/Extras/Web/Ip2Country/v1.10/json https://ekr.zdassets.com/compose/zopim_chat/53Td2YM5k7jXEY56SEtiqSOBumCZVjcl https://military1st.zendesk.com/embeddable/config https://services.postcodeanywhere.co.uk/ https://google.com/pay wss://widget-mediator.zopim.com https://services.postcodeanywhere.co.uk/Capture/Interactive/Find/v1.00/json https://bat.bing.com/ https://military1st.zendesk.com/ https://military1st.zendesk.com/frontendevents/dl *.criteo.com *.criteo.net https://bat.bing.net/ https://www.google.co.uk/ *.bing.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
default-src 'self' *.ultramusicfestival.com ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net resistancemusic.com *.resistancemusic.com roadtoultra.com *.roadtoultra.com; font-src 'self' *.ultramusicfestival.com ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net resistancemusic.com *.resistancemusic.com roadtoultra.com *.roadtoultra.com data: *.olark.com fonts.gstatic.com; script-src 'self' *.ultramusicfestival.com ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net resistancemusic.com *.resistancemusic.com roadtoultra.com *.roadtoultra.com 'unsafe-inline' 'unsafe-eval' *.turn.com static.cloudflareinsights.com ajax.cloudflare.com *.youtube.com *.ytimg.com *.datadoghq-browser-agent.com *.getclicky.com clicky.com *.twitter.com *.ads-twitter.com *.facebook.net analytics.tiktok.com www.recaptcha.net recaptcha.net www.gstatic.com www.gstatic.cn www.google.com *.olark.com *.adroll.com *.googletagmanager.com tagmanager.google.com analytics.google.com google-analytics.com *.google-analytics.com *.g.doubleclick.net *.doubleclick.net *.googleadservices.com *.google.com *.googlesyndication.com *.googletagservices.com; style-src 'self' *.ultramusicfestival.com ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net resistancemusic.com *.resistancemusic.com roadtoultra.com *.roadtoultra.com 'unsafe-inline' *.getclicky.com clicky.com *.olark.com *.googletagmanager.com tagmanager.google.com *.google.com fonts.googleapis.com; img-src 'self' *.ultramusicfestival.com ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net resistancemusic.com *.resistancemusic.com roadtoultra.com *.roadtoultra.com 'unsafe-inline' data: *.turn.com secure.gravatar.com *.ytimg.com *.youtube.com *.getclicky.com *.twitter.com t.co *.facebook.com www.gstatic.com/recaptcha *.olark.com *.adroll.com d.adroll.com *.googletagmanager.com analytics.google.com *.analytics.google.com google-analytics.com *.google-analytics.com *.gstatic.com *.google.com *.doubleclick.net *.g.doubleclick.net *.googlesyndication.com www.googleadservices.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat https://umfworldwide.com https://ultrapassport.com https://umfstage.com https://london.resistancemusic.com https://warsaw.resistancemusic.com https://resistanceibiza.com https://ultraeurope.com https://ultrasouthafrica.com https://ultrabuenosaires.com https://ultraperu.com https://ultraaustralia.com https://ultramusicfestival.com https://resistancemiami.com https://medellin.resistancemusic.com https://santiago.resistancemusic.com https://lima.resistancemusic.com https://ultrataiwan.com https://guatemala.roadtoultra.com https://ecuador.roadtoultra.com https://ultrajapan.com https://ultrahongkong.com https://ultrakorea.com https://resistancemusic.com https://ultrabali.com https://ultrachile.com https://thailand.roadtoultra.com https://india.roadtoultra.com https://ultraabudhabi.com https://costadelsol.ultrabeach.com https://costarica.roadtoultra.com https://ultrabrasil.com https://buenosaires.resistancemusic.com https://guatemala.resistancemusic.com https://colombia.roadtoultra.com https://australia.resistancemusic.com https://mexico.resistancemusic.com https://santacruz.resistancemusic.com https://panama.resistancemusic.com https://sanjose.resistancemusic.com https://uruguay.resistancemusic.com https://ultrasingapore.com https://ultramexico.com https://quito.resistancemusic.com https://ultrabeijing.com https://ultrashanghai.com https://philippines.roadtoultra.com https://paraguay.roadtoultra.com https://roadtoultra.com https://bolivia.roadtoultra.com https://*.umfworldwide.com https://*.ultrapassport.com https://*.umfstage.com https://*.london.resistancemusic.com https://*.warsaw.resistancemusic.com https://*.resistanceibiza.com https://*.ultraeurope.com https://*.ultrasouthafrica.com https://*.ultrabuenosaires.com https://*.ultraperu.com https://*.ultraaustralia.com https://*.ultramusicfestival.com https://*.resistancemiami.com https://*.medellin.resistancemusic.com https://*.santiago.resistancemusic.com https://*.lima.resistancemusic.com https://*.ultrataiwan.com https://*.guatemala.roadtoultra.com https://*.ecuador.roadtoultra.com https://*.ultrajapan.com https://*.ultrahongkong.com https://*.ultrakorea.com https://*.resistancemusic.com https://*.ultrabali.com https://*.ultrachile.com https://*.thailand.roadtoultra.com https://*.india.roadtoultra.com https://*.ultraabudhabi.com https://*.costadelsol.ultrabeach.com https://*.costarica.roadtoultra.com https://*.ultrabrasil.com https://*.buenosaires.resistancemusic.com https://*.guatemala.resistancemusic.com https://*.colombia.roadtoultra.com https://*.australia.resistancemusic.com https://*.mexico.resistancemusic.com https://*.santacruz.resistancemusic.com https://*.panama.resistancemusic.com https://*.sanjose.resistancemusic.com https://*.uruguay.resistancemusic.com https://*.ultrasingapore.com https://*.ultramexico.com https://*.quito.resistancemusic.com https://*.ultrabeijing.com https://*.ultrashanghai.com https://*.philippines.roadtoultra.com https://*.paraguay.roadtoultra.com https://*.roadtoultra.com https://*.bolivia.roadtoultra.com; media-src 'self' *.ultramusicfestival.com ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net resistancemusic.com *.resistancemusic.com roadtoultra.com *.roadtoultra.com *.olark.com; connect-src 'self' *.ultramusicfestival.com ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net resistancemusic.com *.resistancemusic.com roadtoultra.com *.roadtoultra.com cloudflareinsights.com *.datadoghq.com *.browser-intake-datadoghq.com *.getclicky.com *.facebook.com analytics.tiktok.com analytics.pangle-ads.com *.olark.com *.googletagmanager.com *.google-analytics.com analytics.google.com *.analytics.google.com *.g.doubleclick.net *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat; frame-src 'self' *.ultramusicfestival.com ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net resistancemusic.com *.resistancemusic.com roadtoultra.com *.roadtoultra.com *.zohopublic.com *.apple.com open.spotify.com *.soundcloud.com *.youtube.com *.youtube-nocookie.com www.facebook.com *.recaptcha.net recaptcha.net www.google.com recaptcha.google.com *.olark.com *.googletagmanager.com bid.g.doubleclick.net *.google.com *.doubleclick.net *.googlesyndication.com; child-src *.youtube.com *.youtube-nocookie.com *.googletagmanager.com; worker-src www.recaptcha.net; object-src *.googlesyndication.com; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub7c55919a7d54d6386d0f0b19bc82e82f&dd-evp-origin=content-security-policy&ddsource=csp-report; 3
report-uri             https://gfcorporate.report-uri.com/r/d/csp/reportOnly ;         default-src             'self'             www.gfms.com             gfms.com             www.gfps.com             gfcorporate.report-uri.com             *.google.at *.google.be *.google.cz *.google.dk *.google.fi *.google.fr *.google.de *.google.it *.google.nl *.google.no *.google.pl *.google.ro *.google.ru *.google.es *.google.se *.google.ch *.google.com.tr *.google.co.uk *.google.com.ar *.google.ca *.google.com *.google.com.br *.google.com.mx *.google.com.au *.google.cn *.google.co.in *.google.co.id *.google.co.jp *.google.com.my *.google.co.nz *.google.com.sg *.google.co.kr *.google.com.tw *.google.com.vn *.google.bg *.google.hr *.google.ee *.google.gr *.google.hu *.google.lv *.google.lu *.google.mk *.google.pt *.google.rs *.google.si *.google.com.ph *.google.co.th *.google.com.eg *.google.co.il *.google.co.za *.google.ae ;         connect-src             'self'             *.google-analytics.com             apikeys.civiccomputing.com             *.googleapis.com             center.lon5.atomz.com             clapi.civiccomputing.com             sp1004e61f.guided.lon5.atomz.com             sp1004e61a.guided.lon5.atomz.com             sp1004e5dd.guided.lon5.atomz.com             stats.g.doubleclick.net             www.facebook.com             uberall.com             locator.uberall.com             api.moin.ai             www.gfps.com             www.gfpstools.com             neoflow.gfpstools.com             cdn.linkedin.oribi.io             assets.georgfischer.com             google.com             analytics.google.com             *.analytics.google.com             *.googletagmanager.com             *.g.doubleclick.net             *.google.com             *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat             cdn.cookielaw.org             *.onetrust.com             *.svc.dynamics.com             *.clarity.ms             ad.doubleclick.net             adservice.google.com             assets-eur.mkt.dynamics.com             public-eur.mkt.dynamics.com             assets.adobedtm.com             c-cdn.contentfry.com             catalog.contentfry.com             platform.contentfry.com             code.jquery.com             fbo-b.flippingbook.com             online.flippingbook.com             live.solique.ch             polyfilljs.org             s7e5a.scene7.com             s7mbrstream-g1.scene7.com             www.googleadservices.com ;         font-src             'self'             fonts.gstatic.com             www.gfms.com             widget.moin.ai             static-prod.uberall.com             static.prod.uberall.com ;         script-src             'self'             'unsafe-inline'             'unsafe-eval'             www.google.com             *.google-analytics.com             *.googletagmanager.com             assets.adobedtm.com             ajax.googleapis.com             assets.georgfischer.com             cc.cdn.civiccomputing.com             connect.facebook.net             cdnjs.cloudflare.com             gstatic.com             maps.googleapis.com             siteimproveanalytics.com             snap.licdn.com             static-prod.uberall.com             uberall.com             locator.uberall.com             www.youtube.com             www.pagespeed-mod.com             www.googleoptimize.com             mktdplp102cdn.azureedge.net             www.pagespeed-mod.com             widget.moin.ai             platform.contentfry.com             cdn.cookielaw.org             cookie-cdn.cookiepro.com             privacyportal.onetrust.com             geolocation.onetrust.com             r1.dotdigital-pages.com             r1-t.trackedlink.net             r1.ddlnk.net             www.googleadservices.com ;         script-src-elem             uberall.com             www.googletagmanager.com             'self'             assets.georgfischer.com             blob:             code.jquery.com             locator.uberall.com             maps.googleapis.com             s7e5a.scene7.com             www.clarity.ms             www.google.com             www.googleadservices.com             www.youtube.com ;         style-src             'self'             'unsafe-inline'             'unsafe-eval'             fonts.googleapis.com             assets.georgfischer.com             errors.adobeaemcloud.com             widget.moin.ai ;         style-src-elem             www.googletagmanager.com         	'self'         	assets.georgfischer.com         	blob: s7e5a.scene7.com             www.gstatic.com ;         img-src             'self'             'unsafe-inline'             'unsafe-eval'             data:             *.georgfischer.com             www.linkedin.com             *.global.siteimproveanalytics.io             nswow-imageresizer.azurewebsites.net             px.ads.linkedin.com             www.facebook.com             connect.facebook.net             *.google.com             gfms.com             www.gfms.com             static-prod.uberall.com             static.prod.uberall.com             www.linkedin.com             s7e5a.scene7.com             *.g.doubleclick.net             *.svc.dynamics.com             i.ytimg.com             maps.gstatic.com             fonts.gstatic.com             www.gfps.com             www.gfpstools.com             locator.uberall.com             *.amazonaws.com             *.googletagmanager.com             *.googleapis.com             *.google-analytics.com             *.analytics.google.com             *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat             cdn.cookielaw.org             c.clarity.ms             m.youtube.com             *.onetrust.com ;         child-src             'self'             blob:             analytics-eu.clickdimensions.com             live.solique.ch             www.youtube.com ;         form-action             www.facebook.com             www.georgfischer.com             'self' ;         frame-ancestors             'self'             https://*.georgfischer.com;         frame-src             'self'             'unsafe-inline'             'unsafe-eval'             data:             analytics-eu.clickdimensions.com             google.com             ir.tools.investis.com             irs.tools.investis.com             live.solique.ch             recruitingapp-5505.de.umantis.com             registration.gesevent.com             six-swiss-exchange.com             tools.google.com             uberall.com             widget.moin.ai             *.svc.dynamics.com             *.ep-mimecast.dynamics.com             www.gfps.com             bim.gfps.com             ir2.flife.de             www.youtube.com             m.youtube.com             *.ep-mimecast.youtube-nocookie.com             www.youtube-nocookie.com.x.af435fba09eaa04ff30886e05784e20ddae5.d045227c.id.opendns.com             r1.dotdigital-pages.com             display.contentfry.com             googletagmanager.com             cad.georgfischer.com             forms.office.com             foundation-gf-dev.georgfischer.com             online.flippingbook.com             players.brightcove.net             youtube.com ;         manifest-src             'self' ;         media-src             'self'         	  assets.georgfischer.com         	  gfms.com         	  s7e5a.scene7.com         	  s7mbrstream-g1.scene7.com         	  www.gfps.com ; 3
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data: blob:; font-src https: data:; report-uri /csp-report 3
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.google.com *.doubleclick.net *.facebook.com www.paypal.com www.sandbox.paypal.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net https://static.buckaroo.nl www.paypal.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net https://static.buckaroo.nl https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://buckaroo.nl *.sooqr.com *.spotlersearch.com spotlersearchanalytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.doubleclick.net *.facebook.com https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl *.sooqr.com *.spotlersearch.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com *.google-analytics.com *.facebook.com *.facebook.net https://static.buckaroo.nl wss://websockets.buckaroo.io/ https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
report-uri https://d1aosrekaw7sk8.cloudfront.net/reports; upgrade-insecure-requests; default-src 'self' 'unsafe-eval' 'unsafe-inline' ws: blob: data: tagging.dupixent.com ad.doubleclick.net iron-wsa01 ironport 8188202.fls.doubleclick.net ad.doubleclick.net adservice.google.com aim-tag.hcn.health ajax.googleapis.com analytics.google.com analytics.tiktok.com ap.lijit.com apis.google.com apps.healthgrades.com bat.bing.com bcbolt446c5271-a.akamaihd.net bcp.crwdcntrl.net bh.contextweb.com c.clarity.ms cdn.cookielaw.org cdn.di-capt.com cdn.jsdelivr.net cdnjs.cloudflare.com clientstream.launchdarkly.com cm.g.doubleclick.net code.jquery.com connect.facebook.net content.hotjar.io contextual.media.net d1lkfzu2puirk6.cloudfront.net di.rlcdn.com dpm.demdex.net eb2.3lift.com edge.api.brightcove.com fast.fonts.net feedback-pa.clients6.google.com fonts.cdnfonts.com fonts.googleapis.com fonts.googleapis.com fonts.gstatic.com form.typeform.com geolocation.onetrust.com googleads.g.doubleclick.net gum.criteo.com i.liadm.com i6.liadm.com ib.adnxs.com insight.adsrvr.org insights.algolia.io integrations.eu-de.assistant.watson.appdomain.cloud js.adsrvr.org manzanasjuegosco-a.akamaihd.net maps.googleapis.com maps.gstatic.com match.adsrvr.org match.deepintent.com match.sharethrough.com metrics.brightcove.com metrics.hotjar.io ms-cookie-sync.presage.io pixel.rubiconproject.com player.vimeo.com players.brightcove.net players.brightcove.net privacyportal-eu.onetrust.com px.ads.linkedin.com px4.ads.linkedin.com region1.analytics.google.com region1.google-analytics.com rialto-gms.s3.amazonaws.com rtb-csync.smartadserver.com rtb.gumgum.com sc-static.net script.hotjar.com security-eu.mimecast.com snap.licdn.com spoppe-b.azureedge.net ssum-sec.casalemedia.com staging-apps.healthgrades.com static.hotjar.com stats.g.doubleclick.net sync.1rx.io sync.crwdcntrl.net tags.bluekai.com td.doubleclick.net td.doubleclick.net thrtle.com token.rubiconproject.com translate-pa.googleapis.com translate.googleapis.com trc.lhmos.com trotjidayo-1.algolianet.com trotjidayo-2.algolianet.com trotjidayo-3.algolianet.com trotjidayo-dsn.algolia.net uipglob.semasio.net unpkg.com use.fontawesome.com vc.hotjar.io vjs.zencdn.net web-chat.global.assistant.watson.appdomain.cloud www.clarity.ms www.dupixent.com www.facebook.com www.google-analytics.com www.google-analytics.com www.google.com www.google.com.au www.googletagmanager.com fresnel-events.vimeocdn.com vod-adaptive-ak.vimeocdn.com player-telemetry.vimeo.com fresnel.vimeocdn.com www.medtargetsystem.com z.clarity.ms ws.hotjar.com secure.adnxs.com www.gstatic.com www.eventmgmtportal.com sanofi-privacy.my.onetrust.com trotjidayo-1.algolianet.com trotjidayo-3.algolianet.com trotjidayo-2.algolianet.com trotjidayo-dsn.algolia.net lpopeventportal-2-0-2.sanofigenzyme.intouch-preview.com som.healthgrades.com sanofi-japan-dev.eval.janraincapture.com sanofi-japan-staging.eval.janraincapture.com sanofi-japan.us.janraincapture.com sanofi-dev.us-dev.janraincapture.com sanofi-staging.us-dev.janraincapture.com sanofi.us.janraincapture.com sanofi-dev.eu-dev.janraincapture.com sanofi-staging.eu-dev.janraincapture.com sanofi.eu.janraincapture.com vod-adaptive-ak.vimeocdn.com player-telemetry.vimeo.com fresnel.vimeocdn.com fresnel-events.vimeocdn.com photos.healthgrades.com use.typekit.net p.typekit.net; 3
default-src 'self' 'unsafe-inline' *.nationalgrideso.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.hotjar.com *.clarity.ms bing.com *.bing.com players.brightcove.net *.nationalgrideso.com www.googletagmanager.com assets.juicer.io js.createsend1.com www.smartsurvey.co.uk assets.smartsurvey.io snap.licdn.com unpkg.com js-agent.newrelic.com *.cookieyes.com cdn-cookieyes.com my.visme.co; style-src 'self' 'unsafe-inline' *.nationalgrideso.com assets.juicer.io unpkg.com fonts.googleapis.com; img-src 'self' data: *.nationalgrideso.com *.clarity.ms www.googletagmanager.com *.google.co.uk c.bing.com www.juicer.io assets.juicer.io www.smartsurvey.co.uk *.cartocdn.com datanationalgrideso.files.wordpress.com *.tile.openstreetmap.org *.linkedin.com *.cookieyes.com cdn-cookieyes.com; frame-src 'self' *.nationalgrideso.com *.nationalgrid.com players.brightcove.net www.youtube.com app.powerbi.com my.visme.co; font-src 'self' themes.googleusercontent.com static.juicer.io fonts.googleapis.com fonts.gstatic.com; connect-src 'self' *.clarity.ms *.hotjar.io *.hotjar.com *.google-analytics.com *.analytics.google.com storage.googleapis.com www.juicer.io *.staging.datopian.com bam.nr-data.net *.cookieyes.com cdn-cookieyes.com 3
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.olark.com mediacdn.espssl.com *.imi.chat *.frontiercoop.com *.klevu.com *.ksearchnet.com *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.googleapis.com *.zopim.com *.zopim.io *.widen.net *.widencdn.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.authorize.net *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.twitter.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.certcapture.com *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.certcapture.com *.authorize.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * destinilocators.com *.duosecurity.com *.olark.com *.frontiercoop.com *.weltpixel.com https://www.youtube.com http://www.sandbox.paypal.com *.twitter.com *.zendesk.com *.widen.net *.widencdn.net *.googletagmanager.com *.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.paypal.com *.typekit.net *.gstatic.com *.certcapture.com store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com frontiercoop.widen.net *.olark.com lux.speedcurve.com mediacdn.espssl.com brxcdn.com *.frontiercoop.com cdn-cookieyes.com *.klevu.com *.ksearchnet.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.bing.com *.zopim.com *.zopim.io *.doubleclick.net *.google.com *.google.co.in *.mastercard.com *.widen.net *.widencdn.net *.facebook.com *.reddit.com *.ads-twitter.com t.co *.bing.net *.klaviyo.com *.clarity.ms *.googletagmanager.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.magento-ds.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.typekit.net google.com *.google.com *.cdn-apple.com *.certcapture.com *.authorize.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com js-agent.newrelic.com bam.nr-data.net destinilocators.com *.olark.com cdn.speedcurve.com acsbapp.com s.pinimg.com bat.bing.com ct.pinterest.com *.exponea.com *.imi.chat *.frontiercoop.com cdn-cookieyes.com js.klevu.com *.ksearchnet.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.bing.com *.zopim.com *.zdassets.com *.zendesk.com *.widen.net *.widencdn.net *.googletagmanager.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.clarity.ms *.klaviyo.com unpkg.com *.doubleclick.net https://js.klevu.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.certcapture.com assets.braintreegateway.com *.olark.com mediacdn.espssl.com *.imi.chat *.frontiercoop.com *.klevu.com *.ksearchnet.com 'unsafe-inline' *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.fontawesome.com *.bing.com *.widen.net *.widencdn.net *.tagmanager.google.com *.googletagmanager.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.olark.com *.frontiercoop.com *.zopim.com *.zopim.io *.widen.net *.widencdn.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.sentry.io *.magento-datasolutions.com *.magento-ds.com *.paypal.com google.com *.google.com *.certcapture.com *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com bam.nr-data.net lux.speedcurve.com *.acsbapp.com acsbapp.com ct.pinterest.com bat.bing.com *.exponea.com facebook.com *.facebook.com *.imi.chat *.frontiercoop.com cdn-cookieyes.com log.cookieyes.com *.olark.com *.klevu.com *.ksearchnet.com *.cloudflare.com *.twitter.com *.twimg.com *.zdassets.com *.zopim.com *.zopim.io wss://widget-mediator.zopim.com *.google-analytics.com https://stats.g.doubleclick.net *.zendesk.com *.widen.net *.widencdn.net *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.doubleclick.net *.run.app 'self' 'unsafe-inline'; child-src *.certcapture.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.olark.com *.frontiercoop.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
font-src *.gstatic.com mcstaging.iochile.cl mcstaging.magriffe.cl mcstaging.ashchile.cl www.iochile.cl www.magriffe.cl www.ashchile.cl *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.transbank.cl *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.newrelic.com *.herokuapp.com *.doubleclick.net/ *.googleapis.com mcstaging.iochile.cl mcstaging.magriffe.cl mcstaging.ashchile.cl www.iochile.cl www.magriffe.cl www.ashchile.cl *.weltpixel.com *.google.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.google.com.ar *.instagram.com *.cdninstagram.com *.gstatic.com *.facebook.com *.newrelic.com *.clarity.ms *.bing.com *.googleapis.com mcstaging.iochile.cl mcstaging.magriffe.cl mcstaging.ashchile.cl www.iochile.cl www.magriffe.cl www.ashchile.cl https://www.magezon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com https://*.woowup.com *.herokuapp.com *.instagram.com *.facebook.net *.newrelic.com *.nr-data.net *.clarity.ms mcstaging.iochile.cl mcstaging.magriffe.cl mcstaging.ashchile.cl www.iochile.cl www.magriffe.cl www.ashchile.cl *.google.com/ onesignal.com *.onesignal.com *.avada.io player.vimeo.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.herokuapp.com *.newrelic.com mcstaging.iochile.cl mcstaging.magriffe.cl mcstaging.ashchile.cl www.iochile.cl www.magriffe.cl www.ashchile.cl *.fontawesome.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com *.google.com.ar *.doubleclick.com *.doubleclick.net *.newrelic.com *.nr-data.net *.clarity.ms mcstaging.iochile.cl mcstaging.magriffe.cl mcstaging.ashchile.cl www.iochile.cl www.magriffe.cl www.ashchile.cl https://get.geojs.io *.avada.io https://*.woowup.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.google-analytics.com *.facebook.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src mcstaging.iochile.cl mcstaging.magriffe.cl mcstaging.ashchile.cl www.iochile.cl www.magriffe.cl www.ashchile.cl 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
default-src https: data: 'unsafe-inline' 'unsafe-eval' wss://*.hotjar.com blob: wss://*.hotjar.io blob:; report-uri https://fantastic.report-uri.com/r/d/csp/reportOnly 3
font-src fonts.gstatic.com use.typekit.net * *.typekit.net *.gstatic.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com https://plumrocket.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ * *.braintreegateway.com *.paypal.com google.com *.google.com *.lpsnmedia.net *.liveperson.net *.hotjar.com *.bragard.ca *.dotdigital-pages.com *.dotdigital.com https://plumrocket.com blob: cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com platform.twitter.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com * *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.linkedin.com bat.bing.com *.powerreviews.com dev.visualwebsiteoptimizer.com seal.digicert.com https://www.google.com/pagead/1p-user-list/ https://www.google.co.jp/pagead/1p-user-list/ https://www.google.com/ads/ https://www.google.co.jp/ads/ https://*.adsymptotic.com/d/px/ *.liquifire.com *.weglot.com *.bragard.ca *.trackedlink.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com commerce.adobe.net magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ * *.typekit.net google.com *.google.com *.magento-datasolutions.com seal.digicert.com dev.visualwebsiteoptimizer.com js-agent.newrelic.com bam.nr-data.net code.jquery.com *.lpsnmedia.net *.liveperson.net *.hotjar.com *.resultspage.com *.resultsdemo.com *.powerreviews.com *.g.doubleclick.net https://snap.licdn.com/li.lms-analytics/ bat.bing.com *.weglot.com *.bragard.ca *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal player.vimeo.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com widget.freshworks.com m2epro.freshdesk.com connect.facebook.net graph.facebook.com business.facebook.com twitter.com platform.twitter.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com * *.magento-datasolutions.com *.magento-ds.com use.fontawesome.com *.resultspage.com *.resultsdemo.com *.powerreviews.com *.weglot.com *.bragard.ca cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com widget.freshworks.com m2epro.freshdesk.com *.fontawesome.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com * 'self' 'unsafe-inline'; manifest-src * 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com *.adobe.io performance.typekit.net *.sentry.io www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com commerce.adobe.io * *.paypal.com google.com *.google.com *.magento-datasolutions.com *.magento-ds.com *.powerreviews.com bam.nr-data.net *.g.doubleclick.net wss://*.hotjar.com https://*.hotjar.com *.hotjar.io bat.bing.com *.weglot.com *.bragard.ca *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com data: webchat.dotdigital.com webchat.staging.dotdigital.com widget.freshworks.com m2epro.freshdesk.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src * 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
font-src *.squarecdn.com *.googleapis.com *.gstatic.com data: fonts.googleapis.com fonts.gstatic.com *.klarnacdn.net *.fontawesome.com *.cloudflare.com *.bootstrapcdn.com *.commerce-connector.com *.typekit.net */csp/report/uri/ *.hotjar.com *.hotjar.io *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnaevt.com *.link.com *.amazon.com *.wahl.com *.userway.org *.yotpo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de api.bazaarvoice.com stg.api.bazaarvoice.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self' *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com *.wahl.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.stripe.com stripe.com *.link.com *.amazon.com *.wahl.com; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ widgets.sandbox.afterpay.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.klarna.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com *.google.com *.gstatic.com *.bluesnap.com *.kaptcha.com *.adsrvr.org *.hotjar.com *.hotjar.io */csp/report/uri/ *.hubspot.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://plumrocket.com *.stripe.com klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.wahl.com www.xtento.com *.yotpo.com 'self' 'unsafe-inline'; style-src *.adobe.com static.afterpay.com/ *.squarecdn.com fonts.googleapis.com display.ugc.bazaarvoice.com *.klarnacdn.net *.fontawesome.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.googleapis.com *.powerreviews.com getfirebug.com cdn.dnky.co webchat.dotdigital.com *.yotpo.com *.cloudflare.com *.bootstrapcdn.com *.wahlclipper.com *.jsdelivr.net *.postcodeanywhere.co.uk *.commerce-connector.com *.typekit.net */csp/report/uri/ unsafe-inline assets.braintreegateway.com *.stripe.network *.stripecdn.com *.amazon.com www.gstatic.com cdn.weglot.com *.wahl.com *.userway.org 'self' 'unsafe-inline'; object-src *.wahl.com 'self' 'unsafe-inline'; media-src *.adobe.com *.wahl.com 'self' 'unsafe-inline'; manifest-src *.wahl.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.afterpay.com *.squarecdn.com https://hbiq.net https://iq.afterpay-beta.com https://iq.afterpay.com *.googleapis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com api.addressy.com https://get.geojs.io *.avada.io *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com stats.g.doubleclick.net ct.pinterest.com *.google-analytics.com *.whatcounts.com siteanalytics.whatcounts.com https://siteanalytics.whatcounts.com *.amazonaws.com/ *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.amazonaws.com *.yotpo.com *.cloudflare.com *.powerreviews.com *.nr-data.net *.wahlclipper.com *.syndigo.com *.postcodeanywhere.co.uk wss://ws41.hotjar.com *.commerce-connector.com */csp/report/uri/ wss://*.hotjar.com *.hotjar.com *.hotjar.io *.hubspot.com *.hubapi.com *.hs-banner.com *.kaptcha.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.stripe.com klarna.com *.link.com x.clarity.ms cdn.cookielaw.org forms.hscollectedforms.net geolocation.onetrust.com api.userway.org cdn77.api.userway.org cdn.userway.org api.weglot.com cdn.weglot.com https://cdn-api-weglot.com *.wahl.com *.hsforms.net *.hsforms.com *.clarity.ms *.pcapredict.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; base-uri *.wahl.com 'self' 'unsafe-inline'; script-src https://pxl.jivox.com https://secure.adnxs.com https://apps.bazaarvoice.com/ cdn.weglot.com 0409890c10.translations.weglot.io assets.adobedtm.com *.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com *.squarecdn.com https://hbiq.net *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com *.klarna.com *.klarnacdn.net *.klarnaservices.com *.avada.io *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com connect.facebook.net graph.facebook.com business.facebook.com *.powerreviews.com *.google.com *.newrelic.com js-agent.newrelic.com *.googletagmanager.com https://www.googletagmanager.com/gtm.js bat.bing.com *.google-analytics.com *.googleoptimize.com https://www.googleoptimize.com/optimize.js *.trustedsite.com *.cloudflare.com *.twitter.com *.fontawesome.com *.nr-data.net *.wahlclipper.com *.googleapis.com *.jsdelivr.net *.bluesnap.com *.webcollage.net *.syndigo.com *.adsrvr.org *.hotjar.com *.hotjar.io *.pcapredict.com *.postcodeanywhere.co.uk *.commerce-connector.com *.amazonaws.com/ */csp/report/uri/ *.redditstatic.com *.hs-scripts.com *.hscollectedforms.net *.hs-banner.com *.usemessages.com *.hs-analytics.net *.kaptcha.com *.hsadspixel.net *.hsleadflows.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarnaevt.com *.amazon.com *.link.com www.clarity.ms cdn.cookielaw.org js.hubspot.com cdn.userway.org svht.tradedoubler.com swrap.tradedoubler.com *.wahl.com *.hsforms.net *.hsforms.com www.xtento.com cdn.xtento.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; img-src static.hsappstatic.net https://ad.doubleclick.net assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobedtm.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.afterpay.com/ *.gstatic.com *.googleapis.com maps.googleapis.com maps.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com *.klarna.com *.klarnaevt.com *.klarnacdn.net *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.essentialaccessibility.com *.wahlanimal.com  s.ytimg.com  *.google.com  *.google.com.mx  *.google-analytics.com ct.pinterest.com bat.bing.com *.google.co.in *.cloudflare.com *.wahlclipper.com *.powerreviews.com *.googletagmanager.com *.cloudfront.net *.webcollage.net *.syndigo.cloud *.postcodeanywhere.co.uk */csp/report/uri/ *.reddit.com *.hsforms.com *.hubspot.com  *.google.com.in  *.payments-amazon.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com c.clarity.ms cdn.cookielaw.org cdn.userway.org *.wahl.com *.magecomp.com *.google.com.ua www.xtento.com cdn.xtento.com *.yotpo.com data: 'self' 'unsafe-inline'; default-src https://de.wahl.com https://fr.wahl.com https://nl.wahl.com https://eu.wahl.com https://es.wahl.com https://jp.mcprod.wahl.com *.wahl.com 'self' 'unsafe-inline' 'unsafe-eval'; report-uri https://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 3
default-src 'self' *.ctfassets.net *.trackjs.com *.demdex.net; font-src 'self' *.gstatic.com; img-src 'self' *.ctfassets.net *.trackjs.com costalimited.d3.sc.omtrdc.net *.gstatic.com data: *.onetrust.com cm.everesttech.net *.googleapis.com; connect-src 'self' *.go-mpulse.net cdn-ukwest.onetrust.com trial-eum-clientnsv4-s.akamaihd.net trial-eum-clienttons-s.akamaihd.net *.akstat.io *.demdex.net costalimited.d3.sc.omtrdc.net *.onetrust.io *.trackjs.com maps.googleapis.com; script-src 'self'; script-src-elem 'self' 'unsafe-inline' assets.adobedtm.com *.go-mpulse.net cdn-ukwest.onetrust.com maps.googleapis.com fonts.googleapis.com; style-src-attr 'self' 'unsafe-inline'; style-src 'self'; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com; script-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self'; report-uri https://costa.report-uri.com/r/t/csp/reportOnly; report-to default 3
default-src 'self' wss: *.gravatar.com *.civicplus.com *.civicplus.pro *.civic.place *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdnjs.cloudflare.com static.cloudflareinsights.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.publicstuff.com *.googletagmanager.com *.civicplus.com *.civicplus.pro *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdnjs.cloudflare.com static.cloudflareinsights.com connect.facebook.net static.addtoany.com https://widgets.nrel.gov *.openstreetmap.org cdn-images.mailchimp.com platform.twitter.com blob:; object-src 'self' 'unsafe-inline' 'unsafe-eval' translate.googleapis.com iframe.publicstuff.com; style-src 'self' 'unsafe-inline' iframe.publicstuff.com  *.civicplus.com *.civicplus.pro *.civicclerk.com *.civic.place engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdnjs.cloudflare.com static.cloudflareinsights.com *.ctctcdn.com cdn-images.mailchimp.com data:; img-src 'self' 'unsafe-inline' iframe.publicstuff.com *.civicplus.com *.civicplus.pro *.civicclerk.com *.civic.place engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdnjs.cloudflare.com static.cloudflareinsights.com www.facebook.com https://widgets.nrel.gov www.facebook.com *.openstreetmap.org cdn-images.mailchimp.com i.ytimg.com data:; media-src 'self' translate.googleapis.com iframe.publicstuff.com data:; frame-src 'self' 'unsafe-inline' iframe.publicstuff.com *.youtube.com *.airtable.com *.swagit.com *.google.com *.civicplus.com *.novusagenda.com *.publicstuff.com *.audioeye.com acg.is *.maps.arcgis.com https://www.google.com/maps/embed *.googletagmanager.com https://www.youtube.com/embed https://www.youtube-nocookie.com/embed static.addtoany.com www.facebook.com m.facebook.com my.matterport.com ltfl.librarything.com player.vimeo.com *.granicus.com data:; frame-ancestors 'self' *.civicplus.com *.civicplus.pro *.civic.place *.civicclerk.com; child-src 'self' 'unsafe-inline' iframe.publicstuff.com *.youtube.com *.airtable.com *.swagit.com *.google.com *.civicplus.com *.novusagenda.com *.publicstuff.com *.audioeye.com acg.is *.maps.arcgis.com https://www.google.com/maps/embed *.googletagmanager.com https://www.youtube.com/embed https://www.youtube-nocookie.com/embed static.addtoany.com www.facebook.com m.facebook.com my.matterport.com ltfl.librarything.com player.vimeo.com *.granicus.com data:; font-src 'self' 'unsafe-inline' 'unsafe-eval' *.civicplus.com *.civicplus.pro *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdnjs.cloudflare.com static.cloudflareinsights.com user.govoutreach.com syndication.twitter.com data:; connect-src 'self' 'unsafe-inline' iframe.publicstuff.com  *.civicplus.com *.civicplus.pro *.civic.place *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdnjs.cloudflare.com static.cloudflareinsights.com stats.g.doubleclick.net; report-uri /report-csp-violation 3
font-src https://static.dhlecommerce.nl https://fonts.gstatic.com https://widgets.trustedshops.com fonts.gstatic.com widgets.trustedshops.com static.klaviyo.com cdn.brandfield.nl cdn.brandfield.fr cdn.brandfield.de cdn.brandfield.be cdn.brandfield.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com https://www.paypal.com https://hostedfields-externalapi.alpha.buckaroo.aws https://hostedfields-externalapi.prod-pci.buckaroo.io gum.criteo.com fledge.criteo.com fledge.eu.criteo.com bfsst.brandfield.nl bfsst.brandfield.be bfsst.brandfield.fr bfsst.brandfield.de bfsst.brandfield.com ct.pinterest.com www.google.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com https://portal.payconiq.com https://static.buckaroo.nl https://www.paypalobjects.com https://maps.googleapis.com https://maps.gstatic.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://widgets.trustedshops.com https://widgets-qa.trustedshops.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com cdn.brandfield.nl cdn.brandfield.fr cdn.brandfield.de cdn.brandfield.be cdn.brandfield.com www.acc-brandfield.com *.googlesyndication.com api.taggrs.io widgets.trustedshops.com www.facebook.com bat.bing.com sync-t1.taboola.com rtb-csync.smartadserver.com pixel.rubiconproject.com x.bidswitch.net simage2.pubmatic.com eb2.3lift.com ad.360yield.com ad.yieldlab.net id5-sync.com exchange.mediavine.com jadserve.postrelease.com criteo-sync.teads.tv r.casalemedia.com sync.targeting.unrulymedia.com criteo-partners.tremorhub.com sync.outbrain.com contextual.media.net aa.agkn.com cm.g.doubleclick.net bfsst.brandfield.nl bfsst.brandfield.be bfsst.brandfield.fr bfsst.brandfield.de bfsst.brandfield.com www.google.nl d3k81ch9hvuctc.cloudfront.net brandfield.work public-prod-dspcookiematching.dmxleo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://static.buckaroo.nl https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://buckaroo.nl https://www.paypal.com https://hostedfields-externalapi.alpha.buckaroo.aws https://hostedfields-externalapi.prod-pci.buckaroo.io https://static.dhlecommerce.nl https://maps.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.googletagmanager.com tagmanager.google.com cdn.brandfield.nl cdn.brandfield.fr cdn.brandfield.de cdn.brandfield.be cdn.brandfield.com static.zdassets.com integrations.etrusted.com static.klaviyo.com widgets.trustedshops.com static-tracking.klaviyo.com bfsst.brandfield.nl bfsst.brandfield.be bfsst.brandfield.fr bfsst.brandfield.de bfsst.brandfield.com cdn.cookie-script.com s.pinimg.com connect.facebook.net dynamic.criteo.com bat.bing.com analytics.tiktok.com fledge.criteo.com sslwidget.criteo.com www.clarity.ms fledge.eu.criteo.com ct.pinterest.com www.google.com www.gstatic.com static.buckaroo.nl 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://static.dhlecommerce.nl https://maps.googleapis.com https://fonts.googleapis.com https://static.klaviyo.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com tagmanager.google.com fonts.google.com cdn.brandfield.nl cdn.brandfield.fr cdn.brandfield.de cdn.brandfield.be cdn.brandfield.com fonts.googleapis.com static.klaviyo.com www.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com wss://websocketservice-externalapi.prod.buckaroo.io https://static.buckaroo.nl wss://websockets.buckaroo.io/ https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://hostedfields-externalapi.alpha.buckaroo.aws https://hostedfields-externalapi.prod-pci.buckaroo.io https://applepay.buckaroo.io https://www.paypal.com https://api-gw.dhlparcel.nl https://static.dhlecommerce.nl https://maps.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.trustedshops.com *.etrusted.com https://integrations.etrusted.site *.google-analytics.com *.analytics.google.com *.googletagmanager.com ekr.zdassets.com bfsst.brandfield.nl bfsst.brandfield.be bfsst.brandfield.fr bfsst.brandfield.de bfsst.brandfield.com fast.a.klaviyo.com static-forms.klaviyo.com a.klaviyo.com cdn.brandfield.nl cdn.brandfield.fr cdn.brandfield.de cdn.brandfield.be cdn.brandfield.com ct.pinterest.com gum.criteo.com measurement-api.criteo.com *.clarity.ms ipinfo.io www.google.com *.googlesyndication.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src bat.bing.com l.clarity.ms www.google.com bat.bing.net analytics.tiktok.com csm.nl3.eu.criteo.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://8f7c9b71-bcff-463a-be0a-2ff1273b3e9d.sansec.watch/; report-to report-endpoint; 3
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' www.clarity.ms js.braintreegateway.com assets.braintreegateway.com www.paypalobjects.com *.paypal.com songbird.cardinalcommerce.com https://client.rum.us-east-1.amazonaws.com https://integrations.etrusted.com https://apps.mypurecloud.ie https://cookie-cdn.cookiepro.com https://pay.google.com/gp/p/js/pay.js https://services.postcodeanywhere.co.uk/js/address-3.91.min.js static.cloudflareinsights.com https://ajax.cloudflare.com https://www.googletagmanager.com https://www.google-analytics.com https://bat.bing.com https://*.tradedoubler.com https://cdn.studentbeans.com https://googleads.g.doubleclick.net https://bat.bing.com/p/action/5035386.js https://www.paypal.com https://loader.wisepops.com https://wisepops.net https://widget.trustpilot.com https://widgets.trustedshops.com https://tag.mention-me.com https://static.mention-me.com https://*.klarnacdn.net https://*.criteo.com maps.googleapis.com https://www.googleadservices.com https://www.google.com https://ob.segreencolumn.com https://obs.segreencolumn.com; style-src 'report-sample' 'self' 'unsafe-inline' https://fonts.googleapis.com https://services.postcodeanywhere.co.uk https://integrations.etrusted.com; object-src 'none'; base-uri 'self'; connect-src 'self' api.lenstore.co.uk api.lenstore.de api.lenstore.it api.lenstore.fr api.lenstore.es https://*.clarity.ms/collect https://*.mypurecloud.ie dataplane.rum.eu-west-1.amazonaws.com https://cognito-identity.eu-west-1.amazonaws.com/ api.braintreegateway.com client-analytics.braintreegateway.com https://*.etrusted.com https://auth.split.io https://cookie-cdn.cookiepro.com https://klarna.com https://*.klarnaevt.com https://x.klarnacdn.net https://*.klarna.com https://events.split.io https://google.com https://pay.google.com https://google.com/pay https://*.braintree-api.com https://sdk.split.io https://streaming.split.io https://www.paypal.com https://www.sandbox.paypal.com https://www.google.com/ccm/collect https://*.google-analytics.com *.analytics.google.com https://*.wisepops.com https://wisepops.net https://obs.segreencolumn.com cardinalcommerce.com *.cardinalcommerce.com https://privacyportal.cookiepro.com *.trustedshops.com trustedshops.com services.postcodeanywhere.co.uk sts.eu-west-1.amazonaws.com bat.bing.net *.doubleclick.net wss://am.freshrelevance.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' *; img-src 'self' assets.lenstore.co.uk assets.lenstore.de assets.lenstore.it assets.lenstore.fr assets.lenstore.es data: assets.braintreegateway.com checkout.paypal.com https://c.clarity.ms https://www.gstatic.com https://integrations.etrusted.com https://www.paypalobjects.com https://cookie-cdn.cookiepro.com https://bat.bing.com https://www.google.com https://www.google.co.uk https://criteo-partners.tremorhub.com/ https://x.bidswitch.net https://cm.g.doubleclick.net/pixel https://ib.adnxs.com/getuid https://r.casalemedia.com/rum https://gum.criteo.com https://id5-sync.com/ https://ad.360yield.com https://contextual.media.net https://exchange.mediavine.com/usersync/push https://jadserve.postrelease.com https://sync.outbrain.com/cookie-sync https://simage2.pubmatic.com/AdServer/Pug https://pixel.rubiconproject.com https://rtb-csync.smartadserver.com https://sync-t1.taboola.com https://criteo-sync.teads.tv https://eb2.3lift.com https://ad.yieldlab.net https://sync.1rx.io https://dis.criteo.com https://sync.targeting.unrulymedia.com https://www.google-analytics.com/collect https://x.klarnacdn.net https://services.postcodeanywhere.co.uk trustedshops.com; manifest-src 'self'; media-src 'self'; worker-src 'none' blob; report-uri https://api.lenstore.co.uk/event/csp-report 3
font-src *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self' 'unsafe-inline'; frame-ancestors *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.retailrocket.net landofcoder.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com www.apptrian.com www.facebook.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.facebook.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com www.googletagmanager.com www.apptrian.com www.facebook.com connect.facebook.net graph.facebook.com *.retailrocket.net landofcoder.com *.googleapis.com *.google.com *.gstatic.com *.avada.io *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.googletagmanager.com *.googleadservices.com *.google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.retailrocket.net *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src *.retailrocket.net landofcoder.com 'self' 'unsafe-inline'; media-src www.apptrian.com www.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.apptrian.com connect.facebook.net graph.facebook.com *.retailrocket.net landofcoder.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
default-src 'none'; form-action 'none'; frame-ancestors 'none'; 3
default-src 'self'; script-src 'report-sample' 'self' https://js.qualified.com/qualified.js https://www.googletagmanager.com/gtm.js; style-src 'report-sample' 'self'; object-src 'none'; base-uri 'self'; connect-src 'self' https://app.qualified.com wss://ws.qualified.com; font-src 'self'; frame-src 'self' https://app.qualified.com; img-src 'self' data: https://dms6j3xpg18d6.cloudfront.net https://d3s86tfxelgbdj.cloudfront.net https://huntscanlon.com https://images.cointelegraph.com https://mma.prnewswire.com https://s.yimg.com; manifest-src 'self'; media-src 'self'; worker-src 'none'; 3
font-src https://fonts.gstatic.com *.googleapis.com *.gstatic.com *.fontawesome.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.zopim.com *.adyen.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com pay.google.com payments-eu.amazon.com *.amazon.de https://0merchantacsstag.cardinalcommerce.com *.mercurypaymentservices.it 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com pay.google.com *.paypal.com https://assets.braintreegateway.com https://c.paypal.com https://tst.kaptcha.com https://geostag.cardinalcommerce.com https://0merchantacsstag.cardinalcommerce.com https://centinelapistag.cardinalcommerce.com https://checkout.paypal.com https://www.google.com https://player.vimeo.com *.iubenda.com *.mercurypaymentservices.it *.google-analytics.com *.gtm.com *.rolex.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com pay.google.com *.payments-amazon.com *.media-amazon.com *.paypalobjects.com https://www.google.it https://b.stats.paypal.com https://c.paypal.com https://dub.stats.paypal.com blob: https://maps.google.com https://maps.gstatic.com *.googleapis.com *.gstatic.com *.bird.eu *.iubenda.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.zopim.com *.zopim.io *.zdassets.com *.adobedtm.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com https://www.google.com https://www.gstatic.com https://c.paypal.com https://songbirdstag.cardinalcommerce.com https://maps.google.com https://maps.googleapis.com *.googleapis.com *.gstatic.com *.iubenda.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com www.youtube.com *.zopim.com *.zopim.io *.zdassets.com bam.nr-data.net *.damiani.com *.rocca1794.com *.mercurypaymentservices.it *.google-analytics.com *.gtm.com *.adobedtm.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://fonts.googleapis.com https://www.gstatic.com fonts.googleapis.com *.fontawesome.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.adyen.com *.google.com google.com payments-eu.amazon.com *.paypal.com https://payments.sandbox.braintree-api.com https://api.sandbox.braintreegateway.com https://origin-analytics-sand.sandbox.braintree-api.com https://centinelapistag.cardinalcommerce.com https://kg668dbov0.execute-api.us-east-1.amazonaws.com https://writer.cardinalcommerce.com https://www.sandbox.paypal.com https://vimeo.com https://maps.googleapis.com *.googleapis.com https://geoip-js.com *.iubenda.com *.zopim.com *.zopim.io *.zdassets.com wss://widget-mediator.zopim.com ws://127.0.0.1:35729/livereload bam.nr-data.net *.damiani.com *.rocca1794.com *.mercurypaymentservices.it *.google-analytics.com *.gtm.com *.googlesyndication.com *.zendesk.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
font-src *.fontawesome.com maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com *.gstatic.com fontawesome.com maps.googleapis.com *.nosto.com *.klaviyo.com *.requirejs.org *.google.com *.nr-data.net *.cardinalcommerce.com *.omtrdc.net *.demdex.net *.algolia.com *.afterpay.com *.facebook.com *.vimeo.com *.cfjump.com *.intercom.io foursixty.com *.aptrinsic.com *.facebook.net *.cdninstagram.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.nosto.com *.nos.to https://plumrocket.com *.paymentexpress.com *.windcave.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk *.nosto.com *.nos.to https://plumrocket.com https://accounts.google.com *.weltpixel.com *.paymentexpress.com *.windcave.com www.xtento.com *.yotpo.com popup.laybuy.com maps.googleapis.com *.klaviyo.com *.requirejs.org *.google.com *.nr-data.net *.cardinalcommerce.com *.omtrdc.net *.demdex.net *.algolia.com *.facebook.com *.vimeo.com *.cfjump.com *.intercom.io foursixty.com *.aptrinsic.com *.facebook.net *.cdninstagram.com *.criteo.com *.criteo.net *.pinterest.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://static.afterpay.com https://site-assets.afterpay.com/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.nosto.com *.nos.to www.xtento.com cdn.xtento.com *.yotpo.com *.afterpay.com *.afterpay.com.au *.googleapis.com *.gstatic.com *.intercomcdn.com *.facebook.com *.klaviyo.com *.laybuy.com *.requirejs.org *.google.com *.nr-data.net *.cardinalcommerce.com *.omtrdc.net *.demdex.net *.algolia.com *.vimeo.com *.cfjump.com *.intercom.io foursixty.com *.aptrinsic.com *.facebook.net *.cdninstagram.com *.bing.com *.dmxleo.com *.merchant1948.co.nz data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com https://api.addressfinder.io https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com https://js.sandbox.afterpay.com https://js.afterpay.com polyfill.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ s7.addthis.com *.avada.io *.nosto.com *.nos.to https://accounts.google.com https://www.gstatic.com *.maxmind.com www.xtento.com cdn.xtento.com *.yotpo.com js-agent.newrelic.com maps.googleapis.com *.intercomcdn.com *.klaviyo.com *.requirejs.org *.google.com *.nr-data.net *.cardinalcommerce.com *.omtrdc.net *.demdex.net *.algolia.com *.facebook.com *.vimeo.com *.cfjump.com *.intercom.io *.aptrinsic.com *.facebook.net *.cdninstagram.com *.hotjar.com *.pinimg.com *.criteo.com *.criteo.net *.bing.com *.stackadapt.com *.clarity.ms *.pinterest.com foursixty.com *.merchant1948.co.nz 'self' 'unsafe-inline' 'unsafe-eval'; style-src https://api.addressfinder.io static.afterpay.com/ js.sandbox.afterpay.com js.afterpay.com https://static.klaviyo.com *.fontawesome.com maxcdn.bootstrapcdn.com *.nosto.com *.nos.to https://accounts.google.com https://www.gstatic.com *.yotpo.com *.googleapis.com foursixty.com *.stackadapt.com 'self' 'unsafe-inline'; object-src *.afterpay.com *.intercomcdn.com *.nosto.com *.klaviyo.com *.yotpo.com *.requirejs.org *.google.com *.nr-data.net *.cardinalcommerce.com *.omtrdc.net *.demdex.net *.algolia.com *.facebook.com *.vimeo.com *.cfjump.com *.intercom.io foursixty.com *.aptrinsic.com *.facebook.net *.cdninstagram.com 'self' 'unsafe-inline'; media-src maps.googleapis.com *.intercomcdn.com *.afterpay.com *.nosto.com *.klaviyo.com *.yotpo.com *.requirejs.org *.cardinalcommerce.com *.omtrdc.net *.demdex.net *.algolia.com *.google.com *.nr-data.net *.facebook.com *.vimeo.com *.cfjump.com *.intercom.io foursixty.com *.aptrinsic.com *.facebook.net *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://api.addressfinder.io static.afterpay.com static.sandbox.afterpay.com js.sandbox.afterpay.com js.afterpay.com *.algolia.net *.algolia.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ ekr.zdassets.com/ https://get.geojs.io *.avada.io *.nosto.com *.nos.to https://accounts.google.com *.mmapiws.com *.yotpo.com *.intercom.io *.intercomcdn.com maps.googleapis.com *.klaviyo.com *.requirejs.org *.google.com *.nr-data.net *.cardinalcommerce.com *.omtrdc.net *.demdex.net *.facebook.com *.vimeo.com *.cfjump.com *.foursixty.com *.aptrinsic.com *.facebook.net *.cdninstagram.com *.hotjar.com *.pinimg.com *.criteo.com *.criteo.net *.bing.com *.stackadapt.com *.clarity.ms *.pinterest.com foursixty.com *.merchant1948.co.nz *.hotjar.io wss://nexus-websocket-a.intercom.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src js-agent.newrelic.com maps.googleapis.com *.intercomcdn.com *.nosto.com *.klaviyo.com *.yotpo.com *.requirejs.org *.google.com *.nr-data.net *.cardinalcommerce.com *.omtrdc.net *.demdex.net *.algolia.com *.facebook.com *.vimeo.com *.cfjump.com *.intercom.io foursixty.com *.aptrinsic.com *.facebook.net *.cdninstagram.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
default-src 'unsafe-eval' 'unsafe-inline' blob: data: https: ws: wss:; img-src 'unsafe-inline' blob: data: *; report-uri https://csp.test.orlo.tech/report; 3
frame-src 'self' www.youtube.com www.google.com js.playground.klarna.com js.klarna.com https://checkoutshopper-test.adyen.com https://pay.google.com https://wchat.freshchat.com https://connect.getflowbox.com return.4sellers.de *.webpush.freshchat.com ct.pinterest.com vercel.live *.sovendus.com *.adyen.com gum.criteo.com fledge.eu.criteo.com *.cnstrc.com cnstrc.com graphical-editor.kameleoon.com *.vimeo.com vimeo.com www.googletagmanager.com *.chat.getzowie.com 3
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.cloudflare.com *.twitter.com https://www.gstatic.com *.twimg.com *.trustedshops.com *.googleapis.com https://fonts.gstatic.com https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.twitter.com 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.twitter.com https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com js.mollie.com *.multisafepay.com https://pay.google.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.trackedlink.net *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.cloudfront.net https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com https://www.mollie.com *.multisafepay.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com widget.freshworks.com m2epro.freshdesk.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com https://*.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.googleapis.com https://*.google.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com js.mollie.com *.multisafepay.com https://pay.google.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com widget.freshworks.com m2epro.freshdesk.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.multisafepay.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com widget.freshworks.com m2epro.freshdesk.com *.cloudflare.com *.twitter.com *.twimg.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.multisafepay.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; report-uri https://0594ebf9e3dab534acdba65c6100b639.report-uri.com/r/d/csp/reportOnly; 3
font-src fonts.gstatic.com use.typekit.net data: 'self' 'unsafe-inline'; form-action https://api.bazaarvoice.com  https://stg.api.bazaarvoice.com  'self' 'unsafe-inline'; frame-src https://www.google.com/recaptcha/  https://www.googletagmanager.com  https://api.bazaarvoice.com  https://stg.api.bazaarvoice.com  https://display.ugc.bazaarvoice.com  'self' 'unsafe-inline'; img-src https://images.ctfassets.net  data: www.googleadservices.com www.google-analytics.com www.google.com analytics.google.com www.googletagmanager.com p.typekit.net https://maps.googleapis.com  https://*.gstatic.com https://*.bazaarvoice.com https://www.facebook.com  https://adservice.google.com  https://cdn.cookielaw.org  data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com https://www.gstatic.com/recaptcha/  https://www.google.com/recaptcha/  use.typekit.net *.tokenex.com https://maps.googleapis.com  https://*.bazaarvoice.com https://resources.digital-cloud-west.medallia.com  https://www.datadoghq-browser-agent.com  https://*.monetate.net https://cdn.cookielaw.org  https://*.fullstory.com https://*.ctfassets.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com https://*.googletagmanager.com https://display.ugc.bazaarvoice.com  'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com performance.typekit.net data: https://*.googleapis.com https://*.google.com https://*.bazaarvoice.com https://geolocation.onetrust.com  https://*.cookielaw.org https://*.fullstory.com https://*.ipstack.com https://*.contentful.com https://*.logs.datadoghq.com https://*.dss-aws.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
font-src fonts.gstatic.com use.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.globalpay.com https://fonts.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.gpwebpay.com *.gpe.cz *.globalpay-ecommerce.com *.nosto.com *.nos.to 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.google.com *.doubleclick.net *.facebook.com *.americanexpress.com *.globalpay.com *.mastercard.com *.visa.com *.gpwebpay.com *.gpe.cz *.globalpay-ecommerce.com *.nosto.com *.nos.to *.trustpilot.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com www.feedoptimise.com cdn.feedoptimise.com *.globalpay.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.nosto.com *.nos.to *.googleapis.com data: 'self' 'unsafe-inline'; script-src unpkg.com commerce.adobedtm.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com assets.adobedtm.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com jquery.sellxed.com www.feedoptimise.com cdn.feedoptimise.com *.aexp-static.com https://ajax.aspnetcdn.com *.globalpay.com *.gpapiservices.com https://pay.google.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.nosto.com *.nos.to *.trustpilot.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com https://fonts.googleapis.com https://static.klaviyo.com *.fontawesome.com maxcdn.bootstrapcdn.com *.nosto.com *.nos.to *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src api.magento.com commerce.adobe.io commerce.adobedtm.com commerce.adobedc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.net qa-api.magedevteam.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com https://google.com/pay https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.nosto.com *.nos.to *.googleapis.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
font-src https://js.klevu.com *.googleapis.com *.hotjar.com dhv2ziothpgrr.cloudfront.net *.klevu.com *.ksearchnet.com use.fontawesome.com maxcdn.bootstrapcdn.com fonts.gstatic.com *.yotpo.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com *.ometria.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com account.fetchify.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://plumrocket.com *.hotjar.com https://9957200.fls.doubleclick.net https://danv01ao0kdr2.cloudfront.net https://dj3zaulksz6yg.cloudfront.net *.brandlock.io *.braintreegateway.com *.klarna.com https://accounts.google.com *.mention-me.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://www.incontinencechoice.co.uk https://prod.choiceadmin.co.uk https://staging.choiceadmin.co.uk https://admin.vivactive.com https://trk.ometria.com *.brandlock.io https://www.google.com https://bat.bing.com https://pixel.quantserve.com https://www.facebook.com *.googleapis.com *.klarna.com *.klarnaevt.com *.klarnacdn.net https://s3-eu-west-1.amazonaws.com dhv2ziothpgrr.cloudfront.net *.klevu.com *.ksearchnet.com *.yotpo.com swellrewards.com *.swellrewards.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://cdn.ometria.com *.hotjar.com cdnjs.cloudflare.com https://js.klevu.com/ https://bat.bing.com https://secure.quantserve.com https://www.gstatic.com https://connect.facebook.net https://dj3zaulksz6yg.cloudfront.net *.brandlock.io https://cdn-ukwest.onetrust.com https://geolocation.onetrust.com https://songbirdstag.cardinalcommerce.com https://www.googleoptimize.com https://cdn.oribi.io https://app.factors.ai https://rules.quantcount.com https://googleads.g.doubleclick.net https://www.clarity.ms *.googleapis.com https://www.googletagmanager.com/gtag/js *.klarna.com *.klarnacdn.net https://accounts.google.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net https://tag.rmp.rakuten.com *.klevu.com *.ksearchnet.com *.mention-me.com *.yotpo.com swellrewards.com *.swellrewards.com https://js.klevu.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cc-cdn.com assets.braintreegateway.com *.googleapis.com *.hotjar.com https://accounts.google.com https://www.gstatic.com dhv2ziothpgrr.cloudfront.net *.klevu.com *.ksearchnet.com *.yotpo.com swellrewards.com *.swellrewards.com fonts.googleapis.com maxcdn.bootstrapcdn.com https://statsjs.klevu.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://payments.sandbox.braintree-api.com https://api.sandbox.braintreegateway.com https://origin-analytics-sand.sandbox.braintree-api.com/ https://danv01ao0kdr2.cloudfront.net *.brandlock.io https://cdn-ukwest.onetrust.com https://privacyportal-uk.onetrust.com *.google-analytics.com https://stats.g.doubleclick.net https://www.paypal.com https://geolocation.onetrust.com *.hotjar.com *.hotjar.io wss://*.hotjar.com https://api.factors.ai https://b.clarity.ms *.googleapis.com *.klarnaevt.com https://accounts.google.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com *.klevu.com *.ksearchnet.com *.mention-me.com *.ometria.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com *.googleapis.com *.klarnacdn.net https://fonts.bunny.net maxcdn.bootstrapcdn.com *.hotjar.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com sandbox.przelewy24.pl secure.przelewy24.pl facebook.com www.facebook.com 'self' 'unsafe-inline'; frame-ancestors pay.google.com www.facebook.com *.kinderkraft.fr *.kinderkraft.pl kinderkraft.fr kinderkraft.pl *.trustpilot.com *.criteo.gum *.cookiebot.com kinderkraft.co.uk ecommscript-integrationapp.trustpilot.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com consentcdn.cookiebot.com consentcdn.cookiebot.eu pay.google.com apm.przelewy24.pl *.klarna.com secure.payu.com merch-prod.snd.payu.com *.trustpilot.com *.facebook.com www.facebook.com *.instagram.com *.hotjar.com *.criteo.com *.criteo.net *.kinderkraft.fr kinderkraft.fr kinderkraft.pl *.pinterest.com td.doubleclick.net hal9000.redintelligence.net kinderkraft.co.uk ecommscript-integrationapp.trustpilot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'unsafe-inline' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io imgsct.cookiebot.com imgsct.cookiebot.eu https://images.unsplash.com *.googleapis.com *.ggpht static.przelewy24.pl www.gstatic.com gstatic.com *.klarna.com *.klarnaevt.com *.klarnacdn.net https://firebasestorage.googleapis.com static.payu.com *.ytimg.com www.google.pl kinderkraft.com pixel.wp.pl www.facebook.com *.instagram.com *.payu.com *.hotjar.com *.criteo.com *.adobedtm.com *.doubleclick.net *.outbrain.com *.rubiconproject.com *.yahoo.com *.3lift.com *.smartadserver.com *.adnxs.com *.tapad.com *.casalemedia.com *.360yield.com *.taboola.com *.pubmatic.com *.media.net *.teads.tv *.adform.net *.bidswitch.net *.sharethrough.com *.smaato.net *.socdm.com *.adscale.de *.advertising.com *.dable.io *.co.kr *.stickyadstv.com *.twiago.com *.omnitagjs.com *.liadm.com *.yieldmo.com *.postrelease.com *.addthis.com *.revcontent.com *.mail.ru *.yieldlab.net *.rambler.ru *.bing.com *.openx.net *.nate.com *.mediawallahscript.com id5-sync.com *.rlcdn.com *.adingo.jp *.tremorhub.com *.yandex.ru *.aralego.com/ *.ad-stir.com *.adtdp.com *.meba.kr *.1rx.io *.toast.com *.turn.com *.dmxleo.com *.mediavine.com *.ivitrack.com *.smartclip.net *.krxd.net *.emxdgt.com *.pinterest.com *.bluekai.com *.thebrighttag.com kinderkraft.pl *.user.com *.trustpilot.com *.trustpilot.net *.metaffiliation.com region1.analytics.google.com developers.google.com trk.datnova.com *.facebook.net server-side-tagging-vqegoo7bda-uc.a.run.app bcw.kinderkraft.fr data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com consent.cookiebot.com consent.cookiebot.eu https://browser.sentry-cdn.com *.googleapis.com *.gstatic.com sandbox.przelewy24.pl secure.przelewy24.pl pay.google.com apm.przelewy24.pl *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.avada.io secure.payu.com secure.snd.payu.com consentcdn.cookiebot.com *.trustpilot.com *.googletagmanager.com kinderkraft-staging.user.com *.user.com *.g.doubleclick.net *.adyen.com *.facebook.net pixel.wp.pl *.hotjar.com *.criteo.com *.criteo.net *.cloudflare.com *.clickcease.com *.pinimg.com *.googleoptimize.com *.kinderkraft.pl *.kinderkraft.fr *.kinderkraft.de *.kinderkraft.it *.kinderkraft.co.uk *.kinderkraft.es *.metaffiliation.com *.bing.com *.clarity.ms *.cux.io *.taboola.com *.luigisbox.com ct.pinterest.com kng.kinderkraft.at sha.kinderkraft.be tag.facemyads.co bbd-tag.de s.retargeted.co apptracker.stream *.sddan.com trk.datnova.com js.cookieless-data.com bcw.kinderkraft.fr ecommscript-integrationapp.trustpilot.com cdn.cookiehub.eu 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com *.googleapis.com *.gstatic.com *.klarnacdn.net https://fonts.bunny.net maxcdn.bootstrapcdn.com *.typekit.net *.trustpilot.com *.instagram.com *.cloudflare.com cdn.luigisbox.com 'self' 'unsafe-inline'; object-src ecommscript-integrationapp.trustpilot.com 'self' 'unsafe-inline'; media-src *.adobe.com *.googlevideo.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com consentcdn.cookiebot.com consentcdn.cookiebot.eu https://*.ingest.sentry.io sandbox.przelewy24.pl secure.przelewy24.pl wss://sandbox-ws.przelewy24.pl wss://secure-ws.przelewy24.pl apple-pay-gateway.apple.com apm.przelewy24.pl www.google.com pay.google.com *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com https://get.geojs.io *.avada.io secure.payu.com merch-prod.snd.payu.com ws: *.instagram.com kinderkraft-staging.user.com wss://kinderkraft-staging.user.com *.adyen.com yt2html5.com *.user.com googleads.g.doubleclick.net stats.g.doubleclick.net wss://kinderkraft.user.com *.hotjar.com wss://ws3.hotjar.com https://paypal.com paypal.com *.hotjar.io *.criteo.com wss://ws29.hotjar.com *.pinterest.com wss://ws11.hotjar.com google.pl *.kinderkraft.fr *.metaffiliation.com sentry.io *.clarity.ms *.cux.io *.facebook.com facebook.com *.google.pl wss://* *.openfpcdn.io *.google-analytics.com *.taboola.com *.luigisbox.com *.bing.com server-side-tagging-vqegoo7bda-uc.a.run.app wdg.kinderkraft.pl *.googleapis.com tvw.kinderkraft.co.uk analytics.tiktok.com *.kinderkraft.at *.kinderkraft.be bcw.kinderkraft.fr ecommscript-integrationapp.trustpilot.com 'self' 'unsafe-inline'; child-src *.instagram.com http: https: blob: 'self' 'unsafe-inline'; default-src *.adyen.com *.instagram.com *.googleoptimize.com *.bing.com kinderkraft.co.uk kinderkraft.pl ecommscript-integrationapp.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
font-src data: *.gstatic.com https://maxcdn.bootstrapcdn.com https://use.typekit.net *.livechatinc.com *.brickworks.com.au *.googleapis.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.rendivo.com *.anzus.solutions 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net https://*.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com https://*.facebook.com paypal.com https://*.paypal.com https://secure.livechatinc.com/ https://*.livechatinc.com/ https://*.marketo.com *.brickworks.com.au https://*.fls.doubleclick.net https://ct.pinterest.com https://insight.adsrvr.org *.rendivo.com *.anzus.solutions c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src https://*.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com https://img.youtube.com validator.swagger.io https://*.paypal.com https://*.zipmoney.com.au https://*.facebook.com *.data-dynamic.net https://amcglobal.sc.omtrdc.net https://via.placeholder.com/ https://buildersacademy.com.au https://ik.imagekit.io/ https://buildersacademy.edu.au https://australbricks.rendivo.com *.unsplash.com *.marketo.com *.brickworks.com.au https://ib.adnxs.com https://t.co/ https://analytics.twitter.com/ https://*.google.com.au https://ct.pinterest.com https://sp.analytics.yahoo.com/ https://pixel.quantserve.com/ https://cdn.livechat-files.com/ *.googleapis.com *.gstatic.com https://www.magezon.com *.widen.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.ecomm-nav.com https://*.zipmoney.com.au https://*.facebook.com *.zdassets.com *.barilliance.com *.barilliance.net *.newrelic.com *.nr-data.net chimpstatic.com snapui.searchspring.io https://*.livechatinc.com *.marketo.com *.brickworks.com.au https://*.hotjar.com https://*.twitter.com https://*.ads-twitter.com *.gstatic.com https://*.pinimg.com https://connect.facebook.net https://vxml4.plavxml.com https://js.adsrvr.org https://acdn.adnxs.com https://secure.quantserve.com https://s.yimg.com https://rules.quantcount.com https://ucarecdn.com *.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com data: https://fonts.googleapis.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://use.typekit.net https://p.typekit.net *.marketo.com *.brickworks.com.au fonts.googleapis.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com data: *.widen.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://*.cloudfront.net https://*.zip.co *.nr-data.net https://maps.googleapis.com https://stats.g.doubleclick.net https://s.yimg.com https://ct.pinterest.com https://*.google.com.au *.googleapis.com *.widen.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
report-uri /es/Error/ReportCPS; 3
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com https://fonts.gstatic.com https://static.klaviyo.com *.fontawesome.com *.development.scalapay.com *.staging.scalapay.com *.integration.scalapay.com *.scalapay.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.awin1.com *.zenaps.com *.fls.doubleclick.net www.mainadv.com *.doubleclick.net *.2trk.info *.sendcloud.sc *.jsdelivr.net *.weltpixel.com *.trustpilot.com *.iubenda.com js.mollie.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.googletagmanager.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net https://images.unsplash.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.googleapis.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com *.awin1.com *.zenaps.com *.wepowerconnections.com *.roeye.com *.50-ml.com *.google.com *.google.fr *.google.it *.google.es *.google.de *.google.eu *.google.co.uk *.googletagmanager.com bat.bing.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.amazonaws.com *.iubenda.com https://www.mollie.com *.development.scalapay.com *.staging.scalapay.com *.integration.scalapay.com *.scalapay.com https://maps.gstatic.com *.facebook.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.google-analytics.com *.doubleclick.net cdn.50-ml.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com *.adobe.io *.commerce-payment-services.com *.magento-ds.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.magento-datasolutions.com www.googletagmanager.com https://maps.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.googleapis.com *.gstatic.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.awin1.com *.dwin1.com *.zenaps.com *.wepowerconnections.com https://the.sciencebehindecommerce.com lantern.roeyecdn.com *.preciso.net *.50-ml.eu *.50-ml.it *.50-ml.fr *.50-ml.de *.50-ml.es *.50-ml.com *.50-ml.co.uk www.clarity.ms bat.bing.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.sendcloud.sc *.jsdelivr.net *.trustpilot.com *.iubenda.com js.mollie.com *.development.scalapay.com *.staging.scalapay.com *.integration.scalapay.com *.scalapay.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com *.googletagmanager.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.clarity.ms *.klaviyo.com unpkg.com *.doubleclick.net static.zdassets.com kit.fontawesome.com cdn.preciso.net gtm.50-ml.it gtm.50-ml.com gtm.50-ml.co.uk gtm.50-ml.fr gtm.50-ml.de gtm.50-ml.eu 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com https://static.klaviyo.com *.sendcloud.sc *.jsdelivr.net *.trustpilot.com https://fonts.googleapis.com *.fontawesome.com *.development.scalapay.com *.staging.scalapay.com *.integration.scalapay.com *.scalapay.com *.googleapis.com *.gstatic.com *.stripe.network *.stripecdn.com *.amazon.com *.tagmanager.google.com *.googletagmanager.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.magento-datasolutions.com *.magento-ds.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io https://maps.googleapis.com https://player.vimeo.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.googleapis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.wepowerconnections.com https://the.sciencebehindecommerce.com capig.stape.tech *.50-ml.com *.clarity.ms https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.sendcloud.sc *.cdn.jsdelivr.net *.mapbox.com *.iubenda.com *.development.scalapay.com *.staging.scalapay.com *.integration.scalapay.com *.scalapay.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.bing.net *.klaviyo.com *.doubleclick.net *.run.app 50-ml.zendesk.com ekr.zdassets.com www.wepowerconnections.com www.google.com region1.analytics.google.com stats.g.doubleclick.net p.clarity.ms a.klaviyo.com capig.50-ml.com search.50-ml.media 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
upgrade-insecure-requests 3
frame-ancestors 'self' *.qualtrics.com *.my.salesforce.com *.visualforce.com *.visual.force.com *.lightning.force.com; report-uri https://sjc1.qualtrics.com/csp-report 3
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com data: *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.googletagmanager.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com magefan.com cm.magefan.com https://firebasestorage.googleapis.com https://www.magezon.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com flagpedia.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.avada.io *.shopify.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.googletagmanager.com *.googleadservices.com *.google-analytics.com maps.googleapis.com www.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com https://fonts.bunny.net *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com maxcdn.bootstrapcdn.com *.gstatic.com www.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://get.geojs.io *.avada.io *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net www.gstatic.com maps.googleapis.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://def9d71d-669f-4322-8f25-4ef099a2d33a.sansec.watch/; report-to report-endpoint; 3
font-src fonts.gstatic.com use.typekit.net maxcdn.bootstrapcdn.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.youtube.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com p.typekit.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com commerce.adobedtm.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net amcglobal.sc.omtrdc.net use.typekit.net commerce.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com *.acp-magento.appspot.com *.akamaized.net *.instantsearchplus.com *.fastsimon.com fastsimon-grid.akamaized.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.google.com *.gstatic.com www.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com api.magento.com commerce.adobe.io commerce.adobedtm.com commerce.adobedc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com performance.typekit.net commerce.adobe.net *.adyen.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com t.elasticsuite.io *.google-analytics.com cdn.plyr.io noembed.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
font-src fonts.gstatic.com use.typekit.net *.googleapis.com *.gstatic.com data: 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.klarnacdn.net *.fontawesome.com https://fonts.bunny.net *.kalogirou.com *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.googlesyndication.com www.facebook.com www.youtube.com *.twitter.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com *.google.com *.doubleclick.net www.facebook.com *.googlesyndication.com connect.facebook.net graph.facebook.com business.facebook.com *.klarna.com *.cookiebot.com www.youtube.com *.contactpigeon.com *.skroutz.gr *.netsteps.net *.trust-servers.net https://www.googletagmanager.com *.twitter.com www.xtento.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com 'self' data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com www.youtube.com p.typekit.net validator.swagger.io *.gstatic.com *.googleapis.com *.google.com *.google.bg www.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com connect.facebook.net graph.facebook.com business.facebook.com *.klarna.com *.klarnaevt.com *.klarnacdn.net https://firebasestorage.googleapis.com www.google.gr *.cookiebot.com *.google-analytics.com maps.gstatic.com *.kalogirou.com *.contactpigeon.com *.sharethis.com *.netsteps.net *.trust-servers.net https://kalogirou.com https://kalogirou.com/pub/media/ *.cloudflare.com *.googleadservices.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.skroutz.gr www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com https://www.gstatic.com/recaptcha/ *.google.com assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.bg *.googletagmanager.com www.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.googlesyndication.com connect.facebook.net graph.facebook.com business.facebook.com *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.avada.io 'self' data: *.cookiebot.com *.googleadservices.com stats.g.doubleclick.net googleads.g.doubleclick.net *.kalogirou.com *.go-mpulse.net *.sharethis.com *.contactpigeon.com *.google.gr *.taboola.com *.skroutz.gr *.netsteps.net *.trust-servers.net *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.klarnacdn.net *.fontawesome.com https://fonts.bunny.net *.kalogirou.com www.youtube.com *.contactpigeon.com *.netsteps.net *.trust-servers.net *.cloudflare.com *.twitter.com *.twimg.com *.typekit.net *.trustedshops.com *.usercentrics.eu 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.googleapis.com *.google-analytics.com www.facebook.com *.facebook.net *.google.com *.doubleclick.net *.googlesyndication.com connect.facebook.net graph.facebook.com business.facebook.com *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com https://get.geojs.io *.avada.io maps.googleapis.com stats.g.doubleclick.net googleads.g.doubleclick.net *.cookiebot.com *.kalogirou.com www.youtube.com *.go-mpulse.net *.sharethis.com *.contactpigeon.com eu.klarnaevt.com *.taboola.com *.akstat.io *.skroutz.gr *.netsteps.net *.trust-servers.net *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri *.contactpigeon.com *.googlesyndication.com *.netsteps.net *.trust-servers.net 'self' 'unsafe-inline'; report-uri https://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 3
font-src static.lipscore.com maxcdn.bootstrapcdn.com *.gstatic.com 'self' data: https://widgets.trustedshops.com *.cloudflare.com *.typekit.net data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; form-action *.facebook.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; frame-ancestors *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.prismic.io sst.kitchenyeah.de ct.pinterest.com googletagmanager.com td.doubleclick.net *.multisafepay.com https://pay.google.com *.facebook.com *.formcrafts.com *.googletagmanager.com *.mediacliphub.com *.opendns.com *.sleak.chat *.sovendus-connect.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com data: widgets.magentocommerce.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com bat.bing.com *.cdn.prismic.io www.facebook.com www.google.nl *.appspot.com images.prismic.io storage.googleapis.com raw.githubusercontent.com *.prism.app-us1.com *.prismic.io *.taggrs.io static.lipscore.com blob: img.youtube.com *.multisafepay.com *.hsforms.net *.hsforms.com 'self' data: https://widgets.trustedshops.com https://widgets-qa.trustedshops.com *.bing.com *.bing.net bucket-ip-website.s3.eu-central-1.amazonaws.com *.clarity.ms deliverimages.com *.doubleclick.net *.etrusted.com *.facebook.com *.facebook.net *.googleadservices.com *.googleapis.com www.google.al www.google.at www.google.be www.google.bg www.google.ca www.google.ch www.google.cm www.google.co.id www.google.co.in www.google.co.ma www.google.com.au www.google.com.bd www.google.com.br www.google.com.eg www.google.com.mt www.google.com.om www.google.com.ph www.google.com.tr www.google.co.th www.google.co.tz www.google.co.uk www.google.de www.google.dk www.google.dz www.google.es www.google.fi www.google.fr www.google.gr www.google.hr www.google.hu www.google.ie www.google.iq www.google.it www.google.je www.google.jo www.google.la www.google.lu www.google.lv www.google.md www.google.mu www.google.no www.google.pl www.google.pt www.google.ro www.google.rs www.google.ru www.google.se www.google.sr *.google.com google.com *.googlesyndication.com *.gstatic.com *.hubspot.com *.linkedin.com *.lipscore.com *.mediacliphub.com *.perfectview.nl prismic-io.s3.amazonaws.com *.sleak.chat *.visualwebsiteoptimizer.com *.webflow.com data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ bat.bing.com ct.pinterest.com d5yoctgpv4cpx.cloudfront.net connect.facebook.net magento.fcdev metrics.fotoopaluminium.nl metrics.self s.pinimg.com *.appspot.com stapecdn.com static.cdn.prismic.io static.hotjar.com static.mediacliphub.com widgets.trustedshops.com www.clarity.ms *.prism.app-us1.com *.prismic.io https://widget-acc.paazl.com https://api-acc.paazl.com/ *.taggrs.io static.lipscore.com *.multisafepay.com https://pay.google.com *.hsforms.net *.hsforms.com *.google.com *.gstatic.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.clarity.ms *.doubleclick.net *.etrusted.com *.facebook.net *.formcrafts.com *.googlesyndication.com *.googletagmanager.com *.hsadspixel.net *.hs-analytics.net *.hs-banner.com *.hscollectedforms.net *.hs-scripts.com *.jsdelivr.net *.leadinfo.net *.licdn.com *.lipscore.com *.pinimg.com *.pinterest.com prismic.io *.sleak.chat *.sovendus.com *.tiktok.com *.trustedshops.com *.visualwebsiteoptimizer.com *.zdassets.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; style-src *.adobe.com integrations.etrusted.com https://widget-acc.paazl.com https://api-acc.paazl.com/ static.lipscore.com maxcdn.bootstrapcdn.com *.multisafepay.com *.googleapis.com *.gstatic.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.googletagmanager.com *.sleak.chat *.typekit.net 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; object-src deliverimages.com *.fotocadeau.nl *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; media-src *.adobe.com *.noboringsuitcases.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.clarity.ms *.appspot.com ct.pinterest.com dc.services.visualstudio.com js.monitor.azure.com region1.analytics.google.com *.sentry.io *.prism.app-us1.com *.prismic.io https://widget-acc.paazl.com https://api-acc.paazl.com/ wapi.lipscore.com users.lipscore.com *.multisafepay.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site *.algolia.io *.algolia.net *.algolianet.com *.azure.com *.bing.com *.bing.net *.facebook.com *.fotoophout.nl google.com *.google.com *.googlesyndication.com *.hscollectedforms.net *.hubapi.com *.leadinfo.com *.leadinfo.net *.linkedin.com *.mediacliphub.com p2iqhncxyh.execute-api.eu-central-1.amazonaws.com *.pinterest.com polyfilljs.org *.sleak.chat *.sovendus.com *.tiktok.com *.tiktokw.us *.visualwebsiteoptimizer.com *.zdassets.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.mediacliphub.com *.appspot.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://0857a1ae-eb26-4f26-b573-76e7e6a78da5.sansec.watch/; report-to report-endpoint; 3
font-src https://www.gstatic.com https://fonts.gstatic.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.hsforms.net *.hsforms.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://9019ddbf-da08-455e-a3c6-d8ea66ab1180.sansec.watch/; report-to report-endpoint; 3
font-src *.fontawesome.com https://instantcredit.net/ *.googleapis.com *.gstatic.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.yotpo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors https://instantcredit.net/ *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.awin1.com *.zenaps.com *.fls.doubleclick.net https://instantcredit.net/ *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.awin1.com *.zenaps.com *.wepowerconnections.com cdn.doofinder.com * *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.awin1.com *.dwin1.com *.zenaps.com *.wepowerconnections.com https://the.sciencebehindecommerce.com lantern.roeyecdn.com cdn.doofinder.com *.plugins.emarsys.net *.scarabresearch.com https://instantcredit.net/ https://code.jquery.com/ * *.fontawesome.com *.googleapis.com *.gstatic.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.fontawesome.com *.doofinder.com https://instantcredit.net/ *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com unsafe-inline assets.braintreegateway.com *.stripe.network *.stripecdn.com *.amazon.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.wepowerconnections.com https://the.sciencebehindecommerce.com *.doofinder.com wss://*.doofinder.com *.scarabresearch.com *.eservice.emarsys.net https://instantcredit.net/ https://test.instantcredit.net/ *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.yotpo.com 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src https://api.itau.com.br/ https://api.itau.com.br:443/ https://sts.itau.com.br/ https://sts.itau.com.br:443/ https://secure.api.itau/ https://secure.api.itau:443/ https://apisandbox.redeecommerce.rede.com.br/ https://apiquerysandbox.redeecommerce.rede.com.br/ https://api.redeecommerce.rede.com.br/ https://apiquery.redeecommerce.rede.com.br/ 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri /csp_report; 3
frame-ancestors 'self'; default-src 'self'; report-to csp-endpoint; report-uri https://www.tisda.nl/csp-report.php; upgrade-insecure-requests; script-src 'self' 'sha256-hHUpxG06sCMTxk0oJgYdDNkai4FVQ0oNjpx2z4HmPxw=' 'sha256-gj3hXMTISjefzHKc3LvwPGkgIqBnMTl1JhLIdwcC/O8=' 'sha256-WDsUC73nn4VgkPx1YwOLUVRJqzhwfeWvFC3zRWnqz/I='; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://www.googletagmanager.com https://fonts.googleapis.com; object-src 'none'; frame-src 'self' https://www.google.com https://www.googletagmanager.com; img-src 'self' https://www.googletagmanager.com; font-src 'self' https://www.tisda.nl/wp-content/uploads https://www.tisda.nl/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts; connect-src 'self' https://region1.google-analytics.com https://www.googletagmanager.com; manifest-src 'self'; base-uri 'self'; form-action 'self'; media-src 'self'; worker-src 'self' 3
frame-src 'self' td.doubleclick.net youtube.com *.youtube.com; report-uri /infra/monitoring/csp 3
default-src 'self' https: mcdn.pybydl.com; font-src 'self' https: data:; img-src 'self' https: data: mcdn.pybydl.com; object-src 'none'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' mcdn.pybydl.com; style-src 'self' https: 'unsafe-inline' mcdn.pybydl.com; frame-src 'self' https: http: data:; connect-src 'self' https: wss: www.luck-nine.com; report-uri /csp_reports 3
font-src data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1526:0 2
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/android 2
frame-ancestors 'self' *.capcut.com; report-to slardar-endpoint; upgrade-insecure-requests ; report-uri https://mon-sg.capcutapi.com/monitor_browser/collect/batch/security/?bid=cc_web_ug; connect-src 'self' *.idouyinvod.com:* *.volcsiriusbd.com:* *.volcsirius.com:* *.tt.x.bsgslb.cn:* *.dy.zzcdnx.com:* *.qc.bsccdn.net:* *.smtcdns.com:* *.ugslb.com:* *.livehwc3.cn:* *.smtcdns.net:* *.bytefcdnrd.com:* *.ksyungslb.com:* *.ksyungslb2.com:* *.ourdvsss.com:* *.tbcache.com:* *.jomodns.com:* *.douyincdn.com:* *.ixigua.com:* *.bdxigualive.com:* *.pstatp.com:* *.douyinliving.com:* *.picovr.com:* *.huoshanlive.com:* *.ihuoshanlive.com:* *.volccdn.com:* *.bestv.com.cn:* *.bytefcdn.com:* *.douyinvod.com:* *.qnqcdn.net:* *.weilayun.com:* *.saxysec.com:* *.saxyit.com:* *.saxydc.com:* *.sjxysec.com:* *.sjxydc.com:* *.hiecheimaetu.com:* *.ppio.cloud:* *.vegslb.com:* *.xsj.wasu.tv:* *.zebracdn.com:* *.volctranscdn.com:* *.hizhecheng.com:* *.sealaly.net:* *.souajki.net:* *.souajki.com:* *.souajki.cn:* *.siomxity.cn:* *.siomxity.com:* *.siomxity.net:* *.uochly.cn:* *.smogfly.cloud:* *.smogfly.club:* *.iquaveizeeru.com:* *.ietheivaicai.com:* *.3oer.gatedge.com.cn:* *.2owr.xinying.xyz:* *.5jhd.qiwuyun.xyz:* *.qtaeixd.com:* *.jikeiot.cloud:* *.udbgvio.com:* *.fogcp.com:* *.bytescm.com *.bytetos.com *.ibytedapm.com *.zijieapi.com *.snssdk.com *.bytedance.com *.bytedance.net *.pstatp.com *.bytednsdoc.com *.bytegoofy.com *.byted-static.com *.yhgfb-cn-static.com wss: *.node.ppio.cloud *.0kkkkkt.com *.capcut.com *.capcut.cn *.vlabstatic.com blob: *.bytedanceapi.com *.jianying.com *.googleapis.com *.feelgood.cn *.vlabvod.com data: *.douyinpic.com *.byteimg.com *.byteoversea.com *.capcutapi.com *.bytecdn.com *.byteeffecttos.com *.byteacctimg.com *.draftstatic.com *.douyin.com *.googleusercontent.com *.amazonaws.com *.ulikecam.com *.bing.com *.clarity.ms *.microsoft.com *.akamaized.net *.capcutvod.com *.bytedancevod.com *.googletagmanager.com *.tiktokcdn.com *.tiktokv.com *.doubleclick.net *.google.com *.googlesyndication.com *.google-analytics.com; object-src 'none'; base-uri 'self'; frame-src 'self' *.capcut.com; 2
object-src *.leboncoin.fr *.leboncoin.io *.leboncoin.ci; frame-ancestors *.leboncoin.fr *.leboncoin.io *.leboncoin.ci; report-uri https://api.leboncoin.fr/api/csp-report/v1/report/; 2
default-src 'self';style-src 'self' 'unsafe-inline' https://use.typekit.net; object-src 'none'; base-uri 'self';worker-src 'none'; 2
default-src data: 'self' blob: 'unsafe-inline' 'unsafe-eval' *.nesine.com wss://*.nesine.com *.google.com *.google.com.tr *.googletagmanager.com *.google-analytics.com *.support.google.com *.doubleclick.net *.googleadservices.com *.microsoft.com *.apple.com *.facebook.com *.facebook.net connect.facebook.net *.betsolutions.com *.ertgaming.com *.yahoo.com *.newrelic.com *.twitter.com *.instagram.com *.youtube.com *.ytimg.com *.aboutcookies.org *.mobilproses.com *.omnitagjs.com *.outbrain.com *.nr-data.net *.bidswitch.net wss://*.sportradar.com *.sportradar.com *.akamaized.net *.performfeeds.com *.betradar.com *.dge.imggaming.com tjktv.ercdn.net *.tjk.org *.broadage.com *.pubmatic.com *.mediavine.com *.demdex.net *.krxd.net *.thebrighttag.com *.tremorhub.com *.adnxs.com *.casalemedia.com *.360yield.com *.media.net *.rubiconproject.com *.sharethrough.com *.smartadserver.com *.teads.tv *.3lift.com *.emxdgt.com *.sync.com *.ivitrack.com *.yieldmo.com *.yieldlab.net *.imgarena.com *.liderform.com.tr *.googleapis.com *.googlevideo.com *.gstatic.com *.azureedge.net *.semasio.net *.7platform.net *.7platform.com *.7platform.live *.nsoft-cdn.com *.launchdigi.net *.gameturboz.cloud *.turboexplorer.online *.1rx.io *.adsrvr.org aa.agkn.com *.postrelease.com *.revcontent.com *.rqtrk.eu *.bing.com *.smaato.net *.narrative.io *.socdm.com *.mediawallahscript.com *.liadm.com *.stickyadstv.com *.linkedin.com *.rlcdn.com *.dable.io *.adingo.jp *.twiago.com *.bluekai.com *.crwdcntrl.net *.hs.llnwd.net *.ucweb.com *.dengage.com *.playbetman.com *.turbolabs.online *.aleaplay.com *.turbogg4u.online *.turbodiscovery.xyz *.ofmicropod.com *.dengagecdn.com launchdigi.net *.eskimi.com *.tiktok.com *.rsc.cdn77.org *.igamemedia.com *.castr.net data.widgets.sir.sportradar.com *.inseincvirtuals.com wss://data.widgets.sir.sportradar.com wss://*.sportradar.com wss://*.akamaized.net cdn.alsgp0.fds.api.mi-img.com apm-rum-sgp.inf.miui.com infragrid.v.network metrics-dre.dt.dbankcloud.cn cdn-uicons.flaticon.com; img-src * data:; report-uri /csp/cspreport/ 2
default-src https: 'unsafe-inline' 'unsafe-eval' 'self' data:; img-src 'self' *.eff.org data:; report-uri https://sentry.eff.org/api/2/security/?sentry_key=f1118ad37b5e4afbabe3487ca42fe73e 2
default-src 'self'; frame-src 'self' https://9628652.fls.doubleclick.net https://td.doubleclick.net https://js.driftt.com https://a8447815042.cdn-pci.optimizely.com https://ct.pinterest.com https://tealium-f.squarecdn.com; worker-src 'self' blob:; connect-src 'self' https://assets.ctfassets.net https://api.broadway.squareup.com https://campaign-hub-production-f.squarecdn.com https://api.squareup.com/v1/cdp/batch https://api.squarestagingexternal.com/v1/cdp/batch https://api.squarestagingexternal.com https://api.squareup.com https://api.squareupstaging.com *.contentsquare.net https://capi.squareup.com https://browser-intake-datadoghq.com https://stats.g.doubleclick.net https://facebook.com https://www.facebook.com https://googleads.g.doubleclick.net http://www.google-analytics.com https://www.google-analytics.com https://google.com https://www.google.com https://us-central1-sq-sgtm-prod.cloudfunctions.net https://www.googletagmanager.com http://images.ctfassets.net https://images.ctfassets.net http://424-iab-218.mktoresp.com https://424-iab-218.mktoresp.com https://xms2-marketo.beta.stage.sqprod.co https://424-iab-218.mktoutil.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://privacyportal.onetrust.com https://logx.optimizely.com https://ct.pinterest.com https://conversions-config.reddit.com https://pixel-config.reddit.com https://www.redditstatic.com *.ingest.us.sentry.io *.6sc.co https://api.sprig.com https://squareupstaging.com https://visitor-scoring-new.marketlinc.com https://api.chilipiper.com https://pw-renderer-production-c.squarecdn.com localhost:*; font-src 'self' https://cash-f.squarecdn.com https://square-fonts-production-f.squarecdn.com; img-src 'self' data: blob: https://ib.adnxs.com https://assets.ctfassets.net https://cdn.blisspointmedia.com https://campaign-hub-production-f.squarecdn.com *.contentsquare.net https://ad.doubleclick.net https://facebook.com https://www.facebook.com https://google.com https://www.google.com https://adservice.google.com https://googleads.g.doubleclick.net http://www.google-analytics.com https://www.google-analytics.com https://*.g.doubleclick.net https://www.googletagmanager.com http://images.ctfassets.net https://images.ctfassets.net https://px.ads.linkedin.com https://cdn.cookielaw.org https://pixel.pointmediatracker.com https://alb.reddit.com *.6sc.co https://api.squareup.com https://api.squareupstaging.com https://insight.adsrvr.org https://match.adsrvr.org https://pw-renderer-production-c.squarecdn.com; manifest-src 'self' https://pw-renderer-production-c.squarecdn.com; media-src 'self' https://assets.ctfassets.net https://js.driftt.com http://videos.ctfassets.net https://videos.ctfassets.net; script-src 'self' *.contentsquare.net https://www.datadoghq-browser-agent.com https://js.driftt.com https://connect.facebook.net https://www.googleadservices.com https://googleads.g.doubleclick.net http://www.google-analytics.com https://www.google-analytics.com https://www.googletagmanager.com https://campaign-hub-production-f.squarecdn.com https://lift-ai-js.marketlinc.com https://martech-development-c.squarecdn.com https://martech-production-c.squarecdn.com https://martech-staging-c.squarecdn.com http://munchkin.marketo.net https://munchkin.marketo.net https://cdn.cookielaw.org https://a8447815042.cdn-pci.optimizely.com https://s.pinimg.com https://ct.pinterest.com https://pw-renderer-production-c.squarecdn.com https://pw-renderer-staging-c.squarecdn.com https://pwt-production-c.squarecdn.com https://pwt-staging-c.squarecdn.com https://www.redditstatic.com *.6sc.co https://cdn.sprig.com https://xms-production-f.squarecdn.com https://www.youtube.com https://pw-renderer-production-c.squarecdn.com 'nonce-gthjY0u3Zcz3hBxUt9I7/w=='; style-src 'self' https://square-fonts-production-f.squarecdn.com 'unsafe-inline' https://pw-renderer-production-c.squarecdn.com; frame-ancestors 'self' https://app.contentful.com; report-uri https://browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubd9af00759e65a48ba7ee3ff1dfa4260b&dd-evp-origin=content-security-policy&ddsource=csp-report; report-to browser-intake-datadoghq 2
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.rollingstone.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 2
frame-ancestors 'self' https://*.webflow.com https://webflow.com; report-uri https://webflow.report-uri.com/r/t/csp/reportOnly 2
default-src 'self';base-uri 'self';connect-src 'self' wss://keepalive.gotinder.com wss://keepalive.ue1.d1.tstaging.com https://messagepublish.ue1.d4.tstaging.com https://*.gotinder.com https://*.appsflyer.com https://*.bugsnag.com https://tinder-api.arkoselabs.com https://*.spotify.com https://*.line.me https://*.onelink.me https://*.*.braintree-api.com https://*.*.paypal.com https://*.braintree-api.com https://*.paypal.com https://*.braintreegateway.com https://*.s3.amazonaws.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.doubleclick.net https://*.google.com https://maps.googleapis.com https://*.gstatic.com https://fonts.googleapis.com;script-src 'nonce-5OYgwJPIT3iDqKR/7PRILA==' 'strict-dynamic' 'unsafe-eval' 'unsafe-hashes' 'sha256-PLCxbpHSwAa8+W198R1KQQ9UDCexTvYy4z4YmCg21NM=' 'unsafe-inline' https:;style-src 'self' 'unsafe-inline' blob: https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.doubleclick.net https://*.google.com https://maps.googleapis.com https://*.gstatic.com https://fonts.googleapis.com;frame-src 'self' https://tinder-api.arkoselabs.com https://*.*.paypal.com https://*.paypal.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.doubleclick.net https://*.google.com https://maps.googleapis.com https://*.gstatic.com https://fonts.googleapis.com;frame-ancestors 'self';form-action 'self' *.tinder.com tinder.com;object-src 'none';img-src 'self' data: blob: https://*.gotinder.com https://*.scdn.co https://*.cdninstagram.com https://*.cloudfront.net https://*.s3.amazonaws.com https://*.*.paypal.com https://*.paypalobjects.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.doubleclick.net https://*.google.com https://maps.googleapis.com https://*.gstatic.com https://fonts.googleapis.com;media-src 'self' data: https://*.scdn.co https://*.spotify.com https://media.tenor.com;report-to csp-reports;font-src 'self' data: https:;manifest-src 'self' https: 2
default-src 'self';	script-src 'self' bat.bing.com cdn.getkoala.com cdn.rudderlabs.com www.google-analytics.com www.googletagmanager.com www.google.com *.mutinycdn.com js.hs-scripts.com js.hs-banner.com js.hubspot.com js.hs-analytics.com *.hsforms.net unpkg.com snap.licdn.com www.redditstatic.com https://bwa.marketplace.awsstatic.com widget.kapa.ai;	connect-src 'self' login.tailscale.com bat.bing.com *.mutinyhq.io *.mutinycdn.com analytics.google.com www.google-analytics.com api.getkoala.com cdn.sanity.io unpkg.com *.rudderstack.com *.hubspot.com www.redditstatic.com pixel-config.reddit.com px.ads.linkedin.com https://medley.prod.irtysh.dubai.aws.dev proxy.kapa.ai kapa-widget-proxy-la7dkmplpq-uc.a.run.app metrics.kapa.ai;	img-src 'self' cdn.sanity.io lh3.googleusercontent.com www.google-analytics.com *.hsforms.com alb.reddit.com px.ads.linkedin.com bat.bing.com track.hubspot.com;	frame-ancestors 'none';	form-action 'self';	base-uri 'self';	block-all-mixed-content;	object-src 'self';	report-to csp-endpoint;	report-uri https://login.tailscale.com/csp-report; 2
default-src 'self' data: blob: https://067-umd-991.mktoresp.com https://accounts.google.com https://analytics.google.com https://api.amplitude.com https://bi-beta.pst.tech https://bi.pst.tech https://bifrost-https-v4.gw.postman.com https://blog.postman.com https://cdn.cookielaw.org https://cdn.metadata.io https://dl.pstmn.io https://eo2kpuahxhuvgexlueall7gqzq0fihon.lambda-url.us-east-1.on.aws https://events.gw.postman.com https://events.rm-api.com https://geolocation.onetrust.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://identity.getpostman-beta.com https://identity.getpostman.com https://lp.postman.com https://munchkin.marketo.net https://pages.getpostman.com https://player.twitch.tv https://privacyportal.onetrust.com https://public.slidesharecdn.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://manifest.webmanifest https://ms1frkqnsp7r.statuspage.io https://run.pstmn.io https://script.hotjar.com https://skills-assets.pstmn.io https://st-ar.cdn.postman.com https://static.cloudflareinsights.com https://static.hotjar.com https://stats.g.doubleclick.net https://td.doubleclick.net https://vc.hotjar.io https://voyager.postman.com https://web.postman.com https://www.googletagmanager.com https://www.slideshare.net https://snap.licdn.com https://www.google.com https://www.youtube.com https://youtube.com https://www.linkedin.com/px/ https://www.postman.com https://snap.licdn.com/ https://i.ytimg.com https://platformapi.metadata.io https://worldtimeapi.org https://maps.google.com https://dx.mountain.com https://px.mountain.com https://gs.mountain.com https://44.238.122.172 https://100.20.58.101 https://35.85.84.151 https://44.228.85.26 https://34.215.155.61 https://35.160.46.251 https://52.71.121.170 https://18.210.229.244 https://44.212.189.233 https://3.212.39.155 https://52.22.50.55 https://54.156.2.105 https://bam.nr-data.net https://js-agent.newrelic.com https://video.ibm.com https://js.zi-scripts.com/zi-tag.js https://js.zi-scripts.com https://res.cloudinary.com https://mkt.cdn.postman.com https://api.mapbox.com https://events.mapbox.com https://api.fpjs.io https://js.zi-scripts.com https://ws.zoominfo.com https://cdn.jsdelivr.net https://cdn.amplitude.com https://api2.amplitude.com https://www.facebook.com https://connect.facebook.net https://bat.bing.com https://js.qualified.com wss://ws.qualified.com wss://ws2.qualified.com https://app.qualified.com https://api.company-target.com https://segments.company-target.com https://tag.demandbase.com https://tag-logger.demandbase.com https://s.company-target.com https://alb.reddit.com https://www.redditstatic.com https://pixel-config.reddit.com https://id.rlcdn.com https://content.hotjar.io https://script.hotjar.com https://static.hotjar.com wss://ws.hotjar.com https://cdn.segment.com https://api.cdp.postman.com https://api.segment.io https://evs.cdp.postman.com https://www.influ2.com https://t.influ2.com https://pxl.growth-channel.net https://tags.srv.stackadapt.com https://assets.postman.com https://job-boards.greenhouse.io 'unsafe-inline' 'unsafe-eval'; form-action 'self'; base-uri 'self'; 2
script-src 'self' padlet.net maps.googleapis.com apis.google.com ta-echo.padlet.com api.commandbar.com cdn.commandbar.com app.getbeamer.com challenges.cloudflare.com embed.cloudflarestream.com cdn.usefathom.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' padlet.net fonts.googleapis.com cdn.commandbar.com app.getbeamer.com 'unsafe-inline'; font-src 'self' padlet.net fonts.gstatic.com data:; report-uri https://padlet.com/csp-report; 2
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.billboard.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 2
default-src 'self' https://static.tenda.com.cn data:; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://static.tenda.com.cn; font-src 'self' data:; 2
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://deadline.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 2
connect-src 'self' *.adentifi.com *.adnxs.com *.adobeaemcloud.com *.agkn.com *.analytics.google.com *.azurefd.net *.bing.com *.buyatoyota.com *.captcha-sdk.awswaf.com *.clarity.ms *.cloudfunctions.net *.contentsquare.net *.doubleclick.net *.google-analytics.com *.google.com *.ipredictive.com *.lexus.com *.linkedin.com *.omtrdc.net *.rlcdn.com *.scene7.com *.sdk.awswaf.com *.teads.tv *.token.awswaf.com *.tomtom.com *.toyota.com *.toyotafinancial.com *.turn.com *.undertone.com *.yimg.com ads.scorecardresearch.com adserv.mobi alb.reddit.com api.iperceptions.com api.retargetly.com ara.paa-reporting-advertising.amazon at.alicdn.com bat.bing.net browser-intake-datadoghq.com c.amazon-adsystem.com cdn.appdynamics.com cm.everesttech.net col.eum-appdynamics.com collection.decibelinsight.net connect.facebook.net conv-pix.adstk.io conversions-config.reddit.com ct.pinterest.com data: doh.cq0.co dpm.demdex.net dsum-sec.casalemedia.com engagement-provider-preprod.iperceptions.com evnt.byspotify.com fonts.gstatic.com gdpr.loopme.com google.com i18n.contentsquare.com insight.adsrvr.org invite-preprod.iperceptions.com ips-invite.iperceptions.com jnn-pa.googleapis.com kcc0.com lciapi.ninthdecimal.com ldti.syndication.kbb.com lm.serving-sys.com maps.googleapis.com match.adsrvr.org nexus-test.ensighten.com nexus.ensighten.com pagead2.googlesyndication.com peornia-comargers.icu pixall.esm1.net pixel-config.reddit.com pixel.admedia.com pixel.logtrackback.com pixel.quantserve.com pixel.sitescout.com pixels.spotify.com post.iperceptions.com privacy.ensighten.com pt.ispot.tv px.gumgum.com rum.hlx.page s-a.innovid.com s.amazon-adsystem.com s.pinimg.com sd.iperceptions.com secure-ds.serving-sys.com secure.insightexpressai.com simage2.pubmatic.com snap.licdn.com snapshot.carfax.com sp.analytics.yahoo.com sync-eu.connectad.io tagging.shiftdigitalapps.io tags.srv.stackadapt.com tags.w55c.net tapestry.tapad.com tcrp-stg.mmq.telematicsct.com tcrp.mmq.telematicsct.com tk0x1.com toyota.demdex.net tr.snapchat.com tr6.snapchat.com universal.iperceptions.com www.facebook.com www.googleadservices.com www.googletagmanager.com www.pinterest.com www.redditstatic.com www.youtube.com x.bidswitch.net zen-dco.innovid.com zz.connextra.com; default-src 'self' *.toyota.com login.microsoftonline.com; font-src 'self' *.lexus.com *.linkedin.com *.toyota.com assets.alicdn.com at.alicdn.com data: fonts.googleapis.com fonts.gstatic.com login.microsoftonline.com snap.licdn.com; frame-src *.bing.com *.contentsquare.net *.doubleclick.net *.flashtalking.com *.google.com *.lexus.com *.teads.tv *.toyota.com bs.serving-sys.com col.eum-appdynamics.com ct.pinterest.com insight.adsrvr.org lciapi.ninthdecimal.com ldti.syndication.kbb.com m.youtube.com match.adsrvr.org pixall.esm1.net pixel.admedia.com pixel.rubiconproject.com rtb.adgrx.com toyota.demdex.net toyota.evlife.co tr.snapchat.com universal-preprod.iperceptions.com universal.iperceptions.com www.googletagmanager.com www.youtube-nocookie.com www.youtube.com; img-src 'self' *.adentifi.com *.adnxs.com *.adobeaemcloud.com *.agkn.com *.azurefd.net *.bing.com *.buyatoyota.com *.clarity.ms *.cloudfront.net *.contentsquare.net *.doubleclick.net *.google.co.in *.google.com *.inventoryrsc.com *.ipredictive.com *.lexus.com *.linkedin.com *.rlcdn.com *.scene7.com *.setproductsetup.com *.taboola.com *.taboolasyndication.com *.teads.tv *.toyota.com *.tribalfusion.com *.turn.com *.tvsquared.com *.undertone.com *.vindicosuite.co *.yimg.com 1f2e7.v.fwmrm.net abs.twimg.com acuityplatform.com ade.googlesyndication.com ads.scorecardresearch.com ads.stickyadstv.com adserv.mobi adservice.google.co.uk adswizz.com ag.innovid.com alb.reddit.com api.retargetly.com arttrk.com bat.bing.net bs.serving-sys.com campaignmanager.com cm.everesttech.net cognitivlabs.com col.eum-appdynamics.com connect.facebook.net conv-pix.adstk.io ct.pinterest.com data.privacy.ensighten.com data: dev.day.com dpm.demdex.net dsum-sec.casalemedia.com eb2.3lift.com engagetosell.com fonts.gstatic.com hb.yahoo.net hitcount-preprod.iperceptions.com i.ytimg.com img.alicdn.com insight.adsrvr.org ips-img.iperceptions.com ips-invite.iperceptions.com jadserve.postrelease.com kargo.com kcc0.com l.facebook.com lciapi.ninthdecimal.com ldti.syndication.kbb.com lm.facebook.com log.pinterest.com login.microsoftonline.com maps.googleapis.com maps.gstatic.com match.adsrvr.org media.sabio.us mpp.vindicosuite.com nexus-test.ensighten.com nodetracker.datawrkz.com odr.mookie1.com pbs.twimg.com peornia-comargers.icu photosite.setoyota.com pippio.com pixall.esm1.net pixel-ssn.quantserve.com pixel-sync.sitescout.com pixel.logtrackback.com pixel.quantserve.com pixel.rubiconproject.com pixel.sitescout.com pixel.tapad.com pr-bh.ybp.yahoo.com pt.ispot.tv px.gumgum.com rtb.adgrx.com s-a.innovid.com s.amazon-adsystem.com sd.iperceptions.com secure-ds.serving-sys.com secure.insightexpressai.com simage2.pubmatic.com snap.licdn.com snapshot.carfax.com sp.analytics.yahoo.com static.carfax.com static.reportdelivery.production.aws.carfax.io stats.wordpress.com sync.crwdcntrl.net sync.search.spotxchange.com t.co tag.tapad.com tagging.shiftdigitalapps.io tags.bluekai.com tags.srv.stackadapt.com tags.w55c.net tapestry.tapad.com tk0x1.com tmsappqstorage01.blob.core.windows.net toyota.com trkn.us tubemogul.com twittercounter.com unrulymedia.com ups.analytics.yahoo.com us-u.openx.net www.facebook.com www.google-analytics.com www.google.co.uk www.googleadservices.com www.gstatic.com www.pinterest.com www.youtube.com x.bidswitch.net yt3.ggpht.com zen-dco.innovid.com zz.connextra.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.adnxs.com *.agkn.com *.azureedge.net *.azurefd.net *.bing.com *.buyatoyota.com *.captcha-sdk.awswaf.com *.captcha.awswaf.com *.clarity.ms *.cobrowse.oraclecloud.com *.contentsquare.net *.doubleclick.net *.force.com *.google.co.in *.google.com *.lexus.com *.linkedin.com *.liveagentforsalesforce.com *.phenompeople.com *.rfihub.net *.rlcdn.com *.salesforceliveagent.com *.sdk.awswaf.com *.teads.tv *.token.awswaf.com *.tomtom.com *.toyota.com *.tribalfusion.com *.turn.com *.tvsquared.com *.yimg.com adserv.mobi api.retargetly.com app.contentsquare.com assets.adobedtm.com assets.sitescdn.net bs.serving-sys.com c.amazon-adsystem.com cdn.appdynamics.com cdn.decibelinsight.net cdn.pdst.fm connect.facebook.net consent.cookiebot.com cstatic.weborama.fr ct.pinterest.com ctcp.cybage.com dts.innovid ethn.io g.alicdn.com global.toyota gnrcp.cybage.com i.loopme.me imgs.signifyd.com ips-invite.iperceptions.com js.adsrvr.org js.adstk.io ldti.syndication.kbb.com live.rezync.com maps.googleapis.com media.fraud.net nexus-test.ensighten.com nexus.ensighten.com onetag.tws.toyota.jp pagead2.googlesyndication.com peornia-comargers.icu pixel.admedia.com pixel.byspotify.com pixel.mathtag.com privacy.ensighten.com resources.digital-cloud.medallia.com rules.quantcount.com rum.hlx.page s.pinimg.com s2.go-mpulse.net s7.addthis.com sc-static.net script.hotjar.com scripts.inmarkethub.com sd.iperceptions.com secure-ds.serving-sys.com secure.ethicspoint.com secure.quantserve.com snap.licdn.com snapshot.carfax.com static.ads-twitter.com static.hotjar.com tagging-staging.shiftdigitalapps.io tagging.shiftdigitalapps.io tags.bluekai.com tags.srv.stackadapt.com toyota.com toyotaeffect.com tr.snapchat.com universal.iperceptions.com us.connextra.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com www.gstatic.com www.redditstatic.com www.toyota.ca www.toyota.mx www.toyotafinancial.com www.toyotaipsolutions.com www.toyotamobility.com www.youtube-nocookie.com www.youtube.com www1.toyotaoutfitters.com; style-src 'self' 'unsafe-inline' *.tomtom.com *.toyota.com fonts.googleapis.com nexus-test.ensighten.com nexus.ensighten.com privacy.ensighten.com snapshot.carfax.com tags.srv.stackadapt.com www.gstatic.com www.youtube.com; child-src blob:; media-src *.doubleclick.net *.toyota.com dts.innovid m.youtube.com pdst.fm s-static.innovid.com www.youtube-nocookie.com www.youtube.com; worker-src 'unsafe-inline' blob: data:; report-uri https://prod.webservices.toyota.com/csp-report 2
default-src 'self' *.wp.com;	img-src data: https:;	script-src 'unsafe-inline' 'unsafe-eval' blob: https:;	style-src 'unsafe-inline' https:;	font-src data: https:;	media-src blob: https:;	frame-src https:;	object-src 'none';	connect-src https:; 2
default-src 'self' cdnweb.sbermobile.ru; frame-src https://cdn.rutarget.ru/ https://api.flocktory.com https://mc.yandex.ru https://tag.rutarget.ru/ ; style-src 'unsafe-inline' 'self' fonts.googleapis.com cdnweb.sbermobile.ru; font-src 'self' cdnweb.sbermobile.ru data: fonts.gstatic.com ; connect-src 'self' https://yandexmetrica.com:*/ *.sbermarketing.ru uaas.yandex.ru ad.adriver.ru api.flocktory.com kraken.rambler.ru https://*.mc.yandex.ru/ https://stats.g.doubleclick.net/ https://suggestions.dadata.ru/ https://suggest-maps.yandex.ru/ https://ymetrica1.com/ https://www.google-analytics.com/ https://unpkg.com/ https://stats.g.doubleclick.net/ https://mc.yandex.ru/ https://*.sberbank.ru/ https://sa.online.sberbank.ru:8098/; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnweb.sbermobile.ru *.yandex.net *.trbcdn.net  top-fwz1.mail.ru api.flocktory.com *.top100.ru *.adriver.ru px.adhigh.net cdn.rutarget.ru yastatic.net *.maps.yandex.net suggest-maps.yandex.ru api-maps.yandex.ru *.otm-r.com www.google-analytics.com ajax.googleapis.com fonts.googleapis.com *.mc.yandex.ru mc.yandex.ru nlb-clickstream.sberbank.ru sp.otm-r.com stats.g.doubleclick.net www.google-analytics.com www.google.ru www.googletagmanager.com ; img-src 'self' data: www.gstatic.com cdnweb.sbermobile.ru adservings.ru api.flocktory.com top-fwz1.mail.ru kraken.rambler.ru api-maps.yandex.ru *.maps.yandex.net *.mc.yandex.com *.mc.yandex.ru mc.yandex.ru *.googleusercontent.com www.googletagmanager.com www.google.ru www.google.com www.google-analytics.com *.otm-r.com yandex.ru; base-uri 'self' cdnweb.sbermobile.ru; form-action 'self'; frame-ancestors 'none' 2
default-src 'none'; script-src icq.com c.icq.com cicq.org 1l-hit.mail.ru www.google-analytics.com buddyicon.foto.mail.ru www.googletagmanager.com top-fwz1.mail.ru 'sha256-DKOsdd00IXAHc7qK64HiC18YrB2K4SfiH8Sl6A9aFyg=' 'sha256-u4WiMVZhYDdCrFwB8Zn3gLba1EI3pqIlFYWFZfXJl2I=' 'sha256-ynzJCJTMBeZF6kbmzoI2rC+vDRozRAHxsPfAruxve88=' 'sha256-j51JRkq0bwz97Hd/1wJQsIy6/aX9cz16Xyp+M8FshTA=' 'self'; style-src c.icq.com icq.com cicq.org 'self' 'unsafe-inline'; img-src data: icq.com c.icq.com cicq.org api.icq.net www.google-analytics.com buddyicon.foto.mail.ru files.icq.com files.imgsmail.ru u.icq.net u.myteam.vmailru.net ub.icq.net ub.myteam.vmailru.net swa.icq.com stats.g.doubleclick.net 'self'; media-src data: icq.com c.icq.com cicq.org api.icq.net www.google-analytics.com files.icq.com api.icq.net files.imgsmail.ru u.icq.net u.myteam.vmailru.net ub.icq.net ub.myteam.vmailru.net 'self'; font-src icq.com c.icq.com cicq.org 'self'; connect-src privacy.icq.com icq.com top-fwz1.mail.ru 'self'; report-uri /system/error 2
media-src blob: https:; worker-src blob: https:; font-src chrome-extension: data: https:; img-src data: blob: about: https: http://track.adform.net; default-src https: blob: data: ms-appx-web: wss: 'unsafe-inline' 'unsafe-eval'; report-uri https://handelsblatt.report-uri.com/r/d/csp/reportOnly 2
frame-ancestors 'self'; report-to csp-endpoint 2
require-trusted-types-for 'script';report-uri /us/_/ThinkWithGoogle/cspreport 2
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://wwd.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 2
frame-src 'self' syndicatedsearch.goog *.google.com *.youtube.com vimeo.com *.vimeo.com *.podbean.com static.addtoany.com *.blackbaudhosting.com js.createsend1.com *.createsend.com *.payments.blackbaud.com payments.blackbaud.com/Checkout/bbCheckout.2.0.js; object-src 'none'; script-src 'self' 'report-sample' 'unsafe-eval' *.googleadservices.com app.purechat.com app-script.monsido.com connect.facebook.net cdnjs.cloudflare.com static.addtoany.com polyfill.io *.googletagmanager.com *.google-analytics.com *.google.com www.gstatic.com cdn.jsdelivr.net *.hotjar.com *.gtranslate.net *.blackbaudhosting.com js.createsend1.com www.createsend.com *.googleapis.com *.payments.blackbaud.com payments.blackbaud.com/Checkout/bbCheckout.2.0.js https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://www.google.com; script-src-elem 'self' 'unsafe-inline' *.googleadservices.com app.purechat.com app-script.monsido.com connect.facebook.net cdnjs.cloudflare.com static.addtoany.com polyfill.io *.googletagmanager.com *.google-analytics.com *.google.com www.gstatic.com cdn.jsdelivr.net *.hotjar.com *.gtranslate.net *.blackbaudhosting.com js.createsend1.com *.createsend.com www.createsend.com *.googleapis.com *.payments.blackbaud.com payments.blackbaud.com/Checkout/bbCheckout.2.0.js *.simpli.fi https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://www.google.com; style-src 'self' 'report-sample' 'unsafe-inline' *.googleapis.com *.gstatic.com *.createsend1.com *.createsend.com *.blackbaudhosting.com *.payments.blackbaud.com payments.blackbaud.com/Checkout/bbCheckout.2.0.js cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; worker-src 'self'; base-uri 'self'; form-action 'self' www.createsend.com js.createsend1.com *.blackbaudhosting.com *.nla.gov.au *.payments.blackbaud.com payments.blackbaud.com/Checkout/bbCheckout.2.0.js; frame-ancestors 'self' 2
connect-src https:; child-src https:; default-src https:; font-src data: https:; form-action https:; frame-ancestors 'self' *.ffxblue.com.au *.ffx.io *.afr.com *.cdn.ampproject.org *.platform.ink; frame-src https:; img-src https: data:; media-src blob: https:; object-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; script-src-attr https: 'unsafe-eval' 'unsafe-inline'; script-src-elem https: 'unsafe-eval' 'unsafe-inline'; style-src https:; style-src-attr 'unsafe-inline'; style-src-elem https: 'unsafe-inline'; worker-src blob:; report-uri https://csp.ffx.io/; report-to csp-endpoint 2
default-src 'self' https://api.mixpanel.com; script-src 'self' 'unsafe-eval' 'nonce-vw/M1EJtfJm4SIes+W5PaCZGFTwAGtQUq/fcbk8QS9ZWpPve9CW6MVbxhTZeopQWzWf9HgCW2H9DE5IQs2sQjQ==' https://*.facebook.net https://www.facebook.com https://snap.licdn.com https://connect.liblynx.com https://sandbox.liblynx.com https://www.google-analytics.com https://optimize.google.com https://ssl.google-analytics.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com https://cdn.mxpnl.com https://cdn4.mxpnl.com https://api.mixpanel.com https://www.googletagmanager.com https://kit.fontawesome.com https://use.fontawesome.com https://pro.fontawesome.com https://scholar.google.com https://api.altmetric.com https://d1bxh8uas1mnw7.cloudfront.net https://js.trendmd.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; img-src 'self' https://ssl.google-analytics.com https://www.google-analytics.com https://optimize.google.com https://www.googletagmanager.com https://connect.liblynx.com https://sandbox.liblynx.com https://stats.g.doubleclick.net https://cdn.mxpnl.com https://images.mxpnl.com https://badges.altmetric.com https://d1uo4w7k31k5mn.cloudfront.net https://www.facebook.com https://px.ads.linkedin.com https://www.linkedin.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io data:; connect-src 'self' https://shop.emerald.com/ https://www.facebook.com https://www.google-analytics.com https://api.mixpanel.com/ https://scholar.google.com https://*.trendmd.com https://cc.trendmd.co https://ka-p.fontawesome.com https://kit.fontawesome.com https://stats.g.doubleclick.net http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; style-src 'self' 'nonce-vw/M1EJtfJm4SIes+W5PaCZGFTwAGtQUq/fcbk8QS9ZWpPve9CW6MVbxhTZeopQWzWf9HgCW2H9DE5IQs2sQjQ==' https://optimize.google.com https://fonts.googleapis.com https://use.fontawesome.com https://pro.fontawesome.com https://ka-p.fontawesome.com https://d1bxh8uas1mnw7.cloudfront.net https://trendmd.s3.amazonaws.com https://css.trendmd.com; font-src 'self' https://themes.googleusercontent.com https://fonts.gstatic.com https://use.fontawesome.com https://pro.fontawesome.com https://ka-p.fontawesome.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; frame-src 'self' https://www.googletagmanager.com https://optimize.google.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; object-src 'self' 2
frame-ancestors 'self' https://www.rferl.org/embed https://www.rferl.org/embed/player https://www.rferl.org/embed/player/0 https://www.rferl.org/embed/player/1 https://www.rferl.org/ext https://www.rferl.org/widget; report-uri https://csp.pangeadigital.io/cspreport 2
frame-ancestors 'self' https://*.kit.edu; report-uri /global-cgi-bin/csp-report; report-to csp-report 2
default-src 'self' https://static.expo.dev; connect-src 'self' https://api.expo.dev https://static.expo.dev https://job-artifacts.eascdn.net https://job-logs.eascdn.net https://staging-assets.eascdn.net https://assets.eascdn.net https://cdp.expo.dev http://127.0.0.1:* https://qr.expo.dev https://status.expo.dev https://8tdse0ohgq-dsn.algolia.net https://qex7pb7d46-dsn.algolia.net https://sessions.bugsnag.com https://*.g.doubleclick.net https://api.github.com https://google.com https://*.google.com https://*.analytics.google.com https://*.google-analytics.com https://www.googleadservices.com https://*.googleapis.com https://pagead2.googlesyndication.com https://*.googletagmanager.com https://react-tweet.vercel.app https://reactnative.directory https://api.rudderstack.com https://9r24npb8.api.sanity.io https://9r24npb8.apicdn.sanity.io https://sentry.io https://o30871.ingest.sentry.io https://api.stripe.com https://api.logrocket.com https://*.typeform.com https://*.hubapi.com https://*.hubspot.com https://*.hs-banner.com https://*.hscollectedforms.net https://*.hsforms.com https://px.ads.linkedin.com; manifest-src 'self'; font-src 'self' data: https://static.expo.dev https://cdnjs.cloudflare.com https://fonts.gstatic.com; frame-src https://*.datadoghq.com https://td.doubleclick.net https://www.google.com https://www.googletagmanager.com https://www.recaptcha.net https://*.js.stripe.com https://js.stripe.com https://hooks.stripe.com https://*.youtube.com https://embed.bsky.app https://*.logrocket.com https://*.typeform.com https://*.hubspot.com https://*.hs-sites.com https://*.hubspot.net https://*.hsforms.net https://*.hsforms.com; img-src 'self' https: data: blob:; media-src 'self' https: data: blob:; script-src 'self' 'unsafe-inline' https://static.expo.dev https://d2wy8f7a9ursnm.cloudfront.net https://googleads.g.doubleclick.net https://tagmanager.google.com https://www.google.com https://www.googleadservices.com https://maps.googleapis.com https://pagead2.googlesyndication.com https://*.googletagmanager.com https://www.gstatic.cn https://www.gstatic.com https://cdn.rudderlabs.com https://js.stripe.com https://*.js.stripe.com https://www.youtube.com https://embed.bsky.app https://*.typeform.com https://*.hs-scripts.com https://*.hsadspixel.net https://*.hscollectedforms.net https://*.hs-analytics.net https://*.hs-banner.com https://*.hsforms.net https://*.hsforms.com https://*.hsleadflows.net https://snap.licdn.com; style-src 'self' 'unsafe-inline' https:; frame-ancestors 'self'; report-to expo 2
default-src 'self'; script-src 'report-sample' 'self'   https://7052064.fs1.hubspotusercontent-na1.net   https://a.omappapi.com   https://app.hubspot.com   https://assets.apollo.io   https://cdn.demio.com   https://cdn.propensity.com   https://cdnjs.cloudflare.com   https://code.jquery.com   https://googleads.g.doubleclick.net   https://import-cdn.default.com   https://js.hscollectedforms.net   https://js.navattic.com   https://platform.linkedin.com   https://s3-us-west-2.amazonaws.com   https://snap.licdn.com   https://static.hsappstatic.net   https://www.googleadservices.com   https://www.googletagmanager.com   https://www.redditstatic.com   https://js.hs-analytics.net   https://js.hs-scripts.com; style-src 'report-sample' 'self'   https://7052064.fs1.hubspotusercontent-na1.net   https://ajax.googleapis.com   https://cdn.demio.com   https://cdnjs.cloudflare.com   https://fonts.googleapis.com   https://kit-free.fontawesome.com   https://static.hsappstatic.net; object-src 'none'; base-uri 'self'; connect-src 'self'   https://a.omappapi.com   https://analytics.google.com   https://aplo-evnt.com   https://app.hubspot.com   https://cp.hubspot.com   https://forms.default.com   https://forms.hsforms.com   https://geo.demio.com   https://js.hs-banner.com   https://nucleus.default.com   https://pixel-config.reddit.com   https://px.ads.linkedin.com   https://www.cloudflare.com   https://www.google.com   https://www.redditstatic.com   https://z.omappapi.com   https://api.hsforms.com   https://api.hubapi.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self'   https://forms.hsforms.com   https://play.hubspotvideo.com   https://scheduler.default.com   https://td.doubleclick.net   https://www.googletagmanager.com; img-src 'self'   https://a.omappapi.com   https://alb.reddit.com   https://forms-na1.hsforms.com   https://forms.hsforms.com   https://forms.hubspot.com   https://googleads.g.doubleclick.net   https://px.ads.linkedin.com   https://static.hsappstatic.net   https://track.hubspot.com   https://www.google.com; manifest-src 'self'; media-src 'self'; worker-src 'none'; report-uri https://6823595ee2a3634bf77e7bfe.endpoint.csper.io?builder=true&v=2; 2
img-src 'self' https://s3.amazonaws.com/media.nngroup.com/; default-src 'self'; font-src 'self' https://s3.amazonaws.com/media.nngroup.com/; connect-src 'self'; script-src 'self' https://s3.amazonaws.com/media.nngroup.com/; style-src 'self' https://s3.amazonaws.com/media.nngroup.com/ 2
default-src 'self'; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://www.stage-new.ifx.virtual-identity.com/ https://www.infineon.com https://maps.google.com https://maps.googleapis.com https://www.google-analytics.com https://siteintercept.qualtrics.com https://zn4mbdaokn6kcahtg-cypress.siteintercept.qualtrics.com https://79423.analytics.edgekey.net https://cdnjs.cloudflare.com https://connect.facebook.net https://e.video-cdn.net https://img.en25.com https://oc-cdn-public-eur.azureedge.net https://rules.quantcount.com https://s1968580696.t.eloqua.com https://*.hotjar.com https://secure.quantserve.com https://snap.licdn.com https://www.google-analytics.com https://www.googletagmanager.com; style-src 'self' 'report-sample' 'unsafe-inline' https://www.stage-new.ifx.virtual-identity.com/ https://www.infineon.com https://*.hotjar.com https://cdn.botframework.com https://fonts.googleapis.com https://oc-cdn-public-eur.azureedge.net; object-src 'self'; connect-src 'self' https://www.infineon.com https://softwaretools.infineon.com https://toolbox-cloud-staging.cloudapps.infineon.com https://stg-community.infineon.com https://community.infineon.com https://maps.googleapis.com https://siteintercept.qualtrics.com https://api.flockler.com https://asset-out-cdn.video-cdn.net https://c.video-cdn.net https://ca.video-cdn.net https://d.video-cdn.net https://infineon.product-discontinuation.com https://licensing.bitmovin.com https://ma307-r.analytics.edgekey.net https://oc-cdn-public-eur.azureedge.net https://stats.g.doubleclick.net https://vod.video-cdn.net https://www.google-analytics.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; font-src 'self' data: https://e.video-cdn.net https://fonts.gstatic.com https://*.hotjar.com; frame-src 'self' https://www.infineon.com https://chatbot.infineon.com https://oc-cdn-public-eur.azureedge.net https://players.brightcove.net https://*.hotjar.com https://www.facebook.com https://www.youtube.com https://www.promeas.com; img-src 'self' data: https://www.infineon.com https://www.infineon-brandportal.com https://pbs.twimg.com https://www.kununu.com https://www.glassdoor.com https://s722891043.t.eloqua.com https://siteintercept.qualtrics.com https://asset-out-cdn.video-cdn.net https://media-api.flockler.com https://media-exp1.licdn.com https://pixel.quantserve.com https://px.ads.linkedin.com https://s1968580696.t.eloqua.com https://www.bluewind.it https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.google.de https://www.googletagmanager.com https://maps.gstatic.com https://maps.googleapis.com https://maps.google.com https://*.hotjar.com; manifest-src 'self'; media-src 'self' data:; base-uri 'self'; report-uri https://www.infineon.com/rest/csp/report; worker-src blob:; 2
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://bgr.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 2
default-src 'self' *.wargaming.net *.wgprod.net https://*.wgcdn.co https://*.gcdn.co https://www.youtube.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.tvsquared.com *.wargaming.net *.wgprod.net *.cookielaw.org *.onetrust.com *.outbrain.com *.snapchat.com *.redditstatic.com https://sc-static.net https://ob.cheqzone.com https://analytics.google.com https://www.google.com https://www.google.com.cy https://*.teads.tv https://*.taboola.com https://*.adform.net https://partner.worldoftanks.com https://*.wgcdn.co https://*.gcdn.co https://www.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://www.googleadservices.com https://www.googleoptimize.com https://u360.d-bi.fr https://bat.bing.com https://connect.facebook.net https://googleads.g.doubleclick.net https://*.adroll.com https://*.addthis.com https://*.addthisedge.com https://tag.marinsm.com https://pixel-geo.prfct.co https://static.criteo.net https://*.creative-serving.com https://*.criteo.com https://*.cloudfront.net https://js.gleam.io https://a1.adform.net https://ajax.googleapis.com https://www.youtube.com https://animate.adobe.com https://*.stackadapt.com https://pagead2.googlesyndication.com https://secure.quantserve.com https://rules.quantcount.com https://*.clarity.ms cdn.taboola.com ; style-src 'self' 'unsafe-inline' *.wargaming.net *.wgprod.net https://fonts.googleapis.com https://*.wgcdn.co https://*.gcdn.co ; img-src 'self' data: android-webview-video-poster: * ; connect-src 'self' *.wargaming.net *.wgprod.net *.tvsquared.com *.taboola.com *.cookielaw.org *.onetrust.com *.outbrain.com *.snapchat.com *.yimg.com https://*.worldoftanks.com https://*.worldoftanks.eu https://*.worldoftanks.asia https://*.wgcdn.co https://sc-static.net https://ob.cheqzone.com https://analytics.google.com https://www.google.com wss://worldoftanks.eu wss://worldoftanks.asia wss://worldoftanks.com https://*.facebook.com https://www.googleoptimize.com https://*.addthis.com https://*.google-analytics.com https://*.analytics.google.com https://ymetrica1.com https://*.cloudfront.net https://google.com https://google.ru https://google.com.ua https://google.by https://google.pl https://www.google.com.cy https://*.googleapis.com https://stackadapt.com https://*.doubleclick.net https://pagead2.googlesyndication.com https://*.clarity.ms https://collect.worldoftanks.eu https://content-wg.gcdn.co https://bat.bing.com ; font-src 'self' *.wargaming.net *.wgprod.net https://fonts.gstatic.com https://*.wgcdn.co https://*.gcdn.co ; media-src 'self' *.wargaming.net *.wgprod.net https://*.wgcdn.co https://*.gcdn.co ; frame-src 'self' *.wargaming.net *.wgprod.net https://tr.snapchat.com https://creativecdn.com https://*.adform.net https://*.facebook.com https://ad3.adfarm1.adition.com https://connect.facebook.net https://www.youtube.com https://bid.g.doubleclick.net https://*.criteo.com https://*.addthis.com https://gleam.io https://*.gcdn.co https://*.wgcdn.co https://aax-eu.amazon-adsystem.com https://api.worldoftanks.eu ; object-src 'self' *.wargaming.net *.wgprod.net https://*.gcdn.co https://www.youtube.com ; report-uri https://cspreport.wargaming.net/cspreport 2
script-src 'unsafe-eval' blob: 'self' https: 'self' data: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline' internal-soap.wikia.com internal-soap.fandom.com internal-soap.wikia.org internal-soap.gamepedia.com www.fandom.com www.wikia.com www.wikia.org www.gamepedia.com; default-src 'self' data: blob: https: 'self' data: blob: internal-soap.wikia.com internal-soap.fandom.com internal-soap.wikia.org internal-soap.gamepedia.com www.fandom.com www.wikia.com www.wikia.org www.gamepedia.com; style-src 'self' data: blob: https: 'self' data: blob: internal-soap.wikia.com internal-soap.fandom.com internal-soap.wikia.org internal-soap.gamepedia.com www.fandom.com www.wikia.com www.wikia.org www.gamepedia.com 'unsafe-inline'; img-src * data: blob:; object-src 'none'; report-uri https://services.fandom.com/csp-logger/csp/ucp; worker-src 'self' blob: 2
default-src 'self' 'unsafe-eval' 'unsafe-inline' https: blob:;style-src 'self' 'unsafe-inline' https: data:;connect-src https: wss:;frame-src https:;script-src 'unsafe-eval' 'unsafe-inline' https: blob: data:;font-src https: data:;img-src https: data: blob:;media-src https: blob:; report-uri /csp_rep 2
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://robbreport.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 2
default-src 'self' ; script-src 'self' 'unsafe-eval' 'unsafe-inline' 'nonce-a705ea3e-bf1c-4412-a6d0-f1dd65979a92' https: data: https://js.sentry-cdn.com https://fast.wistia.com https://fast.wistia.net https://siteintercept.qualtrics.com https://browser.sentry-cdn.com https://*.siteintercept.qualtrics.com https://www.googletagmanager.com https://js.monitor.azure.com; style-src 'self' 'unsafe-inline' https://fast.wistia.com https://cdn.jsdelivr.net https://more.suse.com; img-src 'self' https: data: https://fast.wistia.com https://embed-ssl.wistia.com https://cdn.cookielaw.org https://embed-ssl.wistia.com https://fast.wistia.net https://fast.wistia.com https://cdn.cookielaw.org https://embed-ssl.wistia.com https://embed-ssl.wistia.com https://cdn.cookielaw.org https://embed-ssl.wistia.com; connect-src 'self' https: wss: https://cdn.cookielaw.org https://distillery.wistia.com https://siteintercept.qualtrics.com https://dc.services.visualstudio.com https://fast.wistia.com https://fast.wistia.net https://pipedream.wistia.com wss://ws.qualified.com https://embed-ssl.wistia.com https://apple.dxcloud.episerver.net https://cdn.jsdelivr.net https://js.monitor.azure.com wss://ws.qualified.com; font-src 'self' https: data: https://fonts.gstatic.com https://fast.wistia.net; object-src 'none'; ; media-src 'self' https: blob: ; frame-src 'self' https: ; form-action 'self' https://suselinux.fra1.qualtrics.com; frame-ancestors 'self' ; base-uri 'none'; ;  report-uri https://www.suse.com/api/reporting/;  report-to csp-endpoint; 2
default-src 'self' https://n8n.io data: 'unsafe-inline'; script-src 'self' 'sha256-4pl9dZH8ght2nZ3AX1mV23mwuukxsklzULVnAeIEKbg=' https://cdn.jsdelivr.net/npm/@webcomponents/webcomponentsjs@2.0.0/webcomponents-loader.js https://www.unpkg.com/lit@2.0.0-rc.2/polyfill-support.js https://cdn.jsdelivr.net/npm/@n8n_io/n8n-demo-component@latest/n8n-demo.bundled.js https://*.googletagmanager.com https://www.gstatic.cn https://www.gstatic.com https://www.recaptcha.net https://static.cloudflareinsights.com/beacon.min.js/ static.cloudflareinsights.com https://script.tapfiliate.com/tapfiliate.js https://checkout.paddle.com/api/2.0/prices/; img-src 'self' data: https://*.google-analytics.com https://*.googletagmanager.com https://n8niostorageaccount.blob.core.windows.net https://www.gstatic.cn https://www.gstatic.com https://www.recaptcha.net https://gravatar.com/avatar/; media-src https://n8niostorageaccount.blob.core.windows.net; connect-src 'self' https://api.n8n.io/ https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.gstatic.cn https://www.gstatic.com https://www.recaptcha.net; frame-src https://n8n-preview-service.internal.n8n.cloud https://www.recaptcha.net https://challenges.cloudflare.com; frame-ancestors 'none'; object-src 'none' 2
default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data: blob:; font-src * data:; media-src * blob:; worker-src * blob:; frame-src * data: blob:; connect-src *; frame-ancestors 'none'; report-uri /csp-violation-report 2
script-src 'nonce-jU0p5T3oDQtLVfzgLbStQ1XYZX2g566u' 'unsafe-eval' 'strict-dynamic' 'unsafe-inline' 'self' https: http:; report-uri /.netlify/functions/__csp-violations 2
default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.adobedtm.com *.scene7.com *.amazon-adsystem.com *.appdemostore.com *.atdmt.com *.avocet.io *.blubrry.com *.clicktale.net *.craftyclicks.co.uk  *.chatcora.natwest.com *.doubleclick.net *.everesttech.net *.facebook.com *.facebook.net *.fca.org.uk *.google.co.uk *.google.com *.googleadservices.com *.jwpcdn.com *.liveperson.net *.linkedin.com *.lpsnmedia.net *.natwest.com *.neolane.net *.nwolb.com *.omguk.com *.omtrdc.net *.pinimg.com *.pinterest.com *.raptmedia.com *.snapchat.com *.userzoom.com *.youtube.com *.ytimg.com analytics.twitter.com api.swiftype.com dcs.demdex.net dpm.demdex.net fast.demdex.net fast.rbs.demdex.net jwpltx.com rbs.demdex.net sc-static.net static.ads-twitter.com t.co www.brightedge.com *.google.ae *.google.al *.google.am *.google.at *.google.az *.google.ba *.google.be *.google.bg *.google.bs *.google.by *.google.ca *.google.cd *.google.ch *.google.cl *.google.cm *.google.co.ao *.google.co.bw *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ma *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uz *.google.co.ve *.google.co.za *.google.co.zm *.google.co.zw *.google.com.af *.google.com.ag *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.de *.google.dk *.google.dm *.google.dz *.google.es *.google.fi *.google.fr *.google.ge *.google.gg *.google.gm *.google.gp *.google.gr *.google.gy *.google.hr *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kz *.google.la *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.mv *.google.mw *.google.nl *.google.no *.google.pl *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.sc*.google.se *.google.sh *.google.si *.google.sk *.google.sn *.google.so *.google.tg *.google.tm *.google.tn *.google.tt adservice.google.ro *.googleapis.com *.live.hdexternal.co.uk *.hdddirectsolutions.co.uk fonts.gstatic.com *.everesttech.net *.everestjs.net cdn.cookielaw.org cdn-apple.com; upgrade-insecure-requests; report-uri https://natwestpersonal.report-uri.com/r/t/csp/reportOnly; 2
default-src https: data: 'unsafe-inline' 'unsafe-eval' 'report-sample';img-src 'self' https: blob: data:;media-src 'self' https: blob: data:;connect-src wss: https:;object-src 'none';base-uri 'self';frame-ancestors 'self' https://soundtrack.io https://*.soundtrack.io https://soundtrackyourbrand.com https://*.soundtrackyourbrand.com https://*.soundcdn.com https://*.syb.sh https://*.soundtr.ac;report-uri https://o15889.ingest.us.sentry.io/api/4505663820857344/security/?sentry_key=c1cfffcf3b072f7c67557cad0dea30e9&sentry_environment=undefined 2
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.artnews.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 2
default-src 'self'; media-src 'self'; connect-src 'self' https://vpncdn.protonweb.com https://account.proton.me https://account.protonvpn.com https://telemetry.protonvpn.com *.metrics.convertexperiments.com logs.convertexperiments.com *.convertexperiments.com; script-src 'self' blob: 'unsafe-eval' 'unsafe-inline' https://vpncdn.protonweb.com; style-src 'self' 'unsafe-inline' https://vpncdn.protonweb.com; font-src 'self' https://vpncdn.protonweb.com; img-src 'self' data: blob: https:; frame-src 'self' data: blob: https://www.youtube-nocookie.com; object-src 'self' data: blob:; child-src 'self' data: blob:; report-uri https://reports.proton.me/reports/csp; frame-ancestors 'self'; 2
default-src https: 'unsafe-inline' 'unsafe-eval'; report-uri https://b3ceba9babf02086c0dca962bbbd1cda.report-uri.io/r/default/csp/reportOnly 2
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://stylecaster.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 2
report-uri /cspreport; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.adobedtm.com https://bat.bing.com https://*.bazaarvoice.com https://cdn.jsdelivr.net https://cloudstatic.obi4wan.com https://*.configuratoren.nl https://connect.facebook.net/en_US/fbevents.js https://connect.getflowbox.com https://consent.cookiebot.com https://*.cookielaw.org https://ct.pinterest.com/static/ct/token_create.js https://eu.fw-cdn.com https://*.facebook.net https://files.qualifio.com/kit/qualp.2.min.js https://*.freshchat.com https://googleads.g.doubleclick.net https://google-analytics.com https://*.happygeeks.dev https://*.happyhorizon.review https://*.hotjar.com https://*.iesnare.com https://*.mopinion.com https://*.pinimg.com https://static.acceptatie.gamma.be https://static.acceptatie.gamma.nl https://static.acceptatie.karwei.nl https://static.gamma.be https://static.gamma.nl https://static.karwei.nl https://vercel.live https://www.datadoghq-browser-agent.com https://www.googleadservices.com https://www.google-analytics.com https://www.google-analytics.com/analytics.js https://www.googletagmanager.com www.google.com 2
default-src 'self' https://whiteboard.cloud.dev.microsoft https://whiteboard.cloud.microsoft; frame-ancestors 'self' https://teams.microsoft.com https://retailservices.teams.microsoft.com https://retailservices-ppe.teams.microsoft.com https://tasks.teams.microsoft.com https://local.teams.office.com https://devspaces.skype.com https://ssauth.skype.com https://teams.microsoft.com.mcas.ms https://teams.microsoft.com.us3.cas.ms https://local.teams.office.com:8080 https://teams.live.com https://outlook-sdf.office.com https://outlook.office.com/ https://assignments.onenote.com https://browser-sandbox.meshxp.net/ https://spoolclientsdk.skype.com https://acsinternal-cte-beta.azurewebsites.net https://acssample-beta.azurewebsites.net https://acssample-stable.azurewebsites.net https://loop.microsoft.com https://*.loop.microsoft.com https://loop.cloud.microsoft https://loop.cloud-dev.microsoft https://app.int.whiteboard.microsoft.com https://whiteboard.cloud-dev.microsoft https://whiteboard.cloud.dev.microsoft https://whiteboard.cloud.microsoft https://*.whiteboard.microsoft.com https://whiteboard.microsoft.com https://whiteboard.office.com https://teams.cloud.microsoft https://outlook.cloud.microsoft https://m365.cloud.microsoft https://res-sdf.cdn.office.net https://res.cdn.office.net https://mesh.public.onecdn.static.microsoft https://mesh.df.onecdn.static.microsoft https://m365.cloud.microsoft https://sbrprodprv.www.office.com https://scuprodprv.www.office.com https://fa000000174.resources.office.net https://outlook.office.com; base-uri 'none'; manifest-src 'self' https://whiteboard.cloud.dev.microsoft https://whiteboard.cloud.microsoft; script-src 'self' 'wasm-unsafe-eval' 'report-sample' https://whiteboard.cloud.dev.microsoft https://whiteboard.cloud.microsoft http://amcdn.msftauth.net https://amcdn.msftauth.net https://*.office365.com https://shell.cdn.office.net https://cdn.fluidpreview.office.net https://js.monitor.azure.com https://res-1.cdn.office.net https://res.cdn.office.net https://ch5.fluidpreview.office.net https://cdn.dev.fluidpreview.office.net https://dev.loop.microsoft.com https://res-sdf.cdn.office.net 'sha256-VCkGe6AeV2B4vV7flXt9Dkkp04wMc8zq7faHdRwhOx0=' 'sha256-Wmg7miLkEVn5v393z4Ch7lbKnpNnLZhnVOk/iJN1miE='; style-src 'self' 'unsafe-inline' 'report-sample' https://whiteboard.cloud.dev.microsoft https://whiteboard.cloud.microsoft https://*.office.net https://res.cdn.office.net https://cdn.fluidpreview.office.net https://ch5.fluidpreview.office.net https://cdn.dev.fluidpreview.office.net https://dev.loop.microsoft.com https://res-sdf.cdn.office.net; font-src 'self' https://whiteboard.cloud.dev.microsoft https://whiteboard.cloud.microsoft data: https://*.office.net https://spoprod-a.akamaihd.net https://static2.sharepointonline.com fs.microsoft.com; img-src 'self' https://whiteboard.cloud.dev.microsoft https://whiteboard.cloud.microsoft blob: data: https://*.office.com https://*.office365.com https://outlook.live.com https://*.teams.microsoft.com https://*.officeapps.live.com https://web.vortex.data.microsoft.com https://shell.cdn.office.net https://urlp.asm.skype.com https://urlp.sfbassets.com https://login.live.com https://storage.live.com; connect-src 'self' blob: https://* wss://whiteboard.microsoft.com/sync wss://whiteboard.svc.cloud.microsoft/sync wss://whiteboard.svc.cloud.dev.microsoft/sync wss://*.whiteboard.microsoft.com wss://whiteboard.microsoft.com wss://*.svc.ms wss://dogfood.augloop.svc.cloud.microsoft wss://*.dogfood.augloop.svc.cloud.microsoft wss://*.augloop-dogfood.officeppe.com wss://augloop-dogfood.officeppe.com wss://augloop.svc.cloud.microsoft wss://*.augloop.svc.cloud.microsoft wss://*.augloop.office.com wss://augloop.office.com wss://augloop-gcc.office.com wss://*.augloop-gcc.office.com; worker-src 'self' https://whiteboard.cloud.dev.microsoft https://whiteboard.cloud.microsoft; frame-src 'self' https://* https://webshell.suite.office.com; media-src 'self' https://whiteboard.cloud.dev.microsoft https://whiteboard.cloud.microsoft; object-src 'none'; form-action 'self' https://*; report-uri https://csp.microsoft.com/report/WhiteboardWebClient-WhiteboardApp-PROD; report-to csp-endpoint; 2
base-uri 'self';child-src 'none';connect-src 'self' https://*.polymarket.com https://*.polymarket.dev wss://*.polymarket.com wss://*.polymarket.dev https://clob.polymarket.com wss://clob.polymarket.com https://*.walletconnect.com wss://*.walletconnect.com wss://*.walletconnect.org wss://chat.stream-io-api.com https://*.amplitude.com https://*.alchemy.com https://*.alchemyapi.io https://*.socket.tech https://api.goldsky.com https://api.goldsky.io https://*.stream-io-api.com https://assets.vercel.com https://vercel.live https://vercel.com https://vitals.vercel-insights.com https://auth.magic.link https://*.magic.link https://*.intercom.io wss://*.intercom.io https://polymarket-upload.s3.us-east-2.amazonaws.com https://polymarket-next-assets.s3.amazonaws.com https://*.polymarket.io https://*.coinbase.com https://va.vercel-scripts.com https://*.vercel-scripts.com https://va.vercel-scripts.com/v1/script.debug.js https://api.iconify.design https://*.google-analytics.com https://js.intercomcdn.com https://api-iam.intercom.io https://*.facebook.com https://*.facebook.net https://*.redditstatic.com https://*.reddit.com wss://*.pusher.com https://*.pusher.com https://polygon-rpc.com https://api.simplesvg.com/bx.json https://ib.adnxs.com https://d.adroll.com https://s.adroll.com https://acdn.adnxs.com https://api.unisvg.com wss://relay.walletconnect.org https://browser-intake-datadoghq.eu https://static.ads-twitter.com https://sentry.io https://api.moonpay.com https://*.fun.xyz https://*.quiknode.pro https://*.base.org https://*.eth https://*.zksync.io/ data:;default-src 'self';font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com https://fonts.intercomcdn.com https://vercel.live https://unpkg.com;form-action 'self' https://*.polymarket.com https://*.polymarket.dev;frame-ancestors 'self' https://auth.magic.link https://vercel.live;frame-src 'self' https://*.youtube.com https://*.walletconnect.com https://*.walletconnect.org https://*.magic.link https://global.transak.com https://vercel.live https://*.polymarket.com https://*.polymarket.dev wss://*.polymarket.com wss://*.polymarket.dev https://*.meshconnect.com;img-src 'self' blob: data: https://polymarket-upload.s3.us-east-2.amazonaws.com https://assets.vercel.com https://*.walletconnect.com https://alb.reddit.com https://ib.adnxs.com https://www.facebook.com https://vercel.com https://analytics.twitter.com https://t.co https://logo.moralis.io https://logos.covalenthq.com https://sdk-cdn.fun.xyz;manifest-src 'self';media-src 'self';object-src 'none';script-src 'self' https://*.intercom.io https://js.intercomcdn.com https://www.redditstatic.com https://acdn.adnxs.com https://connect.facebook.net https://s.adroll.com https://d.adroll.com https://widget.intercom.io https://va.vercel-scripts.com https://vercel.live https://*.magic.link https://static.moonpay.com;style-src 'self' 'unsafe-inline';worker-src 'self' blob:;navigate-to 'self' https://*.polymarket.com https://*.polymarket.dev;script-src-elem 'self' https://*.intercom.io https://js.intercomcdn.com https://www.redditstatic.com https://acdn.adnxs.com https://connect.facebook.net https://s.adroll.com https://d.adroll.com https://widget.intercom.io https://va.vercel-scripts.com https://vercel.live https://*.magic.link https://static.moonpay.com https://static.ads-twitter.com 'sha256-FZPlDlMTeqDORmlYE10RC9clHRS4T0hmr3qmUImTEgM=' 'sha256-LpaSOWbberseWm9imoaC+ysCWgKfj1BqQTvkK+3f49U=' 'sha256-VeMw0YWTQ3B/16lvulSWfWmvFDJ6h/Dh0ZlaDcC6Xsg=' 'sha256-v0BM73yv/5GaSIfLVBRC5helX8lhanqdp82VUN86fqY=' 'sha256-HmKQJyc9Oo37hDkYVR0w9K4eR1aaxe18l9d9v+MsRGM=' 'sha256-5mcCoB7D4UCld/T8vawEJRBqmowLOddOT7MoIsyvG1Q=';style-src-elem 'self' 'unsafe-inline' https://vercel.live;upgrade-insecure-requests ; 2
script-src 'self' 'unsafe-eval' 'unsafe-inline' http2.mlstatic.com/frontend-assets; report-uri https://events.mercadolibre.com/csp/statics?identifier=ASf22Z8AHfUyTb2OGIScMJULqGzQCHFO-jaj04NiMcbsIJ6mvqMU6U5n0IxV1s6vi3wF1BQkOpI8S9w7sL78tTC0EA==&policy_id=94&user_id=&request_id=; report-to statics-endpoint; worker-src blob: 2
object-src 'none'; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline' 'unsafe-eval'; base-uri 'none'; frame-ancestors 'self' 2
default-src 'self' https://themes.googleusercontent.com/ https://apps.geodan.nl https://acc.apps.geodan.nl https://platform.twitter.com/ https://syndication.twitter.com/ http://www.rovid.nl https://geodata.rivm.nl https://statistiek.rijksoverheid.nl https://mebi.rivm.nl https://cstm.rivm.nl/ https://cgl-web-api.rivm.nl/ https://acceptatie-cgl-web-api.rivm.nl/ https://data.rivm.nl/ https://chemkap.rivm.nl https://app.powerbi.com/ https://api.pdok.nl/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://statistiek.rijksoverheid.nl http://platform.twitter.com/ https://cdn.syndication.twimg.com https://mebi.rivm.nl https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cstm.rivm.nl/ https://cgl-web-api.rivm.nl/ https://acceptatie-cgl-web-api.rivm.nl/ https://data.rivm.nl/  https://apps.rivm.nl https://chemkap.rivm.nl https://*.mopinion.com https://api.pdok.nl/; object-src https://cstm.rivm.nl/ https://cgl-web-api.rivm.nl/ https://acceptatie-cgl-web-api.rivm.nl/ https://app.powerbi.com/ https://api.pdok.nl/; style-src 'self' 'unsafe-inline' https://platform.twitter.com/ https://ton.twimg.com/ https://mebi.rivm.nl https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cstm.rivm.nl/ https://cgl-web-api.rivm.nl/ https://acceptatie-cgl-web-api.rivm.nl/ https://*.mopinion.com https://data.rivm.nl/ https://api.pdok.nl/; img-src 'self' https://rivm.nl/ https://*.rivm.nl/ https://statistiek.rijksoverheid.nl/ https://geodata.nationaalgeoregister.nl/ https://syndication.twitter.com/ https://pbs.twimg.com/ https://ton.twimg.com/ https://abs.twimg.com/ https://platform.twitter.com/ http://abs.twimg.com/ data:  http://www.rovid.nl https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cstm.rivm.nl/ https://cgl-web-api.rivm.nl/ https://acceptatie-cgl-web-api.rivm.nl/  https://service.pdok.nl/ https://data.rivm.nl/  https://*.openstreetmap.org/ https://chemkap.rivm.nl https://api.pdok.nl/; frame-src 'self' https://cibrapportage.rivm.nl https://esp-ext.rivm.nl https://login-ext.rivm.nl https://chemkap.rivm.nl https://www.infectieradar.nl https://app.powerbi.com https://api.pdok.nl/; frame-ancestors 'self' https://www.atlasleefomgeving.nl https://*.gezondeleefomgeving.nl https://*.woondossier.nl/ https://roosendaal.incijfers.nl https://*.nhnieuws.nl https://chemkap.rivm.nl https://www.infectieradar.nl https://api.pdok.nl/*; child-src https://cstm.rivm.nl/ https://cgl-web-api.rivm.nl/ https://acceptatie-cgl-web-api.rivm.nl/ https://data.rivm.nl/  https://app.powerbi.com https://api.pdok.nl/; font-src 'self' https://rivm.nl/ https://*.rivm.nl/ https://themes.googleusercontent.com/ https://cstm.rivm.nl/ https://*.mopinion.com https://cgl-web-api.rivm.nl/ https://acceptatie-cgl-web-api.rivm.nl/ https://data.rivm.nl/ https://api.pdok.nl/; connect-src 'self' https://mebi.rivm.nl/ https://statistiek.rijksoverheid.nl/ https://statistiek.rijksoverheid.nl/* https://cstm.rivm.nl/ https://cstm.rivm.nl/* https://cgl-web-api.rivm.nl/ https://acceptatie-cgl-web-api.rivm.nl/ https://acc-api.rivm.nl https://api.rivm.nl/ https://api.pdok.nl/* https://*.mopinion.com; report-uri /report-csp-violation 2
default-src 'self' https://d3q9kdqrtloda.cloudfront.net/ https://i.ytimg.com/ https://www.youtube-nocookie.com/ https://noembed.com/ https://cdn.plyr.io/ https://cdn-ukwest.onetrust.com/ https://geolocation.onetrust.com/ https://www.google.com/ https://googleads.g.doubleclick.net/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://px.ads.linkedin.com/ https://api.hubapi.com/ https://cta-service-cms2.hubspot.com/ https://c1001.report.gbss.io/ https://analytics.tiktok.com/ https://forms.hubspot.com/ https://region1.analytics.google.com/ https://*.analytics.google.com/ https://region1.google-analytics.com/ https://*.google-analytics.com/ https://pagead2.googlesyndication.com https://privacyportal-uk.onetrust.com/ https://*.onetrust.com/ https://cambridgeenglish.formstack.com/forms/ieltstrf https://cambridgeenglish.formstack.com/forms/ielts_recognising_organisation; style-src 'self' 'unsafe-inline' https://static.formstack.com/forms/css/ https://static.formstack.com/common/css/; script-src 'self' https://www.youtube.com/ https://cambridgeenglish.formstack.com/forms/ 'sha256-5woGd/mZkUg7jRI9rPBZPHKC+LdyheFkTyKDMVNRNAs=' https://static.hotjar.com/c/ https://static.formstack.com/forms/js/ 'sha256-BEia3zQX2ZCFqcEfWBg9chT7nMc26YOr506FmhGqIfE=' 'sha256-z+rMOYNYmUbRI0OKIZH9HZneWmS3dJkEIDLisI+5LwI=' 'sha256-4QifgdTNZlur9Y/OOGOV3SggRLnQQR4peyehG9Y5buo=' https://www.google.com/ https://www.gstatic.com/ https://cdn-ukwest.onetrust.com/ https://www.googletagmanager.com/ 'sha256-rbMVlXlWb1FxlmTxqO6hQI+5VPCMoqHMqeyWMrzk9E4=' 'sha256-IgMQOOOedQeMPBl7lSreMVPmJvU62bc6l8HcsGXnbWc=' 'sha256-/6m2tVE+3ZAyrBnUps+rDpHpCwMi0VgW9mdVym2y2cE=' 'sha256-nanbr0ZSJrOvEvr6c5gV8UarYfjNXF+TAtmA9GjvyJ0=' 'sha256-ATpn7Ex50rRSNqmoA432bWfqvlsGB6CD/7fE2WtoU5A=' 'sha256-iXVjrS+TzaVqRdjZV8gecO6OkuAcobYu2OjiJVT8LYU=' 'sha256-+WTu64J4HVaiLZC0nSjR9XxbZZg1xX7cdNM/WA/pDcQ=' 'sha256-tOY0R/wVWZCxGQPtXP0ptphYuCKkCpgNHQy/ZkwhCCY=' 'sha256-xc61KVzUrz5aO4ACQyRqjH2fPpfIb/xoMmSSEiU+PWU=' 'sha256-wyNlDF2abbsDx6TZogcKckBQwZ4N8qFR3SAepboU7Sk=' 'sha256-tOY0R/wVWZCxGQPtXP0ptphYuCKkCpgNHQy/ZkwhCCY=' blob: 'unsafe-eval' https://www.google-analytics.com/ https://snap.licdn.com/ https://googleads.g.doubleclick.net/ https://static.ads-twitter.com https://www.googleadservices.com/ https://connect.facebook.net/ https://a.quora.com/ https://js.hs-scripts.com/ https://analytics.tiktok.com/ https://cdn.gbqofs.com/ https://cl.qualaroo.com/ https://assets.ubembed.com/ https://js.hs-analytics.net/ https://js.hsadspixel.net/ https://js.hsleadflows.net/ https://js.hs-banner.com/ https://js.hubspot.com/ https://cdn.gbqofs.com/ https://analytics.tiktok.com/ https://cdn.gbqofs.com/ https://snap.licdn.com/ https://14d7fb0767d540569b202283222297c0.js.ubembed.com/ 'sha256-1e5RR2OpHhuX2h0Bat19DsNTmqbo4M3T1pqfeTXCHaA='; object-src 'none'; font-src 'self' https://static.formstack.com/forms/fonts/; img-src 'self' data: https://d3q9kdqrtloda.cloudfront.net/ https://s3.eu-west-2.amazonaws.com/ielts-web-static/ www.googletagmanager.com https://i.ytimg.com/ https://cdn-ukwest.onetrust.com/ https://ad.doubleclick.net/ https://px.ads.linkedin.com/ https://googleads.g.doubleclick.net/ https://www.google.com/ https://t.co https://analytics.twitter.com/ https://www.facebook.com/ https://q.quora.com/ https://adservice.google.com/ https://perf-na1.hsforms.com/ https://*.google.ad/ https://*.google.ae/ https://*.google.com.af/ https://*.google.com.ag/ https://*.google.al/ https://*.google.am/ https://*.google.co.ao/ https://*.google.com.ar/ https://*.google.as/ https://*.google.at/ https://*.google.com.au/ https://*.google.az/ https://*.google.ba/ https://*.google.com.bd/ https://*.google.be/ https://*.google.bf/ https://*.google.bg/ https://*.google.com.bh/ https://*.google.bi/ https://*.google.bj/ https://*.google.com.bn/ https://*.google.com.bo/ https://*.google.com.br/ https://*.google.bs/ https://*.google.bt/ https://*.google.co.bw/ https://*.google.by/ https://*.google.com.bz/ https://*.google.ca/ https://*.google.cd/ https://*.google.cf/ https://*.google.cg/ https://*.google.ch/ https://*.google.ci/ https://*.google.co.ck/ https://*.google.cl/ https://*.google.cm/ https://*.google.cn/ https://*.google.com.co/ https://*.google.co.cr/ https://*.google.com.cu/ https://*.google.cv/ https://*.google.com.cy/ https://*.google.cz/ https://*.google.de/ https://*.google.dj/ https://*.google.dk/ https://*.google.dm/ https://*.google.com.do/ https://*.google.dz/ https://*.google.com.ec/ https://*.google.ee/ https://*.google.com.eg/ https://*.google.es/ https://*.google.com.et/ https://*.google.fi/ https://*.google.com.fj/ https://*.google.fm/ https://*.google.fr/ https://*.google.ga/ https://*.google.ge/ https://*.google.gg/ https://*.google.com.gh/ https://*.google.com.gi/ https://*.google.gl/ https://*.google.gm/ https://*.google.gr/ https://*.google.com.gt/ https://*.google.gy/ https://*.google.com.hk/ https://*.google.hn/ https://*.google.hr/ https://*.google.ht/ https://*.google.hu/ https://*.google.co.id/ https://*.google.ie/ https://*.google.co.il/ https://*.google.im/ https://*.google.co.in/ https://*.google.iq/ https://*.google.is/ https://*.google.it/ https://*.google.je/ https://*.google.com.jm/ https://*.google.jo/ https://*.google.co.jp/ https://*.google.co.ke/ https://*.google.com.kh/ https://*.google.ki/ https://*.google.kg/ https://*.google.co.kr/ https://*.google.com.kw/ https://*.google.kz/ https://*.google.la/ https://*.google.com.lb/ https://*.google.li/ https://*.google.lk/ https://*.google.co.ls/ https://*.google.lt/ https://*.google.lu/ https://*.google.lv/ https://*.google.com.ly/ https://*.google.co.ma/ https://*.google.md/ https://*.google.me/ https://*.google.mg/ https://*.google.mk/ https://*.google.ml/ https://*.google.com.mm/ https://*.google.mn/ https://*.google.com.mt/ https://*.google.mu/ https://*.google.mv/ https://*.google.mw/ https://*.google.com.mx/ https://*.google.com.my/ https://*.google.co.mz/ https://*.google.com.na/ https://*.google.com.ng/ https://*.google.com.ni/ https://*.google.ne/ https://*.google.nl/ https://*.google.no/ https://*.google.com.np/ https://*.google.nr/ https://*.google.nu/ https://*.google.co.nz/ https://*.google.com.om/ https://*.google.com.pa/ https://*.google.com.pe/ https://*.google.com.pg/ https://*.google.com.ph/ https://*.google.com.pk/ https://*.google.pl/ https://*.google.pn/ https://*.google.com.pr/ https://*.google.ps/ https://*.google.pt/ https://*.google.com.py/ https://*.google.com.qa/ https://*.google.ro/ https://*.google.ru/ https://*.google.rw/ https://*.google.com.sa/ https://*.google.com.sb/ https://*.google.sc/ https://*.google.se/ https://*.google.com.sg/ https://*.google.sh/ https://*.google.si/ https://*.google.sk/ https://*.google.com.sl/ https://*.google.sn/ https://*.google.so/ https://*.google.sm/ https://*.google.sr/ https://*.google.st/ https://*.google.com.sv/ https://*.google.td/ https://*.google.tg/ https://*.google.co.th/ https://*.google.com.tj/ https://*.google.tl/ https://*.google.tm/ https://*.google.tn/ https://*.google.to/ https://*.google.com.tr/ https://*.google.tt/ https://*.google.com.tw/ https://*.google.co.tz/ https://*.google.com.ua/ https://*.google.co.ug/ https://*.google.co.uk/ https://*.google.com.uy/ https://*.google.co.uz/ https://*.google.com.vc/ https://*.google.co.ve/ https://*.google.co.vi/ https://*.google.com.vn/ https://*.google.vu/ https://*.google.ws/ https://*.google.rs/ https://*.google.co.za/ https://*.google.co.zm/ https://*.google.co.zw/ https://*.google.cat/ https://www.google-analytics.com/ https://*.linkedin.com/ https://*.amazonaws.com/ielts-web-static/ https://adservice.google.co.uk/; frame-src 'self' https://www.google.com/ https://www.youtube-nocookie.com/ https://www.youtube.com/ https://dntcl.qualaroo.com/ https://td.doubleclick.net/; 2
default-src https: ; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; report-uri /csp/ 2
report-uri https://mon16-normal-useast5.tiktokv.us/monitor_browser/collect/batch/security/?bid=tiktok_pns&ev_type=csp&p=3gowaGDMPYNRL5_Rs6oDe&v=5; report-to csp-endpoint; connect-src 'self' 'unsafe-eval' 'unsafe-inline' blob: bytedance: data: http://localhost:* https://localhost:* *.adsintegrity.net *.akamaized.net *.amazonaws.com *.arkoselabs.com *.billetlugen.dk *.bing.com *.bitssec.com *.braintree-api.com *.braintreegateway.com *.bytedapm.com *.bytedgame.com *.bytehwm-row.com *.byteicdn.com *.byteintl.com *.byteintl.net *.byteintlapi.com *.byteintlstatic.com *.bytelemon.com *.byteoversea.com *.byteoversea.net *.bytevcloudapi.com *.capcut.com *.cloudflare.com *.ctfassets.net *.doubleclick.net *.entradas.com *.evbuc.com *.eventim.de *.facebook.com *.facebook.net *.fbsbx.com *.fcdnstatic-intl.com *.fdmstatic.com *.g-p-static.com *.gauthmath.com *.giphy.com *.goofy-cdn.com *.goofy.app *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.hsforms.com *.hsforms.net *.ibytedtos.com *.ibyteimg.com *.isnssdk.com *.jumio.ai *.kakao.com *.lemon8-app.com *.lemon8cdn.com *.licdn.com *.linkedin.com *.midtrans.com *.muscdn.com *.musical.ly *.oecstatic.com *.omise.co *.pangle-ads.com *.paypal.com *.pipopay.com *.pipopay.eu *.pipopayment.com *.pipopayment.eu *.pipopayment.us *.redditstatic.com *.resso.me *.sgsnssdk.com *.soundon.global *.tableau.com *.tenor.com *.tiktok-usts.com *.tiktok.com/passport/ *.tiktokcdn-eu.com *.tiktokcdn-in.com *.tiktokcdn-us.com *.tiktokcdn.com *.tiktokcreativeone.com *.tiktokforbusinessoutbound.com *.tiktokglobalshop.us *.tiktokglobalshopv.us *.tiktokmusic.me *.tiktokshops.us *.tiktokstaticb.com *.tiktokus.info *.tiktokv-us.com *.tiktokv.us *.tiktokw.eu/passport/ *.tiktokw.us *.topbuzzcdn.com *.ttlivecdn.com *.ttlstatic.com *.ttwstatic.com *.us.tiktok.com *.us.tiktokv.com *.vimeo.com *.vodupload.com *.yahoo.co.jp *.yhgfb-static.com *.youtube-nocookie.com *.zhiliaoapp.com affiliate-us.tiktok.com analytics.tiktok.com api.music.apple.com code.jquery.com effecthouse.tiktok.com facebook.com google.com i.ticketweb.com im-api.tiktok.com im-image.tiktokv.com image-va.tiktok.com images.universe.com interactives.ap.org livecenter.tiktok.com login-eu.www.tiktok.com login-no1a.www.tiktok.com login-row.www.tiktok.com login-us.www.tiktok.com media.ticketmaster.eu newassets.hcaptcha.com newsroom.tiktok.com p0-pu-private-useast8.tiktok.com play.itunes.apple.com res.cloudinary.com s1.ticketm.net scm-us.tiktok.com seller-us.tiktok.com shop.tiktok.com starling-i18n.tiktokv.com/check_and_get_text/ starling-sg.tiktokv.com/check_and_get_text/ starling-va.tiktokv.com/check_and_get_text/ static-label.frontgatetickets.com static.captchami.com support.tiktok.com t.co t.tiktok.com tikitoks.com tiktokfollowersfree.com tv.tiktok.com tx41v.arkoselabs.com unpkg.com us.tiktok.com v16-webapp-prime.tiktok.com v16-webapp.tiktok.com v19-webapp-prime.tiktok.com vas-alisg16.tiktokv.com vas-maliva16.tiktokv.com vas-useast2a.tiktokv.com vas-va.tiktokv.com vcs-sg.tiktokv.com vcs-va.byteoversea.com vcs-va.tiktokv.com verification-i18n.tiktok.com verification-sg.tiktok.com verification-va.byteoversea.com verification-va.tiktok.com verification.tiktokw.eu verification16-normal-no1a.tiktokw.eu verify-sg.byteoversea.com vimeo.com web-i18n.tiktok.com/passport/ web-sg.tiktok.com/passport/ web-va.tiktok.com/passport/ webapp-sg.tiktok.com webapp-va.tiktok.com www.tiktok.com 2
default-src 'self'; img-src *; style-src 'unsafe-inline'; script-src 'unsafe-inline' 'unsafe-eval' 2
img-src https:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'; 2
default-src 'self' *.insight.com *.drift.com *.driftcdn.com *.launchdarkly.com www.googletagmanager.com play.vidyard.com *.aimtell.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.insight.com *.adroll.com *.atgsvcs.com *.custhelp.com *.webcollage.net *.driftt.com *.google.com *.marketo.com *.doubleclick.com *.doubleclick.net *.qualtrics.com assets.adobedtm.com cdn.lr-in-prod.com cdn.pricespider.com munchkin.marketo.net play.vidyard.com s.go-mpulse.net up.pixel.ad use.typekit.net ws.cs.1worldsync.com www.clarity.ms www.google-analytics.com www.googletagmanager.com www.youtube.com apps.bazaarvoice.com static.ads-twitter.com cdn-ukwest.onetrust.com cdn01.basis.net cdns.eu1.gigya.com code.jquery.com content.syndigo.com js.adsrvr.org *.cnetcontentsolutions.com mpsnare.iesnare.com unpkg.com www.googleadservices.com bat.bing.com cdn.cs.1worldsync.com cdn.tt.omtrdc.net connect.facebook.net i.simpli.fi lex.33across.com px.ads.linkedin.com s3.amazonaws.com snap.licdn.com *.hotjar.com t.sellpoints.com tracking.intentsify.io view.ceros.com w.usabilla.com ws.zoominfo.com xiecomm.paymetric.com blob:; style-src 'self' 'unsafe-inline' *.insight.com *.drift.com *.marketo.com code.jquery.com cdn.cs.1worldsync.com fonts.googleapis.com cdn.tt.omtrdc.net; img-src * data:; font-src 'self' data: *.insight.com fonts.gstatic.com use.typekit.net cdn.cs.1worldsync.com insightenterprises.qualtrics.com s.nsit.com svcs.tql.com at.alicdn.com; connect-src 'self' *.akamaihd.net *.clarity.ms *.gigya.com *.google.com *.google-analytics.com *.googlesyndication.com *.insight.com *.launchdarkly.com *.mktoresp.com *.akstat.io *.go-mpulse.net *.onetrust.com insightenterprises.tt.omtrdc.net stats.g.doubleclick.net www.google-analytics.com 366-uky-221.mktoutil.com adservice.google.com bat.bing.com cdn.aimtell.io cdn.linkedin.oribi.io cert-xiecomm.paymetric.com content.syndigo.com dpm.demdex.net et-qalogin.insight.com integration.richrelevance.com r.lr-in-prod.com rules.atgsvcs.com signals.aimtell.com sjrtp2.marketo.com smetrics.insight.com *.bazaarvoice.com ws.zoominfo.com *.adroll.com play.vidyard.com *.richrelevance.com www.facebook.com siteintercept.qualtrics.com *.googletagmanager.com; media-src player.vimeo.com www.youtube.com; object-src *.insight.com; frame-src 'self' *.adsrvr.org pixel.sitescout.com insight.demdex.net js.driftt.com app-abm.marketo.com centinelapistag.cardinalcommerce.com cert-xiecomm.paymetric.com html5-player.libsyn.com insightent.wufoo.com *.insight.com play.vidyard.com view.ceros.com www.youtube.com *.marketo.com *.doubleclick.net *.everestjs.net cbsi.demdex.net www.facebook.com beacon.aimtell.com; report-uri https://insight.report-uri.com/r/t/csp/wizard 2
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https://* data: ; frame-src https://* about: javascript: 2
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.drip.com *.hsappstatic.net *.sleeknote.com *.zdassets.com *.zendesk.com *.hubspot.com *.hubspot.net *.hs-analytics.net *.hs-banner.com *.cloudflare.com *.zi-scripts.com *.g2crowd.com unpkg.com *.tiktok.com *.quora.com *.bing.com *.redditstatic.com *.ads-twitter.com *.licdn.com *.facebook.net *.snapchat.com sc-static.net *.clearbitscripts.com *.dreamdata.cloud 2
: default-src 'self'; report-uri https://mtsrs.report-uri.com/r/d/csp/reportOnly; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.quechoisir.org *.qccdn.fr *.tagcommander.com *.commander1.com *.trustcommander.net *.aticdn.net *.xiti.com *.bing.com *.google.com *.youtube.com *.youtu.be www.youtube-nocookie.com *.facebook.com *.kameleoon.io *.kameleoon.eu *.xiti.com *.aticdn.net *.facebook.net flo.uri.sh public.flourish.studio wss://dl1.quechoisir.org  wss://dl2.quechoisir.org wss://dl.quechoisir.org upgrade-insecure-requests; report-uri https://www.quechoisir.org/csp-violation-report-endpoint/; report-to csp-endpoint> 2
form-action *.facebook.com; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.fls.doubleclick.net *.doubleclick.net *.hotjar.com *.hotjar.io wss://*.hotjar.com *.omtrdc.net *.twitter.com covers.odilo.io *.ads-twitter.com *.facebook.com *.facebook.net cdn.cookielaw.org *.googletagmanager.com *.googleadservices.com online.bancosantander.es a.omappapi.com *.googleapis.com extend.vimeocdn.com t.co adservice.google.com *.linkedin.com *.google-analytics.com *.santanderopenacademy.com *.universia.net fonts.gstatic.com in-automate.sendinblue.com z.omappapi.com api.omappapi.com snap.licdn.com images.findawayworld.com *.tiktok.com privacyportal-de.onetrust.com sibautomation.com use.typekit.net pro-becas-images-s3.s3.eu-west-1.amazonaws.com santander-privacy.my.onetrust.com; frame-ancestors 'self' *.santanderopenacademy.com *.googletagmanager.com; connect-src 'self' cdn.equalweb.com *.universia.net pro-becas-images-s3.s3.eu-west-1.amazonaws.com www.linkedin.com script.hotjar.com img.youtube.com px4.ads.linkedin.com t.co surveystats.hotjar.io analytics.twitter.com www.google.es mboxedge37.tt.omtrdc.net santanderuniversidad.tt.omtrdc.net www.googletagservices.com www.google.ie www.facebook.com cdn.cookielaw.org googleads.g.doubleclick.net stats.g.doubleclick.net www.google.com pagead2.googlesyndication.com *.analytics.google.com vc.hotjar.io metrics.hotjar.io wss://ws.hotjar.com ws.hotjar.com content.hotjar.io *.google-analytics.com px.ads.linkedin.com analytics.tiktok.com *.pangle-ads.com *.omappapi.com *.vimeo.com *.santanderopenacademy.com *.googlesyndication.com *.onetrust.com *.tiktokw.us sc-static.net *.sc-static.net snapchat.com *.snapchat.com onetrust.com *.onetrust.com omtrdc.net *.omtrdc.net analytics.google.com *.google.com *.adoberesources.net adoberesources.net *.adobedc.net adobedc.net *.demdex.net demdex.net; font-src 'self' script.hotjar.com fonts.gstatic.com data:; frame-src 'self' www.youtube.com www.google.com *.doubleclick.net track.adform.net www.facebook.com *.universia.net universia.net *.santanderopenacademy.com *.vimeo.com doubleclick.net *.doubleclick.net; img-src 'self' data: *.santanderopenacademy.com *.santanderx.com dss.hybrid.ai su-commons-documents.s3.eu-west-1.amazonaws.com pro-becas-images-s3.s3.eu-west-1.amazonaws.com i.ytimg.com non-productive-alfred-s3.s3.eu-west-1.amazonaws.com *.universia.net img.youtube.com cdn.cookielaw.org www.facebook.com fonts.gstatic.com www.google.ie www.google.com www.google.es *.googletagmanager.com *.google-analytics.com px.ads.linkedin.com px4.ads.linkedin.com t.co analytics.twitter.com covers.odilo.io images.findawayworld.com *.doubleclick.net *.odilotk.es *.googlesyndication.com snapchat.com *.snapchat.com; manifest-src 'self'; media-src 'self' data: *.santanderopenacademy.com *.santanderx.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' emd.hybrid.ai *.hybrid.ai pixel.wp.pl www.google.com 'sha256-YSegCmpoY/9vy6z9Jp/wY5F+2CZOSO85IpkqRDamw6o=' 'sha256-8UQUF8T5SdG0xN7U0SziZK/tE7Mx20WlIEvrhPZS+5c=' 'sha256-ZC4Ihfl+1sv3E25DQh090ITQKwffxiocyA9C1vaePKU=' 'sha256-y+EdpRp7NGzuxDREjdSGXuM2ZRxY/zPRIps6hzHQOcU=' 'sha256-ZC4Ihfl+1sv3E25DQh090ITQKwffxiocyA9C1vaePKU=' 'sha256-HbtNuErO4Ji0X7sd59L8NfJYuQk3WllCWK3gVuRMpfM=' 'sha256-BBirXJiJdwXRuf4PKdCNfYQLT8mhwGu68gkk2lfCqN8=' 'sha256-9gh4m8bsTLdMvKZ358mYZY2d+f5k+bk+APY/b3jwy1o=' 'sha256-xeKH9HwGHVm84iWqrxisQix9T08PGSCZTxFIO4+ewWk=' 'sha256-DwzQ63XCPWPBU9VhenPaZeU1L0tiiqJkkaWArzaMA14=' 'sha256-5t573MY7H7LQK71Vf2b+RoOG9NlBxHctIHdMjVPJIE0=' 'sha256-ZxrnaNw21FtNs0hG3ejrGPJWMFqp2c2scn3dGBS7Xtk=' 'sha256-DaJ5+aVVCCwmIoJpsto8Q2FfkqVlML3utJdn4mDMGD0=' 'sha256-Fj/OzUbSCuycXsQO3rkxgJpOQcr0O4grKcZDUi0FIiU=' 'sha256-L89rOqVn3e1Yeav7YFzFH7bxGr1IyHtjhNxYvrcVL4E=' 'sha256-g2T0Peh4PkAjcTj+CFHeM0y83Uuh+6W/+Ay4nUyncSo=' 'sha256-BpTz1JC47PMe4NhdM7n0gmuvr+83Jo3c+LLXav8o+Wc=' 'sha256-+i46atGTJGrevoy/LaA/uxqfIvacu6J/34f4LYs4FLU=' 'sha256-NW1gvrymt4M+SBgRpB7GKpbvkiAcBF120jBugIgwTkY=' 'sha256-TCOS0LXlyOYGx+xlpfAYkRxyaOiYLTlRzHwI0YQSm3Q=' 'sha256-XdoX181xfRJT12LmChyU6l4zxvoIsaAHf4FxTHoJM+I=' 'sha256-NKT4ofJEPzU1gDi1WITFInJvz8potrsIe5i+LSnCKqo=' 'sha256-w6kdg/3YV4tBVkaDe4i2aktYPtaPLEHNIGHKOXJ7aZI=' 'sha256-7OI/iFnRHuxJU3EbXDhDFX6g3cZ0C1I8U6VTbbk7bPw=' 'sha256-VY8NVZZ8EZKkngWGPFlpnC0jlPPS4naDQeeIKqLpgUU=' 'sha256-3ThNsno0lln5H88qDcBDPljNxQaOgkPiulXpM/OsV1s=' 'sha256-8N1I80yqbb8/sRov2zmhZf1nwe9Hd8PifhnSJaDP664=' 'sha256-LG4xcV34tsaAdFNYuH8Lr84Ovn0ZnSV2GoIA+TiLP5s=' 'sha256-y36RoFUJWgc8gbl/5Pk2/0bsYv2bJ+bMa8Y4LV/Wz/k=' 'sha256-IgMQOOOedQeMPBl7lSreMVPmJvU62bc6l8HcsGXnbWc=' 'sha256-3FPxyKucOIUnwkis1jUlVWeg63ttBCdsnPZ7d1/U9vQ=' 'sha256-lBxE5qVCAIfADFr1+pdyVxAP7I/YVviosUAsCf3pZtU=' 'sha256-3iXpidN34sHSaOL+oY8lqqkqIs8qgMSZmmFOyyyJq5o=' 'sha256-TZjz12EnkJLarfuyWy8NqZ9HG8RpIuFAlQySbT4/4h8=' 'sha256-Y4y/Z3pJNei7wFfh20klvIrbZiajvE/JWO1KhI668Xo=' 'sha256-LigV2Z6/JVA57qW0q8wSx849ylkhI35JZTPqGObl9ks=' 'sha256-83sIN1kEH+EziQHRTaQiSWImOUtv0wFFfa74npfXyoE=' 'sha256-BMIPp0uCJPYMdHFyQdug09fBOv1yC4c3ATQ5HIB8lnU=' 'sha256-mkZ77JgvPSMOW/FuYQr4tf+Z2qIq0e/ozaNEcVp9eyc=' cdn.jsdelivr.net cdn.equalweb.com code.jquery.com track.adform.net s2.adform.net www.googletagservices.com cdn.cookielaw.org googleads.g.doubleclick.net connect.facebook.net static.hotjar.com metrics.hotjar.io script.hotjar.com *.googletagmanager.com *.google-analytics.com snap.licdn.com static.ads-twitter.com analytics.tiktok.com *.googleapis.com pro-becas-images-s3.s3.eu-west-1.amazonaws.com *.gstatic.com *.omappapi.com *.googleadservices.com *.santanderopenacademy.com *.googlesyndication.com sc-static.net *.sc-static.net snapchat.com *.snapchat.com onetrust.com *.onetrust.com omtrdc.net *.omtrdc.net analytics.google.com *.google.com *.adoberesources.net adoberesources.net *.adobedc.net adobedc.net *.demdex.net demdex.net st.hybrid.ai; style-src 'self' 'unsafe-inline' stackpath.bootstrapcdn.com *.googletagmanager.com fonts.googleapis.com *.omappapi.com; worker-src *.universia.net 2
font-src *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.b0e8.com magefan.com cm.magefan.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.bc0a.com *.elotouch.com www.elotouch.com elotouch.com *.google.lv data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.b0e8.com *.bc0a.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.recaptcha.net *.simpli.fi *.zi-scripts.com siteimproveanalytics.com *.pardot.com *.elotouch.com *.jsdelivr.net unpkg.com *.cloudflare.com *.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com unsafe-inline assets.braintreegateway.com hello.myfonts.net *.cloudflare.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.elotouch.com elotouch.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.doubleclick.net *.zi-scripts.com *.zoominfo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self' blob: data: https://*.rerrkvifj.com https://*.ccchch.com; script-src 'self' 'unsafe-eval' 'wasm-eval' https://cdn.jsdelivr.net https://*.alicdn.com https://adscool.net https://cdn.livechatinc.com https://www.googletagmanager.com https://www.google-analytics.com https://analytics.google.com https://api.livechatinc.com https://js.admediasales.com https://*.ierpifvid.com https://jia.ierpifvid.com https://*.lbank.com https://*.lbank.net https://*.lbank.zone https://accounts.google.com https://appleid.cdn-apple.com https://www.gstatic.com https://*.googleapis.com https://static.geetest.com https://www.google.com https://sepolia.drpc.org https://static.cloudflareinsights.com https://gcaptcha4.geetest.com https://riskct.geetest.com https://static.geevisit.com https://jia.rerrkvifj.com https://*.adjust.com https://gcaptcha4.gsensebot.com https://jia.ccchch.com https://*.facebook.net 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://*.alicdn.com https://*.ierpifvid.com https://jia.ierpifvid.com https://fonts.googleapis.com https://*.lbank.com https://*.lbank.net https://*.lbank.zone https://accounts.google.com https://www.gstatic.com https://static.geetest.com https://jia.rerrkvifj.com; font-src 'self' https://*.alicdn.com https://*.ierpifvid.com https://jia.ierpifvid.com https://fonts.gstatic.com data: https://*.lbank.com https://*.lbank.net https://*.lbank.zone https://accounts.google.com https://cdnjs.cloudflare.com https://migaku-public-data.migaku.com https://gw.alipayobjects.com https://use.typekit.net https://cdn.jsdelivr.net https://www.slant.co https://cdn.scite.ai https://*.aliyuncs.com https://*.rerrkvifj.com wss://*.rerrkvifj.com https://use.typekit.net https://cdn.megabonus.com https://cdn.fastdic.com; img-src 'self' data: https: blob: android-webview-video-poster: https://www.google-analytics.com https://*.lbank.com https://*.lbank.net https://*.lbank.zone https://www.lbank.com https://*.ierpifvid.com https://jia.ierpifvid.com https://accounts.google.com https://*.googleapis.com https://cdn.jsdelivr.net http://static.geetest.com https://testqrc.bitgetapp.com; connect-src 'self' https://*.lbank.com https://*.ierpifvid.com https://jia.ierpifvid.com https://aladdin.lbkpro.net https://cdn.livechatinc.com https://www.google-analytics.com https://analytics.google.com https://sensors-data-access.lbkwork.com wss://*.ierpifvid.com wss://api.livechatinc.com https://api.livechatinc.com wss://*.lbk.world https://*.lbank.net https://*.lbank.com https://*.lbank.zone wss://*.lbank.com https://api.example.com wss://*.lbktech.com https://accounts.livechatinc.com https://fringeplatform.rrrhhr.com https://accounts.google.com https://appleid.cdn-apple.com https://stats.g.doubleclick.net https://*.googleapis.com https://eth.merkle.io https://region1.google-analytics.com https://region1.analytics.google.com https://riskct.geetest.com https://cdnjs.cloudflare.com https://marginplatform.rrrhhr.com https://*.alicdn.com https://binance.llamarpc.com https://js.admediasales.com https://track.uc.cn https://www.google.com https://gc.kis.v2.scr.kaspersky-labs.com https://adscool.net https://api.trongrid.io https://arb1.arbitrum.io https://infragrid.v.network https://eth.llamarpc.com https://marginplatform.hongnuoyy.com https://*.bitunix.com https://*.okx.com https://*.lbk.world https://*.rerrkvifj.com https://ccapi.rerrkvifj.com https://uuapi.rerrkvifj.com https://jib.rerrkvifj.com https://jia.rerrkvifj.com https://jic.rerrkvifj.com wss://*.rerrkvifj.com wss://ccws.rerrkvifj.com wss://uuws.rerrkvifj.com https://mainnet.base.org/ blob: data: https://*.adjust.com https://*.adjust.world https://eth-mainnet.nodereal.io https://go.getblock.io https://jia.ccchch.com https://www.tradingview.com https://www.googletagmanager.com https://*.google.com https://www.google.com.tw https://www.google.com.kh https://www.google.com.vn https://www.google.com.mm https://www.google.com.sg https://www.google.com.tr https://www.google.com.au https://www.google.com.hk https://www.google.com.ua https://www.google.com.br https://www.google.com.ph https://www.google.com.bd https://www.google.com.ar https://www.google.com.bo https://www.google.com.co https://www.google.com.do https://www.google.com.ec https://www.google.com.eg https://www.google.com.mx https://www.google.com.ng https://www.google.com.pa https://www.google.com.pe https://www.google.com.pk https://www.google.com.sa https://www.google.com.uy https://www.google.co.uk https://www.google.co.ma https://www.google.co.kr https://www.google.co.jp https://www.google.co.id https://www.google.co.in https://www.google.co.cr https://www.google.co.il https://www.google.co.th https://www.google.co.ve https://www.google.co.za https://www.google.nl https://www.google.it https://www.google.sk https://www.google.es https://www.google.ca https://www.google.fr https://www.google.ps https://www.google.pl https://www.google.pt https://www.google.de https://www.google.ae https://www.google.cl https://www.google.se https://www.google.by https://www.google.ad https://www.google.af https://www.google.am https://www.google.as https://www.google.at https://www.google.az https://www.google.ba https://www.google.be https://www.google.bg https://www.google.ch https://www.google.ge https://www.google.hr https://www.google.ie https://www.google.kz https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.no https://www.google.nl https://www.google.ro https://www.google.rs https://www.google.si https://www.google.sk https://www.google.sm https://www.google.tn https://www.google.th https://www.google.my https://www.google.nz https://www.google.fi https://www.google.ru; worker-src 'self' blob:; frame-src 'self' blob: https://secure.livechatinc.com https://tracking.nexxustrk.pro https://auctera.gotrackier.com https://www.youtube.com https://*.lbank.com https://*.lbank.zone https://accounts.google.com https://appleid.cdn-apple.com https://cdn.jsdelivr.net https://www.google.com https://media.openxglobal.com https://api.sumsub.com https://social.rockettrack.pro http://playsala.com; object-src 'none'; media-src 'self' blob: data: https://jib.rerrkvifj.com; base-uri 'self'; form-action 'self' https://checkout.simplexcc.com; report-uri https://aladdin.lbkpro.net/h5/submit/csp-report 2
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; worker-src blob: 2
worker-src https: 'unsafe-inline'; report-uri https://api.mp.pl/csp-violation/ 2
font-src fonts.gstatic.com use.typekit.net *.googleapis.com fonts.googleapis.com https://fonts.gstatic.com *.fontawesome.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: static.curations.bazaarvoice.com maxcdn.bootstrapcdn.com cdn.dynamicyield.com *.hotjar.com x.klarnacdn.net *.yotpo.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com api.bazaarvoice.com stg.api.bazaarvoice.com www.facebook.com *.wahooligan.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com js.stripe.com *.affirm.com *.affirm.ca *.certcapture.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com https://www.googletagmanager.com/ *.refersion.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com insight.adsrvr.org match.adsrvr.org www.affirm.com sandbox.affirm.com *.attn.tv bugcrowd.com imgs.cdn-btsg.com *.cloudfront.net consentag.eu track.cordial.io gum.criteo.com bid.g.doubleclick.net *.fls.doubleclick.net td.doubleclick.net www.facebook.com script.google.com *.googleapis.com *.hotjar.com *.iterable.com *.klarnaservices.com *.online-metrix.net privacyportal-cdn.onetrust.com imgs.signifyd.com *.vimeo.com vimeo.com *.wahooligan.com record.webeyez.com d.emails.wahoofitness.com wahoofitness.yonyx.com *.yotpo.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com p.typekit.net *.googleapis.com *.gstatic.com maps.googleapis.com maps.gstatic.com *.affirm.com *.affirm.ca *.certcapture.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com https://helloextend-static-assets.s3.amazonaws.com https://extendcoreoffersdemo-offersthemelogobucketeb21afa-19jnurg0a0o17.s3.amazonaws.com https://s3.amazonaws.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.googletagmanager.com *.adnxs.com public.adobecc.com data.adxcel-ec2.com insight.adsrvr.org match.adsrvr.org *.amazonaws.com *.atdmt.com *.bing.com *.bazaarvoice.com imgs.cdn-btsg.com *.clarity.ms cdn.cookielaw.org dis.criteo.com gum.criteo.com *.ctnsnet.com ad.doubleclick.net cm.g.doubleclick.net stats.g.doubleclick.net cdn.dynamicyield.com www.facebook.com *.google.com *.googletagmanager.com *.hotjar.com humango.ai *.iterable.com kcc0.com www.kinomap.com *.klarnaevt.com *.klarnaservices.com *.klarnauserservices.com *.ktxlytics.io www.lightboxcdn.com simage2.pubmatic.com alb.reddit.com *.rudderstack.com imgs.signifyd.com image.simplecastcdn.com t.co tk0x1.com *.wahoofitness.com *.xg4ken.com ads.yahoo.com *.analytics.yahoo.com *.yotpo.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com *.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com www.gstatic.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com js.stripe.com *.affirm.com *.affirm.ca *.certcapture.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com https://*.helloextend.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io *.refersion.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com unsafe-inline *.adnxs.com js.adsrvr.org cdn.jsdelivr.net lightboxapi.azurewebsites.net cdn.attn.tv bam-cell.nr-data.net *.bazaarvoice.com bat.bing.com bugcrowd.com assets.bugcrowdusercontent.com imgs.cdn-btsg.com *.clarity.ms static.curations.bazaarvoice.com consentag.eu cdn.cookielaw.org track.cordial.io script.crazyegg.com static.criteo.net sslwidget.criteo.com *.ctnsnet.com cdn.dynamicyield.com st.dynamicyield.com connect.facebook.net *.fontawesome.com *.getroster.com *.google.com googleads.g.doubleclick.net *.hotjar.com *.iterable.com *.ktxlytics.io www.lightboxcdn.com cdn.livesession.io i.loopme.me js-agent.newrelic.com bam.nr-data.net code.jquery.com eu-library.klarnaservices.com eu-library.playground.klarnaservices.com oc-library.klarnaservices.com oc-library.playground.klarnaservices.com x.klarnacdn.net geolocation.onetrust.com h64.online-metrix.net cdn.optimizely.com www.redditstatic.com www.refersion.com assets.reflow.tv *.rudderlabs.com *.rudderstack.com cdn.segment.com imgs.signifyd.com *.stackadapt.com static.ads-twitter.com analytics.twitter.com modelviewer.dev d.emails.wahoofitness.com record.webeyez.com sec.webeyez.com *.xg4ken.com *.yotpo.com www.youtube.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com https://h64.online-metrix.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.certcapture.com display.ugc.bazaarvoice.com https://fonts.googleapis.com *.fontawesome.com static.curations.bazaarvoice.com maxcdn.bootstrapcdn.com cdn.cookielaw.org cdn.dynamicyield.com *.hotjar.com www.lightboxcdn.com x.klarnacdn.net *.stackadapt.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ *.bazaarvoice.com data: mpsnare.iesnare.com www.wahoofitness.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.adobe.io performance.typekit.net *.sentry.io geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.googleapis.com *.affirm.com *.affirm.ca *.certcapture.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com https://*.helloextend.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.refersion.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.attentivemobile.com *.attn.tv bam-cell.nr-data.net *.bing.com imgs.cdn-btsg.com *.clarity.ms cdn.cookielaw.org track.cordial.io script.crazyegg.com i.ctnsnet.com stats.g.doubleclick.net *.dynamicyield.com www.facebook.com *.getroster.com analytics.google.com *.analytics.google.com *.hotjar.com *.hotjar.io mpsnare.iesnare.com *.iterable.com wss: gdpr.loopme.com i.loopme.me *.klarnaservices.com *.klarnauserservices.com *.ktxlytics.io rs.livesession.io bam.nr-data.net *.onetrust.com insight.reflow.tv *.rollbar.com *.rudderstack.com api.segment.io cdn.segment.com imgs.signifyd.com bt.signifyd.com bt.signifyd.com:1103 bt.signifyd.com:11103 d.emails.wahoofitness.com vimeo.com record.webeyez.com send.webeyez.com *.yotpo.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.wahoofitness.com/nullreport/report/nullendpoint; report-to report-endpoint; 2
default-src 'self' *.adsrvr.org *.google.com *.doubleclick.net *.optimizely.com *.facebook.com *.cookielaw.org *.clarity.ms apps.usw2.pure.cloud www.googletagmanager.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com cdn.jsdelivr.net code.jquery.com embed.signalintent.com *.optimizely.com cdn.segment.com *.googleapis.com www.googletagmanager.com www.google.com www.gstatic.com *.btttag.com *.bing.com *.app-us1.com *.adsrvr.org *.doubleclick.net *.cookielaw.org www.google-analytics.com *.mypurecloud.com *.googleadservices.com *.pure.cloud *.aptrinsic.com *.bootstrapcdn.com js.monitor.azure.com *.facebook.net *.facebook.com trackcmp.net extractable-finalytics-storage.s3.us-west-2.amazonaws.com extractable-finalytics-stable.s3.us-west-2.amazonaws.com *.cloudfront.net snap.licdn.com www.redditstatic.com;style-src 'self' 'unsafe-inline' use.fontawesome.com use.typekit.net embed.signalintent.com p.typekit.net *.mypurecloud.com *.googleapis.com *.aptrinsic.com *.jsdelivr.net *.bootstrapcdn.com extractable-finalytics-storage.s3.us-west-2.amazonaws.com extractable-finalytics-stable.s3.us-west-2.amazonaws.com *.cloudfront.net;img-src 'self' data: bat.bing.com *.google.com www.google-analytics.com content-cdn.com *.gstatic.com *.googleapis.com www.googletagmanager.com *.facebook.net *.facebook.com *.adsrrvr.org *.doubleclick.net *.yahoo.com *.cookielaw.org *.googlesyndication.com *.ads.linkedin.com embed.signalintent.com insight.adsrvr.org ib.adnxs.com *.reddit.com;font-src 'self' use.fontawesome.com embed.signalintent.com use.typekit.net *.mypurecloud.com *.gstatic.com *.googleapis.com *.cloudfront.net data:;connect-src 'self' ws: wss: *.googlesyndication.com signal-intent-production-back.herokuapp.com cdn.segment.com *.optimizely.com *.cookielaw.org calc-backend-prod.herokuapp.com d.btttag.com *.googleapis.com www.google-analytics.com api.segment.io *.doubleclick.net *.alaskausa.org *.bing.com *.aptrinsic.com *.episerver.net *.visualstudio.com *.google.com *.facebook.com finalyticsdata.com devfinalyticsdata.com stgfinalyticsdata.com px.ads.linkedin.com api-cdn.usw2.pure.cloud pixel-config.reddit.com www.redditstatic.com;worker-src 'self' blob:;block-all-mixed-content 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net *.lytics.io *.customer.io www.googletagmanager.com www.googleoptimize.com maps.googleapis.com www.gstatic.com *.hotjar.com *.privacymanager.io *.onetrust.com polyfill.io *.bytedapm.com *.ttwstatic.com www.tiktok.com *.pricespider.com *.swaven.com *.static-swaven.com edge.marker.io; report-uri https://o4504005838045184.ingest.sentry.io/api/4505410929033216/security/?sentry_key=14a5b105c2c7443983e52fe24209ded4 2
default-src data: https: 'unsafe-inline' 'unsafe-eval'; report-uri https://kontur.ru/csp 2
script-src 'self' https://challenges.cloudflare.com https://hcaptcha.com https://static.cloudflareinsights.com https://*.hcaptcha.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://www.google-analytics.com/ https://www.googletagmanager.com/; base-uri 'self'; object-src 'self'; report-uri /cdn-cgi/script_monitor/report 2
font-src fonts.gstatic.com use.typekit.net *.googleapis.com *.gstatic.com https://fonts.gstatic.com data: https://fonts.intercomcdn.com https://*.yotpo.com https://*.typekit.net https://*.fontawesome.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.yotpo.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://*.facebook.com https://plumrocket.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.affirm.com *.affirm.ca https://*.trustpilot.com http://*.trustpilot.com https://*.hotjar.com https://*.affirm.com *.auth0.com https://cdn.auth0.com https://*.auth0.com https://*.infusionsoft.app https://*.doubleclick.net/ https://*.facebook.com/ *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com www.xtento.com https://plumrocket.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.ftcdn.net *.behance.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com *.affirm.com *.affirm.ca https://www.google.com https://track.hubspot.com https://*.intercom.io https://static.intercomassets.com https://*.intercomcdn.com https://sp.analytics.yahoo.com https://*.facebook.com https://*.amazonaws.com https://*.infusionsoft.app https://www.googletagmanager.com https://*.akamaihd.net https://px.ads.linkedin.com https://p.adsymptotic.com https://ssl.gstatic.com https://www.gstatic.com https://*.bing.com https://*.hsforms.com https://*.clarity.ms https://*.wistia.com https://cdn.auth0.com https://p.adsymptotic.com https://www.google.co.uk https://heapanalytics.com https://*.yotpo.com https://content-faculty.blueprintprep.com https://redchamps.com www.xtento.com cdn.xtento.com maps.gstatic.com *.yotpo.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com https://player.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ beacon-qa.magento-datasolutions.com beacon-stage.magento-ds.com beacon.magento-ds.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com https://*.gstatic.com *.affirm.com *.affirm.ca https://www.googletagmanager.com https://*.google-analytics.com https://tagmanager.google.com https://*.google.com https://googleads.g.doubleclick.net https://*.trustpilot.com http://*.trustpilot.com https://*.newrelic.com https://*.nr-data.net https://*.intercom.io https://*.intercomcdn.com https://*.hotjar.com https://*.bing.com https://*.licdn.com https://*.yimg.com https://sp.analytics.yahoo.com https://*.impactradius-event.com http://*.hs-scripts.com https://*.hscollectedforms.net https://*.hsleadflows.net https://*.hs-analytics.net https://js.hubspot.com https://*.hs-banner.com https://*.hs-scripts.com https://*.hsadspixel.net https://*.usemessages.com https://*.facebook.net https://app.convertful.com https://*.affirm.com https://*.pdst.fm *.auth0.com https://cdn.auth0.com https://*.auth0.com https://*.clarity.ms https://vision.duel.me/duel-analytics.js https://*.wistia.com https://*.hsforms.net https://*.hsforms.com https://*.jquery.com https://*.cloudflare.com https://*.yotpo.com https://*.heapanalytics.com https://*.greenhouse.io https://*.amplitude.com https://*.sentry-cdn.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com www.xtento.com cdn.xtento.com maps.googleapis.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com unsafe-inline assets.braintreegateway.com https://tagmanager.google.com https://fonts.googleapis.com https://*.yotpo.com https://*.typekit.net https://*.fontawesome.com *.stripe.network *.stripecdn.com *.yotpo.com *.googleapis.com dhv2ziothpgrr.cloudfront.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://*.intercom.io https://*.intercomcdn.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.snplow.net commerce.adobedc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com p13n-mr.adobe.io *.adobedc.net *.demdex.net *.adobe.io performance.typekit.net *.sentry.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com *.affirm.com *.affirm.ca https://www.googletagmanager.com https://*.google-analytics.com https://*.yimg.com https://sp.analytics.yahoo.com https://*.hubspot.com https://*.hotjar.com https://app.convertful.com https://*.affirm.com https://*.intercom.io wss://*.intercom.io https://*.newrelic.com https://*.nr-data.net https://*.paypal.com https://us-central1-adaptive-growth.cloudfunctions.net *.auth0.com https://cdn.auth0.com https://*.auth0.com https://*.bing.com https://*.clarity.ms https://*.doubleclick.net/ https://*.hotjar.io/ https://*.hotjar.com/ https://*.wistia.com https://*.hsforms.net https://*.hsforms.com https://*.hubapi.com https://*.trustpilot.com https://*.litix.io wss://*.hotjar.com https://*.yotpo.com https://*.google.com https://*.hscollectedforms.net https://*.pfx.io https://edge.adobedc.net https://*.greenhouse.io https://smetrics.blueprintprep.com https://*.amplitude.com https://*.linkedin.com https://px.ads.linkedin.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com maps.googleapis.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self';img-src * blob: data: px.ads.linkedin.com www.facebook.com *.doubleclick.net *.clarity.ms;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bootstrapcdn.com *.typekit.net cdn.jsdelivr.net cdn.rlets.com cdnjs.cloudflare.com code.jquery.com js.hsforms.net www.googletagmanager.com *.mysanfordchart.org *.addthis.com *.adroll.com *.adsrvr.org *.ads-twitter.com *.clarity.ms *.cloudfront.net *.doubleclick.net *.fls.doubleclick.net formstack.com *.formstack.com *.formstack.io *.g.doubleclick.net *.google.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.gstatic.com *.invocacdn.com *.liveperson.net *.lpsnmedia.net *.mpio.io onesignal.com *.onesignal.com *.qualtrics.com *.quantcount.com *.quantserve.com *.serving-sys.com *.simpli.fi *.siteintercept.qualtrics.com *.talentegy.com *.tvsquared.com *.twitter.com *.v.liveperson.net *.vimeo.com *.vimeocdn.com aa.agkn.com ajax.aspnetcdn.com assets.sitescdn.net az416426.vo.msecnd.net bat.bing.com cdn.mouseflow.com cdn.popt.in chimpstatic.com data.adxcel-ec2.com embed.typeform.com js.hsadspixel.net js.hs-analytics.net js.hs-banner.com js.hscollectedforms.net js.hsleadflows.net js.hs-scripts.com pixel.mathtag.com pixel.videohub.tv pnapi.invoca.net px.ads.linkedin.com s.amazon-adsystem.com s.pinimg.com s3.amazonaws.com/checkout.squadup.com/default/css/bootstrap-namespace.min.css script.crazyegg.com sc-static.net siteimproveanalytics.com snap.licdn.com static.addtoany.com static.cloud.coveo.com tags.srv.stackadapt.com tracking.logpostback.com transparency.nrchealth.com trkn.us v1.addthisedge.com www.buzzsprout.com www.groupexpro.com www.youtube.com www.ypo.education/js/jsembedcode.js z.moatads.com cdn.mxpnl.com js.hubspot.com *.snapchat.com *.instabot.io *.roobrik.com connect.facebook.net;style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.fontawesome.com *.googleapis.com *.typekit.net cdn.jsdelivr.net cdnjs.cloudflare.com cloud.typography.com code.jquery.com www.googletagmanager.com *.mysanfordchart.org *.formstack.com *.formstack.io *.gstatic.com *.vimeocdn.com cdn.thinglink.me checkout.stripe.com formsprod.azureedge.net onesignal.com static.cloud.coveo.com tags.srv.stackadapt.com www.groupexpro.com www.youtube.com *.instabot.io;font-src 'self' data: *.fontawesome.com *.typekit.com *.typekit.net cdn.jsdelivr.net cdnjs.cloudflare.com *.formstack.com *.gstatic.com *.googleusercontent.com static.cloud.coveo.com staticdev.cloud.coveo.com *.roobrik.com;frame-src 'self' cdn.jsdelivr.net cdn.rlets.com cdnjs.cloudflare.com www.googletagmanager.com tools.sanfordhealthplan.com *.mysanfordchart.org *.addthis.com *.adsrvr.org *.c.liveperson.net *.doubleclick.net *.fls.doubleclick.net *.formstack.com *.g.doubleclick.net *.google.com *.ipcamlive.com *.lpsnmedia.net *.snapchat.com *.soundcloud.com *.stripe.com *.twitter.com *.v.liveperson.net vimeo.com *.vimeo.com *.youtube.com cdn.onesignal.com e.issuu.com fast.wistia.net forms.hsforms.com host.visualcalc.com js.hsadspixel.net js.hsforms.net pixel.mathtag.com players.brightcove.net static.addtoany.com www.buzzsprout.com www.pinterest.ca www.pinterest.co.uk www.pinterest.com www.pinterest.fr www.pinterest.it www.pinterest.ph ct.pinterest.com www.thinglink.com forms.hubspot.com *.roobrik.com *.cloudfront.net sanford.az1.qualtrics.com www.groupexpro.com;frame-ancestors 'self' *.mysanfordchart.org *.snapchat.com;connect-src 'self' cdn.jsdelivr.net cdn.rlets.com cdnjs.cloudflare.com cloud.typography.com code.jquery.com www.googletagmanager.com *.addthis.com *.adroll.com *.clarity.ms *.doubleclick.net *.g.doubleclick.net *.gannettdigital.com *.google.com *.analytics.google.com *.google-analytics.com *.googleadservices.com *.googleapis.com *.gstatic.com *.linkedin.oribi.io onesignal.com *.onesignal.com *.pinterest.com *.quantcount.com *.reachlocalservices.com *.serving-sys.com *.snapchat.com *.squadup.com *.twitter.com *.vimeocdn.com *.z1.dca0.com api.hubapi.com az416426.vo.msecnd.net bat.bing.com dc.services.visualstudio.com *.hsforms.com *.hubspot.com js.hs-scripts.com hubspot-forms-static-embed.s3.amazonaws.com js.hsadspixel.net forms.hscollectedforms.net js.hscollectedforms.net n2.mouseflow.com pnapi.invoca.net sanfordhealth.formstack.com *.formstack.io usageanalytics.coveo.com *.cloud.coveo.com px.ads.linkedin.com snap.licdn.com sc-static.net api.sanfordhealth.org api-js.mixpanel.com *.instabot.io api.fbanalytics.org connect.facebook.net assets.sitescdn.net *.cloudfront.net siteimproveanalytics.com *.roobrik.com;form-action 'self' *.fontawesome.com cdnjs.cloudflare.com *.sanfordhealthfoundation.org *.adroll.com *.doubleclick.net *.google.com *.google-analytics.com *.googleapis.com *.gstatic.com *.pinterest.com *.serving-sys.com *.snapchat.com *.vimeocdn.com api.hubapi.com forms.hsforms.com forms.hubspot.com hubspot-forms-static-embed.s3.amazonaws.com;media-src * data:;object-src 'none';report-uri https://csp-reporting.sanfordhealth.org/; 2
script-src 'self'; style-src 'self'; report-uri /web/reportreceiver; 2
default-src 'self' *.wistia.com *.wistia.net embedwistia-a.akamaihd.net/ https://fonts.googleapis.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://edge.fullstory.com https://rs.fullstory.com https://ajax.googleapis.com/ https://first.iovation.com/ https://mpsnare.iesnare.com/ https://128-koi-090.mktoresp.com/ *.gskydev.net *.gskydev.com https://auth.prod.greensky.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://code.jquery.com https://cdn.jsdelivr.net https://pages.greenskycredit.com https://www.google.com/ https://www.gstatic.com https://cdnjs.cloudflare.com https://app-ab27.marketo.com https://munchkin.marketo.net https://abrtp1-cdn.marketo.com blob: http://static.site24x7rum.com https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com *.wistia.com https://rtp-static.marketo.com https://abrtp1.marketo.com https://js.driftt.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com/ https://pages.greenskycredit.com/ https://cdn.jsdelivr.net/ https://www.greensky.com/ *.gskydev.com *.gskydev.net https://use.fontawesome.com/ https://pro.fontawesome.com/ https://rtp-static.marketo.com/ https://fonts.googleapis.com/ https://fonts.googleapis.com/css/ https://app-ab27.marketo.com/ https://munchkin.marketo.net; font-src 'self' https://cdnjs.cloudflare.com https://pro.fontawesome.com/ data: https://fonts.gstatic.com https://fast.wistia.com https://use.fontawesome.com; img-src 'self' https://www.googletagmanager.com https://rs.fullstory.com *.greensky.com/ *.gskydev.com/ *.gskydev.net/ https://embed-ssl.wistia.com data: https://www.google-analytics.com https://stats.g.doubleclick.net https://fast.wistia.com https://greensky.dotcmscloud.com https://*.greensky.dotcmscloud.com embedwistia-a.akamaihd.net/ https://embed-fastly.wistia.com http://embed.wistia.com/ https://www.google.com https://www.google.de https://app-ab27.marketo.com https://pages.greenskycredit.com; media-src 'self' blob: https://js.driftt.com; frame-src 'self' https://pages.greenskycredit.com/ https://app-ab27.marketo.com/ https://www.google.com/ https://js.driftt.com; connect-src 'self' https://analytics.google.com https://edge.fullstory.com https://rs.fullstory.com *.gskydev.com/ *.gskydev.net/ https://128-koi-090.mktoresp.com/ https://abrtp1.marketo.com https://*.google-analytics.com https://stats.g.doubleclick.net *.greensky.dotcmscloud.com https://greensky.dotcmscloud.com *.greensky.com *.litix.io embedwistia-a.akamaihd.net/ *.wistia.com https://128-koi-090.mktoresp.com; object-src 'self' https://app-ab27.marketo.com/ ; base-uri 'self';manifest-src 'self'; worker-src 'none'; report-to https://www.greensky.com 2
font-src *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ https://www.googletagmanager.com/ *.google.com/ https://www.youtube.com js.mollie.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://firebasestorage.googleapis.com https://www.magezon.com https://www.mollie.com *.cloudimg.io data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://browser.sentry-cdn.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io *.google.com/ js.mollie.com *.cloudimg.io *.scaleflex.it *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.stripe.network *.stripecdn.com *.amazon.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.friendlycaptcha.com eu-api.friendlycaptcha.eu https://*.ingest.sentry.io http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://get.geojs.io *.avada.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
base-uri 'self'; default-src 'self'; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://mc.yandex.ru https://vk.com https://top-fwz1.mail.ru https://widget.me-talk.ru wss://widget.me-talk.ru https://static.me-talk.ru https://tagmanager.google.com https://www.googletagmanager.com https://score.juicyscore.net https://mc.yandex.ru https://uaas.yandex.ru https://zaymer-api-stage.itrf.tech/socket.io https://www.zaymer.ru/socket.io https://ai-bobo.ru https://*.clarity.ms https://analytics.google.com https://api.flocktory.com https://covenant-eu.robocash.global; script-src 'self' 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.google.com https://tagmanager.google.com https://www.googletagmanager.com https://www.google-analytics.com https://apis.google.com https://static.cloudflareinsights.com https://mc.yandex.ru https://yandex.ru https://yastatic.net https://abt.s3.yandex.net https://*.yandex.net https://mc.webvisor.org https://admin.verbox.ru https://top-fwz1.mail.ru https://vk.com https://static.me-talk.ru https://tagmanager.google.com https://score.juicyscore.net https://*.flocktory.com https://assets.flocktory.com https://www.clarity.ms https://q.clarity.ms https://dmp.one https://ai-bobo.ru https://widget.me-talk.ru https://privacy-cs.mail.ru; script-src-attr 'self'; script-src-elem 'self' 'unsafe-inline' https://mc.webvisor.org https://www.googletagmanager.com https://www.googletagmanager.com https://www.clarity.ms https://top-fwz1.mail.ru https://vk.com https://ai-bobo.ru https://api.flocktory.com https://assets.flocktory.com https://yastatic.net https://abt.s3.yandex.net; img-src 'self' https://www.googletagmanager.com https://www.google.ru https://www.google.com https://stats.g.doubleclick.net https://www.google-analytics.com https://mc.yandex.ru https://top-fwz1.mail.ru https://vk.com https://*.flocktory.com https://static.me-talk.ru https://dmp.one https://*.clarity.ms https://*.bing.com data:; font-src 'self' https://fonts.gstatic.com https://*.flocktory.com data:; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://*.flocktory.com; frame-src 'self' www.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com https://mc.yandex.ru https://top-fwz1.mail.ru https://*.flocktory.com https://tag.rutarget.ru https://wf.frontend.weborama.fr https://td.doubleclick.net/ blob:; form-action 'self'; frame-ancestors 'none'; child-src https://mc.yandex.ru https://*.flocktory.com blob: ; object-src 'none'; report-uri https://covenant-eu.robocash.global/report/zaymer-ru-front 2
default-src 'self' *.fontawesome.com *.visualstudio.com cdn.cookielaw.org *.azure.com *.krxd.net *.facebook.com *.googletagmanager.com *.linkedin.oribi.io *.google.com *.doubleclick.net *.liveperson.net *.google-analytics.com fintactix.com *.adsrvr.org *.lpsnmedia.net *.elfsight.com;script-src 'self' 'unsafe-inline' unpkg.com code.jquery.com stackpath.bootstrapcdn.com customer.cludo.com cdnjs.cloudflare.com *.fontawesome.com *.googletagmanager.com *.licdn.com *.convergetrack.com js.monitor.azure.com *.adroll.com *.facebook.net *.google-analytics.com *.doubleclick.net *.lpsnmedia.net *.liveperson.net *.adsrvr.org *.google.com *.elfsight.com cdn.cookielaw.org maxcdn.bootstrapcdn.com cdn.jsdelivr.net;style-src 'self' 'unsafe-inline' customer.cludo.com fonts.googleapis.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net;img-src 'self' data: *.adsrvr.org *.convergetrack.com *.demdex.net *.google.com *.lpsnmedia.net *.linkedin.com *.facebook.com *.krxd.com *.krxd.net *.adroll.com *.google-analytics.com *.doubleclick.net *.googletagmanager.com *.elfsight.com;font-src 'self' fonts.gstatic.com *.fontawesome.com 2
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.klarnacdn.net 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.vaude.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com *.criteo.com *.klarna.com js.mollie.com td.doubleclick.net app.usercentrics.eu web.cmp.usercentrics.eu v1.api.service.cmp.usercentrics.eu *.outtra.com *.googletagmanager.com *.fls.doubleclick.net *.amazon-adsystem.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com *.klarna.com *.klarnaevt.com *.klarnacdn.net *.disqus.com https://img.youtube.com https://www.mollie.com *.hsforms.net *.hsforms.com 'self' data: www.vaude.com vaude.localhost https://vaude.localhost/ www.google.de app.usercentrics.eu web.cmp.usercentrics.eu v1.api.service.cmp.usercentrics.eu uct.service.usercentrics.eu ad.doubleclick.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com s.pinimg.com https://dynamic.criteo.com https://sslwidget.criteo.com *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.disqus.com js.mollie.com *.hsforms.net *.hsforms.com *.gstatic.com *.abtasty.com ion.vaude.com id.vaude.com analytics.vaude.com js-agent.newrelic.com vaude.matomo.cloud app.usercentrics.eu web.cmp.usercentrics.eu v1.api.service.cmp.usercentrics.eu api.usercentrics.eu graphql.usercentrics.eu privacy-proxy.usercentrics.eu cdn.matomo.cloud cdn.scarabresearch.com static.scarabresearch.com webchannel-content.eservice.emarsys.net https://vaude.homepagerecruiter.de https://cdn.tailwindcss.com https://production.neocomapp.com *.outtra.com *.amazon-adsystem.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.klarnacdn.net *.googleapis.com *.gstatic.com *.outtra.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com https://measurement-api.criteo.com *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com *.abtasty.com analytics.vaude.com bam.nr-data.net pagead2.googlesyndication.com vaude.matomo.cloud app.usercentrics.eu web.cmp.usercentrics.eu v1.api.service.cmp.usercentrics.eu api.usercentrics.eu graphql.usercentrics.eu privacy-proxy.usercentrics.eu aggregator.service.usercentrics.eu consent-api.service.consent.usercentrics.eu cdn.matomo.cloud cdn.scarabresearch.com static.scarabresearch.com webchannel-content.eservice.emarsys.net https://prompts.api.production.neocomapp.com *.outtra.com *.amazon-adsystem.com *.paa-reporting-advertising.amazon 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
base-uri 'self'; default-src 'none'; child-src; connect-src 'self' https://rec.smartlook.com http://rec.smartlook.com rec.smartlook.com https://www.google-analytics.com http://www.google-analytics.com www.google-analytics.com https://*.doubleclick.net http://*.doubleclick.net *.doubleclick.net; font-src 'self' https://fonts.gstatic.com http://fonts.gstatic.com fonts.gstatic.com https://use.typekit.net http://use.typekit.net use.typekit.net data:; form-action 'self' https://*.twitter.com http://*.twitter.com *.twitter.com; frame-ancestors 'none'; frame-src https://youtube.com http://youtube.com youtube.com https://*.twitter.com http://*.twitter.com *.twitter.com; img-src 'self' https://www.google-analytics.com http://www.google-analytics.com www.google-analytics.com https://*.doubleclick.net http://*.doubleclick.net *.doubleclick.net https://*.twitter.com http://*.twitter.com *.twitter.com https://*.twimg.com http://*.twimg.com *.twimg.com https://*.wp.com http://*.wp.com *.wp.com blob: data:; media-src https://youtube.com http://youtube.com youtube.com; object-src 'none'; script-src 'self' https://www.googletagmanager.com http://www.googletagmanager.com www.googletagmanager.com https://www.google-analytics.com http://www.google-analytics.com www.google-analytics.com https://platform.twitter.com http://platform.twitter.com platform.twitter.com https://rec.smartlook.com http://rec.smartlook.com rec.smartlook.com https://*.twimg.com http://*.twimg.com *.twimg.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://*.typekit.net http://*.typekit.net *.typekit.net https://*.googleapis.com http://*.googleapis.com *.googleapis.com https://*.twitter.com http://*.twitter.com *.twitter.com https://*.twimg.com http://*.twimg.com *.twimg.com 'unsafe-inline' 2
base-uri 'self'; block-all-mixed-content; default-src 'self'; form-action 'self'; frame-ancestors 'self'; plugin-types 'none'; script-src 'self' 'report-sample'; style-src 'self' 'report-sample'; object-src 'none'; worker-src 'none'; 2
frame-ancestors 'self' https://*.jobcloud.ch https://*.jobs.ch https://*.jobup.ch; base-uri 'self'; connect-src * data: 'self'; default-src 'self' https:; font-src 'self' https: data:; form-action 'self'; frame-src 'self' https:; img-src * data: blob: 'self'; manifest-src 'self'; media-src 'self'; object-src 'self'; script-src 'self' https: * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; require-trusted-types-for 'script'; worker-src 'self' 2
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.certcapture.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com www.google.com *.certcapture.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.trustpilot.com https://symphony.ocltraining-int.com https://symphony.ocltraining-qa.com https://symphony.ocltraining.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.certcapture.com magefan.com cm.magefan.com *.disqus.com https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com www.googletagmanager.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.certcapture.com *.disqus.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.certcapture.com assets.braintreegateway.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.certcapture.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src *.certcapture.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self'; script-src 'report-sample' 'self' https://bat.bing.com/bat.js https://cdn-4.convertexperiments.com/v1/js/10047604-10048796.js https://cdn.cookiehub.eu/c2/0d3e7b1f.js https://cdn.mxpnl.com/libs/mixpanel-2-latest.min.js https://cdnjs.cloudflare.com/polyfill/v3/polyfill.min.js https://public.our-trace.com/scripts/trace-badge.js https://recaptcha.net/recaptcha/api.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://www.convert.com/current-convert-experiences-script/dist/bundle.js https://www.googletagmanager.com/gtm.js https://www.gstatic.com/recaptcha/releases/h7qt2xUGz2zqKEhSc8DD8baZ/recaptcha__en.js; style-src 'report-sample' 'self' 'unsafe-inline' https://cookiehub.net https://www.convert.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://api.our-trace.com https://bat.bing.com https://cdn-4.convertexperiments.com https://px.ads.linkedin.com https://www.google-analytics.com https://www.google.com; font-src 'self' data:; frame-src 'self' https://recaptcha.net https://www.googletagmanager.com; frame-ancestors 'self' https://www.google.com https://recaptcha.net; img-src 'self' data: https://bat.bing.com https://public.our-trace.com https://px.ads.linkedin.com https://tracking.g2crowd.com; manifest-src 'self'; media-src 'self'; worker-src 'none'; 2
font-src fonts.gstatic.com use.typekit.net cdn.jsdelivr.net cdn.almapay.com *.googleapis.com https://www.gstatic.com data: fonts.googleapis.com https://cdnjs.cloudflare.com https://fonts.gstatic.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com pay.google.com payments-eu.amazon.com *.amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.adyen.com pay.google.com *.paypal.com *.getalma.eu *.almapay.com/ www.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://www.googletagmanager.com/ *.google.com/ https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com https://www.youtube.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.adyen.com pay.google.com *.payments-amazon.com *.media-amazon.com *.paypalobjects.com https://*.gstatic.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.bird.eu *.openstreetmap.org maps.googleapis.com maps.gstatic.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://www.magezon.com https://*.google.com https://*.googleapis.com https://*.googleusercontent.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com cdn.jsdelivr.net *.almapay.com *.googleapis.com https://*.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ https://cdnjs.cloudflare.com https://polyfill-fastly.io https://browser.sentry-cdn.com sentry.bird.eu *.google.com/ https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cdn.jsdelivr.net *.almapay.com https://fonts.googleapis.com https://cdnjs.cloudflare.com https://hcaptcha.com https://*.hcaptcha.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.adyen.com *.google.com https://*.google.com payments-eu.amazon.com *.paypal.com *.getalma.eu *.almapay.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com maps.googleapis.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://*.ingest.sentry.io sentry.bird.eu https://ipinfo.io https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src https: 'unsafe-inline' 'unsafe-eval' 2
default-src 'self' https://exercism.org https://api.exercism.org https://assets.exercism.org; connect-src 'self' ws://exercism.org https://cdn.jsdelivr.net https://sessions.bugsnag.com/; img-src 'self' data: https://*; media-src *; script-src 'self' https://exercism.org https://api.exercism.org https://assets.exercism.org https://js.stripe.com https://cdn.jsdelivr.net https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; frame-src https://js.stripe.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; font-src 'self' https://exercism.org https://api.exercism.org https://assets.exercism.org https://maxcdn.bootstrapcdn.com; style-src 'self' https://exercism.org https://api.exercism.org https://assets.exercism.org 'unsafe-inline' https://maxcdn.bootstrapcdn.com; child-src 'none' 2
default-src https://*.cru.org; connect-src https://*.cru.org https://universal-editor-service.adobe.io https://*.adobeaemcloud.com https://*.adtrafficquality.google https://cru-content-based-filtering-prod.s3.amazonaws.com https://cru-content-based-filtering-stage.s3.amazonaws.com https://lq3-production.s3.amazonaws.com https://cru.oktapreview.com https://signon.okta.com https://browser-intake-datadoghq.com https://api.rollbar.com https://bat.bing.com https://bat.bing.net https://*.clarity.ms https://d3hb14vkzrxvla.cloudfront.net https://cdn.cookielaw.org https://*.doubleclick.net https://*.facebook.com https://www.googleadservices.com https://*.google-analytics.com https://*.googlesyndication.com https://www.googletagmanager.com https://maps.googleapis.com https://*.google.com https://csi.gstatic.com https://*.kommunicate.io https://api.leadquizzes.com https://px.ads.linkedin.com https://*.onetrust.com https://*.optimizely.com https://ct.pinterest.com https://*.scene7.com https://capig.stape.biz https://t.co https://analytics.twitter.com https://api.typeform.com; font-src data: https://*.cru.org https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://use.typekit.net; frame-src https://*.cru.org https://static.addtoany.com https://*.adobeaemcloud.com https://*.adtrafficquality.google https://api.arclight.org https://bat.bing.com https://*.doubleclick.net https://*.facebook.com https://google.com https://*.google.com https://www.googletagmanager.com https://www.instagram.com https://content.leadquizzes.com https://cdn.lightwidget.com https://knowgod.com https://*.kommunicate.io https://your.nextstep.is https://*.spotify.com https://platform.twitter.com https://cru.oktapreview.com https://signon.okta.com https://*.optimizely.com https://ct.pinterest.com https://form.typeform.com https://player.vimeo.com https://my.visme.co https://www.youtube.com; img-src blob: data: *; media-src blob: data: *; object-src https://*.cru.org https://*.adobeaemcloud.com; script-src 'unsafe-eval' 'unsafe-inline' https://*.cru.org https://static.addtoany.com https://*.adtrafficquality.google https://static.ads-twitter.com/uwt.js https://universal-editor-service.adobe.io https://lq3-production.s3.amazonaws.com https://bat.bing.com https://maxcdn.bootstrapcdn.com https://www.clarity.ms https://cdnjs.cloudflare.com https://cdn.cookielaw.org https://*.doubleclick.net https://connect.facebook.com https://connect.facebook.net https://*.google.com https://www.googleadservices.com https://*.googleapis.com https://www.googletagmanager.com https://*.googlesyndication.com https://www.gstatic.com https://beacon-v2.helpscout.net https://www.instagram.com https://code.jquery.com https://cdn.jsdelivr.net https://snap.licdn.com https://cdn.lightwidget.com https://knowgod.com https://*.kommunicate.io https://global.oktacdn.com https://*.optimizely.com https://s.pinimg.com https://ct.pinterest.com https://cdn.parsely.com https://s7d2.scene7.com https://platform.twitter.com https://embed.typeform.com https://use.typekit.net https://unpkg.com/@cruglobal/recommendations-component@1.0.7/dist/index.js https://player.vimeo.com https://static-bundles.visme.co https://www.youtube.com; style-src 'unsafe-inline' https://*.cru.org https://s3-us-west-2.amazonaws.com/lq3-production01/lead_quizzes_3.0/tracking/css/global-tracking.css https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://*.kommunicate.io https://cdn-images.mailchimp.com https://s7d2.scene7.com https://*.typekit.net https://embed.typeform.com https://unpkg.com/@cruglobal/cru-content-designs@1.1.0/cruorg/styles.css https://unpkg.com/swiper/swiper-bundle.min.css; worker-src blob:; report-uri https://browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub78c844a77df2472307b237a306fd3ce4&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=service%3Acru-dot-org%2Cenv%3Aproduction%2Ccsp-revision%3A3; report-to csp-endpoint 2
default-src 'self'; form-action 'none' 2
upgrade-insecure-requests; base-uri 'self'; default-src 'self'; child-src 'self' https:; connect-src 'self' https:; font-src 'self' https: data:; frame-src 'self' https:; img-src 'self' blob: https: data:; media-src 'self' ssl.gstatic.com v.adsrvr.org data:; script-src 'self' ajax.cloudflare.com cdn.ampproject.org cdn.printfriendly.com choices.trustarc.com choices.truste.com ep2.adtrafficquality.google *.kaspersky-labs.com js.chargebee.com s.adroll.com s0.2mdn.net s3.amazonaws.com www.googletagservices.com www.gstatic.com www.scrible.com *.doubleverify.com *.doubleclick.net *.google *.google.com *.googleapis.com *.googlesyndication.com *.sentry-cdn.com 'unsafe-inline'; style-src 'self' js.chargebee.com pwm-image.trendmicro.com s3.amazonaws.com use.fontawesome.com www.gstatic.com *.googleapis.com *.kaspersky-labs.com *.public.law 'unsafe-inline'; worker-src 'self' https: blob:; report-uri https://www.public.law/csp-report 2
default-src https: 'unsafe-inline' 'unsafe-eval' ; frame-src https://* about: javascript: ; img-src https://* data: ; report-to vkpay-csp-endpoint ; report-uri https://cspreport.mail.ru/vkpay?disposition=report 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://on-site.com https://*.on-site.com https://on-site.com:8765 https://*.on-site.com:8765 https://*.realpage.com https://*.erenterplan.com https://cdn.statuspage.io https://code.jquery.com https://acsbap.com https://acsbapp.com https://cdn.jsdelivr.net https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com https://www.gstatic.com https://apis.google.com https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://www.clarity.ms https://*.qualtrics.com; object-src 'self'; worker-src 'self' blob:; report-uri /pub/csp_reports 2
script-src 'self' https://ajax.googleapis.com https://f1000research.s3-eu-west-1.amazonaws.com https://cdnjs.cloudflare.com https://cdnjs.cloudflare.com https://js.hs-scripts.com 2
default-src 'self'; style-src 'self' https://*.typekit.net https://cdnjs.cloudflare.com; font-src https://*.typekit.net; script-src 'self' https://sparkplatform.com https://cdnjs.cloudflare.com 2
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://static.unzer.com https://applepay.cdn-apple.com maxcdn.bootstrapcdn.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de https://plumrocket.com www.facebook.com *.facebook.com *.nkd.com *.nkd.it 'self' 'unsafe-inline'; frame-ancestors *.nkd.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://www.googletagmanager.com/ *.facebook.com https://payment.unzer.com https://payment.heidelpay.com https://sbx-payment.heidelpay.com https://sbx-payment.unzer.com https://h.online-metrix.net https://google.com/pay https://pay.google.com/ https://test-heidelpay.hpcgw.net/ https://sbx-api.heidelpay.com/ secure.pay1.de payments.amazon.de jsctool.com www.jsctool.com js.playground.klarna.com https://plumrocket.com https://accounts.google.com ad4m.at *.criteo.com *.doubleclick.net www.facebook.com hal9000.redintelligence.net *.usercentrics.eu www.usemaxserver.de *.fls.doubleclick.net *.creativecdn.com tsdtocl.com *.sovendus-benefits.com *.sovendus-connect.com *.usemaxserver.de 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.cdninstagram.com maps.googleapis.com maps.gstatic.com https://static.unzer.com *.online-metrix.net https://www.gstatic.com cdn.pay1.de x.klarnacdn.net *.cloudfront.net m.media-amazon.com static-eu.payments-amazon.com *.hsforms.net *.hsforms.com 'self' data: ad11.adfarm1.adition.com bat.bing.com *.doubleclick.net *.google.com *.google.pl imagesrv.adition.com lantern.roeye.com *.nkd.com track.adform.net usage.trackjs.com *.usercentrics.eu widgets.trustedshops.com www.facebook.com *.360yield.com *.3lift.com *.addlv.smt.docomo.ne.jp *.adform.net *.admixer.net *.adnxs.com *.adscale.de *.adx.opera.com *.bing.com *.casalemedia.com *.ck-ie.com *.connectad.io *.console.adtarget.com.tr *.creativecdn.com *.dmxleo.com *.e-planning.net *.facebook.com *.facebook.net *.g.doubleclick.net *.go.sonobi.com *.gumgum.com *.inmobi.com *.leap.de *.loopme.me *.marphezis.com *.media.net *.mgid.com *.nexx360.io *.openx.net *.outbrain.com *.roeye.com *.rubiconproject.com *.sharethrough.com *.taboola.com *.teads.tv *.trackjs.com *.udmserve.net *.visx.net *.adition.com *.trustedshops.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.plugins.emarsys.net *.scarabresearch.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.googleapis.com player.vimeo.com connect.facebook.net cdnjs.cloudflare.com *.googleoptimize.com maps.googleapis.com https://static.unzer.com https://applepay.cdn-apple.com https://pay.google.com https://code.jquery.com https://h.online-metrix.net https://h64.online-metrix.net secure.pay1.de d.ratepay.com static-eu.payments-amazon.com x.klarnacdn.net cdn.klarna.com jsctool.com d.payla.io https://accounts.google.com https://www.gstatic.com *.hsforms.net *.hsforms.com *.gstatic.com ad4m.at api.sovendus.com bat.bing.com *.taboola.com cdn.mouseflow.com core.loopingo.com *.criteo.com *.epoq.de epoq-systems.de *.facebook.net *.kameleoon.eu lantern.roeyecdn.com *.nkd.com tags.creativecdn.com *.usercentrics.eu webanalytics.mso.digital widgets.trustedshops.com www.dwin1.com www.usemaxserver.de *.bing.com *.dwin1.com *.epoq-systems.de *.loopingo.com *.usemaxserver.de *.trustedshops.com *.googletagmanager.com *.mouseflow.com *.outbrain.com *.creativecdn.com d22q3dafggn5rg.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com maxcdn.bootstrapcdn.com d.ratepay.com d.payla.io dr.payla.io https://accounts.google.com https://www.gstatic.com *.googleapis.com *.gstatic.com *.epoq.de epoq-systems.de 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.scarabresearch.com *.eservice.emarsys.net http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ maps.googleapis.com https://api.unzer.com https://api.heidelpay.com https://sbx-api.heidelpay.com https://sbx-api.unzer.com https://payment.unzer.com https://payment.heidelpay.com https://sbx-payment.heidelpay.com https://sbx-payment.unzer.com https://h.online-metrix.net https://h64.online-metrix.net https://google.com/pay https://www.google.com/pay https://pay.google.com https://test-heidelpay.hpcgw.net/ https://sbx-api.heidelpay.com/ payments.amazon.de payments-eu.amazon.com d.ratepay.com jsctool.com eu.playground.klarnaevt.com https://accounts.google.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com ams.creativecdn.com api.usercentrics.eu bat.bing.com *.criteo.com *.googleapis.com *.taboola.com webanalytics.mso.digital *.bing.com *.trustedshops.com *.usercentrics.eu *.creativecdn.com *.bing.net *.loopingo.com *.kameleoon.eu *.sovendus.com *.arc.epoq.de *.facebook.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src fonts.gstatic.com use.typekit.net https://*.gstatic.com data: *.sodatech.com *.sodatech.net *.gstatic.com *.typekit.net cdn.livechatinc.com mediacdn.espssl.com viewer.byondxr.com use.fontawesome.com 'self' data: https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com api.bazaarvoice.com stg.api.bazaarvoice.com pal-test.adyen.com www.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.adyen.com *.sharethis.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.ehappify.com www.xtento.com *.vimeo.com *.jsctool.com *.pinterest.com *.mmcagentur.at *.doubleclick.net *.facebook.com *.facebook.net *.google.com *.demdex.net *.authorize.net *.paypal.com *.googletagmanager.com *.xtento.com *.app-wallee.com *.waltpixel.com *.equitystory.com offer.slgnt.us vars.hotjar.com *.pepperjamnetwork.com services.listrak.com *.serverdata.net *.livechatinc.com *.lindtusa.com *.russellstover.com *.ghirardelli.com https://*.ordergroove.com app-wallee.com www.jsctool.com static.ogmystyle.com static2.ogmystyle.com www.mystyleplatform.com *.weltpixel.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.trustpilot.com geowidget.inpost.pl sandbox-easy-geowidget-sdk.easypack24.net widget.packeta.com https://www.paypalobjects.com https://lindtusa.rlvs.co.uk https://ghirardelli.slgnt.us https://byondxr-viewer.byondxr.com/launcher/1.0.58/package/index.js tinyurl.com/LINDT-LAUNCHER https://optmize.google.com nytrng.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com https://*.gstatic.com *.sharethis.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com *.cloudfront.net *.amazonaws.com www.xtento.com cdn.xtento.com blob: lindt.test *.lindt.test maps.googleapis.com *.pinterest.com *.postcodeanywhere.co.uk *.klarna.com *.invibes.com *.b26net.com https://www.google-analytics.com *.googletagmanager.com *.teads.tv *.videostep.com *.facebook.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.taboola.com *.doubleclick.net *.outbrain.com *.adobedtm.com *.omtrdc.net *.demdex.net *.everesttech.net *.magentocommerce.com *.sodatech.com *.sodatech.net api.official-deals.co.uk api.official-coupons.com *.adsymptotic.com cdn.livechat-files.com cp.official-coupons.com cookie-cdn.cookiepro.com cp.official-deals.co.uk site-azp.slgnt.us ct.pinterest.com *.ads.linkedin.com cdn.polyfill.io offer.slgnt.us *.blob.core.windows.net s.pinimg.com snap.licdn.com mediacdn.espssl.com *.clarity.ms *.bing.com *.serverdata.net lindtna.test *.lindtna.test *.livechatinc.com mageside.com app-wallee.com d.ratepay.com viewer.byondxr.com s3.us-west-2.amazonaws.com showroom-media.byondxr.com media-optimization-service.byondxr.com *.byondxr.com *.listrakbi.com www.mystyleplatform.com static.mystyleplatform.com static2.mystyleplatform.com static2.ogmystyle.com mystyleplatform.s3.us-west-2.amazonaws.com maps.gstatic.com maps.google.com *.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com https://redchamps.com 'self' data: geowidget.inpost.pl sandbox-easy-geowidget-sdk.easypack24.net widget.packeta.com https://mediacdn.espssl.com/2824/Shared/Modal/chocolate.png https://www.linkedin.com https://*.linkedin.com/ https://px.ads.linkedin.com https://mcstaging.russellstover.com https://mcstaging.lindtusa.com https://mcstaging.ghirardelli.com https://mcprod.lindtusa.com *.googleadservices.com *.yieldify.com https://www.google-anaytics.com https://www.googletagmanager.com https://optimize.google.com https://cdn.livechat-static.com *.bazaarvoice.com https://shopper.shop.pe i.liadm.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com *.adyen.com *.sharethis.com *.googleapis.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com widget.freshworks.com m2epro.freshdesk.com www.xtento.com cdn.xtento.com *.pcapredict.com lindt.slgnt.eu maps.googleapis.com *.pinterest.com *.postcodeanywhere.co.uk *.ratepay.com *.cloudflare.com *.teads.tv *.r66net.com *.facebook.net *.googleadservices.com *.doubleclick.net *.cookiepro.com *.cloudfront.net *.videostep.com *.mfgroup.ch *.taboola.com *.outbrain.com *.adobedtm.com *.authorize.net *.unpkg.com *.fontawesome.com *.sodatech.net *.sodatech.com www.clarity.ms bat.bing.com *.b2c.com bt.fraud0.com container.pepperjam.com www.googleoptimize.com *.hotjar.com *.pepperjamnetwork.com *.revlifter.io site-azp.slgnt.us ct.pinterest.com *.ads.linkedin.com cdn.polyfill.io offer.slgnt.us *.blob.core.windows.net s.pinimg.com snap.licdn.com acsbapp.com cdn.noibu.com www.youtube.com *.upsellit.com *.livechatinc.com *.serverdata.net *.tiktok.com *.ordergroove.com app-wallee.com d.ratepay.com www.jsctool.com byondxr-viewer.byondxr.com web-apps.byondxr.com *.listrakbi.com *.listrak.com mystyleplatform.com www.mystyleplatform.com static.ogmystyle.com static2.ogmystyle.com d203yb14zlmxwn.cloudfront.net cdnjs.cloudflare.com cdn.jsdelivr.net use.fontawesome.com *.mczbf.com maps.google.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com *.google.com *.gstatic.com *.trustpilot.com geowidget.inpost.pl sandbox-easy-geowidget-sdk.easypack24.net widget.packeta.com https://www.youtube.com https://acsbapp.com/apps/app/dist/js/app.js https://cdn.noibu.com/collect.js https://byondxr-viewer.byondxr.com/launcher/1.0.58/package/index.js tinyurl.com/LINDT-LAUNCHER *.yieldify.com *.fraud0.com https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com 'unsafe-inline' https://optimize.google.com 'unsafe-inline' https://cdn.attn.tv https://www.lindt-spruengli.com/* https://www.lindt-spruengli.com/media/target/VAPI.min.js https://www.lindt-spruengli.com/media/target/at.js shop.pe *.shop.pe d3rr3d0n31t48m.cloudfront.net addshoppers.s3.amazonaws.com .traversedlp.com .voltn.com *.addshoppers.com static.traversedlp.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com https://fonts.googleapis.com/ *.sharethis.com display.ugc.bazaarvoice.com *.amazonaws.com widget.freshworks.com m2epro.freshdesk.com *.fonts.net *.postcodeanywhere.co.uk *.cloudfront.net *.cloudflare.com *.sodatech.com *.sodatech.net *.googleapis.com *.getfirebug.com cloud.typography.com *.serverdata.net *.myfonts.net *.russellstover.com d.ratepay.com *.listrakbi.com *.listrak.com use.fontawesome.com www.mystyleplatform.com static.ogmystyle.com static2.ogmystyle.com unsafe-inline assets.braintreegateway.com tagmanager.google.com *.gstatic.com *.trustpilot.com geowidget.inpost.pl widget.packeta.com https://cloud.typography.com https://byondxr-viewer.byondxr.com/launcher/1.0.58/package/index.js 'unsafe-inline' https://optimize.google.com https://fonts.googleapis.com 'unsafe-inline' cookie-cdn.cookiepro.com https://cookie-cdn.cookiepro.com https://cdn.cookiepro.com/scripttemplates/*/assets 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cloudfront.net *.serverdata.net *.livechatinc.com *.listrakbi.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com *.sentry.io *.adyen.com *.sharethis.com *.googleapis.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com widget.freshworks.com m2epro.freshdesk.com *.paypal.com *.postcodeanywhere.co.uk *.ratepay.com *.luckyorange.net *.cookiepro.com *.mfgroup.ch *.doubleclick.net *.visitors.live wss://in.visitors.live wss://visitors.live wss://in.visitors.live/ wss://visitors.live/ visitors.live *.taboola.com *.demdex.net *.omtrdc.net *.magento.com *.adobe.net *.adobedtm.com *.adobedc.net *.typekit.net *.magedevteam.com *.sodatech.com *.sodatech.net *.teads.tv www.sjwoe.com input.noibu.com wss://input.noibu.com/pv_part in.hotjar.com www.facebook.com *.b2c.com bt.fraud0.com *.revlifter.com *.pepperjamnetwork.com *.revlifter.io site-azp.slgnt.us ct.pinterest.com *.ads.linkedin.com cdn.polyfill.io offer.slgnt.us s.pinimg.com snap.licdn.com *.acsbapp.com cdn.noibu.com https://maps.googleapis.com *.clarity.ms *.facebook.com *.serverdata.net *.livechatinc.com api.addressy.com *.listrakbi.com *.mczbf.com *.tiktok.com *.ordergroove.com d.ratepay.com www.jsctool.com *.byondxr.com api.byondxr.com s3.us-west-2.amazonaws.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com https://www.google-analytics.com t.elasticsuite.io *.google-analytics.com https://vc.hotjar.io https://cdn.linkedin.oribi.io https://byondxr-viewer.byondxr.com/launcher/1.0.58/package/index.js *.fraud0.com *.lindtusa.com *.yieldify.com https://content.hotjar.io wss://ws.hotjar.com https://metrics.hotjar.io https://lindt-us.attn.tv https://events.attentivemobile.com lindt.attn.tv cookie-cdn.cookiepro.com https://geolocation.onetrust.com https://bat.bing.com shop.pe *.shop.pe  'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.byondxr.com *.googleapis.com https://viewer.byondxr.com https://web-apps.byondxr.com https://app.byondxr.com https://byondxr-viewer.byondxr.com https://app.byondvr.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * oppwa.com *.oppwa.com peachpayments.com *.peachpayments.com webchat.jdg.co.za *.jdg.co.za 'self' 'unsafe-inline'; frame-ancestors *.hana.ondemand.com 'self'; object-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; media-src *.gstatic.com *.google.com capitracking.istore.co.za analytics.twitter.com t.co sp.analytics.yahoo.com cdn1.stamped.io stamped.io *.zdassets.com 'self' 'unsafe-inline'; font-src *.gstatic.com fonts.gstatic.com use.typekit.net *.typekit.net *.klevu.com *.ksearchnet.com https://fonts.gstatic.com *.fontawesome.com https://fonts.bunny.net cdn1.stamped.io stamped.io *.cloudflare.com *.googleapis.com *.zopim.com *.tawk.to *.jsdelivr.net media.flixfacts.com 'unsafe-inline' data: data: 'self' 'unsafe-inline'; style-src *.googleapis.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.klevu.com *.ksearchnet.com https://hcaptcha.com https://*.hcaptcha.com *.fontawesome.com https://fonts.bunny.net assets.braintreegateway.com oppwa.com *.oppwa.com *.peachpayments.com cdn1.stamped.io stamped.io *.cloudflare.com *.jsdelivr.net www.gstatic.com media.flixcar.com 'unsafe-inline' data: https://statsjs.klevu.com https://js.klevu.com 'self' 'unsafe-inline'; connect-src *.googleapis.com *.google.com *.gstatic.com s.yimg.com in.visitors.live dsp-trk.eskimi.com dsp-ap.eskimi.com sslwidget.criteo.com wss://in.visitors.live analytics.tiktok.com/* portal.immerss.live *.linkedin.com *.creativecdn.com wss://ws.hotjar.com *.istore.co.za *.tiktok.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.sentry.io *.magento-datasolutions.com *.magento-ds.com *.paypal.com google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.klevu.com *.ksearchnet.com sandbox-api.layup.co.za layup.co.za https://ipinfo.io https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com oppwa.com *.oppwa.com *.peachpayments.com cdn1.stamped.io stamped.io *.testfreaks.com *.nosto.com *.hotjar.io *.hotjar.com *.doubleclick.net *.zendesk.com *.tawk.to wss://*.tawk.to *.tawk.link *.addthis.com *.addthisedge.com *.what3words.com vsb111.tawk.to ekr.zdassets.com app.mobicredwidget.co.za wss://widget-mediator.zopim.com bam.nr-data.net *.googletagmanager.com security-hub.vaimo.network 'unsafe-eval' data: 'self' 'unsafe-inline'; frame-src *.google.com ams.creativecdn.com portal.immerss.live *.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * oppwa.com *.oppwa.com peachpayments.com *.peachpayments.com *.nosto.com *.issuu.com *.hotjar.com *.hotjar.io *.googletagmanager.com *.criteo.net *.criteo.com *.addthis.com webchat.jdg.co.za *.jdg.co.za 'self' 'unsafe-inline'; img-src *.googleapis.com *.gstatic.com *.google.com *.googleusercontent.com capitracking.istore.co.za analytics.twitter.com t.co sp.analytics.yahoo.com pixel.rubiconproject.com cm.g.doubleclick.net r.casalemedia.com eb2.3lift.com simage2.pubmatic.com contextual.media.net sync-t1.taboola.com exchange.mediavine.com s.ad.smaato.net match.sharethrough.com jadserve.postrelease.com c.bing.com sync.outbrain.com rtb-csync.smartadserver.com secure.adnxs.com ib.adnxs.com ads.yahoo.com ups.analytics.yahoo.com dis.criteo.com *.doubleclick.net *.linkedin.com *.tribalfusion.com sync.go.sonobi.com istore.co.za cm.adform.net ams.creativecdn.com bh.contextweb.com widgets.magentocommerce.com 'unsafe-inline' data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.klevu.com *.ksearchnet.com https://*.googleapis.com https://*.googleusercontent.com https://firebasestorage.googleapis.com store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: oppwa.com *.oppwa.com *.peachpayments.com *.eu-west-1.amazonaws.com cdn1.stamped.io stamped.io *.cloudflare.com *.google.lv *.google.co.za *.google.com.na *.google.na *.zopim.com *.nosto.com *.hotjar.com *.hotjar.io *.googletagmanager.com *.zopim.io *.sfdr.co sfdr.co *.tawk.to tawk.link *.tawk.link *.addthis.com *.jsdelivr.net *.azurewebsites.net maps.googleapis.com app.mobicredwidget.co.za amcglobal.sc.omtrdc.net media.flixcar.com rt.flix360.com assets.secure.checkout.visa.com data: 'self' 'unsafe-inline'; script-src *.google.com *.googleapis.com *.gstatic.com capitracking.istore.co.za s.yimg.com platform2.cloud-iq.com static.ads-twitter.com rookdsp.com dsp-media.eskimi.com portal.immerss.live snap.licdn.com tags.creativecdn.com *.tiktok.com *.tribalfusion.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com www.vimeo.com *.vimeocdn.com *.youtube.com *.magento-ds.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.typekit.net google.com *.cdn-apple.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.klevu.com *.ksearchnet.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.oppwa.com oppwa.com *.peachpayments.com cdn1.stamped.io stamped.io *.zopim.com *.videoly.co sfdr.co *.cnetcontent.com *.cloudfront.net *.klevu.com *.google.lv *.google.co.za *.google.com.na *.google.na *.cloudflare.com *.cloudflareinsights.com *.nosto.com *.hotjar.com *.googletagmanager.com *.criteo.net *.criteo.com *.sfdr.co *.tawk.to *.tawk.link *.jsdelivr.net *.addthis.com *.addthisedge.com *.moatads.com *.mouseflow.com *.facebook.com *.what3words.com maps.googleapis.com static.zdassets.com app.mobicredwidget.co.za www.gstatic.com bam.nr-data.net js.testfreaks.com media.flixfacts.com media.flixcar.com security-hub.vaimo.network https://js.klevu.com 'self' 'unsafe-inline' 'unsafe-eval'; 2
default-src 'self' https://*.wistia.com https://*.wistia.net https://cdn.growthbook.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://gtm.moneybird.nl https://gtm.moneybird.de https://gtm.moneybird.com https://gtm.moneybird.be https://www.google-analytics.com https://www.youtube.com https://maps.googleapis.com https://bat.bing.com https://*.demio.com https://d3s4clg74dg0wr.cloudfront.net https://zapier.com https://www.clarity.ms https://static.homerun.co https://unpkg.com/@googlemaps/ https://euc-widget.freshworks.com https://moneybird.freshdesk.com https://*.wistia.com https://*.wistia.net https://*.intercom.io wss://*.intercom.io https://intercom-sheets.com/ https://*.intercomcdn.eu https://*.intercomcdn.com https://*.intercomassets.eu; style-src 'self' 'unsafe-inline' https://moneybird.nl https://www.moneybird.nl https://www.googletagmanager.com https://gtm.moneybird.nl https://gtm.moneybird.de https://gtm.moneybird.com https://gtm.moneybird.be https://www.gstatic.com https://d3s4clg74dg0wr.cloudfront.net https://fonts.googleapis.com https://*.demio.com https://static.homerun.co https://fonts.bunny.net https://euc-widget.freshworks.com https://moneybird.freshdesk.com https://*.adyen.com/ https://intercom-sheets.com/ https://*.intercomcdn.eu https://*.intercomcdn.com https://*.intercomassets.eu; img-src 'self' https://moneybird.nl https://www.moneybird.nl https://prismic-io.s3.amazonaws.com https://images.prismic.io https://moneybird.cdn.prismic.io https://dl6oytjgv033w.cloudfront.net https://www.gstatic.com https://www.google-analytics.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://www.googletagmanager.com https://gtm.moneybird.nl https://gtm.moneybird.de https://gtm.moneybird.com https://gtm.moneybird.be https://www.google.nl https://www.google.com https://i.ytimg.com https://maps.gstatic.com https://csi.gstatic.com https://maps.googleapis.com https://bat.bing.com https://zapier.com https://cdn.zapier.com https://euc-widget.freshworks.com https://moneybird.freshdesk.com https://*.wistia.com https://*.wistia.net data: https://*.adyen.com/ https://intercom-sheets.com/ https://*.intercomcdn.eu https://*.intercomcdn.com https://*.intercomassets.eu; object-src 'self' https://www.youtube-nocookie.com https://www.youtube.com; connect-src 'self' https://moneybird.nl https://www.moneybird.nl https://help.moneybird.nl https://bat.bing.com https://gtm.moneybird.nl https://gtm.moneybird.com https://gtm.moneybird.be https://gtm.moneybird.de https://pagead2.googlesyndication.com https://*.google-analytics.com https://www.gstatic.com https://moneybird.com https://www.moneybird.com https://homerun.co https://stats.g.doubleclick.net https://*.demio.com https://*.clarity.ms https://embed.homerun.co https://maps.googleapis.com https://euc-widget.freshworks.com https://moneybird.freshdesk.com https://*.wistia.com https://*.wistia.net https://cdn.growthbook.io https://*.intercom.io wss://*.intercom.io https://intercom-sheets.com/ https://*.intercomcdn.eu https://*.intercomcdn.com https://*.intercomassets.eu; frame-src 'self' https://www.googletagmanager.com https://gtm.moneybird.nl https://gtm.moneybird.de https://gtm.moneybird.com https://gtm.moneybird.be https://www.google.com https://www.youtube.com https://www.youtube-nocookie.com https://moneybird.clickwebinar.com https://w.soundcloud.com https://euc-widget.freshworks.com https://moneybird.freshdesk.com https://fast.wistia.com https://fast.wistia.net https://intercom-sheets.com/ https://*.intercomcdn.eu https://*.intercomcdn.com https://*.intercomassets.eu; font-src 'self' https://moneybird.nl https://www.moneybird.nl https://fonts.googleapis.com https://fonts.gstatic.com https://fonts.bunny.net https://*.wistia.com data: https://intercom-sheets.com/ https://*.intercomcdn.eu https://*.intercomcdn.com https://*.intercomassets.eu; report-uri https://moneybird.com/csp_report; 2
font-src fonts.gstatic.com apps.bazaarvoice.com script.hotjar.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com api.bazaarvoice.com stg.api.bazaarvoice.com *.punchout2go.com www.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.google.com *.googletagmanager.com esqa.moneris.com www3.moneris.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.dotdigital-pages.com *.dotdigital.com *.punchout2go.com e.bmr.co www.facebook.net www.facebook.com ct.pinterest.com td.doubleclick.net static.addtoany.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.googleapis.com *.gstatic.com *.google.com *.googleusercontent.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com *.trackedlink.net apps-stg.bazaarvoice.com www.bmr.ca  *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat static.hotjar.com script.hotjar.com survey.hotjar.com www.facebook.net www.facebook.com cdn.cookielaw.org maps.googleapis.com maps.gstatic.com aq.flippenterprise.net dam.flippenterprise.net cdn.flippenterprise.net *.wishabi.com *.wishabi.net https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com *.google.com *.ggpht.com *.googleusercontent.com *.googletagmanager.com esqa.moneris.com www3.moneris.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal *.punchout2go.com e.bmr.co js-agent.newrelic.com s.pinimg.com ct.pinterest.com static.hotjar.com script.hotjar.com connect.facebook.net connect.facebook.com plausible.io cdn.cookielaw.org maps.googleapis.com www.gstatic.com r2-t.trackedlink.net bam.nr-data.net bam-cell.nr-data.net static.addtoany.com aq.flippenterprise.net dam.flippenterprise.net cdn.flippenterprise.net p.flipp.com cdn-gateflipp.flippback.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com https://h64.online-metrix.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com display.ugc.bazaarvoice.com *.punchout2go.com static.hotjar.com script.hotjar.com cdn.cookielaw.org www.gstatic.com aq.flippenterprise.net dam.flippenterprise.net cdn.flippenterprise.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com *.gstatic.com *.google.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com apps-stg.bazaarvoice.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.hotjar.com wss://*.hotjar.com *.hotjar.io www.facebook.com ct.pinterest.com plausible.io cdn.cookielaw.org maps.googleapis.com stats.g.doubleclick.net bam.nr-data.net bam-cell.nr-data.net aq.flippenterprise.net dam.flippenterprise.net cdn.flippenterprise.net p.flipp.com cdn-gateflipp.flippback.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://a4825dc4-e033-47b9-830c-751e434948c6.sansec.watch/; report-to report-endpoint; 2
font-src *.klevu.com *.ksearchnet.com *.gstatic.com https://fonts.gstatic.com *.fontawesome.com fonts.gstatic.com https://pos.snapscan.io *.cloudflare.com *.googleapis.com *.zopim.com *.tawk.to *.jsdelivr.net media.flixfacts.com 'unsafe-inline' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://sandbox.payfast.co.za https://www.payfast.co.za/eng/process oppwa.com *.oppwa.com peachpayments.com *.peachpayments.com *.facebook.com webchat.jdg.co.za *.jdg.co.za 'self' 'unsafe-inline'; frame-ancestors *.hana.ondemand.com 'self'; style-src *.adobe.com *.klevu.com *.ksearchnet.com *.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.fontawesome.com oppwa.com *.oppwa.com *.peachpayments.com *.cloudflare.com *.jsdelivr.net www.gstatic.com media.flixcar.com 'unsafe-inline' data: https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; connect-src *.google-analytics.com dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://*.ingest.sentry.io *.klevu.com *.ksearchnet.com https://ipinfo.io *.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com https://get.geojs.io *.avada.io oppwa.com *.oppwa.com *.peachpayments.com *.testfreaks.com *.nosto.com *.hotjar.io *.hotjar.com *.doubleclick.net *.zendesk.com *.paypal.com *.tawk.to wss://*.tawk.to *.tawk.link *.addthis.com *.addthisedge.com *.what3words.com *.googleapis.com vsb111.tawk.to ekr.zdassets.com api.magento.com commerce.adobedc.net app.mobicredwidget.co.za wss://widget-mediator.zopim.com bam.nr-data.net *.googletagmanager.com security-hub.vaimo.network 'unsafe-eval' data: 'self' 'unsafe-inline'; frame-src data:text fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com oppwa.com *.oppwa.com peachpayments.com *.peachpayments.com *.nosto.com *.issuu.com *.hotjar.com *.hotjar.io *.googletagmanager.com *.criteo.net *.criteo.com *.addthis.com *.facebook.com webchat.jdg.co.za *.jdg.co.za 'self' 'unsafe-inline'; img-src *.criteo.com *.krxd.net *.chatlayer.ai assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'unsafe-inline' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.klevu.com *.ksearchnet.com *.google.com *.gstatic.com https://*.googleapis.com https://*.googleusercontent.com oppwa.com *.oppwa.com *.peachpayments.com *.eu-west-1.amazonaws.com https://pos.snapscan.io *.cloudflare.com *.google.lv *.google.co.za *.google.com.na *.google.na *.zopim.com *.nosto.com *.hotjar.com *.hotjar.io *.googletagmanager.com *.zopim.io *.sfdr.co sfdr.co *.tawk.to tawk.link *.tawk.link *.addthis.com *.jsdelivr.net *.facebook.com *.azurewebsites.net maps.googleapis.com app.mobicredwidget.co.za media.flixcar.com rt.flix360.com assets.secure.checkout.visa.com data: 'self' 'unsafe-inline'; script-src *.incredible.co.za *.chatlayer.ai assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://browser.sentry-cdn.com *.klevu.com *.ksearchnet.com *.google.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.avada.io *.oppwa.com oppwa.com *.peachpayments.com *.zopim.com *.videoly.co sfdr.co *.cnetcontent.com *.cloudfront.net *.google.lv *.google.co.za *.google.com.na *.google.na *.cloudflare.com *.cloudflareinsights.com *.nosto.com *.hotjar.com *.googletagmanager.com *.criteo.net *.criteo.com *.sfdr.co *.tawk.to *.tawk.link *.jsdelivr.net *.addthis.com *.addthisedge.com *.moatads.com *.mouseflow.com *.facebook.com *.what3words.com maps.googleapis.com commerce.adobedtm.com magento-recs-sdk.adobe.net static.zdassets.com app.mobicredwidget.co.za www.gstatic.com connect.facebook.net bam.nr-data.net js.testfreaks.com media.flixfacts.com media.flixcar.com security-hub.vaimo.network https://js.klevu.com 'self' 'unsafe-inline' 'unsafe-eval'; 2
default-src 'none'; style-src 'self' 'unsafe-inline' wchat.eu.freshchat.com *.kameleoon.com *.hotjar.com maps.googleapis.com fonts.googleapis.com bat.bing.com bat.bing.net; font-src data: 'self' *.hotjar.com fonts.gstatic.com fonts.googleapis.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' browser.sentry-cdn.com js.sentry-cdn.com app.aiden.cx/webshop/build/aiden-embedded.min.js api.eu1.exponea.com wchat.eu.freshchat.com *.kameleoon.eu *.kameleoon.com *.hotjar.com apis.google.com www.google.com/recaptcha/api.js pagead2.googlesyndication.com googleadservices.com/pagead googleads.g.doubleclick.net *.gstatic.com/recaptcha www.google-analytics.com/analytics.js www.google-analytics.com/gtm/js www.google-analytics.com/plugins/ua/ec.js *.googletagmanager.com maps.googleapis.com connect.facebook.net platform.twitter.com bat.bing.com bat.bing.net flex.msn.com js-agent.newrelic.com bam.nr-data.net www.snapengage.com code.snapengage.com/ ct.beslist.nl/ct_refresh; img-src 'self' data: *.kameleoon.io *.kameleoon.eu *.kameleoon.com *.hotjar.com checkoutshopper-live.adyen.com www.google.be www.google.nl www.google.com pagead2.googlesyndication.com stats.g.doubleclick.net/g/collect *.g.doubleclick.net googleadservices.com www.google-analytics.com/ stats.g.doubleclick.net/r/collect www.googletagmanager.com maps.googleapis.com maps.gstatic.com fonts.gstatic.com www.facebook.com syndication.twitter.com/i/jot bat.bing.com bat.bing.net i.ytimg.com www.snapengage.com storage.googleapis.com www.canon.nl www.123-3d.nl i.ytimg.com; frame-src 'self' wchat.eu.freshchat.com *.kameleoon.com checkoutshopper-live.adyen.com www.google.com doubleclick.net td.doubleclick.net www.googletagmanager.com staticxx.facebook.com www.facebook.com platform.twitter.com syndication.twitter.com bat.bing.com bat.bing.net *.youtube.com *.youtube-nocookie.com www.snapengage.com *.youtube.com *.youtube-nocookie.com; object-src 'self'; connect-src 'self' *.sentry.io app.aiden.cx/webshop-api/v1/forms/website-analytics/ api.eu1.exponea.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io *.hotjar.com *.hotjar.io wss://*.hotjar.com checkoutshopper-live.adyen.com www.googlesyndication.com *.google.com google.com pagead2.googlesyndication.com *.analytics.google.com www.google-analytics.com stats.g.doubleclick.net google-analytics.com *.google-analytics.com/g/collect www.googletagmanager.com maps.googleapis.com www.facebook.com bat.bing.com bat.bing.net bam.eu01.nr-data.net ct.beslist.nl/ct_event; manifest-src 'self'; report-uri https://123inkt.report-uri.com/r/t/csp/wizard; 2
frame-ancestors 'self'; report-uri https://www.bodyandsoul.com.au/csp-reports 2
default-src 'self' blob: *.senado.gov.br *.senado.leg.br;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.senado.gov.br *.senado.leg.br *.youtube.com *.google-analytics.com www.googletagmanager.com vlibras.gov.br ajax.googleapis.com www.gstatic.com;img-src 'self' data: blob: *.senado.gov.br *.senado.leg.br *.ytimg.com *.google-analytics.com *.googletagmanager.com *.youtube.com *.gstatic.com vlibras.gov.br;connect-src 'self' *.senado.gov.br *.senado.leg.br vlibras.gov.br *.vlibras.gov.br www.google-analytics.com www.googletagmanager.com;font-src 'self' data: vlibras.gov.br cdnjs.cloudflare.com fonts.gstatic.com;style-src 'self' 'unsafe-inline' *.senado.gov.br *.senado.leg.br cdnjs.cloudflare.com fonts.googleapis.com;worker-src blob: *.senado.leg.br *.senado.gov.br;object-src 'none';frame-src 'self' *.senado.gov.br *.senado.leg.br *.youtube.com www.youtube-nocookie.com;base-uri 'self';frame-ancestors 'self' *.senado.gov.br *.senado.leg.br 2
base-uri 'self'; connect-src 'self' https://*.fontawesome.com/ https://*.formassembly.com/ https://*.promedica.app/ https://*.vercel-storage.com/ https://*.vercel.app/ https://analytics.google.com/ https://api.stadiamaps.com/ https://cdn.cookielaw.org/ https://cm.pmdt-jss.localhost/ https://maps.googleapis.com/ https://mc-3f4459e6-26cc-45d7-95b4-1637-cd.azurewebsites.net/ https://mc-d506a988-cc64-4e20-af8c-4606-afd.azurefd.net/ https://pagead2.googlesyndication.com/ https://pcl-staging.promedica.org/ https://pcl.promedica.org/ https://promedica.matomo.cloud/ https://siteintercept.qualtrics.com/ https://stats.g.doubleclick.net/ https://www.google-analytics.com/; default-src 'self' https://*.promedica.app/ https://*.vercel.app/; font-src 'self' data: https://*.fontawesome.com/ https://*.promedica.app/ https://*.vercel.app/ https://fonts.gstatic.com/ https://use.typekit.net/; frame-src 'self' https://td.doubleclick.net/ https://www.google.com/ https://www.youtube.com/; img-src 'self' data: http://dummyimage.com https://*.promedica.app https://*.qualtrics.com https://*.vercel.app https://cdn.cookielaw.org https://maps.googleapis.com https://maps.gstatic.com https://mc-3f4459e6-26cc-45d7-95b4-1637-cd.azurewebsites.net https://mc-d506a988-cc64-4e20-af8c-4606-afd.azurefd.net https://pcl-staging.promedica.org https://pcl.promedica.org https://www.google-analytics.com https://www.google.com.ec https://www.google.com https://www.googletagmanager.com; manifest-src 'self'; media-src 'self' data: https://pcl.promedica.org/ https://pcl-staging.promedica.org/; object-src 'none'; report-uri https://6480f3f9bf4bdd8c5cde6f2b.endpoint.csper.io/?v=1; script-src 'unsafe-inline' 'unsafe-eval' 'report-sample' 'self' https://*.promedica.app/ https://*.vercel.app/ https://cdn.cookielaw.org/ https://cdn.matomo.cloud/ https://cdn.mouseflow.com/ https://googleads.g.doubleclick.net/ https://kit.fontawesome.com/ https://maps.googleapis.com/ https://promedica.tfaforms.net/ https://siteintercept.qualtrics.com/ https://unpkg.com/ https://www.google-analytics.com/ https://www.google.com/recaptcha/ https://www.googletagmanager.com/ https://www.gstatic.com/ https://www.youtube.com/ https://zn86cv25rplysllsr-promedica.siteintercept.qualtrics.com/SIE/; style-src 'report-sample' 'unsafe-inline' 'self' https://*.promedica.app/ https://*.vercel.app/ https://fonts.googleapis.com/ https://promedica.tfaforms.net/; worker-src 'self' blob: 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.chartbeat.com optanon.blob.core.windows.net *.brightcove.net *.brightcove.com *.googleadservices.com *.adservice.google.com https://adservice.google.com/* adservice.google.com.br *.googletagmanager.com *.tagmanager.google.com *.chimpstatic.com chimpstatic.com *.jquery.com *.zencdn.net *.ytimg.com *.surveymonkey.com *.googleapis.com *.facebook.net *.googletagservices.com *.addthis.com *.google-analytics.com *.onetrust.com *.ampproject.org *.doubleclick.net *.google.com *.mailchimp.com *.addthisedge.com *.youtube.com *.google.co.uk *.list-manage.com *.outbrain.com *.twitter.com *.twimg.com *.googlesyndication.com *.moatads.com *.radioplayer.co.uk *.cheqzone.com *.rubiconproject.com *.cookielaw.org *.cloudflareinsights.com *.instagram.com *.apester.com *.snap.licdn.com *.doubleverify.com *.aniview.com *.vidazoo.com *.ajax.cloudflare.com *.licdn.com *.pinterest.com *.embedresponsively.com *.amazonaws.com *.apester.com/* *.forces.liveblog.pro *.forces.liveblog.pro/* *.strawpoll.com *.freewheel.tv *.lkqd.net *.beachfront.com *.smartadserver.com *.aniview.com *.admanmedia.com *.improvedigital.com *.onetag.com *.indexexchange.com *.pubmatic.com *.rhythmone.com *.video.unrulymedia.com *.gstatic.com *.newrelic.com cdn.jsdelivr.net cdn.bidder.dev c.amazon-adsystem.com quantcast.mgr.consensu.org secure.quantserve.com rules.quantcount.com static.criteo.net *.dotomi.com *.tiktok.com *.google.ie *.ibytedtos.com *.tiktokcdn.com chartbeat.com *.media.net *.sharethrough.com *.openx.com *.sonobi.com *.districtm.io *.emxdgt.com *.appnexus.com *.google.com *.rhythmone.com *.33across.com *.lemmatechnologies.com *.e-planning.net *.themediagrid.com *.sovrn.com *.lijit.com *.gumgum.com *.nr-data.net *.ttwstatic.com *.thinglink.com *.thinglink.me *.defybrick.com e.infogram.com *.clarity.ms; frame-src 'self'  'unsafe-eval' *.addthis.com *.googlesyndication.com *.facebook.com/ *.outbrain.com *.twitter.com *.surveymonkey.com embeds.audioboom.com *.rubiconproject.com *.apester.com *.openx.net *.pinterest.com *.instagram.com *.embedresponsively.com *.youtube.com *.pubmatic.com *.forces.net *.forcesnews.com *.google.com *.bfbs.com apester.com/* forces.liveblog.pro forces.liveblog.pro/* *.strawpoll.com/ timbre-player.sharp-stream.com *.tiktok.com googleads.g.doubleclick.net gum.criteo.com pre.ads.justpremium.com console.googletagservices.com giphy.com *.giphy.com e.infogram.com *.thinglink.com *.thinglink.me; child-src 'self' 'unsafe-inline' 'unsafe-eval' blob: apester.com/* forces.liveblog.pro/* *.strawpoll.com/; upgrade-insecure-requests 2
report-uri /cdn-cgi/script_monitor/report 2
font-src fonts.gstatic.com use.typekit.net *.fontawesome.com https://cdnjs.cloudflare.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com *.awin1.com *.zenaps.com *.fls.doubleclick.net account.wmf.com accountuat.wmf.com ad4m.at ct.pinterest.com fledge.eu.criteo.com groupe-seb.my.salesforce-sites.com gum.criteo.com service.force.com static.criteo.com static.criteo.net td.doubleclick.net www.paypalobjects.com www.sovendus-connect.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.adyen.com *.awin1.com *.zenaps.com *.wepowerconnections.com magefan.com cm.magefan.com https://images.unsplash.com *.disqus.com https://img.youtube.com * https://api.mapbox.com *.hsforms.net *.hsforms.com 'self' data: *.contentsquare.net data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.adyen.com *.awin1.com *.dwin1.com *.zenaps.com *.wepowerconnections.com https://the.sciencebehindecommerce.com lantern.roeyecdn.com *.disqus.com * https://cdnjs.cloudflare.com *.hsforms.net *.hsforms.com *.google.com *.gstatic.com *.contentsquare.net *.contentsquare.com https://www.dwin1.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com *.googleapis.com *.gstatic.com service.force.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.adyen.com *.wepowerconnections.com https://the.sciencebehindecommerce.com https://maps.googleapis.com autocomplete2.postdirekt.de t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com *.contentsquare.net app.contentsquare.com api.paypal.com ariane.abtasty.com bat.bing.com cdn.cookielaw.org content.hotjar.io ct.pinterest.com dcinfos-cache.abtasty.com geolocation.onetrust.com googleads.g.doubleclick.net identification-api.sovendus.com maps.googleapis.com measurement-api.criteo.com pagead2.googlesyndication.com privacyportal-eu.onetrust.com region1.analytics.google.com stats.g.doubleclick.net tag.commander1.com try.abtasty.com ws.hotjar.com www.google.com www.google.de www.pinterest.com 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https:; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' wss: https:; object-src 'self'; child-src blob:; frame-src 'self' https:; worker-src blob:; frame-ancestors 'none'; base-uri 'none'; report-uri https://47327c6a613c1754bda1362d946d96dd.report-uri.com/r/t/csp/reportOnly; report-to csp-endpoint 2
font-src *.googleapis.com *.gstatic.com data: *.fontawesome.com 'self' data: *.tawk.to fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.tawk.to *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.innoship.ro https://www.googletagmanager.com/ *.wesupply.xyz https://wesupplylabs.com s.pinimg.com ct.pinterest.com consentcdn.cookiebot.com *.weltpixel.com *.tawk.to 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.gstatic.com *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.tbicp.com *.tile.openstreetmap.org *.openstreetmap.org http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ t.themarketer.com cdn1.themarketer.com *.hsforms.net *.hsforms.com 'self' data: www.google.ro/ads www.facebook.com/tr analytics.tiktok.com *.google-analytics.com *.analytics.google.com s.pinimg.com ct.pinterest.com *.tawk.to cdn.jsdelivr.net *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.tbicp.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io t.themarketer.com cdn1.themarketer.com *.hsforms.net *.hsforms.com www.google.ro attr-2p.com cdnjs.cloudflare.com retargeting.newsmanapp.com analytics.tiktok.com https://connect.facebook.net s.pinimg.com ct.pinterest.com consent.cookiebot.com *.tawk.to cdn.jsdelivr.net https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com t.themarketer.com cdn1.themarketer.com *.googleapis.com *.gstatic.com *.tawk.to cdn.jsdelivr.net tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://get.geojs.io *.avada.io t.themarketer.com cdn1.themarketer.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com https://connect.facebook.net analytics.tiktok.com *.analytics.google.com s.pinimg.com ct.pinterest.com *.tawk.to wss://*.tawk.to *.facebook.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self' 'unsafe-inline' *.bazaarvoice.com; connect-src 'self' 'unsafe-inline' maps.googleapis.com www.google.com www.gstatic.com analytics.google.com *.google-analytics.com *.googletagmanager.com www.google-analytics.com bam.nr-data.net *.afterpay.com *.afterpaycdn.com *.squarecdn.com static.afterpay.com *.paypal.com *.bazaarvoice.com edge.fullstory.com rs.fullstory.com ekr.zdassets.com; font-src 'self' 'unsafe-inline' data: fonts.gstatic.com use.typekit.net *.afterpay.com *.afterpaycdn.com *.squarecdn.com; frame-src 'self' 'unsafe-inline' www.google.com www.youtube.com player.vimeo.com *.afterpay.com *.afterpaycdn.com *.squarecdn.com assets.braintreegateway.com *.paypal.com; img-src 'self' 'unsafe-inline' data: maps.googleapis.com maps.gstatic.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com fonts.gstatic.com i.vimeocdn.com *.afterpay.com *.afterpaycdn.com *.squarecdn.com site-assets.afterpay.com www.paypalobjects.com *.bazaarvoice.com rs.fullstory.com insight.adsrvr.org theathletesfootcustomercarenz.zendesk.com accentgroupsupport.zendesk.com www.facebook.com; script-src 'self' 'unsafe-inline' blob: maps.googleapis.com www.google.com www.gstatic.com *.googletagmanager.com *.google-analytics.com tagmanager.google.com js-agent.newrelic.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com tagmanager.google.com www.googletagmanager.com *.afterpay.com *.afterpaycdn.com *.squarecdn.com; child-src blob:; media-src 'self' blob: data:; worker-src 'self' blob:; report-uri https://36eddd1e-785d-4d1e-a6e1-6809b1003cef.sansec.watch/ 2
default-src 'self' data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://maps.googleapis.com *.inviewuclab.com static.zdassets.com js.stripe.com *.google.com *.gstatic.com gstatic.com connect.facebook.net *.zendesk.com blob: ; script-src-elem 'self' 'unsafe-inline' https://maps.googleapis.com *.google.com *.gstatic.com static.zdassets.com js.stripe.com ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com cdn.datatables.net ; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com cdn.datatables.net ; style-src-attr 'unsafe-inline' ; img-src 'self' https://maps.gstatic.com https://maps.googleapis.com data: blob: 127.0.0.1:18623 *.mapbox.com *.facebook.com *.google.com *.gstatic.com ; frame-src 'self' *.google.com *.google.ie js.stripe.com player.vimeo.com www.youtube.com; font-src 'self' https://fonts.gstatic.com data: gstatic.com *.gstatic.com *.alicdn.com ; connect-src 'self' https://google.com *.google.com https://maps.googleapis.com https://maps.gstatic.com ekr.zdassets.com *.zendesk.com wss://127.0.0.1:18623 https://127.0.0.1:18623 mlts.dynamsoft.com *.mapbox.com *.inviewuclab.com ; worker-src 'self' blob: ; upgrade-insecure-requests ; report-uri https://9a1a6d99ab6aa4ac3290a60bae476ab7.report-uri.com/r/d/csp/enforce 2
default-src 'self'; script-src 'report-sample' 'self' https://cdnjs.cloudflare.com/ajax/libs/lottie-web/5.8.1/lottie.min.js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js https://player.vimeo.com/api/player.js 'sha256-FSevH+aW1elUrWYqKfiu3xdrYlsrq1pzbI5VpKisyLM='; style-src 'report-sample' 'self' https://fonts.googleapis.com 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU='; object-src 'none'; base-uri 'self'; connect-src 'self' https://analytics.google.com https://www.google-analytics.com https://o969560.ingest.sentry.io https://stats.g.doubleclick.net; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' https://player.vimeo.com; img-src https: data:; manifest-src 'self'; media-src 'self' https://assts.stories.sc https://player.vimeo.com https://*.vimeocdn.com; report-uri https://o969560.ingest.sentry.io/api/5920728/security/?sentry_key=e6ced77cc723478fad969f5f3ba00b06 worker-src 'none'; 2
frame-ancestors 'none'; report-uri https://endpoint3.collection.us2.sumologic.com/receiver/v1/http/ZaVnC4dhaV30Tj5vtZfuZ0tYPfqb8xOSxI9TJ5CbQ_ZE4W4aGoGW8HViqViD0nttCcDqHOZNNhObvJtSbYn1XDP7uSjlITCzSLlNsuSdwZ46El5dcVC6kg== 2
font-src portal.bulkgate.com *.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com *.benu.hu data: *.googleapis.com *.hotjar.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com portal.bulkgate.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com portal.bulkgate.com *.facebook.com business.facebook.com data: *.google.com *.youtube.com *.publitas.com *.fliphtml5.com *.hotjar.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net *.vimeocdn.com s.ytimg.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com portal.bulkgate.com *.facebook.com business.facebook.com https://redchamps.com www.safemage.com *.benu.hu *.cloudfront.net *.google.com *.gstatic.com *.googleapis.com *.googletagmanager.com image.arukereso.hu *.google.hu *.hotjar.com *.arukereso.hu *.bing.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com portal.bulkgate.com *.gstatic.com business.facebook.com *.avada.io https://cdnjs.cloudflare.com maps.googleapis.com *.google.com *.googletagmanager.com https://googleads.g.doubleclick.net *.googleadservices.com *.prefixbox.com *.publitas.com *.hotjar.com *.benu.hu *.arukereso.com gravity-dev-assets.oss-eu-central-1.aliyuncs.com benuhu.engine.yusp.com https://maileon-cdn.s3.eu-central-1.amazonaws.com/met/met.js clarity.ms *.clarity.ms *.bing.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com portal.bulkgate.com *.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://cdnjs.cloudflare.com *.googleapis.com *.prefixbox.com *.benu.hu 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com portal.bulkgate.com *.gstatic.com business.facebook.com *.benu.hu *.google-analytics.com *.prefixbox.com *.doubleclick.net *.services.visualstudio.com *.hotjar.com *.hotjar.io benuhu.engine.yusp.com *.maileon.hu 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src fonts.googleapis.com fonts.gstatic.com *.fontawesome.com https://cdnjs.cloudflare.com *.gstatic.com 'self' data: *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de https://plumrocket.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.adyen.com *.instagram.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://plumrocket.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.trustpilot.com *.yotpo.com *.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.adyen.com *.cdninstagram.com maps.googleapis.com maps.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de magefan.com cm.magefan.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com 'self' data: *.yotpo.com *.cookielaw.org *.gstatic.com *.facebook.com *.google.fr data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com *.instagram.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com *.avada.io https://cdnjs.cloudflare.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.google.com *.gstatic.com *.trustpilot.com *.yotpo.com *.cookielaw.org *.cookieless-data.com *.paulmarius.fr *.googlesyndication.com *.doubleclick.net *.apicit.net *.clickintext.net *.facebook.net *.googletagmanager.com apicit.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com unsafe-inline *.googleapis.com *.gstatic.com *.trustpilot.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.adyen.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com t.elasticsuite.io *.google-analytics.com *.yotpo.com *.cookielaw.org *.googlesyndication.com *.googleapis.com *.db-ip.com *.google.com *.doubleclick.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src *.bglobale.com *.global-e.com *.googleapis.com *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com https://*.gstatic.com *.narvar.com *.narvar.qa script.hotjar.com fonts.googleapis.com fonts.gstatic.com *.inside-graph.com integration-cdn.toshi.co acsbapp.com shopping.qantas.com appdown.pstatic.net data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com pay.google.com payments-eu.amazon.com *.amazon.de *.facebook.com *.cardinalcommerce.com www.facebook.com *.kaptcha.com bid.g.doubleclick.net ct.pinterest.com www.rsa3dsauth.co.uk www.securesuite.co.uk *.americanexpress.com 3dsecure-vrp.de 'self' 'unsafe-inline'; frame-ancestors au-tracker.inside-graph.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com pay.google.com *.paypal.com *.bglobale.com *.global-e.com *.google.com *.doubleclick.net *.facebook.com *.pinterest.com *.sharethis.com *.hotjar.co vimeo.com acsbapp.com *.kaptcha.com player.smartzer.com www.google.com www.facebook.com accounts.accessibe.com dashboard.accessibe.com cestream.me 3ds.sia.eu acs2.3dsecure.no www.houzz.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.adyen.com pay.google.com *.payments-amazon.com *.media-amazon.com *.paypalobjects.com *.bglobale.com *.global-e.com *.googleapis.com *.gstatic.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com https://*.gstatic.com *.narvar.com *.narvar.qa adservice.google.com script.hotjar.com www.google.sa www.google.ca *.bing.com *.clarity.ms data:* web1.acsbapp.com integration-sandbox-cdn.toshi.co www.google.bg www.google.be www.google.co.uk www.google.nl www.gstatic.com translate.google.com idsync.rlcdn.com consent.linksynergy.com au-live.inside-graph.com bam-cell.nr-data.net integration-cdn.toshi.co bat.bing.com www.google.com.au google.com.au *.searchspring.io *.media.tumblr.com s.ytimg.com maps.googleapis.com maps.gstatic.com au-cdn.inside-graph.com www.google.co.in d3cgm8py10hi0z.cloudfront.net track.linksynergy.com *.sharethis.com *.micpn.com *.pinterest.com zimmermann.com www.google.tn www.google.com.hk www.google.com.et www.google.com.eg www.google.co.tz www.google.ci www.google.co.ke www.google.cm www.google.lk www.google.com.ng www.google.ne www.google.com.mm www.google.co.mz www.google.co.id www.google.bi www.google.com.kh www.google.co.ve www.google.cd www.google.com.gh www.google.so www.google.com.af www.google.ht www.google.com.ni www.google.la www.google.cg www.google.bf www.google.sn www.google.com.ly www.google.mg www.google.com.sb www.google.com.pg www.google.com.np sync.sharethis.com www.google.com.py www.google.ml www.google.com.sl www.google.co.ls www.google.to www.google.gm www.google.rw www.google.com.vn www.google.com.sv www.google.co.kr www.google.com.bo www.google.com.sg www.google.mw www.google.si www.google.tl www.google.sc www.google.co.zm www.google.tg www.google.com.pk 4mrr1kwk.micpn.com www.google.ge www.google.com.fj www.google.com.na www.google.td www.google.ee www.google.mk www.google.bj www.google.mn www.google.bt www.google.co.bw www.google.fi www.google.com.uy www.google.co.th www.google.com.pe www.google.cv www.google.co.zw www.google.ga www.google.by www.google.iq www.google.com.ec www.google.co.jp www.google.com.pa www.google.dz www.google.ws analytics.tiktok.com www.google.gy www.google.de sdk.privacy-center.org data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.bglobale.com *.global-e.com *.googleapis.com *.gstatic.com *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com https://cdn.searchspring.net/intellisuggest/is.min.js analytics.tiktok.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com *.searchspring.net *.acsbapp.com au-tracker.inside-graph.com cdn.scarabresearch.com intljs.rmtag.com *.inside-graph.co js-agent.newrelic.com *.inside-graph.com acsbapp.com tag.lexer.io *.toshi.co *.bugsnag.com *.sharethis.com script.crazyegg.com *.clarity.ms www.fullstory.com songbirdstag.cardinalcommerce.com www.gstatic.com vimeocdn.com youtube.com googletagmanager.com maps.googleapis.com fullstory.com bat.bing.com 4mrr1kwk.micpn.com s.pinimg.com tag.rmp.rakuten.com *.hotjar.com ut.rd.linksynergy.com ct.pinterest.com unsafe-inline sdk.privacy-center.org www.onelink-edge.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.bglobale.com *.global-e.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com https://fonts.googleapis.com/ *.inside-graph.com *.searchspring.net webchat.dotdigital.com cdn.honey.io *.aptrinsic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.narvar.com *.narvar.qa au-cdn.inside-graph.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.google.com payments-eu.amazon.com *.paypal.com *.googleapis.com *.google-analytics.com *.facebook.com *.facebook.net https://beacon.searchspring.io/beacon analytics.tiktok.com data.stbuttons.click www.google.com.au translate.googleapis.com *.searchspring.io *.acsbapp.co cdn.acsbapp.com au-live.inside-graph.com bam.nr-data.net uat.tryzens-analytics.com:12280 *.scarabresearch.com wss://au-live.inside-graph.com  *.bugsnag.com *.postcodeanywhere.co.uk *.sharethis.com script.crazyegg.com stats.g.doubleclick.net *.pinterest.com track.lexer.io www.tryzens-analytics.com:12280 www.google.co.ke www.google.bi pagestates-tracking.crazyegg.com www.google.com.sl www.google.co.ao www.google.cm www.google.com.np www.google.cd www.google.co.ve www.google.lk www.google.co.tz www.google.com.ng www.google.so www.google.ne www.google.co.id www.google.co.ls www.google.tn assets-tracking.crazyegg.com www.google.ht www.google.co.mz acsbapp.com www.google.com.co cp.crwdcntrl.net www.google.ci tracking.crazyegg.com www.google.co.za www.google.tl www.google.com.pk www.google.com.sv www.google.com.ly www.google.mg www.google.tg www.google.gm www.google.com.eg www.google.co.kr www.google.bf www.google.sn www.google.ga www.google.bj ad.doubleclick.net www.google.cg www.google.com.ar www.google.co.ma www.google.com.et www.google.fr www.google.com.na www.google.co.uk www.google.nl www.google.ml www.google.rw www.google.com.uy www.google.com.bo www.google.com.ni www.google.ki www.google.ee www.google.com.gt www.google.com.py www.google.com.gh www.google.com.kh www.google.com.vn www.google.ru www.google.cv www.google.com.mm www.google.co.zm www.google.vu www.google.com.ec www.google.es www.google.at bat.bing.com vc.hotjar.io www.google.de ws.hotjar.com content.hotjar.io metrics.hotjar.io www.google.ca www.tryzens-analytics.com ct.pinterest.com www.google.com.pe www.google.co.in www.google.ge googleads.g.doubleclick.net fresnel.vimeocdn.com api.privacy-center.org pagead2.googlesyndication.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://289r1hnfc9.execute-api.eu-west-1.amazonaws.com/prod/zmn-cspdata; report-to report-endpoint; 2
default-src data: blob: http: https: wss:; script-src 'unsafe-eval' 'unsafe-inline' http: https: 'self'; style-src 'unsafe-eval' 'unsafe-inline' http: https:; report-uri /.webscale/csp-report 2
default-src 'self'; report-uri /csp-report-endpoint; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: playtika.com *.playtika.com houseoffuns.com *.houseoffuns.com *.dev.houseoffuns.com *.houseoffun.com; connect-src 'self' blob: *.cloudfront.net *.ingest.us.sentry.io js.sentry-cdn.com browser.sentry-cdn.com facebook.com *.facebook.com *.fbsbx.com platform-lookaside.fbsbx.com *.fbcdn.net *.xx.fbcdn.net graph.facebook.com connect.facebook.net cdn.cookielaw.org privacyportal-eu.onetrust.com geolocation.onetrust.com cdn.equalweb.com access.equalweb.com js.nagich.co.il access.nagich.co.il bat.bing.com *.googletagmanager.com tagmanager.google.com *.google-analytics.com www.google-analytics.com *.analytics.google.com *.g.doubleclick.net googleads.g.doubleclick.net www.googleadservices.com www.google.com ad.doubleclick.net adservice.google.com services-sandbox.projone.net s.yimg.com bat.bing.net cdn.pagesense.io pagesense-collect.zoho.com playtika.com *.playtika.com houseoffuns.com *.houseoffuns.com *.dev.houseoffuns.com *.houseoffun.com; font-src 'self' data: fonts.gstatic.com; frame-src 'self' facebook.com *.facebook.com *.fbsbx.com platform-lookaside.fbsbx.com *.fbcdn.net *.xx.fbcdn.net graph.facebook.com connect.facebook.net *.googletagmanager.com tagmanager.google.com *.google-analytics.com www.google-analytics.com *.analytics.google.com *.g.doubleclick.net googleads.g.doubleclick.net www.googleadservices.com www.google.com *.paypal.com www.paypalobjects.com client-analytics.braintreegateway.com payments.braintree-api.com assets.braintreegateway.com playtika.com *.playtika.com houseoffuns.com *.houseoffuns.com *.dev.houseoffuns.com *.houseoffun.com bid.g.doubleclick.net *.fls.doubleclick.net td.doubleclick.net www.youtube-nocookie.com; img-src blob: data: 'self' facebook.com *.facebook.com *.fbsbx.com platform-lookaside.fbsbx.com *.fbcdn.net *.xx.fbcdn.net graph.facebook.com connect.facebook.net bat.bing.com cdn.cookielaw.org privacyportal-eu.onetrust.com geolocation.onetrust.com cdn.equalweb.com access.equalweb.com js.nagich.co.il access.nagich.co.il *.googletagmanager.com tagmanager.google.com *.google-analytics.com www.google-analytics.com *.analytics.google.com *.g.doubleclick.net googleads.g.doubleclick.net www.googleadservices.com www.google.com playtika.com *.playtika.com houseoffuns.com *.houseoffuns.com *.dev.houseoffuns.com *.houseoffun.com optanon.blob.core.windows.net ssl.gstatic.com www.gstatic.com ade.googlesyndication.com ad.doubleclick.net *.analytics.yahoo.com *.tvsquared.com cdn.pagesense.io pagesense-collect.zoho.com *.paypal.com www.paypalobjects.com client-analytics.braintreegateway.com payments.braintree-api.com assets.braintreegateway.com; manifest-src 'self' playtika.com *.playtika.com houseoffuns.com *.houseoffuns.com *.dev.houseoffuns.com *.houseoffun.com; media-src 'self' data: blob: playtika.com *.playtika.com houseoffuns.com *.houseoffuns.com *.dev.houseoffuns.com *.houseoffun.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.googletagmanager.com tagmanager.google.com *.google-analytics.com www.google-analytics.com *.analytics.google.com *.g.doubleclick.net googleads.g.doubleclick.net www.googleadservices.com www.google.com facebook.com *.facebook.com *.fbsbx.com platform-lookaside.fbsbx.com *.fbcdn.net *.xx.fbcdn.net graph.facebook.com connect.facebook.net bat.bing.com cdn.cookielaw.org privacyportal-eu.onetrust.com geolocation.onetrust.com cdn.equalweb.com access.equalweb.com js.nagich.co.il access.nagich.co.il *.cloudfront.net *.ingest.us.sentry.io js.sentry-cdn.com browser.sentry-cdn.com playtika.com *.playtika.com houseoffuns.com *.houseoffuns.com *.dev.houseoffuns.com *.houseoffun.com *.paypal.com www.paypalobjects.com client-analytics.braintreegateway.com payments.braintree-api.com assets.braintreegateway.com cdn.pagesense.io pagesense-collect.zoho.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' blob: *.googletagmanager.com tagmanager.google.com *.google-analytics.com www.google-analytics.com *.analytics.google.com *.g.doubleclick.net googleads.g.doubleclick.net www.googleadservices.com www.google.com facebook.com *.facebook.com *.fbsbx.com platform-lookaside.fbsbx.com *.fbcdn.net *.xx.fbcdn.net graph.facebook.com connect.facebook.net bat.bing.com cdn.cookielaw.org privacyportal-eu.onetrust.com geolocation.onetrust.com cdn.equalweb.com access.equalweb.com js.nagich.co.il access.nagich.co.il *.cloudfront.net *.ingest.us.sentry.io js.sentry-cdn.com browser.sentry-cdn.com playtika.com *.playtika.com houseoffuns.com *.houseoffuns.com *.dev.houseoffuns.com *.houseoffun.com *.paypal.com www.paypalobjects.com client-analytics.braintreegateway.com payments.braintree-api.com assets.braintreegateway.com cdn.pagesense.io pagesense-collect.zoho.com s.yimg.com *.tvsquared.com; script-src-attr 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.googletagmanager.com tagmanager.google.com *.google-analytics.com www.google-analytics.com *.analytics.google.com *.g.doubleclick.net googleads.g.doubleclick.net www.googleadservices.com www.google.com cdn.equalweb.com access.equalweb.com js.nagich.co.il access.nagich.co.il playtika.com *.playtika.com houseoffuns.com *.houseoffuns.com *.dev.houseoffuns.com *.houseoffun.com; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com *.googletagmanager.com tagmanager.google.com *.google-analytics.com www.google-analytics.com *.analytics.google.com *.g.doubleclick.net googleads.g.doubleclick.net www.googleadservices.com www.google.com cdn.equalweb.com access.equalweb.com js.nagich.co.il access.nagich.co.il playtika.com *.playtika.com houseoffuns.com *.houseoffuns.com *.dev.houseoffuns.com *.houseoffun.com www.gstatic.com; style-src-attr 'self' 'unsafe-inline'; worker-src 'self' blob: playtika.com *.playtika.com houseoffuns.com *.houseoffuns.com *.dev.houseoffuns.com *.houseoffun.com; base-uri 'self'; form-action 'none'; report-uri https://hof-dsa.playtika.com/client-event-stream/non-authenticated/events; block-all-mixed-content; upgrade-insecure-requests 2
font-src *.googleapis.com *.gstatic.com fonts.googleapis.com *.fontawesome.com parfumerie.com.ar d3cdlnm7te7ky2.cloudfront.net pftesting.66ecommerce.com editionprivee.com d28dzyqv2ij3aj.cloudfront.net eptesting.66ecommerce.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com https://seo.mageplaza.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self' 'unsafe-inline'; frame-ancestors *.despegar.com *.koin.com.br *.googletagmanager.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com bytedance: sslocal: www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.despegar.com *.koin.com.br *.googletagmanager.com maps.googleapis.com chart.googleapis.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com https://mobbex.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.googleapis.com *.gstatic.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.adobedtm.com *.despegar.com *.koin.com.br *.googletagmanager.com fonts.googleapis.com *.facebook.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com res.sugaway.io parfumerie.com.ar d3cdlnm7te7ky2.cloudfront.net pftesting.66ecommerce.com static.whatsapp.net editionprivee.com d28dzyqv2ij3aj.cloudfront.net eptesting.66ecommerce.com c.clarity.ms www.google.com.ar www.mercadopago.com.ar maps.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://maps.googleapis.com *.gstatic.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com chimpstatic.com downloads.mailchimp.com *.list-manage.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.despegar.com *.koin.com.br *.googletagmanager.com maps.googleapis.com chart.googleapis.com *.facebook.net *.avada.io *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.mobbex.com parfumerie.com.ar d3cdlnm7te7ky2.cloudfront.net pftesting.66ecommerce.com editionprivee.com d28dzyqv2ij3aj.cloudfront.net eptesting.66ecommerce.com js-agent.newrelic.com www.clarity.ms maps.google.com live.decidir.com fpcdn.io https://merchants.playdigital.com.ar/ https://merchants.preprod.playdigital.com.ar/ https://ecommerce-modal.modo.com.ar/ https://ecommerce-modal.preprod.modo.com.ar/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com downloads.mailchimp.com *.fontawesome.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com parfumerie.com.ar d3cdlnm7te7ky2.cloudfront.net pftesting.66ecommerce.com editionprivee.com d28dzyqv2ij3aj.cloudfront.net eptesting.66ecommerce.com https://ecommerce-modal.modo.com.ar/ https://ecommerce-modal.preprod.modo.com.ar/ 'self' 'unsafe-inline'; object-src maps.googleapis.com chart.googleapis.com 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com parfumerie.com.ar d3cdlnm7te7ky2.cloudfront.net pftesting.66ecommerce.com static.whatsapp.net editionprivee.com d28dzyqv2ij3aj.cloudfront.net eptesting.66ecommerce.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.googleapis.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.despegar.com *.googletagmanager.com maps.googleapis.com chart.googleapis.com *.google-analytics.com https://get.geojs.io *.avada.io *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.mobbex.com parfumerie.com.ar d3cdlnm7te7ky2.cloudfront.net pftesting.66ecommerce.com editionprivee.com d28dzyqv2ij3aj.cloudfront.net eptesting.66ecommerce.com google.com i.clarity.ms z.clarity.ms parfumerie.zendesk.com pod-20.zendesk.com bam.nr-data.net api.fpjs.io https://merchants.playdigital.com.ar/ https://merchants.preprod.playdigital.com.ar/ https://ecommerce-modal.modo.com.ar/ https://ecommerce-modal.preprod.modo.com.ar/ 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com data: *.fontawesome.com *.cloudflare.com *.twitter.com *.bootstrapcdn.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.twitter.com https://plumrocket.com *.googleapis.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: *.googleapis.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com http://hemin11112.pcapredict.com http://services.postcodeanywhere.co.uk *.cloudflare.com *.googleadservices.com *.google-analytics.com *.twitter.com *.adobedtm.com https://img.youtube.com maps.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com apis.google.com *.gstatic.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de http://hemin11112.pcapredict.com http://services.postcodeanywhere.co.uk *.cloudflare.com *.twitter.com *.google-analytics.com googletagmanager.com *.trustedshops.com *.fontawesome.com graph.facebook.com *.adobedtm.com https://analytics.webgains.io *.avada.io s7.addthis.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com assets.braintreegateway.com *.fontawesome.com http://services.postcodeanywhere.co.uk *.cloudflare.com *.googleapis.com *.twitter.com *.gstatic.com *.typekit.net *.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.googleapis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de http://hemin11112.pcapredict.com http://services.postcodeanywhere.co.uk *.cloudflare.com *.twitter.com https://get.geojs.io *.avada.io api.addressy.com ekr.zdassets.com/ *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com maxcdn.bootstrapcdn.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.paypal.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com https://mobbex.com 'self' 'unsafe-inline'; frame-ancestors *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://mobbex.com *.weltpixel.com *.getblue.io *.doubleclick.net *.criteo.com *.groovinads.com www.tfaforms.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net https://url.directo.com.ar *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.mobbex.com https://res.sugaway.io *.visualwebsiteoptimizer.com https://*.g.doubleclick.net *.clarity.ms *.bing.com mcstaging.sommiercenter.com *.groovinads.com *.criteo.com https://facebook.com url.directo.com.ar https://*.google-analytics.com https://*.googletagmanager.com https://*.google.com https://www.gstatic.com https://ssl.gstatic.com https://ad.doubleclick.net https://ade.googlesyndication.com https://www.mercadopago.com.ar https://m.facebook.com https://maps.googleapis.com https://www.afip.gob.ar https://www.google.com.ar data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com https://live.decidir.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.mobbex.com https://www.google.com https://maps.googleapis.com api.wcx.cloud f.wcentrix.com https://www.googletagmanager.com tagmanager.google.com *.hotjar.com *.cardinalcommerce.com *.embluemail.com *.navdmp.com *.zdassets.com *.visualwebsiteoptimizer.com *.getblue.io *.zopim.com *.clarity.ms *.groovinads.com *.criteo.net *.criteo.com *.decidir.com https://*.googletagmanager.com https://tagmanager.google.com https://www.googleadservices.com https//static.zdassets.com https://v2.zopim.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com maxcdn.bootstrapcdn.com tagmanager.google.com *.embluemail.com https://fonts.googleapis.com https://*.googletagmanager.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com bedtime.com.ar *.bedtime.com.ar 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com https://developers.decidir.com/ *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.mobbex.com https://www.google-analytics.com wss://widget-mediator.zopim.com *.braindw.com *.clarity.ms *.zdassets.com *.zendesk.com *.embluemail.com *.visualwebsiteoptimizer.com *.criteo.com *.decidir.com https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://maps.googleapis.com https://www.google.com.ar https://analytics.google.com/g/collect https://www.google.com.ar/ads https://ad.doubleclick.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; connect-src 'self' https:; frame-src 'self' https:; font-src 'self' https: data:; media-src 'self' https: data:; form-action 'self'; frame-ancestors 'none'; object-src 'none'; base-uri 'self'; 2
report-to https://r4com.report-uri.io/r/default/csp/reportOnly 2
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.jsdelivr.net/npm/js-cookie@3.0.5/dist/js.cookie.min.js https://www.googleoptimize.com/optimize.js https://sf1-eu.readspeaker.com/script/4967/ https://cdn.jsdelivr.net/npm/@duetds/ https://cdn.jsdelivr.net/gh/jackocnr/ https://prod.widgets.burgerprofiel.vlaanderen.be/api/v1/ https://consentcdn.cookiebot.com/consentconfig/ https://consent.cookiebot.com/ https://cdn-eu.readspeaker.com/script/4967/webReader/webReader.js https://www.googletagmanager.com/gtag/ https://www.googletagmanager.com/gtag/js https://cdn.popupsmart.com/bundle.js https://www.googletagmanager.com/gtm.js https://cdn.popupsmart.com/accounts/34422/9661/5/main.js https://cdn.jsdelivr.net/gh/stadgent/ https://projectaanvraag-api.uitdatabank.be/widgets/api/render/4c5d3b9682b23a209006bbbfdc0fa90d/42217fca-9490-4a97-35de-3390d18bf80b/search-results-with-facets https://www.google.com/pagead/1p-conversion/ https://cdn-eu.readspeaker.com/script/4967/webReader/r/ https://www.googleadservices.com/pagead/conversion/ https://script.hotjar.com/ https://www.clarity.ms/tag/ https://www.clarity.ms/s/ https://knrpc.olark.com/nrpc/ https://static.hotjar.com/c/hotjar-1813370.js https://www.google-analytics.com/analytics.js https://cdn.jsdelivr.net/npm/@snowplow/ https://projectaanvraag-api.uitdatabank.be/widgets/layout/ https://ajax.googleapis.com/ajax/libs/jquery/ https://script.crazyegg.com/pages/scripts/0126/7159.js https://script.crazyegg.com/pages/versioned/commontransformations-scripts/; object-src 'self' ; style-src 'self' 'unsafe-inline' https://sf1-eu.readspeaker.com/script/4967/ReadSpeaker.Styles.css https://cdn.jsdelivr.net/npm/@duetds/ https://cdn.jsdelivr.net/gh/NigelOToole/ https://cdn.jsdelivr.net/gh/jackocnr/  https://cdn-eu.readspeaker.com/script/4967/webReader/r/ https://cdn.popupsmart.com/accounts/34422/9661/5/main.css https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://cdn.jsdelivr.net/gh/stadgent/ https://projectaanvraag-api.uitdatabank.be/widgets/layout/; img-src 'self' data:  https://sf1-eu.readspeaker.com/script/4967/img/ https://i.ytimg.com/vi_webp/ https://geo.gent.be/geoserver/  https://imgsct.cookiebot.com/1.gif  https://cdn.popupsmart.com/assets/ https://cdn.popupsmart.com/campaign_images/  https://cdn.popupsmart.com/uploaded/ https://cdn.jsdelivr.net/gh/stadgent/ https://www.googletagmanager.com/td  https://c.clarity.ms/c.gif https://googleads.g.doubleclick.net/pagead/viewthroughconversion/ https://www.googletagmanager.com/a https://www.google-analytics.com/collect  https://translate.google.com/gen204 https://log.olark.com/jslog/log.png  https://images.uitdatabank.be/ https://projectaanvraag-api.uitdatabank.be/assets/images/ https://googleads.g.doubleclick.net/pagead/viewthroughconversion/ https://www.google.com/pagead/1p-conversion/ https://images.uitdatabank.be http://geo.gent.be/geoserver/wms https://data.stad.gent; media-src 'self' https://app-eu.readspeaker.com/enterprise/iframeproxy.php https://rstts-eu.readspeaker.com/cgi-bin/rspeak/ https://static.olark.com/jsclient/sounds/olark-chimes.ogg; frame-src 'self' https://app-eu.readspeaker.com/ https://rstts-eu.readspeaker.com/ https://www.youtube-nocookie.com/ https://consentcdn.cookiebot.com/ https://www.googletagmanager.com/; child-src 'self'; font-src 'self' data:  https://fonts.gstatic.com/s/firasans/v17/ https://fonts.gstatic.com/s/poppins/v21/ https://cdn.jsdelivr.net/gh/stadgent/ https://projectaanvraag-api.uitdatabank.be/assets/webfonts/ https://fonts.gstatic.com/s/opensans/; connect-src 'self' https://openingsuren.gent.be/api/v1/ https://consentcdn.cookiebot.com/consentconfig/ https://region1.google-analytics.com/g/collect https://handler-api.popupsmart.com https://cdn.popupsmart.com/accounts/34422/ https://data.stad.gent/api/records/1.0/search/ https://prod.widgets.burgerprofiel.vlaanderen.be/api/v1/ https://app-eu.readspeaker.com/cgi-bin/rsent https://www.google-analytics.com/j/collect https://cdn-eu.readspeaker.com/script/4967/webReader/r/ https://rstts-eu.readspeaker.com/cgi-bin/rspeak/ https://extragis.gent.be/restproxygl/GLRestFacade2.svc/ https://vc.hotjar.io/sessions/1813370 https://www.google.com/pagead/1p-conversion/767760056/ https://www.google.com/ccm/collect https://www.google-analytics.com/g/collect https://*.clarity.ms/collect https://knrpc.olark.com/nrpc/ https://sneeuwploeg.uitdatabank.be/publiq/t https://www.burgerprofiel.be https://script.crazyegg.com/pages/data-scripts/0126/7159/ https://pagestates-tracking.crazyegg.com https://tracking.crazyegg.com; report-uri /report-csp-violation; upgrade-insecure-requests 2
object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://cdn.tagcommander.com https://cdnjs.cloudflare.com https://instant.page https://polyfill-fastly.io https://unpkg.com https://use.fontawesome.com https://www.google.com; script-src-attr 'self'; script-src-elem 'self' http://pero.securite-routiere.gouv.fr https://www.gstatic.com https://www.youtube.com https://s2.adform.net/banners/scripts/st/trackpoint-async.js https://server.adform.net/Serving/TrackPoint/ https://cstatic.weborama.fr https://cdn.jsdelivr.net https://cdn.tagcommander.com https://cdnjs.cloudflare.com https://instant.page https://polyfill-fastly.io https://unpkg.com https://use.fontawesome.com https://www.google.com; style-src 'self' code.ionicframework.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://unpkg.com; style-src-attr 'self'; frame-ancestors 'self' 2
script-src 'self'; 2
default-src 'self' https://*.svc.dynamics.com https://*.mkt.dynamics.com https://*.azureedge.net https://*.cloudfront.net https://*.vattenfall.nl https://*.vattenfall.com https://*.azure-api.net/ https://*.mopinion.com; base-uri 'self' https://*.demdex.net https://*.cloudfront.net https://*.svtrd.com https://*.vattenfall.com; form-action 'self'  https://*.demdex.net https://*.cloudfront.net https://*.svtrd.com https://*.vattenfall.com; connect-src 'self' 'unsafe-inline' 'unsafe-eval' wss://*.stt.speech.microsoft.com https://*.svc.dynamics.com https://*.mkt.dynamics.com https://*.azureedge.net https://nominatim.openstreetmap.org https://*.linkedin.com https://*.demdex.net  https://*.www.google.nl/pagead https://*.pa-cd.com/ https://*.azure-api.net/ https://*.vattenfall.com https://*.googleapis.com https://*.blob.core.windows.net https://*.services.visualstudio.com https://*.adoberesources.net https://*.googlesyndication.com https://*.cloudfront.net https://*.idomoo.com https://*.queue-it.net https://*.mopinion.com https://*.piwik.pro https://siteimproveanalytics.com https://*.siteimproveanalytics.com https://*.googleads https://*.googleadservices.com https://*.cdn-0.d41.co https://*.w9shetvlr6.d41.co https://*.vattenfall.nl https://tdn.r42tag.com https://*.relay42.com https://w.usabilla.com https://api.usabilla.com https://*.googleapis.com https://*.gstatic.com https://dl.episerver.net https://www.youtube.com https://js.monitor.azure.com  https://westeurope-5.in.applicationinsights.azure.com https://web.telemetric.dk https://vattenfalltesting.24sessions.com https://connect.facebook.net https://img06.en25.com r2eu01.visualwebsiteoptimizer.com https://t.svtrd.com https://businessspecificapimanglobal.azure-api.ne https://*.doubleclick.net https://googleads.g.doubleclick.net https://www.google.nl/pagead https://cep-api.vattenfall.com https://*.googleadservices.com https://*.bing.net https://*.bing.com https://*.lt45.net https://snap.licdn.com https://*.visualwebsiteoptimizer.com https://*.google.com https://*.google.co.uk https://pingvp.com https://*.pingvp.com https://*.clarity.ms; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.svc.dynamics.com https://*.mkt.dynamics.com https://*.azureedge.net https://*.adoberesources.net https://*.googlesyndication.com https://*.cloudfront.net https://*.idomoo.com https://*.queue-it.net https://*.mopinion.com https://*.piwik.pro https://siteimproveanalytics.com https://*.siteimproveanalytics.com https://*.googleadservices.com https://*.cdn-0.d41.co https://*.w9shetvlr6.d41.co https://*.vattenfall.nl https://tdn.r42tag.com https://admin.relay42.com https://w.usabilla.com https://api.usabilla.com https://www.googletagmanager.com https://*.google-analytics.com https://*.googleapis.com https://*.gstatic.com https://dl.episerver.net https://www.youtube.com https://js.monitor.azure.com  https://westeurope-5.in.applicationinsights.azure.com https://web.telemetric.dk https://vattenfalltesting.24sessions.com https://connect.facebook.net https://img06.en25.com r2eu01.visualwebsiteoptimizer.com https://dc.services.visualstudio.com https://*.svtrd.com https://businessspecificapimanglobal.azure-api.ne https://*.doubleclick.net https://googleads.g.doubleclick.net https://*.www.google.nl/pagead https://cep-api.vattenfall.com https://td.doubleclick.net https://googleadservices.com https://*.bing.com https://*.bing.net https://*.lt45.net https://snap.licdn.com https://*.visualwebsiteoptimizer.com https://*.google.com https://*.google.co.uk https://pingvp.com https://*.pingvp.com https://*.clarity.ms; frame-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.svc.dynamics.com https://*.mkt.dynamics.com https://*.azureedge.net https://*.googlesyndication.com https://datawrapper.dwcdn.net https://*.dwcdn.net https://*.bbvms.com https://*.idomoo.com https://*.zonatlas.nl https://*.spotify.com https://*.cloudfront.net https://*.queue-it.net https://*.vattenfall.nl https://tdn.r42tag.com https://admin.relay42.com https://w.usabilla.com https://api.usabilla.com  https://*.google-analytics.com https://*.googleapis.com https://*.gstatic.com https://dl.episerver.net https://www.youtube.com https://js.monitor.azure.com https://web.telemetric.dk https://westeurope-5.in.applicationinsights.azure.com https://vattenfalltesting.24sessions.com https://connect.facebook.net https://img06.en25.com https://r2eu01.visualwebsiteoptimizer.com https://dc.services.visualstudio.com https://*.svtrd.com https://businessspecificapimanglobal.azure-api.ne https://googleads.g.doubleclick.net https://*.www.google.nl/pagead https://cep-api.vattenfall.com https://td.doubleclick.net https://*.doubleclick.net https://googleadservices.com https://*.cdn-0.d41.co https://*.w9shetvlr6.d41.co https://*.bing.com https://*.bing.net https://*.lt45.net https://snap.licdn.com https://*.visualwebsiteoptimizer.com https://*.google.com https://*.google.co.uk https://pingvp.com https://*.pingvp.com https://www.googletagmanager.com; media-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.svc.dynamics.com https://*.mkt.dynamics.com https://*.azureedge.net https://*.googlesyndication.com https://*.bing.com https://*.bing.net https://*.idomoo.com https://*.queue-it.net https://*.vattenfall.nl https://tdn.r42tag.com https://admin.relay42.com https://w.usabilla.com https://api.usabilla.com https://www.googletagmanager.com https://www.googletagmanager.com/* https://*.googletagmanager.com https://*.google-analytics.com https://*.googleapis.com https://*.gstatic.com https://dl.episerver.net https://*.youtube.com https://js.monitor.azure.com https://westeurope-5.in.applicationinsights.azure.com  https://web.telemetric.dk https://vattenfalltesting.24sessions.com https://connect.facebook.net https://img06.en25.com https://r2eu01.visualwebsiteoptimizer.com https://dc.services.visualstudio.com https://t.svtrd.com https://businessspecificapimanglobal.azure-api.ne https://googleads.g.doubleclick.net https://*.www.google.nl/pagead https://cep-api.vattenfall.com https://td.doubleclick.net https://googleadservices.com https://*.cdn-0.d41.co https://*.w9shetvlr6.d41.co https://*.bing.com https://*.bing.net https://*.lt45.net https://snap.licdn.com https://*.visualwebsiteoptimizer.com https://*.google.nl https://*.google.com https://*.google.co.uk https://pingvp.com https://*.pingvp.com; style-src 'self' 'unsafe-inline' https://*.svc.dynamics.com https://*.mkt.dynamics.com https://*.azureedge.net https://*.googlesyndication.com https://*.vattenfall.nl https://*.idomoo.com https://*.cloudfront.net https://web.telemetric.dk https://vattenfalltesting.24sessions.com https://connect.facebook.net https://img06.en25.com https://r2eu01.visualwebsiteoptimizer.com https://dc.services.visualstudio.com https://t.svtrd.com https://businessspecificapimanglobal.azure-api.ne https://googleads.g.doubleclick.net https://*.www.google.nl/pagead https://cep-api.vattenfall.com https://td.doubleclick.net https://googleadservices.com https://*.cdn-0.d41.co https://*.w9shetvlr6.d41.co https://*.bing.com https://*.bing.net https://*.lt45.net https://snap.licdn.com https://*.googleapis.com https://*.gstatic.com https://dl.episerver.net https://pingvp.com https://*.pingvp.com https://*.mopinion.com; img-src 'self' https://*.svc.dynamics.com https://*.mkt.dynamics.com https://*.azureedge.net https://*.googlesyndication.com https://*.vattenfall.nl https://*.google.nl https://*.siteimproveanalytics.com https://*.siteimproveanalytics.io  https://*.linkedin.com https://tdn.r42tag.com https://admin.relay42.com https://cm.g.doubleclick.net https://ad.doubleclick.net https://*.piwik.pro https://*.facebook.com https://*.clarity.ms https://*.bing.com https://*.bing.net https://*.svtrd.com https://*.cloudfront.net https://w.usabilla.com https://web.telemetric.dk https://vattenfalltesting.24sessions.com https://connect.facebook.net https://img06.en25.com r2eu01.visualwebsiteoptimizer.com https://dc.services.visualstudio.com https://t.svtrd.com https://businessspecificapimanglobal.azure-api.ne https://googleads.g.doubleclick.net https://*.www.google.nl/pagead https://*.www.google.de/pagead https://cep-api.vattenfall.com https://td.doubleclick.net https://googleadservices.com https://*.cdn-0.d41.co https://*.w9shetvlr6.d41.co https://*.bing.com https://*.bing.net https://*.lt45.net https://snap.licdn.com https://*.visualwebsiteoptimizer.com https://*.google.com https://*.google.co.uk https://*.googleapis.com https://www.googletagmanager.com https://www.googletagmanager.com/* https://*.googletagmanager.com https://*.google-analytics.com https://*.gstatic.com https://dl.episerver.net https://pingvp.com https://*.pingvp.com https://*.openstreetmap.org https://*.mopinion.com data:; font-src 'self' https://*.svc.dynamics.com https://*.mkt.dynamics.com https://*.azureedge.net https://*.googlesyndication.com https://*.vattenfall.nl https://*.googleapis.com https://*.gstatic.com https://dl.episerver.net https://pingvp.com https://*.pingvp.com https://*.mopinion.com data:; frame-ancestors 'self' https://*.svc.dynamics.com https://*.mkt.dynamics.com https://*.azureedge.net https://*.vattenfall.nl https://pingvp.com https://*.pingvp.com; worker-src 'self' data: https://*.svc.dynamics.com https://*.mkt.dynamics.com https://*.azureedge.net https://*.googlesyndication.com https://*.vattenfall.nl https://*.visualwebsiteoptimizer.com https://*.change.inc/ https://dl.episerver.net https://*.spotify.com https://www.google-analytics.com/* blob:; block-all-mixed-content 2
default-src 'self';   script-src 'self' https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://connect.facebook.net https://www.facebook.com https://snap.licdn.com https://pi.pardot.com https://static.cloudflareinsights.com https://px.ads.linkedin.com https://webtracker.wheels.com;   style-src 'self' https://fonts.googleapis.com https://www.gstatic.com;   img-src 'self' https://www.google.com https://www.gstatic.com https://www.facebook.com https://px.ads.linkedin.com https://pi.pardot.com https://webtracker.wheels.com data:;   font-src 'self' https://fonts.gstatic.com;   connect-src 'self' https://www.google-analytics.com https://px.ads.linkedin.com https://webtracker.wheels.com https://pi.pardot.com;   frame-src https://www.google.com https://www.facebook.com;   object-src 'none';   base-uri 'self';   form-action 'self'; 2
base-uri 'self';    form-action 'self';    object-src 'none';    frame-ancestors 'self' https://localhost:9002 https://*.interdiscount.ch;               script-src                'self' 'unsafe-eval' 'unsafe-inline'                *.bing.com *.criteo.com *.criteo.net *.doubleclick.net *.facebook.net                *.googleapis.com *.google.com *.googletagmanager.com *.googleadservices.com *.gstatic.com *.hotjar.com *.kameleoon.eu                mycliplister.com *.speedcurve.com *.tiqcdn.com *.tealiumiq.com *.theadex.com *.datadome.co ct.captcha-delivery.com *.expeerly.com cdn.jsdelivr.net/npm/@mux/mux-player *.usercentrics.eu;               report-uri /api/v1/csp-report;               report-to csp-endpoint; 2
base-uri 'none'; font-src 'self' https: data:; form-action 'self'; frame-ancestors 'self'; img-src 'self' data:; object-src 'none'; script-src-attr 'self'; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' 'strict-dynamic' 'nonce-{{nonce}}'; upgrade-insecure-requests; 2
script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *.americanmeadows.com *.privy.com *.richpanel.com *.ryzeo.com *.signifyd.com *.yotpo.com accounts.livechatinc.com analytics.tiktok.com api.livechatinc.com bam.nr-data.net bat.bing.com cdn-widgetsrepository.yotpo.com cdn.livechatinc.com cdn.richpanel.com cdn.statstrk01.com cdnapisec.kaltura.com chimpstatic.com connect.facebook.net ct.pinterest.com googleads.g.doubleclick.net js-agent.newrelic.com js-eu1.hs-analytics.net js-eu1.hs-banner.com js-eu1.hs-scripts.com js-eu1.hscollectedforms.net js-eu1.usemessages.com na-library.klarnaservices.com na-library.playground.klarnaservices.com s.pinimg.com secure.livechatinc.com static.hsappstatic.net static.trackedweb.net staticw2.yotpo.com www.clarity.ms www.facebook.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.gstatic.com www.youtube.com x.klarnacdn.net cdn.cookielaw.org code.jquery.com api.bluecore.com www.redditstatic.com siteassets.bluecore.com ui.powerreviews.com assets.pinterest.com americanmeadows.formstack.com static.formstack.com ajax.googleapis.com static.powerreviews.com dynamic.criteo.com snap.licdn.com sslwidget.criteo.com widget.us.criteo.com *.paypal.com *.wistia.com *.howuku.com *.jsdelivr.net *.criteo.com *.paypalobjects.com *.clarity.ms *.convertexperiments.com measurement-api.criteo.com display.powerreviews.com *.powerreviews.com *.corvuscro.com mjbeisch.github.io *.noibu.com *.highcountrygardens.com *.hotjar.com *.stripe.com resources-webcomponents.klevu.com *.mountain.com; report-uri /.webscale/csp-report 2
default-src 'self' https: data: blob: 'unsafe-inline' 'unsafe-eval' 2
frame-ancestors 'self'; report-uri https://www.goldcoastbulletin.com.au/csp-reports 2
object-src 'self' *.cined.com; report-uri /_/csp-report/ 2
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com https://fonts.bunny.net *.alothemes.com *.magepow.com maxcdn.bootstrapcdn.com *.klarnacdn.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com *.google.com *.doubleclick.net *.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * consentcdn.cookiebot.com service.force.com *.trustpilot.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com img.youtube.com validator.swagger.io s.ytimg.com *.adyen.com *.bird.eu 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com https://firebasestorage.googleapis.com *.alothemes.com *.magepow.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.hsforms.net *.hsforms.com *.adobedtm.com dev.visualwebsiteoptimizer.com *.exacttarget.com *.google.it/pagead/1p-user-list serverside.stiga.com *.cookiebot.com via.placeholder.com maps.googleapis.com *.teads.tv www.xtento.com *.trustpilot.com imgsct.cookiebot.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.youtube.com video.google.com *.adyen.com *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.avada.io *.shopify.com *.alothemes.com *.magepow.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com maps.googleapis.com *.klarna.com consent.cookiebot.com *.collect.igodigital.com serverside.stiga.com cdnjs.cloudflare.com service.force.com *.salesforceliveagent.com dev.visualwebsiteoptimizer.com *.clarity.ms *.imedia.cz consentcdn.cookiebot.com *.teads.tv *.seznam.cz *.xtento.com *.trustpilot.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com getfirebug.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.fontawesome.com https://fonts.bunny.net *.alothemes.com *.magepow.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com service.force.com *.klarnacdn.net *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com api.addressy.com https://get.geojs.io *.avada.io *.alothemes.com *.magepow.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com t.elasticsuite.io *.hsforms.net *.hsforms.com maps.googleapis.com consentcdn.cookiebot.com *.googlesyndication.com dev.visualwebsiteoptimizer.com serverside.stiga.com *.klarna.com *.klarnaevt.com trustpilot.com googleads.g.doubleclick.net *.teads.tv *.clarity.ms noembed.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com data: static.nacongaming.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.adyen.com pay.google.com payments-eu.amazon.com *.amazon.de api.bazaarvoice.com stg.api.bazaarvoice.com www.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.adyen.com pay.google.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com www.google.com www.youtube.com amc.demdex.net vars.hotjar.com www.facebook.com static.nacongaming.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.adyen.com pay.google.com *.payments-amazon.com *.media-amazon.com *.paypalobjects.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com network-eu-stg.bazaarvoice.com network-eu.bazaarvoice.com network-eu-a.bazaarvoice.com media.nacongaming.com scaleflex.ultrafast.io axeptio.imgix.net www.google.fr www.facebook.com static.nacongaming.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com network-eu.bazaarvoice.com network-eu-stg.bazaarvoice.com www.google.com www.gstatic.com script.hotjar.com static.hotjar.com connect.facebook.net anltc-v2.bigben.fr analytics.tiktok.com www.googleoptimize.com static.nacongaming.com static.axept.io anltc.bigben.fr 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com display.ugc.bazaarvoice.com *.fontawesome.com use.typekit.net p.typekit.net static.nacongaming.com 'self' 'unsafe-inline'; object-src static.nacongaming.com 'self' 'unsafe-inline'; media-src *.adobe.com static.nacongaming.com media.nacongaming.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.adyen.com payments-eu.amazon.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com www.facebook.com in.hotjar.com stats.g.doubleclick.net anltc-v2.bigben.fr axeptio.imgix.net static.nacongaming.com client.axept.io api.axept.io anltc.bigben.fr 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
script-src 'self' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://static.addtoany.com https://unpkg.com https://www.google.com 'unsafe-inline' https://citia.matomo.cloud/; script-src-attr 'self'; script-src-elem 'self' 'unsafe-inline' https://citia.matomo.cloud https://static.axept.io https://www.youtube.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://static.addtoany.com https://unpkg.com https://www.google.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://network.annecyfestival.com https://unpkg.com; style-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self' 2
script-src-elem *.bing.com *.clarity.ms *.googleadservices.com *.youtube.com *.global-e.com *.bglobale.com *.redditstatic.com *.bing-int.com www.googletagmanager.com static-tracking.klaviyo.com static.klaviyo.com *.herroom.com unpkg.com *.googleapis.com www.paypal.com js.braintreegateway.com pay.google.com c.paypal.com cdn.kustomerapp.com connect.facebook.net gepi.global-e.com web.global-e.com webservices.global-e.com www.google.com www.gstatic.com *.pinimg.com cdn.noibu.com *.cloudfront.net utt.impactcdn.com googleads.g.doubleclick.net *.pinterest.com se.monetate.net www.paypalobjects.com *.sitejabber.com *.slick.min.js *.msn.com *.r.msn.com *.listrakbi.com cdn.jsdelivr.net *.listrak.com *.aftership.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src-elem *.bglobale.com *.herroom.com fonts.googleapis.com p.typekit.net use.typekit.net gepi.global-e.com static.klaviyo.com static-tracking.klaviyo.com *.sitejabber.com *.listrakbi.com 'self' 'unsafe-inline'; font-src fonts.gstatic.com use.typekit.net maxcdn.bootstrapcdn.com *.global-e.com *.bglobale.com s3-eu-west-1.amazonaws.com cdn.kustomerapp.com globale-prod.s3-eu-west-1.amazonaws.com *.sitejabber.com *.espssl.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.google.com *.cloudfront.net *.pinterest.com *.global-e.com *.youtube.com *.listrakbi.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com www.google.com www.googletagmanager.com *.weltpixel.com *.bglobale.com *.global-e.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.braintreegateway.com *.google.com *.cloudfront.net *.pinterest.com *.listrakbi.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.global-e.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.gstatic.com *.gstatic.com *.facebook.com *.reddit.com *.bglobale.com media.herroom.com *.bing.com *.clarity.ms maps.googleapis.com *.herroom.com *.google.ch bat.bing.net widgets.automizely.com widgets.automizely.io herroom.scene7.com assets.herroom.net www.googletagmanager.com s3-eu-west-1.amazonaws.com cdn.kustomerhostedcontent.com *.google.com *.brandlock.io media.hisroom.com www.ojrq.net logs-01.loggly.com *.cloudfront.net connect.facebook.net *.sitejabber.com *.doubleclick.net *.g.doubleclick.net *.listrakbi.com *.espssl.com data: 'self' 'unsafe-inline'; script-src *.adobe.com www.googleadservices.com use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com s.ytimg.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ *.magento-ds.com *.global-e.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com *.facebook.net *.redditstatic.com *.reddit.com *.maxmind.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com assets.adobedtm.com amcglobal.sc.omtrdc.net commerce.adobe.net t.paypal.com www.googleapis.com vimeo.com www.vimeo.com www.google.com www.googletagmanager.com www.google-analytics.com *.bglobale.com unpkg.com *.clarity.ms *.cloudfront.net *.listrakbi.com ajax.googleapis.com fonts.googleapis.com widgets.automizely.com widgets.automizely.io *.pinimg.com *.listrak.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com maxcdn.bootstrapcdn.com *.global-e.com assets.braintreegateway.com *.bglobale.com *.typekit.net widgets.automizely.com widgets.automizely.io use.typekit.net *.sitejabber.com *.listrakbi.com 'self' 'unsafe-inline'; object-src *.listrakbi.com 'self' 'unsafe-inline'; media-src *.adobe.com assets.herroom.net *.espssl.com *.listrakbi.com 'self' 'unsafe-inline'; manifest-src *.listrakbi.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.sentry.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.google-analytics.com *.facebook.net *.redditstatic.com *.reddit.com *.doubleclick.net *.mmapiws.com *.bing.com *.clarity.ms *.brandlock.io *.cloudfront.net *.clartity.ms *.google.ch bat.bing.net *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io api.automizely.com api.automizely.io *.global-e.com *.bing-int.com maps.googleapis.com a.klaviyo.com andragroup.api.kustomerapp.com www.facebook.com input.noibu.com cdn.noibu.com wss://input.noibu.com herroom.pxf.io hisroom.sjv.io *.pinterest.com herroom.scene7.com *.pndsn.com resource-proxy.noibu.com *.sitejabber.com *.listrakbi.com *.listrak.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src self *.herroom.com *.hisroom.com mcprod.herroom.com *.hisrroom.com *.listrakbi.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri self *.herroom.com *.hisroom.com *.listrakbi.com 'self' 'unsafe-inline'; 2
object-src 'none'; script-src 'self' 'report-sample' cdn.auth0.com cdn.jsdelivr.net cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://challenges.cloudflare.com https://polyfill-fastly.io https://unpkg.com stackpath.bootstrapcdn.com; style-src 'self' 'report-sample' cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://fonts.googleapis.com https://unpkg.com; webrtc 'block'; worker-src 'self'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; report-uri https://greens.report-uri.com/r/d/csp/wizard 2
font-src https://www.googletagmanager.com *.googleapis.com *.gstatic.com *.rab.equipment *.intervieweb.it *.algolia.com *.cloudflare.com *.twitter.com *.typekit.net *.fontawesome.com *.bootstrapcdn.com *.klarnaservices.com *.klarna.com *.klarnacdn.net *.rentle.io *.wisepops.net wisepops.net *.wisepops.com wisepops.com *.yotpo.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com pay.google.com payments-eu.amazon.com *.amazon.de *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.storyblok.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com pay.google.com *.paypal.com *.dotdigital-pages.com *.dotdigital.com *.intervieweb.it *.rentle.io *.twitter.com *.google.com *.wisepops.net wisepops.net *.wisepops.com wisepops.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com account.fetchify.com *.hub-box.com c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com * *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com pay.google.com *.payments-amazon.com *.media-amazon.com *.paypalobjects.com *.gstatic.com https://images.unsplash.com *.clarity.ms *.rab.equipment *.intervieweb.it *.rentle.io *.klarnaservices.com *.klarna.com *.klarnacdn.net *.algolia.com *.iesnare.com *.locally.com *.cloudflare.com *.googleadservices.com *.google-analytics.com *.google.co.uk *.paypal.com *.twitter.com *.wisepops.net wisepops.net *.wisepops.com wisepops.com *.storyblok.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://cc-cdn.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com www.google.com.ua *.yotpo.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal tagmanager.google.com https://www.googletagmanager.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js https://*.avln.me/t.js https://developer.adobe.com https://magento.com https://cdn.avmws.com/ http://cdn.avmws.com/ *.rab.equipment *.rentle.io *.intervieweb.it *.klarnaservices.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.trustpilot.com *.algolia.com *.algolia.io *.locally.com *.outtra.com *.cookiefirst.com *.iesnare.com *.cloudflare.com *.twitter.com *.google-analytics.com *.googlesyndication.com googletagmanager.com *.google.com *.gstatic.com *.trustedshops.com *.fontawesome.com apis.google.com gtm.rab.equipment gtm.mcstaging.rab.equipment *.polyfill-fastly.io polyfill-fastly.io *.clarity.ms *.wisepops.net wisepops.net *.wisepops.com wisepops.com *.storyblok.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://cc-cdn.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com *.rab.equipment *.intervieweb.it *.rentle.io *.algolia.com *.outtra.com *.locally.com *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.fontawesome.com *.bootstrapcdn.com *.klarnaservices.com *.klarna.com *.klarnacdn.net *.cookiefirst.com *.wisepops.net wisepops.net *.wisepops.com wisepops.com *.storyblok.com cc-cdn.com unsafe-inline assets.braintreegateway.com *.yotpo.com dhv2ziothpgrr.cloudfront.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.intervieweb.it *.klarnaservices.com *.klarna.com *.klarnacdn.net *.algolia.com *.iesnare.com *.locally.com 'self' data: *.rab.equipment *.rentle.io *.wisepops.net wisepops.net *.wisepops.com wisepops.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.google.com google.com payments-eu.amazon.com *.paypal.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com https://www.google-analytics.com https://developer.adobe.com https://cdn.avmws.com/ http://cdn.avmws.com/ *.intervieweb.it *.rentle.io *.klarnaevt.com *.klarnaservices.com *.klarna.com *.klarnacdn.net *.algolia.io *.locally.com *.outtra.com wss://mpsnare.iesnare.com *.iesnare.com *.cloudflare.com *.twitter.com *.google-analytics.com *.googlesyndication.com *.doubleclick.net *.cookiefirst.com *.clarity.ms *.wisepops.net wisepops.net *.wisepops.com wisepops.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk *.hub-box.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src *.googleapis.com *.gstatic.com https://fonts.gstatic.com https://cdnjs.cloudflare.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors https://www.mephisto.com https://www.allrounder.com https://www.mobilsshoes.com https://www.sanoshoes.com https://m2-staging.mephisto.com https://m2-staging.allrounder.com https://m2-staging.mobilsshoes.com https://m2-staging.sanoshoes.com consentcdn.cookiebot.com www.googletagmanager.com td.doubleclick.net ct.pinterest.com www.google.com wisepops.net payment.direct.worldline-solutions.com widget.trustpilot.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://www.google.com/recaptcha/ www.googletagmanager.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com https://www.mephisto.com https://www.allrounder.com https://www.mobilsshoes.com https://www.sanoshoes.com consentcdn.cookiebot.com ecommscript-integrationapp.trustpilot.com ecommplugins-scripts.trustpilot.com *.trustpilot.com payment.direct.worldline-solutions.com payment.preprod.direct.worldline-solutions.com payment.anzworldline-solutions.com.au payment.preprod.anzworldline-solutions.com.au payment.payone.com payment.preprod.payone.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com validator.swagger.io *.googleapis.com https://*.gstatic.com *.trackedlink.net https://*.google.com https://*.googleapis.com https://*.googleusercontent.com *.mephisto.com *.allrounder.com *.mobilsshoes.com *.sanoshoes.com imgsct.cookiebot.com www.facebook.com www.google.de bat.bing.com www.gstatic.com dx4nr741tfc02.cloudfront.net assets.cdn.v-psp.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com https://*.gstatic.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.google.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.mephisto.com *.allrounder.com *.mobilsshoes.com *.sanoshoes.com payment.direct.worldline-solutions.com widget.trustpilot.com invitejs.trustpilot.com consent.cookiebot.com consentcdn.cookiebot.com r1-t.trackedlink.net www.youtube.com www.google.com static.trackedweb.net bat.bing.com connect.facebook.net s.pinimg.com d2jjzw81hqbuqv.cloudfront.net wisepops.net www.gstatic.com static.hotjar.com script.hotjar.com ct.pinterest.com cdn.wisepops.com cdn.jsdelivr.net assets.cdn.v-psp.com ecommplugins-trustboxpreview.trustpilot.com https://cdnjs.cloudflare.com *.gstatic.com *.trustpilot.com payment.preprod.direct.worldline-solutions.com payment.anzworldline-solutions.com.au payment.preprod.anzworldline-solutions.com.au payment.payone.com payment.preprod.payone.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.mephisto.com *.allrounder.com *.mobilsshoes.com *.sanoshoes.com www.gstatic.com assets.cdn.v-psp.com https://cdnjs.cloudflare.com *.googleapis.com *.gstatic.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com consentcdn.cookiebot.com td.doubleclick.net ct.pinterest.com www.google.com wisepops.net payment.direct.worldline-solutions.com widget.trustpilot.com ecommscript-settingsapi.trustpilot.com t.elasticsuite.io *.google-analytics.com payment.preprod.direct.worldline-solutions.com payment.anzworldline-solutions.com.au payment.preprod.anzworldline-solutions.com.au payment.payone.com payment.preprod.payone.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src bat.bing.com www.google.com r1.trackedweb.net tracking.wisepops.com *.mephisto.com *.allrounder.com *.mobilsshoes.com *.sanoshoes.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
upgrade-insecure-requests; report-to https://www.codium.ai; report-uri https://www.codium.ai; 2
default-src 'self' data:; script-src 'self' https://webtools.europa.eu *.webanalytics.europa.eu 'unsafe-eval' https://cdn.jsdelivr.net https://europa.eu/ https://cdn.ckeditor.com/ckeditor5/ https://webanalytics.europa.eu https://op.europa.eu; object-src 'none'; style-src 'self' https://webtools.europa.eu 'unsafe-inline' https://op.europa.eu/; img-src 'self' https://webtools.europa.eu *.webanalytics.europa.eu data: https://webanalytics.europa.eu https://op.europa.eu; frame-src https://w.soundcloud.com https://www.youtube.com/ https://*.ec.europa.eu/ https://www.dailymotion.com/ https://vimeo.com/ 'self' https://webtools.europa.eu https://europa.eu/ https://op.europa.eu; child-src https://w.soundcloud.com https://www.youtube.com/ https://*.ec.europa.eu/ https://www.dailymotion.com/ https://vimeo.com/ 'self' https://webtools.europa.eu https://europa.eu/ https://op.europa.eu; connect-src 'self' https://webtools.europa.eu *.webanalytics.europa.eu https://webanalytics.europa.eu https://europa.eu/webtools/rest/etrans/translate https://op.europa.eu; report-uri /report-csp-violation 2
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.espssl.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.twimg.com *.googleapis.com *.bootstrapcdn.com *.cloudflare.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.twitter.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.ladesk.com *.twitter.com *.google.co.in *.kaptcha.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://www.magezon.com *.espssl.com *.payments-amazon.com *.listrakbi.com *.pinterest.com *.facebook.com *.google.com *.google.co.in *.klarna.com *.twitter.com *.ytimg.com stats.g.doubleclick.net *.connect.facebook.net pixel.advertising.com *.googletagmanager.com *.twimg.com *.placehold.it blob: www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.googleapis.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com cdnjs.cloudflare.com *.pinterest.com *.listrakbi.com *.listrak.com *.ladesk.com s.pinimg.com *.facebook.net *.twitter.com *.google.co.in *.facebook.com *.twimg.com *.gstatic.com connect.facebook.net *.googletagmanager.com static-na.payments-amazon.com js-agent.newrelic.com *.jquery.com 'self' https://cdnjs.cloudflare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cdnjs.cloudflare.com *.jquery.com *.espssl.com *.fontawesome.com *.typekit.net *.listrakbi.com *.googleapis.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.twimg.com *.gstatic.com *.youtube.com *.bootstrapcdn.com 'unsafe-inline' unsafe-inline assets.braintreegateway.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.listrakbi.com *.doubleclick.net *.algolia.io *.pinterest.com *.twitter.com *.twimg.com *.google.co.in *.facebook.com *.braintree-api.com *.amazon.com bam.nr-data.net *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.googleapis.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de 'self' 'unsafe-inline'; child-src 'self' blob: assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://actionis.report-uri.com/a/d/g; report-to report-endpoint; 2
object-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src *.certcapture.com https://aws-staging-aeroprecisionusa.smarterspecies.com https://aws-staging-2-aeroprecisionusa.smarterspecies.com/ https://www.aeroprecisionusa.com blob: assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; upgrade-insecure-requests ; frame-ancestors 'self' *.avantlink.com *.certcapture.com *.credova.com www.gstatic.com *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com 'self'; form-action 'self' https://enews.aeroprecisionusa.com/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://plumrocket.com *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.sitevibes.com sitevibes.com 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/ https://cdn.listrakbi.com https://mediacdn.espssl.com *.adobe.com *.certcapture.com https://maxcdn.bootstrapcdn.com fonts.googleapis.com *.fontawesome.com https://fonts.bunny.net unsafe-inline assets.braintreegateway.com *.sitevibes.com sitevibes.com 'self' 'unsafe-inline'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.avmws.com https://cdn.listrakbi.com https://s1.listrakbi.com https://m1.listrakbi.com https://at1.listrakbi.com https://www.google-analytics.com https://www.google.com https://maps.google.com https://maps.googleapis.com https://www.googletagmanager.com https://www.gstatic.com https://jstest.authorize.net https://*.addthis.com https://v1.addthisedge.com https://z.moatads.com https://ssl.avmws.com https://bat.bing.com/bat.js https://js.hs-scripts.com https://js-agent.newrelic.com https://bam.nr-data.net https://player.vimeo.com https://f.vimeocdn.com https://widget-prime.rafflecopter.com https://js.hs-banner.com/ https://v2.zopim.com https://js.hs-analytics.net https://static.zdassets.com https://widget-mediator.zopim.com/ https://bam-cell.nr-data.net/ https://cdn.quantummetric.com https://plugin.credova.com https://tags.clickagy.com https://tags.clickagy.com/  https://widget.gleamjs.io *.upsellit.com https://upsellit.com https://prod.upsellit.com/ https://bl.listrakbi.com https://cdnjs.cloudflare.com/ajax/libs/OwlCarousel2/2.3.4/owl.carousel.min.js https://cdnjs.cloudflare.com/ajax/libs/jquery.inputmask/3.3.1/jquery.inputmask.bundle.js assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.certcapture.com https://static.elfsight.com *.credova.com https://js.hs-banner.com https://bat.bing.com https://ekr.zdassets.com https://plugin.credova.com/plugin.min.js https://www.youtube.com *.gettopple.com *.aggle.net cdn.mouseflow.com *.googleapis.com *.gstatic.com *.kaptcha.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://developer.adobe.com https://magento.com https://cdn.avmws.com/ http://cdn.avmws.com/ *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com *.disqus.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.sitevibes.com sitevibes.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; media-src https://static.zdassets.com/ *.adobe.com 'self' 'unsafe-inline'; img-src 'self' https://stats.g.doubleclick.net https://mediacdn.espssl.com https://www.xtento.com/media/images/ https://*.listrakbi.com https://www.google.com https://www.google.com.ua https://store.paradoxlabs.com https://cdn.klarna.com https://tracking.avantlink.com https://bat.bing.com https://bam.nr-data.net https://www.googletagmanager.com https://track.hubspot.com https://v2.zopim.com data: https://maps.gstatic.com https://maps.googleapis.com https://www.google-analytics.com https://pippio.com https://d2df4e9l5rljaz.cloudfront.net https://api.delivrabl.net https://aorta.clickagy.com https://idsync.rlcdn.com https://us-u.openx.net https://cm.g.doubleclick.net https://yotpo-editor-production.s3.amazonaws.com https://aa.agkn.com https://sync.crwdcntrl.net https://pixel-sync.sitescout.com https://d.agkn.com https://region1.google-analytics.com https://v2assets.zopim.io  https://js.gleam.io https://upsellit.com https://prod.upsellit.com/ *.upsellit.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.certcapture.com https://files.elfsightcdn.com https://sca1.listrakbi.com https://img.youtube.com https://via.placeholder.com *.gettopple.com *.googleapis.com *.gstatic.com *.authorize.net assets.secure.checkout.visa.com sandbox.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com magefan.com cm.magefan.com *.disqus.com https://firebasestorage.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.sitevibes.com sitevibes.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; frame-src 'self' https://www.full30.com https://s7.addthis.com https://player.vimeo.com https://www.google.com https://widget-prime.rafflecopter.com https://ssl.kaptcha.com https://hemsync.clickagy.com  https://gleam.io https://upsellit.com https://prod.upsellit.com/ *.upsellit.com fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.certcapture.com *.credova.com * https://tst.kaptcha.com www.google.com https://plumrocket.com *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.sitevibes.com sitevibes.com www.xtento.com 'self' 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com/font-awesome/ https://assets.iglobalstores.com/ https://v2.zopim.com/ https://yotpo-stool.s3.amazonaws.com https://maxcdn.bootstrapcdn.com https://993ecd1fa9.nxcli.io *.googleapis.com *.gstatic.com *.fontawesome.com https://fonts.bunny.net *.sitevibes.com sitevibes.com data: 'self' 'unsafe-inline'; connect-src 'self' https://api2.authorize.net/ https://js.authorize.net https://jstest.authorize.net https://apitest.authorize.net https://m.addthis.com https://bat.bing.com https://bam.nr-data.net/ https://bat.bing.com/ https://ekr.zdassets.com/ https://www.google-analytics.com https://stats.g.double.analytics.js https://assets.iglobalstores.com/ wss://widget-mediator.zopim.com/ https://*.listrak.com/ https://*.listrakbi.com/ https://stats.g.doubleclick.net/ https://bam-cell.nr-data.net/ https://oc.listrakbi.com/coupon https://enews.aeroprecisionusa.com/ https://aeroprecisionsupport.zendesk.com/ https://aeroprecision-app.quantummetric.com/ https://rl.quantummetric.com/ https://region1.google-analytics.com https://aorta.clickagy.com https://hemsync.clickagy.com https://maps.googleapis.com https://vimeo.com https://upsellit.com https://prod.upsellit.com/ *.upsellit.com https://cdn.listrakbi.com https://bl.listrakbi.com dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.certcapture.com https://core.service.elfsight.com *.credova.com https://api2.authorize.net wss://widget-mediator.zopim.com https://onsite-api.listrak.com https://product.listrakbi.com https://stats.g.doubleclick.net https://aeroprecision-app.quantummetric.com https://rl.quantummetric.com https://sandbox-lending-api.credova.com https://lending-api.credova.com *.gettopple.com oirt.aggle.net https://www.stagarms.com *.googleapis.com *.kaptcha.com https://developer.adobe.com https://cdn.avmws.com/ http://cdn.avmws.com/ *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.sitevibes.com sitevibes.com 'self' 'unsafe-inline'; default-src 'self' 'self' 'unsafe-inline' 'unsafe-eval'; worker-src 'self'; 2
default-src https:;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cc.cdn.civiccomputing.com https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://reports.hrmdirect.com https://*.etcconnect.com;style-src 'self' 'unsafe-inline' https://hello.myfonts.net https://reports.hrmdirect.com https://www.highend.com https://fonts.googleapis.com https://*.etcconnect.com;object-src 'none';img-src 'self' data: https://www.google-analytics.com https://www.facebook.com https://*.etcconnect.com;report-uri /Handlers/CspReports.ashx?type=REPORTONLY; 2
font-src storage.googleapis.com/rtux-rtux-data-integration-rti/ *.cloudflare.com data: 'self' 'unsafe-inline'; form-action test.saferpay.com www.saferpay.com saferpay.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ bid.g.doubleclick.net www.google.com *.prismic.io *.google.com *.criteo.com *.criteo.net *.doubleclick.net *.pinterest.com *.facebook.com *.livechatinc.com *.sovendus-connect.com *.googletagmanager.com *.weltpixel.com www.xtento.com test.saferpay.com www.saferpay.com saferpay.com 'self' 'unsafe-inline'; img-src data: widgets.magentocommerce.com *.vimeocdn.com i.ytimg.com *.youtube.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com https://images.unsplash.com *.prism.app-us1.com *.prismic.io *.bing.com *.google.ch *.trackjs.com *.google.com *.twiago.com *.doubleclick.net *.bidswitch.net *.adnxs.com *.smartadserver.com *.taboola.com *.adform.net *.omnitagjs.com *.lehner-versand.ch *.casalemedia.com *.criteo.com id5-sync.com *.360yield.com *.ivitrack.com *.media.net *.mediavine.com *.postrelease.com *.outbrain.com *.pubmatic.com *.rubiconproject.com *.sharethrough.com *.teads.tv *.tremorhub.com *.3lift.com *.yieldlab.net *.yieldmo.com *.emxdgt.com *.demdex.net *.livechat-files.com *.dmxleo.com *.profity.ch *.googleapis.com *.1rx.io www.xtento.com cdn.xtento.com test.saferpay.com www.saferpay.com saferpay.com *.gstatic.com *.facebook.com *.reddit.com data: 'self' 'unsafe-inline'; script-src *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com https://maps.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ bx-cdn.com/static/bav2.min.js track.bx-cloud.com/static/bav2.min.js r-st.bx-cloud.com/static/bav2.min.js r-st.bx-cloud.com/static/rti.min.js track.bx-cloud.com/static/rti.min.js bx-cdn.com/static/rti.min.js storage.googleapis.com/rtux-rtux-data-integration-rti/ *.prism.app-us1.com *.prismic.io *.trackjs.com *.gstatic.com *.livechatinc.com *.cdn.prismic.io *.google.com *.criteo.com *.pinimg.com *.bing.com *.adt313.net htm1.ch *.pinterest.com profity.ch *.profity.ch/clients/main.js *.getback.ch *.sovendus.com *.sovendus-connect.com *.googleapis.com storage.googleapis.com/*_rtux-data* *.wi-platform-cloud.com *.bx-cdn.com *.googletagmanager.com *.bx-cloud.com *.doubleclick.net www.xtento.com cdn.xtento.com test.saferpay.com www.saferpay.com saferpay.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.getback.ch *.cloudflare.com *.googleapis.com storage.googleapis.com/*_rtux-data* tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src storage.googleapis.com/rtux-rtux-data-integration-rti/ *.googleapis.com storage.googleapis.com/*_rtux-data* 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.newrelic.com *.nr-data.net www.googleadservices.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com https://maps.googleapis.com https://player.vimeo.com track.bx-cloud.com main.bx-cloud.com track-gw1.bx-cloud.com bx-cloud.com main.wi-platform-cloud.com r-st.bx-cloud.com track.bx-cloud.com/track/v2 storage.googleapis.com/rtux-rtux-data-integration-rti/ *.prism.app-us1.com *.prismic.io htm1.ch *.pinterest.com *.lehner-versand.ch *.criteo.com *.google.com *.getback.ch *.doubleclick.net *.wi-platform-cloud.com *.trackjs.com *.livechatinc.com *.sovendus.com *.googleapis.com storage.googleapis.com/*_rtux-data* *.bing.com test.saferpay.com www.saferpay.com saferpay.com analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.run.app 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src test.saferpay.com www.saferpay.com saferpay.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com data: cdn.elev.io media.flixfacts.com static.klaviyo.com tracking.paqato.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io d3dc1lgancj6l0.cloudfront.net maxcdn.bootstrapcdn.com https://widgets.trustedshops.com https://integrations.etrusted.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.facebook.com 'self' connect.facebook.net graph.facebook.com business.facebook.com http://*.facebook.com https://*.facebook.com test.saferpay.com www.saferpay.com saferpay.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com www.hagel-shop.de 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://cdn.consentmanager.net https://delivery.consentmanager.net www.awin1.com cdn.consentmanager.net *.criteo.com *.criteo.net *.dixa.io *.doubleclick.net *.durchsichtig.xyz *.hagel-shop.de *.hotjar.com www.facebook.com media.flixcar.com *.klarinsights.net www.paypalobjects.com player.reetags.com www.sovendus-benefits.com www.sovendus-campaign.com www.sovendus-connect.com www.sovendus-network.com bat.bing.com www.instagram.com return.4sellers.de https://www.googletagmanager.com/ connect.facebook.net graph.facebook.com business.facebook.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://www.google.com/ http://*.facebook.com https://*.facebook.com js.mollie.com test.saferpay.com www.saferpay.com saferpay.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net data: *.googleapis.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com https://cdn.consentmanager.net https://delivery.consentmanager.net validate.fishpig.co.uk sync.1rx.io ad.360yield.com eb2.3lift.com *.adnxs.com *.agkn.com www.awin1.com *.bing.com *.bing.net *.bidswitch.net *.casalemedia.com *.cloudfront.net *.consentmanager.net *.criteo.com public-prod-dspcookiematching.dmxleo.com *.doubleclick.net e1.emxdgt.com www.facebook.com media.flixcar.com *.flix360.com *.google.com *.google.de *.googletagmanager.com fonts.gstatic.com *.hagel-shop.de id5-sync.com matching.ivitrack.com contextual.media.net exchange.mediavine.com visitor.omnitagjs.com sync.outbrain.com jadserve.postrelease.com simage2.pubmatic.com *.roeye.com pixel.rubiconproject.com match.sharethrough.com rtb-csync.smartadserver.com criteo-sync.teads.tv *.tiktok.com criteo-partners.tremorhub.com a.twiago.com *.taboola.com sync.targeting.unrulymedia.com t.ssl.ak.dynamic.tiles.virtualearth.net www.wepowerconnections.com ad.yieldlab.net sync-criteo.ads.yieldmo.com *.zenaps.com c.clarity.ms assets.paqato.com www.google.hu www.google.es csm.nl3.eu.criteo.net www.google.nl www.hagel-shop.at https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ connect.facebook.net graph.facebook.com business.facebook.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io http://*.linkedin.com https://*.linkedin.com http://*.facebook.com https://*.facebook.com http://www.google.com/ http://www.google.de/ https://www.google.de/ https://www.googletagmanager.com http://www.googletagmanager.com userlike-cdn-operators.s3-eu-west-1.amazonaws.com https://widgets.trustedshops.com/ https://www.mollie.com test.saferpay.com www.saferpay.com saferpay.com https://widgets.trustedshops.com https://integrations.etrusted.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net *.commerce-payment-services.com *.magento-ds.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.magento-datasolutions.com *.googletagmanager.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de jsd-widget.atlassian.com https://cdn.consentmanager.net https://delivery.consentmanager.net *.ablyft.com www.awin1.com *.bing.com *.clarity.ms *.consentmanager.net *.criteo.com messenger.dixa.io www.dwin1.com cdn.elev.io connect.facebook.net prod.flixgvid.flix360.io media.flixcar.com media.flixfacts.com *.google-analytics.com *.googleoptimize.com *.hagel-shop.de *.hotjar.com player.reetags.com lantern.roeyecdn.com lantern.roeye.com the.sciencebehindecommerce.com *.sovendus.com www.sovendus-benefits.com www.sovendus-campaign.com www.sovendus-connect.com www.sovendus-network.com analytics.tiktok.com *.virtualearth.net www.zeitung-direkt.de tracking.paqato.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://www.googletagmanager.com/ https://www.googletagmanager.com/ www.facebook.com graph.facebook.com business.facebook.com https://connect.facebook.net/ https://snap.licdn.com/li.lms-analytics/insight.min.js http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io unsafe-inline userlike-cdn-widgets.s3-eu-west-1.amazonaws.com d3dc1lgancj6l0.cloudfront.net api.userlike.com http://www.google.com/recaptcha/ https://widgets.trustedshops.com/ js.mollie.com test.saferpay.com www.saferpay.com saferpay.com https://widgets.trustedshops.com https://integrations.etrusted.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.bing.com media.flixcar.com *.googletagmanager.com css/light.theme.css static-tracking.klaviyo.com tracking.paqato.com https://static.klaviyo.com maxcdn.bootstrapcdn.com https://widgets.trustedshops.com https://integrations.etrusted.com 'self' 'unsafe-inline'; object-src https://cdn.consentmanager.net https://delivery.consentmanager.net data: 'self' 'unsafe-inline'; media-src *.adobe.com https://cdn.consentmanager.net https://delivery.consentmanager.net *.hagel-shop.de http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net *.sentry.io www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.paypal.com google.com *.google.com *.magento-datasolutions.com *.magento-ds.com *.googleapis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de jsd-widget.atlassian.com api-private.atlassian.com https://cdn.consentmanager.net https://delivery.consentmanager.net *.ablyft.com magento-recs-sdk.adobe.net commerce.adobedtm.com *.bing.com *.bing.net *.clarity.ms *.consentmanager.net *.dixa.io *.criteo.com *.doubleclick.net *.durchsichtig.xyz *.elev.io media.flixcar.com maps.googleapis.com *.google-analytics.com *.google.de *.hagel-shop.de *.hotjar.com *.hotjar.io *.klarinsights.net the.sciencebehindecommerce.com *.sovendus.com analytics.tiktok.com unpkg.com/@adobe/ www.wepowerconnections.com tracking.paqato.com api-js.datadome.co https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com http://salesviewer.org/ userlike-cdn-widgets.s3-eu-west-1.amazonaws.com autocomplete2.postdirekt.de test.saferpay.com www.saferpay.com saferpay.com *.trustedshops.com *.etrusted.com analytics-ipv6.tiktokw.us 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src https://cdn.consentmanager.net https://delivery.consentmanager.net test.saferpay.com www.saferpay.com saferpay.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src   'self'   'unsafe-eval'   'unsafe-inline'   *.bing.com   *.brightsg.com   *.clarity.ms   *.cloudflare.com   *.doubleclick.net   *.facebook.net   *.google-analytics.com   *.google.com   *.googletagmanager.com   *.gstatic.com   *.hotjar.com   *.hsforms.com   *.hsforms.net   *.hubspot.com   *.licdn.com   *.linkedin.com   *.onetrust.com   *.reddit.com   *.tiktok.com   *.typekit.net   *.unpkg.com   data:;  script-src   'self'   'unsafe-eval'   'unsafe-inline'   *.bing.com   *.brightsg.com   *.clarity.ms   *.cloudflare.com   *.doubleclick.net   *.facebook.net   *.google-analytics.com   *.google.com   *.googleadservices.com   *.googlesyndication.com   *.googletagmanager.com   *.gstatic.com   *.hotjar.com   *.hs-analytics.net   *.hs-banner.com   *.hs-scripts.com   *.hsadspixel.net   *.hsforms.net   *.hubspot.com   *.licdn.com   *.linkedin.com   *.reddit.com   *.tiktok.com   *.typekit.net   *.unpkg.com;  script-src-attr   'unsafe-inline';  script-src-elem   'self'   'unsafe-inline'   *.bing.com   *.brightsg.com   *.clarity.ms   *.cloudflare.com   *.doubleclick.net   *.facebook.net   *.google-analytics.com   *.google.com   *.googleadservices.com   *.googlesyndication.com   *.googletagmanager.com   *.gstatic.com   *.hotjar.com   *.hs-analytics.net   *.hs-banner.com   *.hs-scripts.com   *.hsadspixel.net   *.hsforms.net   *.hubspot.com   *.licdn.com   *.linkedin.com   *.reddit.com   *.tiktok.com   *.typekit.net   *.unpkg.com;  style-src   'self'   'unsafe-inline'   *.brightsg.com   *.cloudflare.com   *.googleapis.com   *.gstatic.com   *.typekit.net;  style-src-attr   'unsafe-inline';  style-src-elem   'self'   'unsafe-inline'   *.brightsg.com   *.cloudflare.com   *.googleapis.com   *.gstatic.com   *.typekit.net;  img-src   'self'   blob:   data:   *.bing.com   *.brightsg.com   *.capterra.com   *.clarity.ms   *.cloudflare.com   *.doubleclick.net   *.facebook.com   *.google-analytics.com   *.google.com   *.googletagmanager.com   *.gstatic.com   *.hsforms.com   *.hubspot.com   *.linkedin.com   *.reddit.com;  font-src   'self'   data:   *.brightsg.com   *.gstatic.com   *.typekit.net;  frame-src   'self'   *.cloudflare.com   *.google.com   *.googletagmanager.com   *.hubspot.com   *.jotform.com   *.vimeo.com   *.youtube.com;  child-src   'self'   blob:   *.cloudflare.com   *.google.com   *.googletagmanager.com   *.hubspot.com   *.jotform.com   *.vimeo.com;  form-action   'self'   *.hsforms.com;  media-src   'self'   data:;  prefetch-src   'self';  worker-src   blob:   'self';  connect-src   'self'   *.bing.com   *.brightsg.com   *.clarity.ms   *.cloudflare.com   *.doubleclick.net   *.facebook.com   *.google-analytics.com   *.google.com   *.googleadservices.com   *.googlesyndication.com   *.hotjar.com   *.hubspot.com   *.linkedin.com   *.onetrust.com   *.reddit.com   *.sentry.io   *.tiktok.com   wss://ws.hotjar.com; report-uri https://brightsg.report-uri.com/r/d/csp/wizard; report-to csp-endpoint; 2
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com kit.fontawesome.com connect.facebook.net cdn.polyfill.io code.jquery.com www.google-analytics.com ssl.google-analytics.com www.googleoptimize.com script.crazyegg.com cdn.syndication.twimg.com speedtest.bestbroadbanddeals.co.uk cdnjs.cloudflare.com maxcdn.bootstrapcdn.com widget.trustpilot.com s3.amazonaws.com cable.us4.list-manage.com admin.bestbroadbanddeals.co.uk services.xg4ken.com unpkg.com script.hotjar.com static.hotjar.com c5.adalyser.com plausible.io consent.cookiebot.com consentcdn.cookiebot.com e.infogram.com localhost:3000; connect-src 'self' consentcdn.cookiebot.com *.fontawesome.com api.addressy.com wss://ws.hotjar.com *.hotjar.com content.hotjar.io cable.us4.list-manage.com admin.bestbroadbanddeals.co.uk stats.g.doubleclick.net plausible.io localhost:3000; img-src 'self' data: *.bestbroadbanddeals.co.uk www.google.com www.googletagmanager.com www.google.co.uk www.google-analytics.com s1.2mdn.net ad.doubleclick.net stats.g.doubleclick.net gtrk.s3.amazonaws.com pbs.twimg.com code.jquery.com 19.xg4ken.com s3-eu-west-1.amazonaws.com pcf.tdscd.com c5.adalyser.com v2.crocdn.com 540k006f.tinifycdn.com imgsct.cookiebot.com; style-src 'self' 'unsafe-inline' code.jquery.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com admin.bestbroadbanddeals.co.uk pro.fontawesome.com localhost:3000; font-src 'self' *.fontawesome.com maxcdn.bootstrapcdn.com admin.bestbroadbanddeals.co.uk data: localhost:3000; object-src 'self' api.ookla.com fpdownload.adobe.com; frame-src 'self' widget.trustpilot.com vars.hotjar.com googleads.g.doubleclick.net consentcdn.cookiebot.com e.infogram.com data:; child-src 'self' blob:; report-uri /csp-violation-report/ 2
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com https://www.gstatic.com applepay.cdn-apple.com https://fonts.gstatic.com *.fontawesome.com https://cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.payplug.com *.dalenys.com api-qa.payplug.com secure-qa.payplug.com https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net magefan.com cm.magefan.com *.disqus.com https://int-acc.afflelou.com https://preprod-acc.afflelou.com https://cms-pre-mafranchise.afflelou.com https://cms-mafranchise.afflelou.com https://p.sharinpix.com *.googlesyndication.com https://images.unsplash.com https://flagcdn.com https://mafranchise.afflelou.com *.googleapis.com https://*.gstatic.com https://mcstaging.afflelou.com cdn.doofinder.com https://secure-magenta.dalenys.com https://*.google.com https://*.googleapis.com https://*.googleusercontent.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.disqus.com https://eu1-config.doofinder.com https://*.googlesyndication.com https://halc.iadvize.com https://static.iadvize.com https://iadvize.com https://static.livechat.iadvize.com https://api.iadvize.com https://maps.googleapis.com afflelou.containers.piwik.pro *.googleapis.com https://*.gstatic.com https://vto-advanced-integration-api.fittingbox.com/ cdn.doofinder.com https://secure-magenta.dalenys.com applepay.cdn-apple.com api-qa.payplug.com cdn-qa.payplug.com cdn.payplug.com https://cdn.payplug.com https://cdn-qa.payplug.com https://*.google.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.doofinder.com https://secure-magenta.dalenys.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com https://cdn.jsdelivr.net *.fontawesome.com https://cdnjs.cloudflare.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com https://cdn.plyr.io https://*.googlesyndication.com https://halc.iadvize.com https://api.iadvize.com https://collector.iadvize.com wss://*.iadvize.com https://maps.googleapis.com https://player.vimeo.com afflelou.piwik.pro afflelou.containers.piwik.pro *.googleapis.com *.doofinder.com wss://*.doofinder.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com https://int-bohds.afflelou.be https://int-bohds.afflelou.ch https://int-bohds.afflelou.ma https://int-bohds.afflelou.pt https://int-bohds.afflelou.com https://preprod-bohds.afflelou.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src *.fontawesome.com https://fonts.bunny.net https://use.typekit.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors https://mcstaging.booktrump.com https://mcstaging.trumphotels.com https://integration-5ojmyuq-r7ma66w2vxzgu.us-5.magentosite.cloud https://integration2-hohc4oi-r7ma66w2vxzgu.us-5.magentosite.cloud 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://mcstagingdoral.booktrump.com https://mcstagingireland.booktrump.com https://mcstaging.booktrump.com https://mcstaging.trumphotels.com https://integration-5ojmyuq-r7ma66w2vxzgu.us-5.magentosite.cloud https://integration2-hohc4oi-r7ma66w2vxzgu.us-5.magentosite.cloud 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://firebasestorage.googleapis.com https://www.magezon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://*.synxis.com p.typekit.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://capture.celopay.com https://api.cartstack.com https://*.cartstack.com https://script.hotjar.com use.typekit.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com https://fonts.bunny.net unsafe-inline assets.braintreegateway.com https://use.typekit.net https://p.typekit.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://player.vimeo.com https://download-video.akamaized.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://capture.celopay.com https://api.cartstack.com https://*.cartstack.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src fonts.gstatic.com use.typekit.net data: 'self' 'unsafe-inline'; form-action https://api.bazaarvoice.com https://stg.api.bazaarvoice.com 'self' 'unsafe-inline'; frame-ancestors https://app.storyblok.com 'self'; frame-src bid.g.doubleclick.net https://www.google.com/recaptcha/ https://api.bazaarvoice.com https://stg.api.bazaarvoice.com https://display.ugc.bazaarvoice.com https://www.googletagmanager.com https://player.vimeo.com https://*.doubleclick.net https://insight.adsrvr.org https://*.adsrvr.org 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net https://images.unsplash.com https://maps.googleapis.com https://*.gstatic.com https://ib.adnxs.com https://secure.adnxs.com https://*.bazaarvoice.com https://bat.bing.com https://www.facebook.com https://adservice.google.com https://flask.nextdoor.com https://i.vimeocdn.com https://sp.analytics.yahoo.com https://img.youtube.com https://*.doubleclick.net https://cdn.cookielaw.org https://*.monetate.net data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net https://app.storyblok.com *.tokenex.com https://maps.googleapis.com https://cdn.jsdelivr.net https://acdn.adnxs.com https://*.bazaarvoice.com https://bat.bing.com https://mpsnare.iesnare.com https://resources.digital-cloud-west.medallia.com https://ads.nextdoor.com https://container.pepperjam.com https://cdn.resonate.com https://www.upsellit.com https://vimeo.com https://player.vimeo.com https://www.vimeo.com https://connect.facebook.net https://js.adsrvr.org https://cdn.cookielaw.org https://*.fullstory.com https://*.monetate.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com https://*.googletagmanager.com https://cdn.jsdelivr.net https://display.ugc.bazaarvoice.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.adobe.io performance.typekit.net *.sentry.io data: https://*.readyrefresh.com https://*.googleapis.com https://ib.adnxs.com https://*.bazaarvoice.com https://bat.bing.com https://bat.bing.net https://*.google.com https://geolocation.onetrust.com https://ds.reson8.com https://cdn.cookielaw.org https://*.fullstory.com https://*.doubleclick.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com cdn.findologic.com *.fontawesome.com 'self' data: https://widgets.trustedshops.com cdn.haarshop.ch data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.nosto.com *.nos.to 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com cdn.haarshop.ch 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com https://www.googletagmanager.com/ *.haar-shop.ch *.hs-dev.ch www.sovendus-connect.com experience-io.oralb.de *.nosto.com *.nos.to www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com *.facebook.com js.mollie.com https://app-wallee.com cdn.haarshop.ch *.pinterest.com *.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.google.ch integrations.etrusted.com rt.flix360.com media.flixcar.com *.google.de d21m4dsqdd3b9h.cloudfront.net d2rfa446ja7yzb.cloudfront.net *.nosto.com *.nos.to www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cdninstagram.com https://www.mollie.com *.hsforms.net *.hsforms.com 'self' data: https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://app-wallee.com cdn.haarshop.ch bat.bing.com *.trustedshops.com *.google.com *.google.pl data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ gmtech.mfgroup.ch ajax.cloudflare.com *.findologic.com media.flixcar.com media.flixfacts.com connect.getflowbox.com *.googleapis.com *.hotjar.com api.sovendus.com nosto.stackla.com static.zdassets.com prod.flixgvid.flix360.io cdn.jsdelivr.net *.nosto.com *.nos.to *.plugins.emarsys.net *.scarabresearch.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com player.vimeo.com *.googleoptimize.com cdnjs.cloudflare.com js.mollie.com *.hsforms.net *.hsforms.com *.gstatic.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com https://app-wallee.com https://gmtech.mfgroup.ch https://assets.secure.checkout.visa.com cdn.haarshop.ch *.pinterest.com bat.bing.com *.tiktok.com s.pinimg.com unpkg.com *.cloudflareinsights.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com integrations.etrusted.com cdn.findologic.com *.nosto.com *.nos.to *.fontawesome.com *.googleapis.com *.gstatic.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com https://app-wallee.com cdn.haarshop.ch 'self' 'unsafe-inline'; object-src cdn.haarshop.ch 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ static.zdassets.com cdn.haarshop.ch 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ gmtech.mfgroup.ch *.findologic.com media.flixcar.com *.getflowbox.com *.googleapis.com ws: ws.hotjar.com identification-api.sovendus.com ekr.zdassets.com *.zendesk.com *.findologic.io *.hotjar.io *.nosto.com *.nos.to *.scarabresearch.com *.eservice.emarsys.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site https://app-wallee.com https://assets.secure.checkout.visa.com cdn.haarshop.ch *.google.pl region1.analytics.google.com bat.bing.com googleads.g.doubleclick.net *.pinterest.com *.tiktok.com unpkg.com *.cloudflareinsights.com cloudflareinsights.com www.google.ch 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com cdn.haarshop.ch 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.haar-shop.ch/de/csp/report/; report-to report-endpoint; 2
font-src https://*.gstatic.com fonts.gstatic.com https://cdn.segment.com https://api.segment.io https://*.hokodo.co www.googleservices.com *.google.com *.gstatic.com https://*.klarnacdn.net *.klevu.com *.ksearchnet.com maxcdn.bootstrapcdn.com https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.adyen.com www.xtento.com https://*.hokodo.co https://photos.pixlee.co https://photos.pixlee.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com https://*.gstatic.com www.xtento.com cdn.xtento.com https://site-assets.afterpay.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://www.google.com https://www.google.co.uk https://www.gstatic.com https://d1fd8aj8bhyfe9.cloudfront.net https://cdn-ukwest.onetrust.com *.klevu.com *.ksearchnet.com flagpedia.net https://register.feefo.com https://api.feefo.com https://s3-eu-west-1.amazonaws.com pixlee.com *.pixlee.com *.pixlee.co https://widgets.trustedshops.com https://widgets-qa.trustedshops.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com www.xtento.com cdn.xtento.com https://js.afterpay.com https://cdn.segment.com https://*.hokodo.co https://*.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://party11141.pcapredict.com https://assets.pxlecdn.com https://region1.analytics.google.com https://register.feefo.com https://js-agent.newrelic.com https://bam.nr-data.net https://services.postcodeanywhere.co.uk https://d3dh5c7rwzliwm.cloudfront.net https://d32106rlhdcogo.cloudfront.net https://dgf0rw7orw6vf.cloudfront.net https://cdn-ukwest.onetrust.com *.klevu.com *.ksearchnet.com *.gstatic.com maps.googleapis.com https://*.feefo.com/ https://euwa.puzzel.com pixlee.com *.pixlee.com *.pixlee.co https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://fonts.googleapis.com/ fonts.googleapis.com https://*.klarnacdn.net https://static.klaviyo.com https://register.feefo.com https://services.postcodeanywhere.co.uk *.klevu.com *.ksearchnet.com maxcdn.bootstrapcdn.com *.gstatic.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com https://cdn.segment.com https://api.segment.io https://*.hokodo.co https://*.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://party11141.pcapredict.com https://assets.pxlecdn.com https://region1.analytics.google.com https://stats.g.doubleclick.net https://register.feefo.com https://inbound-analytics.pixlee.com https://pce.afd.co.uk https://bam.nr-data.net https://cdn-ukwest.onetrust.com https://geolocation.onetrust.com https://region1.google-analytics.com *.klevu.com *.ksearchnet.com www.gstatic.com maps.googleapis.com https://api.feefo.com https://collect.feefo.com https://api.puzzel.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'none'; base-uri 'self'; block-all-mixed-content; script-src 'unsafe-inline' https:; style-src 'unsafe-inline' https:; img-src https: data: 'self'; object-src https: 'self'; font-src https: 'self'; connect-src https: 'self'; frame-ancestors 'self'; worker-src blob: https: 'self' 2
font-src *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.midtrans.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com *.midtrans.com *.mxpnl.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self'; script-src  'self' *.salesforce.com 'report-sample'; style-src 'unsafe-inline' 'self' *.file.force.com *.salesforce.com *.visualforce.com:*; img-src *.force.com slack-mil-dev.com slack-imgs-mil-dev.com 'self' *.slack.com *.amazonaws.com blob: *.my-salesforce-cms.com *.slack-imgs.com slack-imgs-gov.com *.slack-edge.mil *.salesforce-experience.com slack-imgs.com slack-gov-dev.com *.sfdcstatic.com *.slack-edge-gov.com *.salesforce.com *.twimg.com *.my-salesforce.com slack-imgs-gov-dev.com *.slack-edge.com slack-imgs.mil *.cloudinary.com data:; media-src 'self' *.salesforce.com; frame-src *.force.com *.quip.com *.arkoselabs.com 'self' *.youtube-nocookie.com *.youtube.co.uk *.cybersource.com *.youtube.com.br *.youtube.es *.salesforce-experience.com *.salesforceliveagent.com *.adis.ws *.sfdcfc.net *.youtube.ca *.youtube.ie *.cloudinary.com *.vidyard.com *.vimeo.com *.youtube.jp bcove.video *.youtube.fr *.forceusercontent.com *.youtube.com *.brightcove.net *.wistia.net *.salesforce.com *.youtube.nl *.youtube.pl; font-src *.force.com 'self' *.salesforce.com blob: data:; connect-src  'self' *.amazonaws.com *.salesforce.com api.salesforce.com *.api.salesforce.com wss://*.slack.com; report-to sfdc-csp-ep; report-uri https://csp-report.force.com/_/ContentDomainCSPNoAuth?type=login 2
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.googleapis.com *.gstatic.com *.alothemes.com *.magepow.com maxcdn.bootstrapcdn.com https://d1cwup7r903a1d.cloudfront.net *.mypurecloud.com *.cloudflare.com *.adnxs.com *.thecpapshop.com *.paypalobjects.com *.doubleclick.net *.adacado.com *.authorize.net *.oxygenconcentratorsupplies.com *.adapthealthmarketplace.com *.espssl.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.authorize.net *.facebook.com *.mypurecloud.com *.cloudflare.com *.adnxs.com *.thecpapshop.com *.paypalobjects.com *.doubleclick.net *.adacado.com *.oxygenconcentratorsupplies.com *.adapthealthmarketplace.com 'self' 'unsafe-inline'; frame-ancestors *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.braintreegateway.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.getbread.com *.breadpayments.com *.rbcpayplan.com *.authorize.net *.lpsnmedia.net *.salecycle.com *.facebook.com *.adsrvr.org *.mypurecloud.com *.cloudflare.com *.adnxs.com *.thecpapshop.com *.paypalobjects.com *.doubleclick.net *.adacado.com *.oxygenconcentratorsupplies.com *.adapthealthmarketplace.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net widgets.automizely.com widgets.automizely.io *.googleapis.com *.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com *.getbread.com *.breadpayments.com *.rbcpayplan.com *.alothemes.com *.magepow.com *.facebook.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com store.paradoxlabs.com *.listrakbi.com *.bing.com *.lpsnmedia.net *.amazonaws.com *.routeapp.io *.mypurecloud.com *.adnxs.com *.cloudflare.com *.thecpapshop.com *.paypalobjects.com *.doubleclick.net *.adacado.com *.authorize.net *.oxygenconcentratorsupplies.com *.adapthealthmarketplace.com *.adsrvr.org data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net assets.adobedtm.com *.magento-datasolutions.com *.magento-ds.com ajax.googleapis.com https//fonts.googleapis.com widgets.automizely.com widgets.automizely.io *.googleapis.com *.gstatic.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.getbread.com *.breadpayments.com *.rbcpayplan.com *.alothemes.com *.magepow.com connect.facebook.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.authorize.net cdn.routeapp.io https://api.lab.amplitude.com https://flag.lab.amplitude.com https://protect-quote-q.route.com protection-widget.route.com protect-lightning-bolt-widget.route.com d3od5si8vgcekb.cloudfront.net ddbmicszvqxcg.cloudfront.net https://unpkg.com wobs.route.com *.listrak.com *.listrakbi.com *.liveperson.net *.lpsnmedia.net *.nr-data.net *.newrelic.com *.tiqcdn.com *.bing.com *.cybba.solutions *.cloudfront.net *.adsrvr.org *.facebook.net *.pepperjam.com *.rtb123.com *.routeapp.io *.route.com *.mypurecloud.com https://sentry.io *.cloudflare.com *.adnxs.com *.paypalobjects.com *.doubleclick.net *.adacado.com *.thecpapshop.com *.oxygenconcentratorsupplies.com *.adapthealthmarketplace.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com widgets.automizely.com widgets.automizely.io *.alothemes.com *.magepow.com maxcdn.bootstrapcdn.com https//fonts.googleapis.com https://d1cwup7r903a1d.cloudfront.net *.listrak.com *.listrakbi.com *.googleapis.com *.mypurecloud.com *.cloudflare.com *.adnxs.com *.thecpapshop.com *.paypalobjects.com *.doubleclick.net *.adacado.com *.authorize.net *.oxygenconcentratorsupplies.com *.adapthealthmarketplace.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com api.magento.com performance.typekit.net *.magento-datasolutions.com *.magento-ds.com *.adobe.io api.automizely.com api.automizely.io *.googleapis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.getbread.com *.breadpayments.com *.rbcpayplan.com *.alothemes.com *.magepow.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net *.authorize.net api.route.com https://api.lab.amplitude.com https://flag.lab.amplitude.com https://protect-quote-q.route.com protection-widget.route.com d3od5si8vgcekb.cloudfront.net protect-lightning-bolt-widget.route.com ddbmicszvqxcg.cloudfront.net https://unpkg.com wobs.route.com *.listrak.com *.listrakbi.com *.nr-data.net *.newrelic.com *.sandbox.paypal.com *.googleadservices.com *.doubleclick.net *.salescycle.com wss://ws.salescycle.com *.salecycle.com wss://ws.salecycle.com *.facebook.com https://www.facebook.com *.route.com *.adnxs.com *.mypurecloud.com wss://webmessaging.mypurecloud.com *.cloudflare.com *.thecpapshop.com *.paypalobjects.com *.adacado.com *.oxygenconcentratorsupplies.com *.adapthealthmarketplace.com *.pro.ip-api.com *.ip-api.com *.amazonaws.com *.breadgateway.net *.bing.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://smartsolutions.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 2
frame-ancestors 'self'; report-uri https://api.mobilepay.dk/cspreporting/mobilepay-dk 2
default-src 'self' 'unsafe-inline' blob: data: https:; script-src 'self' 'unsafe-eval' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' http://*.quantserve.com https: https://*.doubleclick.net https://*.teads.tv; worker-src 'self' blob:; connect-src 'self' https: wss:; img-src 'self' https:; frame-src 'self' http://*.trendmicro.com https:; report-to csp-endpoint 2
default-src 'self';             script-src 'self' 'unsafe-inline' 'unsafe-eval'                 https://*.acer.org                 https://kit.fontawesome.com https://cdnjs.cloudflare.com                 https://code.jquery.com                 https://cdn.jsdelivr.net https://www.youtube.com                 https://player.vimeo.com https://www.googletagmanager.com https://www.gstatic.com                 https://www.google-analytics.com https://cdn.monsido.com https://www.gstatic.com/call-tracking/ https://www.google.com/recaptcha/                 https://static.ads-twitter.com https://snap.licdn.com                 https://connect.facebook.net https://googleads.g.doubleclick.net                 https://maxcdn.bootstrapcdn.com/bootstrap/ https://stackpath.bootstrapcdn.com/bootstrap/                 https://*.adroll.com                 https://fast.wistia.com/embed/medias/ https://fast.wistia.com/assets/external/                 https://acer.tfaforms.net/ https://www.tfaforms.com/wForms/                 https://platform.twitter.com/                 https://widgets.sociablekit.com/                 https://cdn.mouseflow.com/                 https://js.createsend1.com/javascript/                 https://bat.bing.com;             style-src 'self' 'unsafe-inline'                 https://*.acer.org                 https://fonts.googleapis.com https://cdnjs.cloudflare.com https://www.gstatic.com                https://cdn.jsdelivr.net                 https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/                 https://acer.tfaforms.net/dist/ https://acer.tfaforms.net/uploads/themes/ https://www.tfaforms.com/dist/                 https://widgets.sociablekit.com/                 https://kit.fontawesome.com https://maxcdn.bootstrapcdn.com/font-awesome/;             img-src 'self' data: blob:                 https://*.acer.org https://www.acer-ibt.org https://www.researchconference.com.au https://www.immchallenge.org.au https://www.stemgames.org.au                 https://tracking.monsido.com                 https://www.google.com.au/ads/ https://www.google.com.au/pagead/ https://www.google.com https://www.google-analytics.com/ https://www.googletagmanager.com                 https://px.ads.linkedin.com https://media.licdn.com/dms/image/ https://media.licdn.com/dms/image/                 https://sociablekit.com/app/ https://images.sociablekit.com/                 https://t.co/i/ https://analytics.twitter.com/i/                 https://www.facebook.com/tr/                 https://ping.eeharbor.com                 https://*.adroll.com                 https://bat.bing.com;             font-src 'self' data:                 https://*.acer.org                 https://fonts.googleapis.com https://fonts.gstatic.com                 https://cdnjs.cloudflare.com https://cdn.jsdelivr.net                 https://ka-p.fontawesome.com https://maxcdn.bootstrapcdn.com/font-awesome/ https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/;             media-src 'self' https://www.acer.org https://www.youtube.com https://player.vimeo.com;             frame-src                 https://www.google.com/recaptcha/ https://www.googletagmanager.com                 https://platform.twitter.com/widgets/                 https://www.acer.org https://www.youtube.com https://player.vimeo.com https://shorthand.com;             connect-src 'self'                 https://*.acer.org                 https://ka-p.fontawesome.com https://kit.fontawesome.com                 https://www.google.com https://googleads.g.doubleclick.net https://www.google-analytics.com https://www.googleadservices.com https://www.google.com.au/pagead/                 https://acer.tfaforms.net/api_v2/                 https://stats.g.doubleclick.net/                 https://www.facebook.com/tr/                 https://updates.expressionengine.com                 https://px.ads.linkedin.com/wa/;             object-src 'none';             base-uri 'self';             form-action 'self';             upgrade-insecure-requests;             report-uri https://csp-testing.acer.org/reportOnly/index; 2
font-src fonts.gstatic.com use.typekit.net *.googleapis.com *.gstatic.com 'self' data: 'unsafe-inline' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk *.sharethis.com platform.cloud-iq.com.au *.google.com *.facebook.com *.doubleclick.net *.bedbathntable.com.au *.criteo.com *.pinterest.com *.dotdigital-pages.com *.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com zip.co sandbox.zip.co zipmoney.com.au sandbox.zipmoney.com.au checkout.gb.zip.co checkout.quadpay.com checkout-sandbox.quadpay.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.ftcdn.net *.behance.net *.adyen.com https://static.afterpay.com https://site-assets.afterpay.com/ *.sharethis.com *.googleapis.com *.gstatic.com dev.visualwebsiteoptimizer.com *.google.com *.facebook.com *.cloud-iq.com.au *.afterpay.com *.linksynergy.com *.google.com.au *.bedbathntable.com.au bbnt-m2-image-library.s3-ap-southeast-2.amazonaws.com *.cdninstagram.com *.google.lk *.doubleclick.net *.bidswitch.net *.adnxs.com *.smartadserver.com *.taboola.com *.socdm.com *.criteo.com *.casalemedia.com *.dable.io *.adingo.jp *.stickyadstv.com *.360yield.com *.rlcdn.com *.media.net *.bing.com *.yieldmo.com *.aralego.com *.3lift.com *.clmbtech.com *.teads.tv *.smaato.net *.rubiconproject.com *.pubmatic.com *.outbrain.com *.aralego.net *.1rx.io *.bluekai.com *.contextweb.com *.unrulymedia.com *.trackedlink.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com t.zip.co static.zipmoney.com.au data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.adyen.com https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com https://js.sandbox.afterpay.com https://js.afterpay.com *.sharethis.com *.googleapis.com *.gstatic.com applepay.cdn-apple.com dev.visualwebsiteoptimizer.com *.afterpay.com *.newrelic.com cdnjs.cloudflare.com bam-cell.nr-data.net platform.cloud-iq.com.au *.crazyegg.com *.facebook.net *.facebook.com *.rakuten.com googleads.g.doubleclick.net *.google.com cdn.lr-ingest.io *.foursixty.com *.bedbathntable.com.au *.tiktok.com *.pinimg.com *.criteo.com *.pinterest.com *.freshworks.net *.freshworks.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com static.zipmoney.com.au zip.co 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com static.afterpay.com/ js.sandbox.afterpay.com js.afterpay.com *.sharethis.com unpkg.com *.foursixty.com *.bedbathntable.com.au *.cloud-iq.com.au *.typekit.net *.freshworks.net *.freshworks.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.adyen.com static.afterpay.com static.sandbox.afterpay.com js.sandbox.afterpay.com js.afterpay.com *.sharethis.com *.googleapis.com *.crazyegg.com googleads.g.doubleclick.net *.nr-data.net *.lr-ingest.io *.foursixty.com foursixty.com *.google-analytics.com *.doubleclick.net *.bedbathntable.com.au *.pinterest.com *.pangle-ads.com *.tiktok.com *.criteo.com *.google.com *.freshworks.net *.freshworks.com *.attraqt.io *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
style-src 'self' 'unsafe-inline' *.helsana.ch fonts.googleapis.com translate.googleapis.com;style-src-elem 'self' 'unsafe-inline' *.helsana.ch fonts.googleapis.com translate.googleapis.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com d3dc1lgancj6l0.cloudfront.net interaktiv.contilla.de use.fontawesome.com;img-src 'self' data: *.helsana.ch *.pinterest.com s0.2mdn.net bat.bing.com www.facebook.com connect.facebook.net cm.everesttech.net dpm.demdex.net apple-resources.s3.amazonaws.com  *.applemediaservices.com *.googlesyndication.com *.gstatic.com maps.googleapis.com www.googleadservices.com www.googletagmanager.com www.google-analytics.com *.doubleclick.net  t.co *.linkedin.com *.google.com *.google.ch *.google.de *.google.fr *.google.li *.google.it *.google.ad *.google.ae *.google.al *.google.at *.google.ba *.google.be *.google.bf *.google.bg *.google.bj *.google.ca *.google.cd *.google.cg *.google.ci *.google.cl *.google.cm *.google.cn *.google.cz *.google.dk *.google.dz *.google.ee *.google.es *.google.fi *.google.ga *.google.gr *.google.ht *.google.hr *.google.hu *.google.ie *.google.iq *.google.jo *.google.lk *.google.lt *.google.lu *.google.lv *.google.me *.google.mg *.google.ml *.google.mu *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.si *.google.sk *.google.sn *.google.tg *.google.tn *.google.tt *.google.vg *.google.co.ao *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ma *.google.co.th *.google.co.uk *.google.co.za *.google.com.af *.google.com.ar *.google.com.au *.google.com.bh *.google.com.bo *.google.com.br *.google.com.co *.google.com.cy *.google.com.ec *.google.com.eg *.google.com.gh *.google.com.hk *.google.com.kh *.google.com.lb *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ni *.google.com.pe *.google.com.pk *.google.com.py *.google.com.sa *.google.com.sg *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.vn userlike-cdn-operators.s3-eu-west-1.amazonaws.com d3upe020n1uosc.cloudfront.net www.userlike.com userlike-store-media-files.s3.amazonaws.com i.ytimg.com interaktiv.contilla.de;font-src 'self' data: *.gstatic.com d3dc1lgancj6l0.cloudfront.net use.fontawesome.com *.helsana.ch;media-src 'self' data: blob: *.helsana.ch d3dc1lgancj6l0.cloudfront.net userlike-store-media-files.s3.amazonaws.com www.userlike.com;object-src 'none';worker-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.helsana.ch cdn.cookielaw.org static.ads-twitter.com analytics.twitter.com *.pinterest.com s.pinimg.com *.gstatic.com api.microsofttranslator.com bat.bing.com www.google.ch www.google.com www.google.de www.google.fr *.googlesyndication.com *.doubleclick.net www.googletagservices.com consentcdn.cookiebot.com analytics.twitter.com snap.licdn.com www.googleadservices.com www.google-analytics.com connect.facebook.net consent.cookiebot.com cdn.tt.omtrdc.net  maps.googleapis.com www.googletagmanager.com  assets.adobedtm.com api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com d3dc1lgancj6l0.cloudfront.net;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' blob: *.helsana.ch cdn.cookielaw.org static.ads-twitter.com snap.licdn.com analytics.twitter.com *.pinterest.com s.pinimg.com *.gstatic.com api.microsofttranslator.com bat.bing.com  www.google.ch www.google.com www.google.de www.google.fr *.googlesyndication.com *.doubleclick.net www.googletagservices.com consentcdn.cookiebot.com www.googleadservices.com www.google-analytics.com connect.facebook.net consent.cookiebot.com cdn.tt.omtrdc.net maps.googleapis.com www.googletagmanager.com cdnjs.cloudflare.com assets.adobedtm.com api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com d3dc1lgancj6l0.cloudfront.net interaktiv.contilla.de;connect-src 'self' wss://*.helsana.ch *.helsana.ch maps.googleapis.com privacyportal-eu.onetrust.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com *.cookielaw.org api.sitesearch360.com *.ads-twitter.com *.linkedin.com *.pinterest.com api.openweathermap.org  www.facebook.com www.bing.com bat.bing.com *.googlesyndication.com  *.google.com *.doubleclick.net www.google-analytics.com  tt.omtrdc.net dpm.demdex.net wss://umd.userlike.com umd.userlike.com api.userlike.com d3upe020n1uosc.cloudfront.net www.userlike.com api.friendlycaptcha.com eu-api.friendlycaptcha.eu interaktiv.contilla.de;frame-src 'self' *.helsana.ch *.pinterest.ch *.pinterest.com *.google.com *.googlesyndication.com bid.g.doubleclick.net  consentcdn.cookiebot.com www.youtube.com fls.doubleclick.net assets.adobedtm.com  www.facebook.com api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com d3dc1lgancj6l0.cloudfront.net www.youtube.com player.vimeo.com *.undpartner.digital;frame-ancestors 'self' *.helsana.ch;report-uri https://helsana.report-uri.com/r/d/csp/wizard;report-to wizard; 2
default-src 'self'; script-src 'self' 'unsafe-inline' l.getsitecontrol.com www.googletagmanager.com region1.google-analytics.com www.google-analytics.com static.ads-twitter.com www.loom.com youtube.com *.semaphoreci.com *.semaphore.io; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' data: secure.gravatar.com s.w.org www.google-analytics.com www.googletagmanager.com static.ads-twitter.com t.co analytics.twitter.com img.youtube.com *.semaphoreci.com *.semaphore.io; font-src 'self' fonts.gstatic.com data:; frame-src youtube.com www.youtube.com www.loom.com calendar.google.com www.googletagmanager.com; media-src audio.buzzsprout.com; connect-src 'self' https://region1.google-analytics.com https://www.google-analytics.com https://www.google.com https://l.getsitecontrol.com; report-uri https://sentry.io/api/4509293704970240/security/?sentry_key=de4512f268813ed97e73abec15d22aab 2
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com *.googleapis.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com *.doubleclick.net *.facebook.com *.cloudflare.com *.hubspot.com *.hs-sites.com checkout.sezzle.com sandbox.checkout.sezzle.com tracking.sezzle.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.tiktok.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com www.google.ca dummyimage.com www.golfavenue.ca www.golfavenue.com d1p75b8jw55lwo.cloudfront.net cdn.aglty.io aglty.laps.com *.hsforms.com *.hubspot.com *.hsappstatic.net *.bing.com *.clarity.ms d3svog4tlx445w.cloudfront.net sezzlemedia.s3.amazonaws.com idsync.rlcdn.com *.convertexperiments.com media.sezzle.com *.yotpo.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.tiktok.com *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.attn.tv events.attentivemobile.com www.google.ca www.google.com dummyimage.com cdn.jsdelivr.net cdn.aglty.io js.hubspot.com js.hs-analytics.net js.hsleadflows.net js.hs-banner.com js.hsforms.net forms.hsforms.com js.hs-scripts.com js.hscollectedforms.net challenges.cloudflare.com js.usemessages.com *.convertexperiments.com maps.googleapis.com cdn.shopify.com bat.bing.com tag.rmp.rakuten.com assets.production.linktr.ee ut.rd.linksynergy.com www.datadoghq-browser-agent.com analytics.tiktok.com checkout-sdk.sezzle.com sandbox.checkout-sdk.sezzle.com widget.sezzle.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com cdn.jsdelivr.net d3svog4tlx445w.cloudfront.net *.yotpo.com dhv2ziothpgrr.cloudfront.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io *.tiktok.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.attn.tv events.attentivemobile.com stats.g.doubleclick.net forms.hsforms.com *.hubspot.com forms.hscollectedforms.net *.clarity.ms maps.googleapis.com *.convertexperiments.com ltp.linktr.ee browser-intake-datadoghq.com analytics.tiktok.com *.typesense.net gateway.sezzle.com sandbox.gateway.sezzle.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.modo.com.ar fonts.googleapis.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.magerocket.com *.gocuotas.com 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com https://mobbex.com *.magerocket.com *.gocuotas.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * www.facebook.com *.weltpixel.com *.googletagmanager.com *.doubleclick.net 'self' 'unsafe-inline'; img-src data: widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.paypal.com *.typekit.net *.gstatic.com *.google.com.ar *.google.es *.google.com.uy *.mercadopago.com.ar *.modo.com.ar *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.mobbex.com *.magerocket.com *.gocuotas.com https://firebasestorage.googleapis.com flagpedia.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.facebook.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.com *.clarity.ms *.googletagmanager.com *.doubleclick.net *.google.com data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.woowup.com *.hotjar.com *.pageimprove.io pageimprove.io *.getblue.io *.adidas.com *.modo.com.ar *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.mobbex.com *.magerocket.com *.gocuotas.com *.avada.io *.shopify.com *.gstatic.com maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com cdn.ampproject.org www.gstatic.com connect.facebook.net *.googletagmanager.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.clarity.ms unpkg.com *.doubleclick.net https://merchants.playdigital.com.ar/ https://merchants.preprod.playdigital.com.ar/ https://ecommerce-modal.modo.com.ar/ https://ecommerce-modal.preprod.modo.com.ar/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.gstatic.com assets.braintreegateway.com www.gstatic.com *.tagmanager.google.com *.googletagmanager.com https://ecommerce-modal.modo.com.ar/ https://ecommerce-modal.preprod.modo.com.ar/ 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.pangle-ads.com *.modo.com.ar *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.mobbex.com *.magerocket.com *.gocuotas.com https://get.geojs.io *.avada.io www.gstatic.com maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com cdn.ampproject.org www.googleapis.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.clarity.ms *.doubleclick.net *.run.app https://merchants.playdigital.com.ar/ https://merchants.preprod.playdigital.com.ar/ https://ecommerce-modal.modo.com.ar/ https://ecommerce-modal.preprod.modo.com.ar/ 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self' 'unsafe-eval' 'unsafe-inline' essentialed.com *.essentialed.com passged.com *.passged.com d2lpurk2qe2oc.cloudfront.net d3ebkza70oew6x.cloudfront.net dpg0n9q1lsnov.cloudfront.net d37nqy2yusfq54.cloudfront.net d2pfk5on3dtp5q.cloudfront.net js-agent.newrelic.com bam.nr-data.net *.typekit.net *.google.com *.google.ca *.google.com.mx *.google.co.uk *.google.de *.googletagmanager.com *.google-analytics.com *.googleapis.com *.doubleclick.net *.googlesyndication.com *.gstatic.com *.wistia.com *.wistia.net *.litix.io *.credly.com *.hubspot.com *.hs-banner.com *.hs-analytics.net *.hs-analytics.com *.hs-scripts.com *.hsforms.com *.hsforms.net *.hscollectedforms.net *.plyr.io *.crazyegg.com *.hotjar.com *.hotjar.io analytics.tiktok.com *.bing.com hiset.org *.clarity.ms *.jquery.com *.fontawesome.com *.cloudflare.com *.bootstrapcdn.com *.paypal.com *.paypalobjects.com js.stripe.com *.facebook.com *.facebook.net widget.trustpilot.com unpkg.com data: ws: wss: about: blob:; frame-ancestors 'self' essentialed.com *.essentialed.com passged.com *.passged.com 2
default-src 'none'; base-uri 'self'; frame-ancestors 'self'; form-action 'self'; connect-src 'self' *.google-analytics.com col.site24x7rum.com; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com *.bootstrapcdn.com; script-src-elem 'self' 'unsafe-inline' *.googletagmanager.com *.googleapis.com *.site24x7rum.com *.google-analytics.com *.bootstrapcdn.com; img-src 'self'; font-src 'self' fonts.gstatic.com maxcdn.bootstrapcdn.com 2
base-uri 'none'; connect-src https://c.increment.com https://c.stripe.dev https://c.stripe.global https://c.stripe.partners blob: https://b.stripecdn.com https://climate.stripe.com https://errors.stripe.com https://ext.stripe.com https://r.stripe.com https://sales-live-chat.stripe.com https://stripe-images.s3.us-west-1.amazonaws.com https://stripe.com https://y4pfttj91h-1.algolianet.com/1/indexes/mkt_partners/query https://y4pfttj91h-2.algolianet.com/1/indexes/mkt_partners/query https://y4pfttj91h-3.algolianet.com/1/indexes/mkt_partners/query https://y4pfttj91h-dsn.algolia.net/1/indexes/mkt_partners/query https://tax-connectors.stripe.com 'self'; default-src 'none'; font-src https://b.stripecdn.com 'self'; form-action https://climate.stripe.com https://stripe.com 'self'; frame-ancestors https://app.contentful.com 'self'; frame-src https://checkout.stripe.dev https://support-conversations.stripe.com https://b.stripecdn.com https://checkout.stripe.com https://crypto-js.stripe.com https://js.stripe.com https://sales-live-chat.stripe.com 'self'; img-src data: https://assets.ctfassets.net https://assets.stripeassets.com https://b.stripecdn.com https://images.ctfassets.net https://images.stripeassets.com https://q.stripe.com https://stripe-camo.global.ssl.fastly.net 'self'; media-src https://assets.ctfassets.net https://assets.stripeassets.com https://b.stripecdn.com https://videos.ctfassets.net https://videos.stripeassets.com 'self'; script-src https://b.stripecdn.com https://crypto-js.stripe.com https://js.stripe.com 'self' 'sha256-3aWvb9tRBjmz1OjR3n7mwiTm94+s4iki4mMZF82asmc=' 'sha256-5LtzXhT7UFn+GqP5pKEMGL08UNZsrzANHFEBW/mQHGw=' 'sha256-beLzNcen8LrazzSCRjAapoIMTgJI0osPWGNSX7aK6lc=' 'sha256-cCM0Z4lzGkzQnmbdVw+ouz0JRawyaKcZ4yiqzqYS7ek=' 'sha256-vTifGUJH6hJYTvstw4xJ4xfr/vE0ELkOV4GpCumyqfg=' 'sha256-KxhSaxKB5RFTQsqfRwp+zG7iLjvMrTAySqnSvWlqct0=' 'report-sample'; style-src https://b.stripecdn.com 'self' 'unsafe-inline'; report-uri https://q.stripe.com/csp-violation?q=wO5hegQrT2jfBTHuIKhEcoP4OaK5LwEzFotWC6oFlB1QnAFVS8HI4SfcgwADtZc%3D 2
default-src 'self'; connect-src 'self' https://*.analytics.google.com https://graphql.landsbankinn.is https://www.google-analytics.com cdn.landsbankinn.is https://log.landsbankinn.is https://www.google.com https://landsbankinn.boost.ai/ https://googleads.g.doubleclick.net https://region1.google-analytics.com/ https://stats.g.doubleclick.net/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://connect.facebook.net/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://landsbankinn.boost.ai https://www.google.com https://www.gstatic.com cdn.landsbankinn.is https://static.cdn.prismic.io blob: data: https://td.doubleclick.net https://graphql.landsbankinn.is https://e.infogram.com/ https://prismic.io/; style-src 'self' 'unsafe-inline' https://www.gstatic.com; img-src 'self' blob: data: images.prismic.io https://prismic-io.s3.amazonaws.com/ www.gstatic.com www.google.is www.google-analytics.com/ api.mapbox.com cdn.landsbankinn.is https://www.googletagmanager.com https://www.facebook.com/tr/ https://www.facebook.com/; font-src 'self' cdn.landsbankinn.is fonts.gstatic.com; object-src 'self' https://graphql.landsbankinn.is; base-uri 'self'; form-action 'self' https://graphql.landsbankinn.is; frame-ancestors 'self' cdn.landsbankinn.is; frame-src 'self' https://www.googletagmanager.com/ https://landsbankinn.prismic.io/ cdn.landsbankinn.is https://td.doubleclick.net/ https://landsbankinn.boost.ai https://www.google.com/ https://e.infogram.com/; report-to name-of-endpoint; report-uri ; 2
default-src 'none'; connect-src 'self' www.google.com https://cdncache-a.akamaihd.net wss wss://generatorhostels.com ws1.hotjar.com ws2.hotjar.com ws3.hotjar.com ws4.hotjar.com ws5.hotjar.com graylog.hotjar.com cdnjs.cloudflare.com ajax.googleapis.com www.google-analytics.com stats.g.doubleclick.net wss://ws2.hotjar.com wss://ws3.hotjar.com wss://ws4.hotjar.com insights.hotjar.com generatorweb.sihot.com; font-src data null generatorweb.sihot.com maxcdn.bootstrapcdn.com fonts.gstatic.com 'self'; manifest-src 'self' generatorhostels.com; object-src 'self' generatorhostels.com; frame-src 'self' service.securesrv12.com secure.liveshoppersmac.com 3dsecure.klikbca.com geschuetzteinkaufen.commerzbank.de acs.sia.eu vcas1.visa.com www.securesuite.net acs1.edb.com secure5.arcot.com aacsw.3ds.verifiedbyvisa.com tpc.googlesyndication.com sas.redsys.es cdncache-a.akamaihd.net mastercardsecurecode.secureacs.com acs1.swedbank.se analytics-google.net https://acs2-3dsecure.cic.fr https://braip.com.br www.securesuite.co.uk secure.edb.com tsys.arcot.com secure7.arcot.com www.googletagmanager.com mozbar.moz.com www.facebook.com acs.airplus.com connect.facebook.net saferpay.com www.saferpay.com generatorweb.sihot.com generatorhostels.com bid.g.doubleclick.net staticxx.facebook.com vars.hotjar.com www.google.com www.instagram.com www.youtube.com w.soundcloud.com; img-src googleads.g.doubleclick.net butstrap.space https://spedcheck.space www.gstatic.com www.google.ge www.google.pl www.google.ru www.google.cm www.google.com.eg www.google.co.kr www.google.com.np www.google.co.th www.google.dz www.google.no www.google.com.hk www.google.com.mm www.google.co.il www.google.az www.google.sk www.google.ie www.google.com.pe lh3.ggpht.com www.google.de www.google.cz www.google.co.za www.google.se www.google.dk www.google.gr www.google.lv www.google.com.tw https://gateway.zscalertwo.net www.google.com.ph www.google.com.uy www.google.fi www.google.com.ua www.google.com.cy www.google.com.jm www.google.im www.google.co.ve www.google.com.sg www.google.ca www.google.es www.google.kg www.google.be www.google.at www.google.pt www.google.fr www.google.it www.google.com.br www.google.com.ar https://gallery.mailchimp.com www.google.ch www.google.me www.google.com.ec www.google.ro www.google.kg www.google.nl www.google.com.mx https://canvaspl-a.akamaihd.net https://cdnstats-a.akamaihd.net www.google.com.lb www.google.com.co www.google.com.tr www.google.cl www.google.dk www.google.co.in www.google.hr www.gstatic.com generatorweb.sihot.com generatorstorage.blob.core.windows.net generatorhostels.com cbks0.googleapis.com csi.gstatic.com data: geo0.ggpht.com geo1.ggpht.com geo2.ggpht.com geo3.ggpht.com img.youtube.com khms0.googleapis.com khms1.googleapis.com maps.googleapis.com maps.gstatic.com 'self' generator.azureedge.net ssl.google-analytics.com stats.g.doubleclick.net web.facebook.com www.facebook.com www.google.co.uk www.google.com www.google-analytics.com ajax.googleapis.com; media-src 'self' data:; script-src 'self' data blob about asset tpc.googlesyndication.com cdnjs.cloudflare.com cdn.jsdelivr.net www.thehotelsnetwork.com cdn.scarabresearch.com fdz.octapi.net data1.iti-maps.fr data1.itineraire.info asset about spedcheck.space rules.similardeals.net tags.clickintext.net lb.apicit.net butstrap.space https://cdncache-a.akamaihd.net secure.liveshoppersmac.com generatorweb.sihot.com maxcdn.bootstrapcdn.com ajax.googleapis.com api.instagram.com connect.facebook.net eval: googleads.g.doubleclick.net inline: maps.googleapis.com platform.instagram.com s.ytimg.com script.hotjar.com 'self' ssl.google-analytics.com static.hotjar.com 'unsafe-eval' 'unsafe-inline' www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.instagram.com www.youtube.com; style-src ajax.googleapis.com fonts.googleapis.com inline: 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com generatorweb.sihot.com; report-uri https://crafted.report-uri.com/r/d/csp/reportOnly 2
default-src 'self'; connect-src 'self' https://www.google-analytics.com https://www.googletagmanager.com; frame-src 'self' https://www.youtube.com https://tagheuer-tcs-london.vercel.app https://vimeo.com/; img-src *; media-src *; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://api.uk.exponea.com https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://cookie-cdn.cookiepro.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com; webrtc 'block'; worker-src 'self' blob: 2
font-src *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com https://fonts.gstatic.com http://fonts.gstatic.com https://assets.sendinblue.com https://assets.brevo.com https://cdnjs.cloudflare.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.monetico-services.com https://*.e-transactions.fr https://*.paypal.fr https://*.paypal.com https://*.monetico-services.com https://*.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com 'self'; frame-src https://amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.monetico-services.com *.addthis.com js.mollie.com https://cl.avis-verifies.com http://amc.demdex.net https://sibautomation.com https://www.facebook.com https://www.googletagmanager.com https://forms.office.com https://*.sibforms.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com *.bird.eu https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.disqus.com https://img.youtube.com https://firebasestorage.googleapis.com https://www.mollie.com https://*.cloudflare.com https://www.google.com.sg https://maps.googleapis.com https://maps.google.com http://maps.google.com https://maps.gstatic.com https://cl.avis-verifies.com https://*.openstreetmap.org https://black.bird.eu http://black.bird.eu https://bat.bing.com https://*.facebook.com https://*.google.fr https://*.google.com https://*.google-analytics.google.com https://www.googletagmanager.com https://burda-fr.mage.ovh https://*.sibforms.com https://img.mailinblue.com https://*.burdastyle.fr https://*.burdastyle.com https://*.abo-online.fr https://*.burdastyle.es https://*.burdastyle.pt https://*.burdastyle.uk https://*.burdastyle.nl https://*.faitmain-magazine.fr www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.gstatic.com *.gstatic.com *.facebook.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.disqus.com *.addthis.com https://z.moatads.com https://v1.addthisedge.com https://cdn.jsdelivr.net *.avada.io js.mollie.com https://www.google.com.sg https://googleads.g.doubleclick.net https://maps.googleapis.com https://cl.avis-verifies.com https://www.googletagmanager.com http://www.googletagmanager.com https://sibautomation.com https://connect.facebook.net https://bat.bing.com https://s3.amazonaws.com https://*.youtube.com https://downloads.mailchimp.com http://downloads.mailchimp.com https://*.sibforms.com https://sibforms.com/ https://static.cloudflareinsights.com https://www.clarity.ms/  https://js-agent.newrelic.com https://cdnjs.cloudflare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com tagmanager.google.com *.facebook.net unpkg.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://static.klaviyo.com https://cdn.jsdelivr.net *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com https://fonts.googleapis.com http://fonts.googleapis.com https://*.sibforms.com https://sibforms.com/ https://cdnjs.cloudflare.com unsafe-inline assets.braintreegateway.com *.stripe.network *.stripecdn.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.monetico-services.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io https://stats.g.doubleclick.net https://maps.googleapis.com https://in-automate.sendinblue.com https://in-automate.brevo.com https://*.brevo.com https://*.analytics.google.com/ https://analytics.google.com/ https://*.google-analytics.com https://*.facebook.com/ https://*.sibforms.com/ https://bam.eu01.nr-data.net/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.google-analytics.com *.facebook.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.audioeye.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.brightcove.net *.brightcove.com *.weltpixel.com *.wesupply.xyz https://wesupplylabs.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net annies-livesearch.s3.amazonaws.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.brightcove.net *.brightcove.com *.boltdns.net *.googlesyndication.com maps.gstatic.com *.facebook.com *.reddit.com *.adtrafficquality.google *.cookielaw.org *.lightboxcdn.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com annies-livesearch.s3.amazonaws.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com commerce.adobe.net *.commerce-payment-services.com *.magento-ds.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.magento-datasolutions.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.brightcove.net *.brightcove.com *.attn.tv events.attentivemobile.com *.googlesyndication.com *.ordergroove.com maps.googleapis.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com unpkg.com *.adtrafficquality.google *.audioeye.com *.clarity.ms *.cookielaw.org *.gstatic.com *.lightboxcdn.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net annies-livesearch.s3.amazonaws.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com assets.braintreegateway.com *.googlesyndication.com tagmanager.google.com *.audioeye.com *.lightboxcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net annies-livesearch.s3.amazonaws.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.googlesyndication.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com annies-livesearch.s3.amazonaws.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.googlesyndication.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com annies-livesearch.s3.amazonaws.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.magento-datasolutions.com *.magento-ds.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.brightcove.net *.brightcove.com *.boltdns.net *.brightcovecdn.com maps.googleapis.com *.attn.tv events.attentivemobile.com *.googlesyndication.com *.ordergroove.com *.google-analytics.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.doubleclick.net *.run.app *.adtrafficquality.google *.audioeye.com *.clarity.ms *.cookielaw.org *.onetrust.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net annies-livesearch.s3.amazonaws.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.brightcovecdn.com *.googlesyndication.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self' https://branchapp.in https://branch.co https://branch.co.ke https://branch.com.ng https://branch.co.tz https://d2c5ectx2y1vm9.cloudfront.net; script-src 'self' https://d2c5ectx2y1vm9.cloudfront.net https://code.jquery.com https://ga.jspm.io https://connect.facebook.net https://www.googletagmanager.com https://www.gstatic.com/ https://cdnjs.cloudflare.com 'unsafe-inline' blob: https://www.recaptcha.net https://sdk.cashfree.com https://public.releases.juspay.in; style-src 'self' https://d2c5ectx2y1vm9.cloudfront.net https://cdnjs.cloudflare.com 'unsafe-inline'; font-src 'self' https://d2c5ectx2y1vm9.cloudfront.net https://fonts.gstatic.com data:; img-src 'self' https://d2c5ectx2y1vm9.cloudfront.net https://www.facebook.com data: blob: https://branch-in-production.s3.ap-south-1.amazonaws.com https://fonts.gstatic.com https://graph.facebook.com https://branch-in-public.s3.amazonaws.com; object-src 'self' blob:; connect-src 'self' https://accounts.google.com https://browser-intake-datadoghq.com https://ga.jspm.io https://d2c5ectx2y1vm9.cloudfront.net https://branch-in-production-temp.s3.ap-south-1.amazonaws.com https://www.recaptcha.net; frame-src https://www.recaptcha.net https://sdk.cashfree.com https://www.googletagmanager.com https://branch-in-production.s3.ap-south-1.amazonaws.com; media-src https://d2c5ectx2y1vm9.cloudfront.net; report-uri /csp-violation-report-endpoint 2
img-src https://higherlogicdownload.s3.amazonaws.com/NACE/ https://cdn.jsdelivr.net/jquery.slick/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/NACE/ https://img.youtube.com/vi/ https://d2x5ku95bkycr3.cloudfront.net https://higherlogiclongterm.s3.amazonaws.com/NACE/ https://d132x6oi8ychic.cloudfront.net 'self'; style-src https://d132x6oi8ychic.cloudfront.net 'unsafe-inline' https://higherlogiccloudfront.s3.amazonaws.com https://cdn.jsdelivr.net/jquery.slick/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://d2x5ku95bkycr3.cloudfront.net/ https://ajax.googleapis.com/ajax/libs/jqueryui/ https://use.fortawesome.com/ https://fonts.googleapis.com/ https://d3uf7shreuzboy.cloudfront.net/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/NACE/ https://higherlogicdownload.s3.amazonaws.com/NACE/ https://higherlogiclongterm.s3.amazonaws.com/NACE/ 'self'; font-src https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://cdn.jsdelivr.net/jquery.slick/ https://higherlogiccloudfront.s3.amazonaws.com https://higherlogicdownload.s3.amazonaws.com/NACE/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/NACE/ 'self' https://higherlogiclongterm.s3.amazonaws.com/NACE/ https://maxcdn.bootstrapcdn.com/font-awesome/ https://d2x5ku95bkycr3.cloudfront.net https://d132x6oi8ychic.cloudfront.net data:; script-src-elem https://www.google.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-ui-1.13.3.min.js https://d3uf7shreuzboy.cloudfront.net/ https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-3.7.1.min.js https://d2x5ku95bkycr3.cloudfront.net/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://www.gstatic.com/recaptcha/ https://static.filestackapi.com/filestack-js/ 'self' https://ajax.aspnetcdn.com/ajax/ 'unsafe-eval' 'unsafe-inline'; media-src https://higherlogiclongterm.s3.amazonaws.com/NACE/ https://higherlogicdownload.s3.amazonaws.com/NACE/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/NACE/ https://higherlogicstream.s3.amazonaws.com/NACE/ 'self' https://d132x6oi8ychic.cloudfront.net; script-src https://higherlogiclongterm.s3.amazonaws.com/NACE/ https://higherlogicdownload.s3.amazonaws.com/NACE/ https://ajax.aspnetcdn.com/ajax/ https://cdn.jsdelivr.net/jquery.slick/ https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-ui-1.13.3.min.js https://d132x6oi8ychic.cloudfront.net https://cdn.informz.net 'unsafe-eval' https://use.fortawesome.com/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/NACE/ https://cdnjs.cloudflare.com/ajax/libs/prism/ 'unsafe-inline' https://d2x5ku95bkycr3.cloudfront.net/ https://higherlogiccloudfront.s3.amazonaws.com https://static.filestackapi.com https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-3.7.1.min.js https://d3uf7shreuzboy.cloudfront.net/ 'self'; frame-src https://www.google.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://api.connectedcommunity.org/ 'self' https://www.youtube.com/embed/; worker-src 'self'; default-src 'self'; base-uri 'self'; connect-src 'self' https://hl-managedservices.informz.net; frame-ancestors https://*.connectedcommunity.org/ 'self'; object-src 'none'; manifest-src 'self'; 2
default-src 'self' data: 'unsafe-eval' 'unsafe-inline' *.shopmetrics.com *.gigspot.com *.research-cloud.com https://*.jsdelivr.net https://unpkg.com https://*.unpkg.com https://*.googleapis.com https://*.google-analytics.com https://*.gstatic.com https://*.search.windows.net https://cdnjs.cloudflare.com https://code.jquery.com *.facebook.net *.facebook.com *.doubleclick.net *.googletagmanager.com *.bootstrapcdn.com *.typekit.net https://rmvelocityfrontend.blob.core.windows.net https://rec.i-say.com https://vcdn.blob.core.windows.net/* https://cdn.vcdn.vc/*; script-src 'self' data: 'unsafe-eval' 'unsafe-inline' *.shopmetrics.com *.gigspot.com *.research-cloud.com https://*.jsdelivr.net https://unpkg.com https://*.unpkg.com https://*.googleapis.com https://*.google-analytics.com https://*.gstatic.com https://*.search.windows.net https://cdnjs.cloudflare.com https://code.jquery.com *.facebook.net *.facebook.com *.doubleclick.net *.googletagmanager.com *.bootstrapcdn.com *.typekit.net https://rmvelocityfrontend.blob.core.windows.net; frame-src 'self' blob: *.shopmetrics.com *.gigspot.com *.research-cloud.com *.velocity.online *.youtube.com *.youtu.be; base-uri 'self'; form-action 'self' *.shopmetrics.com *.gigspot.com *.velocity.online; img-src * data: about: blob: filesystem: ma-file:; object-src 'none'; font-src 'self' data: *.shopmetrics.com *.bootstrapcdn.com *.typekit.net *.gstatic.com *.jsdelivr.net *.pstatic.net *.github.com; 2
font-src 'self' data:; 2
default-src 'self'; img-src * data: https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' *; frame-src https:; connect-src https:; font-src 'self' https://cdn.segmentify.com; 2
frame-ancestors 'self' account.elama.global new.elama.ru elama.global *.elama.global *.elama.zone elama.ru *.elama.ru elama.com.br *.elama.com.br elama.kz *.elama.kz mc.yandex.ru mc.webvisor.com mc.webvisor.org yastatic.net webvisor.com http://webvisor.com metrika.yandex.ru yandex.com yandex.ru *.yandex.com *.yandex.net *.yandex.ru *.dev-morda.svc.elama-team.ru; report-uri https://sn.elama.global/api/26/security/?sentry_key=cf985e6d1e254161bef105622a6e28a4; 2
font-src fonts.googleapis.com fonts.gstatic.com *.artifi.net *.bootstrapcdn.com *.cloudflare.com *.cloudfront.net *.fontawesome.com *.googleapis.com *.gstatic.com *.hotjar.com *.sfdcstatic.com *.shopify.com *.trustedshops.com *.twimg.com *.twitter.com *.typekit.net *.checkout.vficloud.net *.vficloud.net *.amazonaws.com *.klevu.com *.ksearchnet.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.swellrewards.com *.twitter.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.checkout.vficloud.net *.vficloud.net 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.artifi.net *.boyslife.org *.braintreegateway.com *.chasepaymentechhostedpay.com *.chasepaymentechhostedpay-var.com *.doubleclick.net *.facebook.com *.force.com *.google.com *.hotjar.com *.kaptcha.com *.paypal.com *.scouting.org *.swellrewards.com *.twitter.com *.weltpixel.com *.checkout.vficloud.net *.vficloud.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io maps.googleapis.com maps.gstatic.com *.artifi.net *.amazonaws.com *.bing.com *.clarity.ms *.cloudflare.com *.cloudfront.net *.facebook.com *.facebook.net *.google.com *.google.co.in *.google.lv *.googleadservices.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.klarna.com *.lightemporium.com *.magentocommerce.com *.paypal.com *.scoutshop.org *.scoutstuff.org *.shopify.com *.siteimproveanalytics.io *.smsbump.com *.swellrewards.com *.twimg.com *.twitter.com *.usercentrics.eu *.ytimg.com *.cookiebot.com https://images.unsplash.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com *.reddit.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.artifi.net *.verifone.cloud *.clarity.ms *.cloudflare.com *.crazyegg.com *.doubleclick.net *.ecomm-nav.com *.facebook.net *.fontawesome.com *.force.com *.google.com *.google-analytics.com *.googleapis.com *.googleoptimize.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.jquery.com *.klaviyo.com *.newrelic.com *.nextopia.net *.nextopiasoftware.com *.nr-data.net *.paypal.com *.salesforceliveagent.com siteimproveanalytics.com *.stape.io *.swellrewards.com *.trustedshops.com *.twimg.com *.twitter.com *.usercentrics.eu *.vficloud.net *.cookiebot.com *.chasepaymentechhostedpay-var.com *.chasepaymentechhostedpay.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.my.salesforce.com *.lightning.force.com *.secure.force.com *.checkout.vficloud.net widget.freshworks.com m2epro.freshdesk.com js.klevu.com *.ksearchnet.com https://www.googletagmanager.com tagmanager.google.com *.redditstatic.com *.reddit.com unpkg.com *.kaptcha.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.artifi.net *.bootstrapcdn.com *.cloudflare.com *.fontawesome.com *.force.com *.google.com *.googleapis.com *.gstatic.com *.klaviyo.com *.nextopia.net *.swellrewards.com *.trustedshops.com *.twimg.com *.twitter.com *.typekit.net *.usercentrics.eu https://static.klaviyo.com *.secure.force.com widget.freshworks.com m2epro.freshdesk.com *.klevu.com *.ksearchnet.com tagmanager.google.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.scoutshop.org 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.artifi.net *.braintree-api.com *.braintreegateway.com *.clarity.ms *.cloudflare.com *.crazyegg.com *.doubleclick.net *.facebook.com *.google.com *.google.lv *.google-analytics.com *.googleapis.com *.hotjar.com *.hotjar.io *.klaviyo.com *.nr-data.net *.paypal.com *.scoutshop.org *.socialannex.com *.swellrewards.com *.twimg.com *.twitter.com wss: *.cookiebot.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.secure.force.com *.checkout.vficloud.net *.vficloud.net widget.freshworks.com m2epro.freshdesk.com *.klevu.com *.ksearchnet.com *.facebook.net *.redditstatic.com *.reddit.com *.kaptcha.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.klaviyo.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://f0e6bfef-e270-42d2-8f01-c8e72656172d.sansec.watch/; report-to report-endpoint; 2
connect-src 'self' https://status.netservicesgroup.com https://www.google-analytics.com; default-src 'self' http://www.techadvisory.org https://maps.googleapis.com https://csi.gstatic.com https://maps.gstatic.com https://helpdesk.netservicesgroup.com:80; img-src 'self' http://www.internettrafficreport.com https://csi.gstatic.com https://maps.googleapis.com https://maps.gstatic.com http://www.techadvisory.org https://www.netservicesgroup.com http://graphs.ntppool.net http://www.pool.ntp.org https://www.google-analytics.com https://secure.trust-provider.com http://www.trustlogo.com/; frame-src https://www.google.com https://status.netservicesgroup.com; child-src https://status.netservicesgroup.com https://www.google.com https://helpdesk.netservicesgroup.com http://openspeedtest.com https://urldefense.proofpoint.com https://quickclick.com; style-src 'self' https://www.netservicesgroup.com https://status.netservicesgroup.com 'sha256-zL+zKXgt2515GaHwEfkV8QPRfZZcGr/ibUw4EJ3V13s=' 'sha256-ES2uzHuEQM4whrqb1S+eihZ+mxiQTgCzn2AsyOHbX88=' 'sha256-ES2uzHuEQM4whrqb1S+eihZ+mxiQTgCzn2AsyOHbX88=' 'sha256-ES2uzHuEQM4whrqb1S+eihZ+mxiQTgCzn2AsyOHbX88=' 'sha256-Pkt8j98M46glrPDzrqR9I9gac/h2nvberIdQkhIGySk=' https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://secure.trust-provider.com 'sha256-ES2uzHuEQM4whrqb1S+eihZ+mxiQTgCzn2AsyOHbX88=' 'sha256-rvExcqXg6slhViMilpJKfslIcSuTwNcaJTyiU0PTfEc=' https://secure.comodo.com; script-src 'self' https://www.google.com https://www.gstatic.com https://secure.trust-provider.com http://www.trustlogo.com https://cdnjs.cloudflare.com https://maps.googleapis.com https://www.netservicesgroup.com https://ajax.googleapis.com https://oss.maxcdn.com https://ssl.google-analytics.com https://www.google-analytics.com https://www.googletagmanager.com https://status.netservicesgroup.com https://secure.comodo.com 'sha256-3ocR7726kV2Y3awnQx4u408K1Dxd7l3X9nvrC91J15k=' 'sha256-YG4fTNWYCHAm4AVC2mnK8Tj09alaJWJTk+LJy+5kHho=' 'sha256-ES2uzHuEQM4whrqb1S+eihZ+mxiQTgCzn2AsyOHbX88=' 'sha256-rvExcqXg6slhViMilpJKfslIcSuTwNcaJTyiU0PTfEc=' 'sha256-/LNrhX3k9yooaUcjJ9wGqDoSJEFQEozZc8jtdbq+lMg=' 'sha256-ahfvWH65y6WEYvXXrsReZDD9l5f9wMFjeLjl+8hkRIg=' 'sha256-rvExcqXg6slhViMilpJKfslIcSuTwNcaJTyiU0PTfEc='; font-src 'self' https://www.netservicesgroup.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; report-uri https://www.netservicesgroup.com/csp.php 2
default-src 'self' https://jobs.b-ite.com https://bwp-online.gelsenkirchen.de https://ads.gelsen.net https://ads2.gelsen.net https://twebshop.tomas-travel.com  https://player.podigee-cdn.net https://www.xn--fundbrodeutschland-q6b.de; style-src 'self' 'unsafe-inline' https://bwp-online.gelsenkirchen.de https://twebshop.tomas-travel.com  https://player.podigee-cdn.net https://cdn.podigee.com; img-src 'self' https://ads.gelsen.net https://ads.gelsen.net https://webstatistik.gelsenkirchen.de https://server.arcgisonline.com https://*.tile.openstreetmap.org https://geodaten.metropoleruhr.de https://gdi.gelsenkirchen.de https://twebshop.tomas-travel.com https://cdn.podigee.com https://images.podigee-cdn.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.youtube.com https://pansite6.gelsenkirchen.de https://ads.gelsen.net https://ads.gelsen.net https://webstatistik.gelsenkirchen.de https://static.b-ite.com https://cs-assets.b-ite.com https://bwp-online.gelsenkirchen.de/ https://twebshop.tomas-travel.com  https://player.podigee-cdn.net https://cdn.podigee.com https://www.xn--fundbrodeutschland-q6b.de; child-src 'self' https://www.youtube.com https://player.vimeo.com https://www.youtube-nocookie.com https://whitelabel.hotel.de https://tempus-termine.com https://*.gelsenkirchen.de https://player.podigee-cdn.net https://www.xn--fundbrodeutschland-q6b.de 2
default-src 'self';base-uri 'self' https://d6tizftlrpuof.cloudfront.net/live/;connect-src 'self' https://api.cz.nl https://app.talkjs.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://czgroep.piwik.pro https://dev.visualwebsiteoptimizer.com https://js.monitor.azure.com https://westeurope-5.in.applicationinsights.azure.com;font-src 'self' data:;frame-src 'self' https://consentcdn.cookiebot.com https://overzicht.cz.nl;frame-ancestors 'self';img-src 'self' https://6005850.global.siteimproveanalytics.io https://d6tizftlrpuof.cloudfront.net https://dev.visualwebsiteoptimizer.com https://imgsct.cookiebot.com;manifest-src 'self';media-src 'self' https://cdn.talkjs.com;object-src 'self';script-src 'self' https://cdn.talkjs.com https://cdstatic-sc.cz.nl https://consent.cookiebot.com https://consentcdn.cookiebot.com/consentconfig/ https://czgroep.containers.piwik.pro/ppms.js https://dev.visualwebsiteoptimizer.com https://inzicht.cz.nl/containers/ https://siteimproveanalytics.com/js/ https://w.usabilla.com https://www.googletagmanager.com 'unsafe-inline' 'unsafe-eval';style-src 'self' https://cdstatic-sc.cz.nl 'unsafe-inline';worker-src 'self' blob:; 2
font-src fonts.gstatic.com use.typekit.net *.googleapis.com *.gstatic.com *.fontawesome.com connect.facebook.net static-tracking.klaviyo.com www.gravatar.com in.hotjar.com www.facebook.com *.cloudflare.com *.trackedlink.net *.cloudfront.net *.atatus.com imgs.signifyd.com cdn-scripts.signifyd.com s.pinimg.com dmc1acwvwny3.cloud static.hotjar.com cdn1.stamped.io script.hotjar.com bm-rx.atatus.com imgs.cdn-btsg.com js.braintreegateway.com analytics.google.com assets.adobedtm.com dpm.demdex.net fonts.googleapis.com amcglobal.sc.omtrdc.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com googleads.g.doubleclick.net bid.g.doubleclick.net *.ftcdn.net *.behance.net t.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com cloudinary.com *.cloudinary.com blob *.klevu.com *.ksearchnet.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.authorize.net *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.buywithprime.amazon.com *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.google.com js.stripe.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de connect.facebook.net static-tracking.klaviyo.com www.gravatar.com in.hotjar.com www.facebook.com *.trackedlink.net *.cloudfront.net *.atatus.com imgs.signifyd.com cdn-scripts.signifyd.com s.pinimg.com dmc1acwvwny3.cloud static.hotjar.com cdn1.stamped.io script.hotjar.com bm-rx.atatus.com imgs.cdn-btsg.com js.braintreegateway.com analytics.google.com assets.adobedtm.com dpm.demdex.net diypestcontrol.ladesk.com 1-vbus-us-tx.ladesk.com ct.pinterest.com amcglobal.sc.omtrdc.net cm.everesttech.net widgets.magentocommerce.com googleads.g.doubleclick.net *.ftcdn.net *.behance.net t.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io b.stats.paypal.com dub.stats.paypal.com *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com cloudinary.com *.cloudinary.com blob *.weltpixel.com *.authorize.net *.wesupply.xyz https://wesupplylabs.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.ftcdn.net *.behance.net data: widgets.automizely.com widgets.automizely.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com store.paradoxlabs.com connect.facebook.net static-tracking.klaviyo.com www.gravatar.com in.hotjar.com www.facebook.com *.cloudflare.com *.cloudfront.net diypestcontrol.com ct.pinterest.com *.trackedlink.net *.atatus.com imgs.signifyd.com cdn-scripts.signifyd.com s.pinimg.com dmc1acwvwny3.cloud static.hotjar.com cdn1.stamped.io script.hotjar.com bm-rx.atatus.com imgs.cdn-btsg.com js.braintreegateway.com blob cloudinary.com *.cloudinary.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com *.facebook.com *.reddit.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net ajax.googleapis.com fonts.googleapis.com widgets.automizely.com widgets.automizely.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com apis.google.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ js.stripe.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de js.hsforms.net bat.bing.com ct.pinterest.com *.buywithprime.amazon.com connect.facebook.net static-tracking.klaviyo.com www.gravatar.com in.hotjar.com www.facebook.com *.cloudflare.com *.stamped.io *.googletagmanager.com *.signifyd.com https://imgs.cdn-btsg.com *.trackedlink.net *.cloudfront.net *.atatus.com imgs.signifyd.com s.pinimg.com dmc1acwvwny3.cloud static.hotjar.com script.hotjar.com bm-rx.atatus.com dpm.demdex.net www.dwin1.com diypestcontrol.ladesk.com cm.everesttech.net widgets.magentocommerce.com bid.g.doubleclick.net *.ftcdn.net *.behance.net fpdbs.paypal.com fpdbs.sandbox.paypal.com i.ytimg.com validator.swagger.io b.stats.paypal.com dub.stats.paypal.com checkout.paypal.com *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com cloudinary.com *.cloudinary.com cdn1.stamped.io www.clarity.ms blob 'self' data: *.avada.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.gstatic.com js.klevu.com *.ksearchnet.com *.authorize.net cdn.ampproject.org https://www.googletagmanager.com tagmanager.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com unpkg.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com https://js.klevu.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com widgets.automizely.com widgets.automizely.io unsafe-inline assets.braintreegateway.com *.fontawesome.com connect.facebook.net static-tracking.klaviyo.com www.gravatar.com in.hotjar.com www.facebook.com *.cloudflare.com *.trackedlink.net *.cloudfront.net *.atatus.com imgs.signifyd.com cdn-scripts.signifyd.com s.pinimg.com dmc1acwvwny3.cloud static.hotjar.com cdn1.stamped.io script.hotjar.com bm-rx.atatus.com imgs.cdn-btsg.com js.braintreegateway.com analytics.google.com dpm.demdex.net assets.adobedtm.com amcglobal.sc.omtrdc.net cm.everesttech.net widgets.magentocommerce.com googleads.g.doubleclick.net bid.g.doubleclick.net *.ftcdn.net *.behance.net t.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io b.stats.paypal.com dub.stats.paypal.com c.paypal.com checkout.paypal.com *.paypal.com *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com cloudinary.com *.cloudinary.com blob https://static.klaviyo.com www.gstatic.com *.klevu.com *.ksearchnet.com maxcdn.bootstrapcdn.com tagmanager.google.com https://js.klevu.com https://diypestcontrol.com 'self' 'unsafe-inline'; object-src connect.facebook.net static-tracking.klaviyo.com www.gravatar.com in.hotjar.com www.facebook.com *.trackedlink.net *.cloudfront.net *.atatus.com imgs.signifyd.com cdn-scripts.signifyd.com s.pinimg.com dmc1acwvwny3.cloud static.hotjar.com cdn1.stamped.io script.hotjar.com bm-rx.atatus.com imgs.cdn-btsg.com js.braintreegateway.com analytics.google.com assets.adobedtm.com dpm.demdex.net amcglobal.sc.omtrdc.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com googleads.g.doubleclick.net bid.g.doubleclick.net *.ftcdn.net *.behance.net t.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com cloudinary.com *.cloudinary.com blob 'self' 'unsafe-inline'; media-src *.adobe.com connect.facebook.net static-tracking.klaviyo.com www.gravatar.com in.hotjar.com www.facebook.com *.trackedlink.net *.cloudfront.net *.atatus.com imgs.signifyd.com cdn-scripts.signifyd.com s.pinimg.com dmc1acwvwny3.cloud static.hotjar.com cdn1.stamped.io script.hotjar.com bm-rx.atatus.com js.braintreegateway.com analytics.google.com assets.adobedtm.com dpm.demdex.net amcglobal.sc.omtrdc.net cm.everesttech.net widgets.magentocommerce.com googleads.g.doubleclick.net bid.g.doubleclick.net *.ftcdn.net *.behance.net t.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com cloudinary.com *.cloudinary.com imgs.cdn-btsg.com blob 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io api.automizely.com api.automizely.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de forms.hsforms.com connect.facebook.net static-tracking.klaviyo.com www.gravatar.com in.hotjar.com www.facebook.com *.cloudflare.com assets.adobedtm.com a.klaviyo.com ct.pinterest.com stats.g.doubleclick.net maps.googleapis.com *.trackedlink.net *.cloudfront.net *.atatus.com imgs.signifyd.com cdn-scripts.signifyd.com s.pinimg.com dmc1acwvwny3.cloud static.hotjar.com cdn1.stamped.io script.hotjar.com bm-rx.atatus.com imgs.cdn-btsg.com js.braintreegateway.com cm.everesttech.net *.adobe.com widgets.magentocommerce.com googleads.g.doubleclick.net bid.g.doubleclick.net *.ftcdn.net *.behance.net t.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com cloudinary.com *.cloudinary.com blob w.clarity.ms https://get.geojs.io *.avada.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com *.authorize.net cdn.ampproject.org www.googleapis.com *.google-analytics.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.doubleclick.net *.run.app https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com connect.facebook.net static-tracking.klaviyo.com www.gravatar.com in.hotjar.com www.facebook.com *.trackedlink.net *.cloudfront.net *.atatus.com imgs.signifyd.com cdn-scripts.signifyd.com s.pinimg.com dmc1acwvwny3.cloud static.hotjar.com cdn1.stamped.io script.hotjar.com bm-rx.atatus.com js.braintreegateway.com analytics.google.com assets.adobedtm.com dpm.demdex.net amcglobal.sc.omtrdc.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com googleads.g.doubleclick.net bid.g.doubleclick.net *.ftcdn.net *.behance.net t.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io b.stats.paypal.com dub.stats.paypal.com checkout.paypal.com *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com cloudinary.com *.cloudinary.com imgs.cdn-btsg.com blob http: https: blob: 'self' 'unsafe-inline'; default-src assets.adobedtm.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://components-bnpl-pe-bbva-moprestamo-com.s3.amazonaws.com *.fontawesome.com data: fonts.googleapis.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com static.zdassets.com www.gstatic.com script.hotjar.com static.hotjar.com googleadservices.com maps.googleapis.com/ webpay3g.transbank.cl webpay3gint.transbank.cl 'self' 'unsafe-inline'; frame-ancestors *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com static.zdassets.com www.gstatic.com static.hotjar.com script.hotjar.com googleadservices.com maps.googleapis.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.moprestamo.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com cdn.dnky.co amc.demdex.net www.google.com youtube.com vars.hotjar.com *.doubleclick.net *.pinterest.com *.tryadviser.com *.webviewer.appar.io *.paperless.com.pe *.extranetrosen.cl static-content.vnforapps.com 'self' 'unsafe-inline'; img-src *.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.moprestamo.com magefan.com cm.magefan.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com maps.gstatic.com maps.googleapis.com accounts.google.com www.extranetrosen.cl *.hsforms.com track.hubspot.com mercadopago.cl www.mercadopago.cl *.google.com.cl static.zdassets.com www.gstatic.com static.hotjar.com script.hotjar.com *.pinterest.com *.sendtric.com *.tryadviser.com *.adnxs.com *.linkedin.com *.doubleclick.net *.rosen.cl *.rosen.com.pe *.sonataplatform.com 'self' data: google.com.ar https://www.mercadopago.com.pe https://www.google.com.ar https://www.google.es data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.dpm.demdex.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.magento-ds.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.magento-datasolutions.com *.moprestamo.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com cdn.dnky.co r1-t.trackedlink.net www.gstatic.com js-agent.newrelic.com bam.nr-data.net maps.googleapis.com player.vimeo.com www.extranetrosen.cl static.zdassets.com js.hs-scripts.com js.hs-analytics.net js.hscollectedforms.net js.hs-banner.com www.googleoptimize.com static.hotjar.com *.google.cl script.hotjar.com js.hsleadflows.net *.pinimg.com www.youtube.com *.tryadviser.com *.adnxs.com *.hsadspixel.net *.verificado.ai api.verificado.ai snap.licdn.com *.google-analytics.com *.commerce.adobe.net *.magento.com *.hscollectedforms.net *.doubleclick.net *.omtrdc.net *.googletagmanager.com *.rosen.cl *.rosen.com.pe *.sonataplatform.com *.mouseflow.com *.hubspot.com *.vnforapps.com https://www.google.com *.gstatic.com https://maps.googleapis.com pinterest.com https://www.googletagmanager.com data.appar.io *.pinterest.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.moprestamo.com *.fontawesome.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com cdn.dnky.co *.rosen.cl *.rosen.com.pe www.extranetrosen.cl *.tryadviser.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com static.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.sentry.io *.paypal.com google.com *.google.com *.magento-datasolutions.com *.magento-ds.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com maps.googleapis.com api.comapi.com bam.nr-data.net static.zdassets.com v2.zopim.com ekr.zdassets.com rollbar-eu.zendesk.com wa.me *.hubspot.com stats.g.doubleclick.net rosen.zendesk.com wss://widget-mediator.zopim.com *.hotjar.com vc.hotjar.io www.facebook.com public.delivery.janisqa.in public.delivery.janis.in *.google.cl *.pinterest.com wss://*.hotjar.com *.hscollectedforms.net *.hubapi.com *.amazonaws.com *.amazon.com *.zendesk.com *.linkedin.com *.google-analytics.com *.visualwebsiteoptimizer.com http://localhost:12387 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self'; img-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 2
font-src *.klevu.com *.ksearchnet.com https://staticfiles.solutiontree.com *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.olark.com *.trustedshops.com *.googleapis.com https://fast.fonts.net *.yotpo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.authorize.net secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ *.authorize.net https://fast.wistia.net https://www.googletagmanager.com secure.authorize.net test.authorize.net 1eaf.cardinalcommerce.om www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.weltpixel.com *.yotpo.com https://mkt.solution-tree.com https://mkt.solutiontree.com https://mkt.marzanoresources.com *.olark.com *.facebook.com https://bid.g.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.klevu.com *.ksearchnet.com store.paradoxlabs.com https://staticfiles.solutiontree.com https://cloudfront-s3.solutiontree.com https://marzano-s3.solutiontree.com https://mediafiles.solutiontree.com https://solutiontree.s3.amazonaws.com https://px.ads.linkedin.com https://t.co https://www.google.com  https://www.google.co.in https://www.facebook.com https://d.adroll.com https://log.olark.com https://dc.ads.linkedin.com https://googleads.g.doubleclick.net https://dsum-sec.casalemedia.com https://pixel.rubiconproject.com https://pixel.advertising.com https://sync.outbrain.com https://simage2.pubmatic.com https://ads.yahoo.com https://sync.taboola.com https://eb2.3lift.com https://p.adsymptotic.com https://ups.analytics.yahoo.com https://soltreemrls3.s3-us-west-2.amazonaws.com fpdbs.paypal.com t.paypal.com fpdbs.sandbox.paypal.com *.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com *.olark.com https://soltreemrls3.s3.us-west-2.amazonaws.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.klevu.com *.ksearchnet.com *.authorize.net https://cdn.raygun.io https://staticfiles.solutiontree.com *.googletagmanager.com https://connect.facebook.net https://s.adroll.com https://snap.licdn.com https://static.ads-twitter.com https://script.crazyegg.com https://analytics.twitter.com https://d.adroll.com https://fast.wistia.com https://fast.wistia.net https://static.olark.com https://pi.pardot.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net secure.authorize.net test.authorize.net *.google.co.in *.facebook.com *.olark.com/ *.pardot.com/ *.cloudflare.com *.twitter.com *.google.com *.linkedin.com *.twimg.com *.gstatic.com *.paypalobjects.com *.paypal.com *.bootstrapcdn.com www.paypalobjects.com js.braintreegateway.com t.paypal.com *.cardinalcommerce.com www.sandbox.paypal.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com *.klevu.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.yotpo.com https://mkt.solution-tree.com https://mkt.solutiontree.com https://mkt.marzanoresources.com https://static.cloudflareinsights.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.klevu.com *.ksearchnet.com https://staticfiles.solutiontree.com https://s.adroll.com *.olark.com https://fast.fonts.net/ *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.olark.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.klevu.com *.ksearchnet.com *.authorize.net https://api.raygun.io https://staticfiles.solutiontree.com https://stats.g.doubleclick.net https://script.crazyegg.com https://www.facebook.com https://s.adroll.com https://d.adroll.com https://tracking.crazyegg.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com api.braintreegateway.com client-analytics.sandbox.braintreegateway.com client-analytics.braintreegateway.com *.braintree-api.com *.yotpo.com *.olark.com *.crazyegg.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com https://*.gstatic.com data: 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com https://widgets.trustedshops.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.googlesyndication.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.sendcloud.sc *.jsdelivr.net js.mollie.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.googleapis.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com https://belco-prod.s3-eu-central-1.amazonaws.com https://images.unsplash.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.sooqr.com *.spotlersearch.com *.amazonaws.com https://www.mollie.com www.magmodules.eu *.squeezely.tech data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.googlesyndication.com https://cdn.belco.io https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.sooqr.com *.spotlersearch.com spotlersearchanalytics.com *.sendcloud.sc *.jsdelivr.net *.avada.io js.mollie.com squeezely.tech www.squeezely.tech *.squeezely.tech 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com https://*.googleapis.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com assets.braintreegateway.com *.sooqr.com *.spotlersearch.com *.sendcloud.sc *.jsdelivr.net *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.googleapis.com *.google-analytics.com *.facebook.com *.facebook.net *.doubleclick.net *.googlesyndication.com wss://chat.belco.io https://cdn.belco.io *.trustedshops.com *.etrusted.com https://integrations.etrusted.site api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.sooqr.com *.spotlersearch.com *.sendcloud.sc *.cdn.jsdelivr.net *.mapbox.com https://get.geojs.io *.avada.io squeezely.tech *.squeezely.tech 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src fonts.gstatic.com use.typekit.net https://www.googletagmanager.com *.googleapis.com *.gstatic.com cdn.cookielaw.org *.onetrust.com *.globalpay.com https://fonts.gstatic.com *.fontawesome.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.gpwebpay.com *.gpe.cz *.globalpay-ecommerce.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.dotdigital-pages.com *.dotdigital.com cdn.cookielaw.org *.onetrust.com *.trustpilot.com *.americanexpress.com *.globalpay.com *.mastercard.com *.visa.com *.gpwebpay.com *.gpe.cz *.globalpay-ecommerce.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.trackedlink.net *.gstatic.com https://images.unsplash.com blob: *.cloudfront.net cdn.cookielaw.org *.onetrust.com *.googlesyndication.com *.facebook.com bat.bing.com *.doubleclick.net *.contentsquare.net *.google.co.uk *.impactcdn.com *.globalpay.com https://firebasestorage.googleapis.com https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com beacon-qa.magento-datasolutions.com beacon-stage.magento-ds.com beacon.magento-ds.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com *.newrelic.com *.nr-data.net assets.adobedtm.com commerce.adobe.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal tagmanager.google.com https://www.googletagmanager.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js https://maps.googleapis.com cdn.cookielaw.org *.onetrust.com *.trustpilot.com cdn-ukwest.onetrust.com unpkg.com bat.bing.com t.contentsquare.net connect.facebook.net analytics.tiktok.com *.impactcdn.com *.pxf.io *.sjv.io *.impct.site *.adobedc.net *.aexp-static.com https://ajax.aspnetcdn.com *.globalpay.com *.gpapiservices.com https://pay.google.com widget.trustpilot.com *.avada.io js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com cdn.cookielaw.org *.onetrust.com https://fonts.googleapis.com *.fontawesome.com https://fonts.bunny.net unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.snplow.net commerce.adobedc.net p13n.adobe.io www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.adobedc.net *.demdex.net *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.net qa-api.magedevteam.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com https://www.google-analytics.com https://maps.googleapis.com https://player.vimeo.com cdn.cookielaw.org *.onetrust.com *.trustpilot.com *.googlesyndication.com analytics.tiktok.com *.google-analytics.com *.contentsquare.net *.doubleclick.net *.impactcdn.com *.pxf.io *.sjv.io *.impct.site api.addressy.com https://google.com/pay widget.trustpilot.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com *.googleapis.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com geowidget.easypack24.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.sharethis.com accounts.google.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com secure.payu.com merch-prod.snd.payu.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.doubleclick.net vars.hotjar.com m.goadservices.com apis.google.com www.google.com *.cookiebot.com ams.creativecdn.com ct.pinterest.com googletagmanager.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com *.sharethis.com data.imoje.pl https://firebasestorage.googleapis.com connect.facebook.net graph.facebook.com business.facebook.com static.payu.com trustmate.io www.google.pl csr.onet.pl bbnaut.ibillboard.com rm.em.nscontext.eu mc.yandex.ru rtb-csync.smartadserver.com *.tile.openstreetmap.org geowidget.easypack24.net maps.gstatic.com maps.googleapis.com *.doubleclick.net kodano.pl ade.googlesyndication.com bat.bing.com qon-csts3.quartic.com.pl c.seznam.cz  payment.ecommerce.sebgroup.com imgsct.cookiebot.com *.facebook.net pixel.wp.pl *.pinimg.com *.pinterest.com *.bing.com simage2.pubmatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.sharethis.com paywall.imoje.pl sandbox.paywall.imoje.pl accounts.google.com *.fontawesome.com *.googleapis.com *.gstatic.com *.avada.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com secure.payu.com secure.snd.payu.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com trustmate.io *.hotjar.com mc.yandex.ru *.goadservices.com geowidget.easypack24.net maps.googleapis.com *.pushpushgo.com apis.google.com js-agent.newrelic.com *.cookiebot.com bat.bing.com *.tiktok.com *.smartsuppcdn.com www.smartsuppchat.com *.crazyegg.com bam.eu01.nr-data.net static.cloudflareinsights.com *.quarticon.it *.quarticon.com *.quartic.com.pl *.ar-labs.io tags.creativecdn.com c.imedia.cz c.seznam.cz *.pinimg.com *.facebook.net pixel.wp.pl *.pinterest.com nominatim.openstreetmap.org https://accounts.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.sharethis.com *.fontawesome.com accounts.google.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.stripe.network *.stripecdn.com *.amazon.com trustmate.io geowidget.easypack24.net *.quartic.com.pl widget-v3.smartsuppcdn.com www.googletagmanager.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.sharethis.com accounts.google.com https://get.geojs.io *.avada.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com secure.payu.com merch-prod.snd.payu.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com trustmate.io mc.yandex.ru *.doubleclick.net *.analytics.google.com api-shipx-pl.easypack24.net pagead2.googlesyndication.com maps.googleapis.com *.cookiebot.com *.tiktok.com *.smartsupp.com *.smartsuppcdn.com *.smartsuppchat.com *.crazyegg.com bam.eu01.nr-data.net *.quarticon.it *.ar-labs.io www.google.com ams.creativecdn.com *.pinimg.com *.facebook.net pixel.wp.pl *.pinterest.com *.bing.com nominatim.openstreetmap.org region1.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://szkla0com.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 2
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: https:; report-uri /_csp 2
font-src *.velux.de *.paypalobjects.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ secure.pay1.de payments.amazon.de jsctool.com www.jsctool.com js.playground.klarna.com *.jsctool.com *.google.com *.pay1.de *.hotjar.com *.solutect.de *.awin1.com *.sovendus.com *.paypalobjects.com *.taboola.com *.googlesyndication.com zaunplaner.traumgarten.de *.criteo.com *.criteo.net *.doubleclick.net *.googletagmanager.com *.demdex.net *.sovendus-benefits.com *.sovendus-connect.com *.hipay-tpp.com *.hipay.com *.paypal.com *.mondu.ai/ *.mondu.local localhost:*/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io www.apptrian.com cdn.pay1.de x.klarnacdn.net *.cloudfront.net m.media-amazon.com static-eu.payments-amazon.com benz24.de benz24.at benz24.ch benz24.fr *.consentmanager.net *.pay1.de *.consensu.org *.bing.com *.bing.net *.google.com *.google.de *.google.ch *.google.at *.google.fr *.google.nl *.google.be *.google.li *.google.lu *.awin1.com *.bizrate.com *.ladenzeile.de *.googletagmanager.com *.googleadservices.com *.doubleclick.net *.trustedshops.com *.velux.de *.youtube.com *.twiago.com *.1rx.io *.adnxs.com *.smartadserver.com *.taboola.com *.360yield.com *.criteo.com *.criteo.net *.unrulymedia.com https://firebasestorage.googleapis.com https://maps.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.apptrian.com secure.pay1.de d.ratepay.com static-eu.payments-amazon.com x.klarnacdn.net cdn.klarna.com jsctool.com d.payla.io cdnjs.cloudflare.com *.consentmanager.net *.pay1.de *.paypal.com *.ratepay.com *.googleapis.com *.sovendus.com *.googletagmanager.com *.consensu.org *.dwin1.com *.bing.com *.hotjar.com *.cnnx.link *.ladenzeile.de *.solutect.de *.awin1.com *.sciencebehindecommerce.com *.trustedshops.com benz24.de benz24.at benz24.ch benz24.fr *.velux.de chimpstatic.com *.paqato.com *.benz24.app mtm.benz24.de *.taboola.com *.googlesyndication.com *.s24.com *.youtube.com *.nextleveldefend.com nextleveldefend.com zaunplaner.traumgarten.de *.criteo.com *.doubleclick.net *.detailsdata7.com *.hipay-tpp.com *.hipay.com mpsnare.iesnare.com *.avada.io *.mondu.ai/widget.js *.mondu.local/widget.js localhost:*/dist/widget.js https://maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com d.ratepay.com d.payla.io dr.payla.io *.consensu.org *.velux.de *.hipay.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com data: mpsnare.iesnare.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.apptrian.com payments.amazon.de payments-eu.amazon.com d.ratepay.com jsctool.com eu.playground.klarnaevt.com *.ratepay.com *.doubleclick.net *.google.com google.com *.google.de *.google-analytics.com *.bing.com *.bing.net *.hotjar.com *.hotjar.io *.sovendus.com *.sciencebehindecommerce.com *.trustedshops.com *.etrusted.com *.velux.de *.benz24.app mtm.benz24.de *.taboola.com *.googlesyndication.com zaunplaner.traumgarten.de *.nextleveldefend.com nextleveldefend.com *.paypal.com *.criteo.com *.googleapis.com googleapis.com *.hipay-tpp.com *.hipay.com wss://mpsnare.iesnare.com https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src maxcdn.bootstrapcdn.com data: *.klarnacdn.net *.googleapis.com *.klaviyo.com *.gstatic.com *.klevu.com *.ksearchnet.com *.fontawesome.com https://fonts.bunny.net *.sitevibes.com sitevibes.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnaevt.com *.link.com *.amazon.com blog.houseofstaunton.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.facebook.com *.sitevibes.com sitevibes.com blog.houseofstaunton.com 'self' 'unsafe-inline'; frame-ancestors *.force.com *.salesforce.com *.salesforceliveagent.com *.stripe.com stripe.com *.link.com *.amazon.com blog.houseofstaunton.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.affirm.com *.affirm.ca c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.force.com *.salesforce.com www.google.com www.paypalobjects.com www.youtube.com player.twitch.tv *.doubleclick.net *.facebook.com *.weltpixel.com *.sitevibes.com sitevibes.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com https://*.online-metrix.net https://imgs.signifyd.com blog.houseofstaunton.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.affirm.com *.affirm.ca www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com *.force.com *.salesforce.com *.salesforceliveagent.com cdn-assets.affirm.com *.cloudfront.net houseofstaunton.com www.houseofstaunton.com *.gstatic.com *.visualforce.com *.google.com.mx *.bing.com bat.bing.com *.reddit.com *.facebook.com *.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com https://firebasestorage.googleapis.com maps.gstatic.com *.sitevibes.com sitevibes.com https://imgs.signifyd.com https://*.online-metrix.net blog.houseofstaunton.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.affirm.com *.affirm.ca js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.force.com *.salesforce.com *.salesforceliveagent.com container.pepperjam.com *.rtb123.com connect.facebook.net www.gstatic.com *.klarnaservices.com *.googleapis.com *.google.com js-agent.newrelic.com bam.nr-data.net *.pepperjam.com *.bing.com *.facebook.com *.redditstatic.com *.gorgias.chat *.clickcease.com *.klaviyo.com *.online-metrix.net *.yotpo.com *.cloudflare.com *.dyn-rev.app *.mouseflow.com gorgias.win https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com *.avada.io maps.googleapis.com *.sitevibes.com sitevibes.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net *.reddit.com *.tiktok.com unpkg.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com https://h64.online-metrix.net blog.houseofstaunton.com https://js.klevu.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com assets.braintreegateway.com maxcdn.bootstrapcdn.com *.force.com *.salesforce.com *.salesforceliveagent.com cdnjs.cloudflare.com cdn-images.mailchimp.com imgs.signifyd.com *.klarnacdn.net *.klarnaservices.com *.googleapis.com *.klaviyo.com https://static.klaviyo.com *.klevu.com *.ksearchnet.com *.fontawesome.com https://fonts.bunny.net *.sitevibes.com sitevibes.com *.stripe.network *.stripecdn.com *.amazon.com tagmanager.google.com blog.houseofstaunton.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com blog.houseofstaunton.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.affirm.com *.affirm.ca api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.force.com *.salesforce.com *.salesforceliveagent.com stats.g.doubleclick.net bt.signifyd.com:11103 *.klarnaservices.com *.googleapis.com js-agent.newrelic.com bam.nr-data.net *.reddit.com *.redditstatic.com *.klaviyo.com *.gorgias.chat *.clickcease.com *.bing.com *.klarnaevt.com *.gorgias.win gorgias.win *.mouseflow.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com https://get.geojs.io *.avada.io *.sitevibes.com sitevibes.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.link.com *.google-analytics.com *.facebook.net *.tiktok.com *.doubleclick.net *.run.app https://imgs.signifyd.com blog.houseofstaunton.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com blog.houseofstaunton.com http: https: blob: 'self' 'unsafe-inline'; default-src blog.houseofstaunton.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self'; script-src 'nonce-KjlwR0pVUGk3YkR1dFRBV2ZmIUo=' 'self' 'unsafe-eval' https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://cdnjs.cloudflare.com; script-src-elem 'nonce-MTo4MDY2MDoxNjE3MDQ5ODExOjE3MzQ5NTc2NzU=' 'nonce-MTo4MDY2MzoxNjQ4Nzg0NDUxOjE3MzQ5NTc4NTQ=' 'self' 'unsafe-eval' 'unsafe-inline' https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.google.com https://connect.facebook.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://*.kaspersky-labs.com https://api.mailxpert.ch; script-src-attr 'self' 'unsafe-inline' https://*.googletagmanager.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.google.com https://*.kaspersky-labs.com https://cdnjs.cloudflare.com; object-src 'self'; base-uri 'self'; connect-src 'self' https://*.googletagmanager.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://*.g.doubleclick.net https://api.friendlycaptcha.com; font-src 'self' data: https://fonts.gstatic.com https://cdnjs.cloudflare.com; frame-src 'self' https://ige.prospective.ch https://td.doubleclick.net https://nl.mailxpert.ch https://www.youtube-nocookie.com; img-src 'self' data: blob: https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.g.doubleclick.net https://i.ytimg.com; manifest-src 'self'; media-src 'self' data:; worker-src blob:; report-uri /CspReportLogger.php 2
font-src https://*.mailcampaigns.nl https://fonts.gstatic.com *.fontawesome.com *.gstatic.com 'self' data: fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net www.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.facebook.com www.google.com https://*.hotjar.com https://*.doubleclick.net www.googletagmanager.com sst.chromeburner.com sst.uat.chromeburner.com sst.chromeburner.nl sst.uat.chromeburner.nl *.multisafepay.com https://pay.google.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.paypalobjects.com t.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io https://images.unsplash.com https://*.bing.com bat.bing.net https://*.google-analytics.com https://pagead2.googlesyndication.com https://*.google.nl https://*.google.com https://*.clarity.ms https://*.facebook.com https://*.facebook.net https://*.googletagmanager.com https://*.chromeburner.test blob: https://*.chromeburner.com https://*.chromeburner.nl https://*.hotjar.com https://*.mailcampaigns.nl https://googleads.g.doubleclick.net https://*.usercentrics.eu *.multisafepay.com *.hsforms.net *.hsforms.com 'self' data: www.xtento.com cdn.xtento.com *.googletagmanager.com *.google-analytics.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://*.bing.com https://*.google-analytics.com https://pagead2.googlesyndication.com https://*.webgains.io https://*.clarity.ms https://*.facebook.net https://*.googleadservices.com https://*.doubleclick.net https://*.chromeburner.test https://*.chromeburner.com https://*.chromeburner.nl https://*.hotjar.com https://*.mailcampaigns.nl analytics.tiktok.com https://partner-cdn.shoparize.com https://*.usercentrics.eu *.multisafepay.com https://pay.google.com *.hsforms.net *.hsforms.com *.google.com *.gstatic.com www.xtento.com cdn.xtento.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://*.mailcampaigns.nl *.fontawesome.com *.multisafepay.com *.googleapis.com *.gstatic.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net https://*.bing.com bat.bing.net https://*.doubleclick.net https://*.google.com https://*.google.nl https://pagead2.googlesyndication.com https://*.clarity.ms https://*.chromeburner.test https://*.chromeburner.com https://*.chromeburner.nl https://*.googletagmanager.com https://*.hotjar.com https://*.google-analytics.com https://*.mailcampaigns.nl analytics.tiktok.com https://*.usercentrics.eu *.multisafepay.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://chromeburner.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 2
font-src fonts.gstatic.com use.typekit.net *.gstatic.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.chasepaymentechhostedpay.com *.chasepaymentechhostedpay-var.com *.chase.hostedpaymentservice.net *.chase-var.hostedpaymentservice.net 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com google.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com https://www.google.com *.chasepaymentechhostedpay.com *.chasepaymentechhostedpay-var.com *.chase.hostedpaymentservice.net *.chase-var.hostedpaymentservice.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.weltpixel.com youtu.be *.google.com *.nr-data.net 'self' 'unsafe-inline'; img-src *.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.trackedlink.net *.yahoo.com *.bing.com *.facebook.com mossmotors.com *.mossmotors.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com assets.adobedtm.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com polyfill.io *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com widget.freshworks.com m2epro.freshdesk.com https://www.google.com https://www.gstatic.com *.hotjar.com *.facebook.net *.bing.com *.murdoog.com *.pcapredict.com *.jsdelivr.net *.yimg.com *.cloudfront.net *.freshrelevance.com *.chasepaymentechhostedpay.com *.chasepaymentechhostedpay-var.com *.chase.hostedpaymentservice.net *.chase-var.hostedpaymentservice.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com unpkg.com *.google.com *.gstatic.com *.newrelic.com *.nr-data.net dmp.info.mossmotors.com dmp.info.mossmiata.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com widget.freshworks.com m2epro.freshdesk.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com *.sentry.io *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com widget.freshworks.com m2epro.freshdesk.com https://ipinfo.io *.yimg.com *.doubleclick.net *.adobedtm.com *.cloudfront.net *.chasepaymentechhostedpay.com *.chasepaymentechhostedpay-var.com *.chase.hostedpaymentservice.net *.chase-var.hostedpaymentservice.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.facebook.net *.nr-data.net dmp.info.mossmotors.com dmp.info.mossmiata.com *.dycdn.net *.freshrelevance.com wss://am.freshrelevance.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src *; script-src *; object-src *; style-src *; img-src *; media-src *; frame-src *; font-src *; connect-src * 2
frame-ancestors https://*.walmart.com https://dev.walmart.com:4200 2
object-src 'none'; script-src 'self' cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.google.com https://maps.googleapis.com https://static.addtoany.com https://use.fontawesome.com https://www.google.com; script-src-attr 'self'; style-src 'self' cdnjs.cloudflare.com https://cdnjs.cloudflare.com https://fonts.googleapis.com; style-src-attr 'self'; frame-ancestors 'self' 2
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com 'self' data: data: *.tiktok.com *.ttcdn-row.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.paypal.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self' 'unsafe-inline'; frame-ancestors *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com cdn.dnky.co amc.demdex.net www.google.com youtube.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net *.vimeocdn.com i.ytimg.com *.youtube.com *.ftcdn.net *.behance.net *.paypal.com *.typekit.net *.gstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self' data: maps.gstatic.com maps.googleapis.com accounts.google.com *.tiktok.com *.ttcdn-row.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.commerce-payment-services.com *.magento-datasolutions.com *.magento-ds.com *.typekit.net google.com *.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com https://www.google.com *.gstatic.com cdn.dnky.co r1-t.trackedlink.net www.gstatic.com js-agent.newrelic.com bam.nr-data.net maps.googleapis.com player.vimeo.com https://maps.googleapis.com *.tiktok.com *.ttcdn-row.com *.bytedance.com analytics.tiktok.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.fontawesome.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com maxcdn.bootstrapcdn.com *.googleapis.com *.gstatic.com cdn.dnky.co *.googletagmanager.com *.cookielaw.org *.tiktok.com *.ttcdn-row.com 'self' 'unsafe-inline'; object-src *.tiktok.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com *.sentry.io *.paypal.com google.com *.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.google-analytics.com maps.googleapis.com api.comapi.com bam.nr-data.net *.cookielaw.org analytics.tiktok.com business-api.tiktok.com *.ttcdn-row.com *.bytedance.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self' *.google.com google.com *.google.de google.de *.google.at google.at *.google.be google.be *.google.fi google.fi *.google.no google.no *.google.ru google.ru *.google.se google.se *.google.co.uk google.co.uk *.google.nl google.nl *.google.fr google.fr *.google.pl google.pl *.google.es google.es *.google.it google.it *.google.ch google.ch *.google.dk google.dk *.google.it google.it *.google.cz google.cz *.google-analytics.com google-analytics.com *.googletagmanager.com googletagmanager.com *.googleapis.com googleapis.com *.sharp.de sharp.de *.sharp.at sharp.at *.sharp.be sharp.be *.sharp.fi sharp.fi *.sharp.no sharp.no *.sharp.ru sharp.ru *.sharp.se sharp.se *.sharp.co.uk sharp.co.uk *.sharp.nl sharp.nl *.sharp.fr sharp.fr *.sharp.pl sharp.pl *.sharp.es sharp.es *.sharp.it sharp.it *.sharp.ch sharp.ch *.sharp.se sharp.se *.sharp.dk sharp.dk *.sharp.cz sharp.cz *.sharp.eu sharp.eu *.sharpmarketing.eu imgs.aws.sharp.eu *.actonsoftware.com *.cookielaw.org *.onetrust.com onetrust.com stats.g.doubleclick.net; script-src 'self' 'unsafe-inline' *.actonservice.com actonservice.com *.googletagmanager.com googletagmanager.com *.google-analytics.com *.google.com googleapis.com *.googleapis.com *.youtube.com youtube.com bam.nr-data.net js-agent.newrelic.com *.cookielaw.org *.onetrust.com *.sharpmarketing.eu *.gstatic.com *.hotjar.com snap.licdn.com bat.bing.com; style-src 'self' 'unsafe-inline' *.sharpmarketing.eu; img-src 'self' data: *.cookielaw.org cookielaw.org *.onetrust.com onetrust.com *.google.ca google.ca *.google.co.in google.co.in *.google.ro google.ro *.google.co.jp google.co.jp *.gogle.co.id google.co.id *.google.co.th google.co.th *.google.ae google.ae *.google.co.nz google.co.nz *.google.com google.com *.google.de google.de *.google.at google.at *.google.be google.be *.google.fi google.fi *.google.no google.no *.google.ru google.ru *.google.se google.se *.google.co.uk google.co.uk *.google.nl google.nl *.google.fr google.fr *.google.pl google.pl *.google.es google.es *.google.it google.it *.google.ch google.ch *.google.dk google.dk *.google.lt google.it *.google.cz google.cz imgs.aws.sharp.eu i.ytimg.com d35hoao4dw4qk2.cloudfront.net www.google-analytics.com *.sharpmarketing.eu *.actonsoftware.com px.ads.linkedin.com bat.bing.com px4.ads.linkedin.com www.google.co.za www.google.bg googleads.g.doubleclick.net www.google.gr; frame-src *; frame-ancestors 'self' *.sharp.de sharp.de *.sharp.at sharp.at *.sharp.be sharp.be *.sharp.fi sharp.fi *.sharp.no sharp.no *.sharp.ru sharp.ru *.sharp.sk sharp.sk *.sharp.se sharp.se *.sharp.co.uk sharp.co.uk *.sharp.nl sharp.nl *.sharp.fr sharp.fr *.sharp.pl sharp.pl *.sharp.es sharp.es *.sharp.it sharp.it *.sharp.ch sharp.ch *.sharp.se sharp.se *.sharp.dk sharp.dk *.sharp.hu sharp.hu *.sharp.it sharp.it *.sharp.co.jp sharp.co.jp *.sharp.cz sharp.cz  *.sharp.eu sharp.eu; child-src *; font-src 'self' data:; connect-src 'self' *.google-analytics.com google-analytics.com cdn.linkedin.oribi.io bam.nr-data.net *.onetrust.com *.cookielaw.org stats.g.doubleclick.net privacyportal-eu.onetrust.com *.sharpmarketing.eu *.hotjar.com vc.hotjar.io bat.bing.com; report-uri https://apps.sharp.eu/sharp/apps/eu/csp-violation/report.php; upgrade-insecure-requests 2
default-src 'self' https:; connect-src 'self' https: wss: javascript:; font-src 'self' data: use.typekit.net fonts.gstatic.com *.cloudfront.net fonts.googleapis.com assets.parentsquare.com assets.sandbox.parentsquare.com assets.staging.parentsquare.com themes.googleusercontent.com; form-action 'self' https:; frame-ancestors 'self'; img-src 'self' blob: data: https: pbs.twimg.com; media-src 'self' data: blob: https:; object-src 'self' parentsquare-restricted-data-production.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; upgrade-insecure-requests; worker-src 'self' blob:; report-uri /csp_report 2
default-src * 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline'; script-src 'none' 'report-sample'; connect-src 'none'; form-action 'none'; frame-src 'none'; worker-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://csp.threatview.app/report; report-to threatview 2
font-src https://www.googletagmanager.com *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.cloudflare.com 'self' data: *.hotjar.com *.hotjar.io data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * www.facebook.com 'self' connect.facebook.net graph.facebook.com business.facebook.com test.saferpay.com www.saferpay.com saferpay.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.doubleclick.net *.googlesyndication.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com test.saferpay.com www.saferpay.com saferpay.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com 'self' data: *.paypal.com *.gstatic.com *.googleapis.com *.googlesyndication.com *.google.com *.google.rs *.google.hr *.google.ba *.google.si *.google.bg *.google.me *.google.mk *.google.nl *.google.de *.google.be *.google.fr *.googleadservices.com www.facebook.com trengo.s3.eu-central-1.amazonaws.com *.openstreetmap.org ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com connect.facebook.net graph.facebook.com business.facebook.com *.cmi.co.ma test.saferpay.com www.saferpay.com saferpay.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com tagmanager.google.com https://www.googletagmanager.com *.googleapis.com *.gstatic.com *.googlesyndication.com *.googleadservices.com *.google.com *.google.rs *.google.hr *.google.ba *.google.si *.google.bg *.google.me *.google.mk www.facebook.com *.widget.trengo.eu map.gls-croatia.com map.gls-czech.com map.gls-hungary.com map.gls-romania.com map.gls-slovenia.com map.gls-slovakia.com map.gls-serbia.com *.openstreetmap.org chimpstatic.com downloads.mailchimp.com *.list-manage.com s7.addthis.com connect.facebook.net graph.facebook.com business.facebook.com *.hotjar.com *.hotjar.io onesignal.com *.onesignal.com *.criteo.com *.adsmurai.com gateway.bankart.si test.saferpay.com www.saferpay.com saferpay.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com fonts.googleapis.com *.bootstrapcdn.com downloads.mailchimp.com onesignal.com *.onesignal.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com static.widget.trengo.eu 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://www.google-analytics.com *.googleapis.com *.google.com *.google.rs *.google.hr *.google.ba *.google.si *.google.bg *.google.me *.google.mk *.google.nl *.google.de *.google.be *.google.fr *.googlesyndication.com *.doubleclick.net www.facebook.com *.trengo.eu map.gls-croatia.com map.gls-czech.com map.gls-hungary.com map.gls-romania.com map.gls-slovenia.com map.gls-slovakia.com map.gls-serbia.com *.openstreetmap.org ekr.zdassets.com/ connect.facebook.net graph.facebook.com business.facebook.com wss://ws.hotjar.com *.hotjar.io test.saferpay.com www.saferpay.com saferpay.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src test.saferpay.com www.saferpay.com saferpay.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
report-uri /_/csp-reports 2
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://static.zdassets.com https://geolocation.onetrust.com https://region1.google-analytics.com https://v2.zopim.com https://ajax.googleapis.com https://analytics.silktide.com https://analytics.tiktok.com https://api.reciteme.com/asset/js https://app.geckoform.com https://cdn-ukwest.onetrust.com https://cdn.populo-services.com https://connect.facebook.net https://embed.geckochat.io https://googleads.g.doubleclick.net https://l.getsitecontrol.com https://sc-static.net/scevent.min.js https://script.hotjar.com https://static.hotjar.com https://tr.snapchat.com https://www.googletagmanager.com https://cdn.populo-services.com https://www.gstatic.com; style-src 'report-sample' 'self' 'unsafe-inline' https://fonts.geckoform.com https://fonts.gstatic.com/ https://embed.geckochat.io https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://cms-stmarys.cloud.contensis.com https://surveystats.hotjar.io https://googleads.g.doubleclick.net https://capigateway.adaptworldwide.com wss://widget-mediator.zopim.com https://router-euwest2.geckochat.io https://stats.g.doubleclick.net https://www.google.com https://privacyportal-uk.onetrust.com https://region1.google-analytics.com https://geolocation.onetrust.com https://pagead2.googlesyndication.com https://a.eu.silktide.com https://analytics.tiktok.com https://api.geckochat.io https://cdn-ukwest.onetrust.com https://ekr.zdassets.com https://l.getsitecontrol.com https://region1.analytics.google.com https://tr.snapchat.com https://tr6.snapchat.com https://www.google.co.uk https://www.google.com https://www.googleadservices.com; font-src 'self' https://script.hotjar.com https://fonts.geckoform.com https://embed.geckochat.io https://fonts.gstatic.com/; frame-src 'self' https://app.geckoform.com https://td.doubleclick.net https://tr.snapchat.com https://www.youtube.com; img-src 'self' data: https://survey-images.hotjar.com https://img.youtube.com https://www.googletagmanager.com https://widget-assets.geckochat.io https://www.facebook.com https://cdn-ukwest.onetrust.com https://i.ytimg.com https://populo.populo-services.com https://www.google.co.uk https://www.google.com; manifest-src 'self'; media-src 'self' https://audio.geckochat.io; worker-src 'none'; 2
default-src  https: http:            data:               wss://*.forter.com           'unsafe-inline' 'unsafe-eval';        connect-src  https: http:            wss://*.forter.com;        frame-ancestors 'self'            https: http:           *.czs.org             172.21.2.30            www.chasepaymentechhostedpay.com       object-src  'self';       img-src   'unsafe-eval' 'unsafe-inline'            data:           blob:           *;       font-src  'self'           data: https: http:           *.typekit.net;       script-src  'unsafe-eval' 'unsafe-inline'            blob:           data:           https: http:           'self'              emarketing.activenetwork.com             d8a4d633e88a.cdn0.forter.com d8a4d633e88a.cdn1.forter.com d8a4d633e88a.cdn2.forter.com d8a4d633e88a.cdn3.forter.com              d8a4d633e88a.cdn4.forter.com d8a4d633e88a.cdn5.forter.com d8a4d633e88a.cdn6.forter.com d8a4d633e88a.cdn7.forter.com              d8a4d633e88a.cdn8.forter.com d8a4d633e88a.cdn9.forter.com               kpstat.forter.com:7043               www.google.com              maps.google.com              maps.googleapis.com               ssl.google-analytics.com               www.google-analytics.com               www.gstatic.com                embed.idonate.com               use.typekit.net                               cdn-js.net                cdnjs.cloudflare.com             d35u1vg1q28b3w.cloudfront.net             partners.cmptch.com               static.cmptch.com                         scriptcdn.net                             auctioneer.50million.club                 m.addthis.com                s7.addthis.com                 m.addthisedge.com             lkysearchex3688-a.akamaihd.net                analyticspage.tools                apiurl.org                appsource.cool                countmake.cool                fp166.digitaloptout.com                eluxer.net                mirextpro.com                 z.moatads.com               secure.myshopcouponmac.com                payperclickadz.com               cdn.pmqzads.com                qdatasales.com            widget-prime.rafflecopter.com                srvvtrk.com               pwm-image.trendmicro.com              gateway.zscloud.net;       style-src  'unsafe-eval' 'unsafe-inline'            'self'                accessibility-bookmarklets.org                 emarketing.activenetwork.com                      cdnjs.cloudflare.com               use.fontawesome.com                fonts.googleapis.com                hello.myfonts.net               pwm-image.trendmicro.com;       report-uri   https://bzcsp.report-uri.com/r/d/csp/reportOnly 2
default-src 'self' https://*.adnxs.com https://*.avanser.com https://*.hubapi.com https://*.algolia.com https://*.algolia.net https://*.algolianet.com https://*.readspeaker.com https://*.cloudflare.com https://*.facebook.net https://*.cdnfonts.com https://*.googleapis.com https://*.gstatic.com https://*.hs-analytics.net https://*.hs-banner.com https://*.hsforms.net https://*.hs-scripts.com https://*.hsleadflows.net https://*.hsadspixel.net https://*.hsform.com https://*.hubspot.com https://*.google.com.au https://*.google-analytics.com https://*.googletagmanager.com https://*.clarity.ms https://*.doubleclick.net https://*.cdninstagram.com https://*.myhealthforlife.com.au https://*.myhealthforlife.org.au https://*.newrelic.com https://*.vimeo.com https://*.raisely.com https://*.siteimproveanalytics.com https://*.hotjar.com https://*.licdn.com https://*.ewaypayments.com https://*.linkedin.com https://*.google.com https://*.doubleclick.net https://*.yimg.com https://*.youtube.com; object-src 'none'; img-src * data:; script-src 'self' https://*.adnxs.com https://*.avanser.com https://*.hubapi.com https://*.algolia.com https://*.algolia.net https://*.algolianet.com https://*.readspeaker.com https://*.cloudflare.com https://*.facebook.net https://*.cdnfonts.com https://*.googleapis.com https://*.gstatic.com https://*.hs-analytics.net https://*.hs-banner.com https://*.hsforms.net https://*.hs-scripts.com https://*.hsleadflows.net https://*.hsadspixel.net https://*.hsform.com https://*.hubspot.com https://*.google.com.au https://*.google-analytics.com https://*.googletagmanager.com https://*.clarity.ms https://*.doubleclick.net https://*.cdninstagram.com https://*.myhealthforlife.com.au https://*.myhealthforlife.org.au https://*.newrelic.com https://*.vimeo.com https://*.raisely.com https://*.siteimproveanalytics.com https://*.hotjar.com https://*.licdn.com https://*.ewaypayments.com https://*.linkedin.com https://*.google.com https://*.doubleclick.net https://*.yimg.com https://*.youtube.com; style-src 'self' * 'unsafe-inline'; font-src * data:; media-src *; frame-src *.vimeo.com *.googletagmanager.com *.doubleclick.net *.youtube.com; 2
font-src fonts.gstatic.com *.fontawesome.com https://fonts.bunny.net *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.facebook.com https://torus-stage-halkbankmacedonia.asseco-see.com.tr/ https://epay.halkbank.mk/fim/est3Dgate form.wspay.biz formtest.wspay.biz 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com *.youtube.com www.google.com *.youtube-nocookie.com *.sharethis.com www.facebook.com www.googletagmanager.com bid.g.doubleclick.net td.doubleclick.net issuu.com e.issuu.com assets.pinterest.com *.hotjar.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.sharethis.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com www.facebook.com www.google.hr *.googletagmanager.com ssl.gstatic.com www.gstatic.com www.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.google.com maps.gstatic.com maps.googleapis.com log.pinterest.com pinterest.com www.pinterest.com *.hotjar.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com analytics.google.com www.googletagmanager.com https://firebasestorage.googleapis.com *.hsforms.net *.hsforms.com 'self' data: data: 'self' 'unsafe-inline'; script-src *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ www.google.com *.sharethis.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.googletagmanager.com tagmanager.google.com www.google-analytics.com ssl.google-analytics.com www.googleadservices.com googleads.g.doubleclick.net maps.googleapis.com *.hotjar.com connect.facebook.net *.disqus.com assets.pinterest.com *.tiktok.com analytics.google.com www.googletagmanager.com *.avada.io *.shopify.com *.hsforms.net *.hsforms.com *.google.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.sharethis.com downloads.mailchimp.com googletagmanager.com tagmanager.google.com fonts.googleapis.com *.hotjar.com *.fontawesome.com https://fonts.bunny.net *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com vimeo.com *.sharethis.com *.g.doubleclick.net *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.google.com www.google.hr maps.googleapis.com *.hotjar.com *.hotjar.io wss://*.hotjar.com/ *.tiktok.com www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com https://get.geojs.io *.avada.io t.elasticsuite.io *.hsforms.net *.hsforms.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self'; script-src 'self' 'unsafe-inline' www.google.com www.gstatic.com www.youtube.com www.youtube-nocookie.com www.google-analytics.com js.zi-scripts.com www.googletagmanager.com unpkg.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' www.google-analytics.com; connect-src 'self' js.zi-scripts.com ws.zoominfo.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' go.tsico.com www.youtube-nocookie.com www.google.com; worker-src 'self' blob:; upgrade-insecure-requests 2
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com www.voltlighting.com *.google.com *.cloudfront.net *.amazonaws.com *.klevu.com *.fontawesome.com *.googleapis.com *.socialannex.com *.amplighting.com voltlighting.com *.voltlighting.com *.hotjar.com *.bazaarvoice.com *.ksearchnet.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de api.bazaarvoice.com stg.api.bazaarvoice.com *.google.com *.gstatic.com www.facebook.com *.amazonaws.com *.amplighting.com voltlighting.com *.voltlighting.com *.authorize.net *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.certcapture.com *.authorize.net 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.affirm.com *.affirm.ca *.certcapture.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.gstatic.com www.facebook.com *.googletagmanager.com *.googleapis.com *.amazonaws.com *.paypalobjects.com amc.demdex.net fast.amc.demdex.net nsg.symantec.com *.hotjar.com www.pinterest.com *.twitter.com *.socialannex.net *.amplighting.com voltlighting.com nytrng.com *.attn.tv *.guarantee-cdn.com *.fls.doubleclick.net *.googlesyndication.com td.doubleclick.net app.fastbots.ai 12521576.fls.doubleclick.net ssl.kaptcha.com www.youtube.com www.google.com connect.facebook.net graph.facebook.com business.facebook.com *.authorize.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.weltpixel.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com *.affirm.com *.affirm.ca *.certcapture.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com www.voltlighting.com *.googleusercontent.com *.google.com *.klevu.com bat.bing.com www.facebook.com connect.facebook.net www.google.co.in *.amazonaws.com dpm.demdex.net amc.demdex.net *.visualwebsiteoptimizer.com *.powerreviews.com nsg.symantec.com *.wpengine.com cdn.socialannex.com *.cloudinary.com *.gravatar.com *.adobedtm.com *.amplighting.com voltlighting.com *.voltlighting.com *.trackedlink.net *.b0e8.com *.guarantee-cdn.com *.clarity.ms *.bing.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net wt.rqtrk.eu id5-sync.com *.paypalobjects.com track.hubspot.com d7keiwzj12p9.cloudfront.net ad.doubleclick.net adservice.google.com cdn-assets.affirm.com s3.amazonaws.com m.media-amazon.com 'self' blob: cdn.bfldr.com storage-us-gcs.bfldr.com cdn.userway.org yt3.ggpht.com www.youtube.com www.gstatic.com guarantee-cdn.com volt.dev csi.gstatic.com cm.everesttech.net graph.facebook.com business.facebook.com *.ksearchnet.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://redchamps.com *.facebook.com *.reddit.com data: 'self' 'unsafe-inline'; script-src geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com player.vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com *.magento-ds.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.magento-datasolutions.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.affirm.com *.affirm.ca *.certcapture.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com *.adobe.com js-na1.hs-scripts.com bat.bing.com *.gstatic.com *.klevu.com www.facebook.com *.cloudfront.net *.powerreviews.com unpkg.com *.visualwebsiteoptimizer.com *.amazonaws.com *.googletagmanager.com *.googleapis.com js-agent.newrelic.com nsg.symantec.com a.opmnstr.com bam.nr-data.net bam-cell.nr-data.net cdn.socialannex.com *.hotjar.com *.instagram.net cdn.plyr.io stackpath.bootstrapcdn.com dn.jsdelivr.net code.jquery.com *.socialannex.com *.amplighting.com voltlighting.com *.voltlighting.com *.bc0a.com cdn.attn.tv guarantee-cdn.com cdn.b0e8.com *.clarity.ms *.lfeeder.com shop.pe *.shop.pe wt.rqtrk.eu cdn.id5-sync.com *.blackcrow.ai *.bttrack.com *.google.co.in *.trackedlink.net *.googleadservices.com *.trackedweb.net *.authorize.net *.paypal.com analytics.tiktok.com tpc.googlesyndication.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com static.elfsight.com js.hscollectedforms.net js.usemessages.com cdn.userway.org api.userway.org bigsur.ai consents-cf.bc0a.com d2mjzob2nc713b.cloudfront.net cdn1.affirm.com pixel.api.blokid.com addshoppers.s3.amazonaws.com shopper.shop.pe static.cloudflareinsights.com r.wdfl.co static-na.payments-amazon.com ssl.kaptcha.com js.klevu.com app.fastbots.ai apis.google.com cdn.bc0a.com connect.facebook.net static.doubleclick.net www.google.com www.gstatic.com cdn.nytrng.com universe-static.elfsightcdn.com graph.facebook.com business.facebook.com *.ksearchnet.com *.kaptcha.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net *.redditstatic.com *.reddit.com https://js.klevu.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.certcapture.com display.ugc.bazaarvoice.com www.voltlighting.com *.google.com *.klevu.com *.powerreviews.com *.gstatic.com *.cloudfront.net *.amazonaws.com stats.g.doubleclick.net *.socialannex.com *.amplighting.com voltlighting.com *.voltlighting.com *.hotjar.com cdn.userway.org app.fastbots.ai *.fontawesome.com www.youtube.com *.ksearchnet.com assets.braintreegateway.com tagmanager.google.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.sentry.io *.paypal.com google.com *.google.com *.magento-datasolutions.com *.magento-ds.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.affirm.com *.affirm.ca *.certcapture.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com voltlighting.tt.omtrdc.net bat.bing.com *.gstatic.com *.amazonaws.com *.googletagmanager.com *.googleapis.com *.dotdigital.com dpm.demdex.net amcglobal.sc.omtrdc.net *.cardinalcommerce.com *.trackedlink.net *.trackedweb.net stats.g.doubleclick.net get.geojs.io *.powerreviews.com api.omappapi.com *.wpengine.com stats.ksearchnet.com *.ksearchnet.com *.demdex.net *.visualwebsiteoptimizer.com *.amplighting.com *.voltlighting.com *.bc0a.com *.clarity.ms *.google-analytics.com *.analytics.google.com *.g.doubleclick.net events.attentivemobile.com lb.eu-1-id5-sync.com id5-sync.com *.hotjar.io *.blackcrow.ai *.authorize.net core.service.elfsight.com *.hubspot.com *.hscollectedforms.net *.elfsight.com *.safeopt.com voltlighting.wpengine.com ixfd2-api.bc0a.com statsjs.klevu.com www.affirm.com cdn-assets.affirm.com api.prod.bigsur.ai voltlighting.attn.tv firebaseremoteconfig.googleapis.com app.shop.pe dp70uvwpivouv.cloudfront.net api.userway.org cdn.userway.org cdn77.api.userway.org apay-us.amazon.com shopper.shop.pe ssl.kaptcha.com www.youtube.com googleads.g.doubleclick.net jnn-pa.googleapis.com play.google.com app.fastbots.ai bam.nr-data.net www.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.klevu.com *.kaptcha.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.facebook.net *.redditstatic.com *.reddit.com *.doubleclick.net 'self' 'unsafe-inline'; child-src *.certcapture.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src www.voltlighting.com www.google-analytics.com pixel.tracking.blokid.com www.google.com bat.bing.com events.attentivemobile.com commerce.adobedc.net network-a.bazaarvoice.com apay-us.amazon.com app.fastbots.ai bam.nr-data.net tracker.affirm.com www.googletagmanager.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.voltlighting.com/; report-to report-endpoint; 2
default-src 'self' *.telware.net *.onecloud.com *.myonecloud.com; frame-ancestors 'self' *.telware.net *.onecloud.com *.myonecloud.com https://login.microsoftonline.com; style-src-elem 'self' 'unsafe-inline' *.telware.net *.onecloud.com *.myonecloud.com https://www.gstatic.com https://cdnjs.cloudflare.com/ https://fonts.googleapis.com/css2 https://alcdn.msauth.net  https://accounts.google.com/gsi/style https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css https://www.gstatic.com/charts/51/css/core/tooltip.css https://www.gstatic.com/charts/51/css/table/table.css  https://www.gstatic.com/charts/51/css/annotationchart/annotationchart.css https://fonts.googleapis.com/css https://www.gstatic.com/charts/51/css/util/util.css; script-src-elem 'self' 'unsafe-inline' *.telware.net *.onecloud.com *.myonecloud.com *.gstatic.com *.googletagmanager.com *.googleapis.com *.pv-site.com https://www.google-analytics.com/analytics.js https://alcdn.msauth.net https://accounts.google.com/gsi/client https://www.google.com/recaptcha/api.js https://secure.aadcdn.microsoftonline-p.com https://integrator.oclnk.co https://oms-dev.oclnk.co appleid.cdn-apple.com apis.google.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/api.js https://secure.aadcdn.microsoftonline-p.com *.gstatic.com https://appleid.cdn-apple.com https://accounts.google.com/gsi/client; font-src 'self' data: *.gstatic.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://www.gstatic.com/ https://*.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com/ https://fonts.gstatic.com; connect-src 'self' *.telware.net *.onecloud.com *.myonecloud.com https://alcdn.msauth.net https://www.google-analytics.com wss://myonecloud.com:8001 wss://*.telware.net:8001 wss://*.onecloud.com:8001 wss://*.telware.net:9002 wss://*.onecloud.com:9002 https://*.bugsnag.com https://login.microsoftonline.com https://maps.googleapis.com https://sso.sandbox.pv-site.com https://sso.pv-site.com https://netoauth.pv-site.com https://*.onecloud.us https://*.onecloud.us:9443 https://api.sandbox-oms.onecloud.us:9443 https://oms-dev.oclnk.co https://www.google.com/recaptcha/api2/clr https://accounts.google.com/gsi/;  img-src 'self' data: *.telware.net *.onecloud.com *.myonecloud.com https://www.gravatar.com https://maps.googleapis.com https://maps.gstatic.com https://pv-site.com https://netoauth.pv-site.com https://www.google-analytics.com https://core1-us-east.genvox.net https://apple-resources.s3.amazonaws.com https://play.google.com https://www.googletagmanager.com https://api.qrserver.com *.genvox.net rl-promptvoice-test.hostedonhold.com csi.gstatic.com https://csi.gstatic.com/ https://fonts.gstatic.com/ blob: https://i.ytimg.com; media-src 'self' blob: data: https://upload.wikimedia.org *.telware.net *.onecloud.com *.myonecloud.com *.genvox.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://accounts.google.com/gsi/style; report-uri https://o4504882498174976.ingest.us.sentry.io/api/4509090918694912/security/?sentry_key=1cf0e5d02a08eee41bb2081427788665&sentry_environment=production; frame-src 'self' https://accounts.google.com/gsi https://accounts.google.com https://login.microsoftonline.com https://www.google.com https://login.live.com https://www.youtube.com; base-uri 'self'; child-src 'self' https://login.microsoftonline.com; 2
font-src https://www.googletagmanager.com *.googleapis.com *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com https://fonts.gstatic.com *.typekit.net *.optimonk.com google.ro google.sk google.at google.it google.fr google.de google.nl google.si google.co-uk *.google.ro *.google.sk *.google.at *.google.it *.google.fr *.google.de *.google.nl *.google.si *.google.co-uk data: 'self' 'unsafe-inline'; form-action *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com test.saferpay.com www.saferpay.com saferpay.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com *.google.com/ *.doubleclick.net *.weltpixel.com test.saferpay.com www.saferpay.com saferpay.com https://player.vimeo.com https://www.youtube-nocookie.com *.pinterest.com/ *.gorgias.chat *.gorgias.io *.hotjar.com *.pinimg.com *.tiktok.com *.polyfill.io *.profitmetrics.io *.clarity.ms *.amplitude.com *.google.com *.google.hu *.google.ie *.google.sk *.google.ro *.google.co.in *.cookiebot.com *.optimonk.com *.luigisbox.com *.diego.itg.cloud facebook.com youtube.com pinterest.com/ gorgias.chat gorgias.io hotjar.com pinimg.com tiktok.com polyfill.io profitmetrics.io clarity.ms amplitude.com google.com google.hu google.ie google.sk google.ro google.co.in doubleclick.net cookiebot.com optimonk.com luigisbox.com diego.itg.cloud www.paypal.com www.sandbox.paypal.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com https://consentcdn.cookiebot.com *.googletagmanager.com *.diego.hu google.at google.it google.fr google.de google.nl google.si google.co-uk *.google.at *.google.it *.google.fr *.google.de *.google.nl *.google.si *.google.co-uk www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.gstatic.com 'self' data: *.google.com *.google.bg *.facebook.net *.doubleclick.net *.googletagmanager.com *.google-analytics.com test.saferpay.com www.saferpay.com saferpay.com magefan.com cm.magefan.com https://www.magezon.com blob: https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com https://img.youtube.com http://live.staticflickr.com https://live.staticflickr.com *.pinterest.com/ *.gorgias.chat *.gorgias.io *.hotjar.com *.pinimg.com *.tiktok.com *.polyfill.io *.profitmetrics.io *.clarity.ms *.amplitude.com *.google.hu *.google.ie *.google.sk *.google.ro *.google.co.in *.cookiebot.com *.optimonk.com *.luigisbox.com *.diego.itg.cloud maps.gstatic.com www.paypal.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.diego.hu *.taggrs.io *.bing.com google.ro google.sk google.at google.it google.fr google.de google.nl google.si google.co-uk *.google.at *.google.it *.google.fr *.google.de *.google.nl *.google.si *.google.co-uk www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com tagmanager.google.com https://www.googletagmanager.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com test.saferpay.com www.saferpay.com saferpay.com player.vimeo.com https://player.vimeo.com https://www.youtube.com *.adobedtm.com *.googleapis.com *.pinterest.com/ *.gorgias.chat *.gorgias.io *.hotjar.com *.pinimg.com *.tiktok.com *.polyfill.io *.profitmetrics.io *.clarity.ms *.amplitude.com *.google.hu *.google.ie *.google.sk *.google.ro *.google.co.in *.cookiebot.com *.optimonk.com *.luigisbox.com *.diego.itg.cloud facebook.net adobedtm.com adobe.com googleapis.com pinterest.com/ gorgias.chat gorgias.io hotjar.com pinimg.com tiktok.com polyfill.io profitmetrics.io clarity.ms amplitude.com google.com google.hu google.ie google.sk google.ro google.co.in doubleclick.net cookiebot.com optimonk.com luigisbox.com diego.itg.cloud www.paypal.com www.sandbox.paypal.com www.paypalobjects.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.dyn-rev.app stapecdn.com google.at google.it google.fr google.de google.nl google.si google.co-uk *.google.at *.google.it *.google.fr *.google.de *.google.nl *.google.si *.google.co-uk www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.fontawesome.com https://fonts.googleapis.com http://fonts.googleapis.com *.typekit.net *.optimonk.com *.pinterest.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.google-analytics.com *.google-analytics.com *.facebook.net *.google.com test.saferpay.com www.saferpay.com saferpay.com https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io *.pinterest.com/ *.gorgias.chat *.gorgias.io *.hotjar.com *.pinimg.com *.tiktok.com *.polyfill.io *.profitmetrics.io *.clarity.ms *.amplitude.com *.google.hu *.google.ie *.google.sk *.google.ro *.google.co.in *.doubleclick.net *.cookiebot.com *.optimonk.com *.luigisbox.com *.diego.itg.cloud pinterest.com/ gorgias.chat gorgias.io hotjar.com pinimg.com tiktok.com polyfill.io profitmetrics.io clarity.ms amplitude.com google.com google.hu google.ie google.sk google.ro google.co.in doubleclick.net cookiebot.com optimonk.com luigisbox.com diego.itg.cloud maps.googleapis.com www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com t.elasticsuite.io *.diego.hu gorgias-convert.com *.googlesyndication.com region1.google-analytics.com google.at google.it google.fr google.de google.nl google.si google.co-uk *.google.at *.google.it *.google.fr *.google.de *.google.nl *.google.si *.google.co-uk 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src test.saferpay.com www.saferpay.com saferpay.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src maxcdn.bootstrapcdn.com *.lasportivausa.com data: *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.klaviyo.com *.locally.com *.typekit.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com api.bazaarvoice.com stg.api.bazaarvoice.com https://plumrocket.com 'self' *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.lasportivausa.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.sharethis.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com https://plumrocket.com *.weltpixel.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.lasportivausa.com *.doubleclick.net *.google.com *.googleapis.com *.vimeo.com *.addthis.com *.pinterest.com disqus.com *.bazaarvoice.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.sharethis.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com connect.bolt.com connect-sandbox.bolt.com s3-us-west-1.amazonaws.com magefan.com cm.magefan.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.lasportivausa.com *.google.com *.googleapis.com *.gstatic.com *.googlesyndication.com via.placeholder.com *.pinterest.com *.disqus.com *.addthis.com *.bazaarvoice.com *.curalate.com *.viglink.com *.klaviyo.com *.locally.com *.doubleclick.net *.cloudfront.net *.avantlink.com *.localizecdn.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.sharethis.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.lasportivausa.com bam.nr-data.net cdnjs.cloudflare.com *.cookielaw.org *.doubleclick.net *.google.com *.googleapis.com *.gstatic.com js-agent.newrelic.com *.newrelic.com player.vimeo.com *.addthis.com *.addthisedge.com *.moatads.com *.avmws.com *.pinimg.com *.pinterest.com *.disqus.com *.disquscdn.com *.bazaarvoice.com *.locally.com *.curalate.com *.experticity.com *.eventscalendar.co *.localizecdn.com https://global.localizecdn.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.sharethis.com display.ugc.bazaarvoice.com maxcdn.bootstrapcdn.com https://static.klaviyo.com unsafe-inline assets.braintreegateway.com *.lasportivausa.com *.disquscdn.com *.bazaarvoice.com *.googleapis.com *.typekit.net *.localizecdn.com 'self' 'unsafe-inline'; object-src connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com *.bolt.com 'self' 'unsafe-inline'; media-src *.adobe.com *.lasportivausa.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.sharethis.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com sessions.bugsnag.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.lasportivausa.com bam.nr-data.net *.doubleclick.net *.googleapis.com *.googlesyndication.com *.pinterest.com *.disqus.com *.addthis.com *.bazaarvoice.com *.curalate.com *.locally.com *.eventscalendar.co *.mixpanel.com *.localizecdn.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.lasportivausa.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src https://www.googletagmanager.com *.googleapis.com *.gstatic.com https://geowidget.easypack24.net *.fontawesome.com fonts.gstatic.com *.inpost.pl fonts.googleapis.com https://fonts.bunny.net *.gls.com *.szybkapaczka.pl data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com sandbox.przelewy24.pl secure.przelewy24.pl 'self' 'unsafe-inline'; frame-ancestors pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://www.googletagmanager.com https://td.doubleclick.net https://cookie.inpost.pl https://geowidget-app.inpost.pl/ https://sandbox-easy-geowidget.easypack24.net/ pay.google.com apm.przelewy24.pl *.inpost.pl *.szybkapaczka.pl 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com https://static.paynow.pl *.cloudfront.net https://player.vimeo.com https://www.google.pl https://www.facebook.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org static.przelewy24.pl www.gstatic.com gstatic.com https://firebasestorage.googleapis.com https://api.mapbox.com *.szybkapaczka.pl data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com https://player.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ tagmanager.google.com https://www.googletagmanager.com https://static.paynow.pl https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org sandbox.przelewy24.pl secure.przelewy24.pl pay.google.com apm.przelewy24.pl *.avada.io *.shopify.com *.szybkapaczka.pl sandbox-global-geowidget-sdk.easypack24.net geowidget.inpost-group.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com https://geowidget.easypack24.net https://geowidget.inpost.pl *.fontawesome.com fonts.googleapis.com *.inpost.pl https://fonts.bunny.net *.szybkapaczka.pl sandbox-global-geowidget-sdk.easypack24.net geowidget.inpost-group.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://geowidget.easypack24.net *.szybkapaczka.pl 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com *.easypack24.net *.inpost.pl *.openstreetmap.org sandbox.przelewy24.pl secure.przelewy24.pl wss://sandbox-ws.przelewy24.pl wss://secure-ws.przelewy24.pl apple-pay-gateway.apple.com apm.przelewy24.pl google.com www.google.com pay.google.com https://get.geojs.io *.avada.io *.szybkapaczka.pl 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
report-uri https://fathom.report-uri.com/r/t/csp/wizard; default-src 'none'; form-action 'none'; object-src 'none'; frame-ancestors 'none'; block-all-mixed-content; upgrade-insecure-requests 2
font-src 'self' data: cdn.embedly.com fonts.gstatic.com js.intercomcdn.com use.typekit.net tillercom.kinsta.cloud chrome-extension github.com; form-action 'self' www.facebook.com intercom.help; frame-src 'self' accounts.google.com assets.pinterest.com ct.pinterest.com auth.tillermoney.com data: docs.google.com sheets.tillerhq.com tpc.googlesyndication.com trends.google.com www.awin1.com www.adbstr.com www.facebook.com www.google.com www.googletagmanager.com www.pinterest.com www.zenaps.com bid.g.doubleclick.net intercom-sheets.com videopress.com www.youtube.com; manifest-src 'self'; media-src 'self' data: js.intercomcdn.com videos.files.wordpress.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: cdn.embedly.com cdn.ampproject.org cloudfront.net *.cloudfront.net embed.redditmedia.com a.omappapi.com a.optnmstr.com ajax.googleapis.com assets.pinterest.com ssl.gstatic.com ssl.google-analytics.com connect.facebook.net r.wdfl.co s.pinimg.com storychief.piwikpro.com tpc.googlesyndication.com cdn.mxpnl.com cdnjs.cloudflare.com googleads.g.doubleclick.net js.intercomcdn.com static.ads-twitter.com stats.wp.com v0.wordpress.com widget.intercom.io www.google-analytics.com www.googleadservices.com www.googletagmanager.com www.google.com www.pagespeed-mod.com; style-src-attr 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com p.typekit.net use.typekit.net; report-uri https://tillerhq.report-uri.com/r/t/csp/reportOnly; report-to default 2
script-src 'unsafe-inline' 'unsafe-eval' www.dropbox.com 'self' apis.google.com assets.adobedtm.com c.go-mpulse.net connect.facebook.net googleads.g.doubleclick.net static.ads-twitter.com www.adobetag.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.gstatic.com www.youtube.com s.pinimg.com snap.licdn.com blob:; script-src-elem 'self' 'unsafe-inline' assets.adobedtm.com apis.google.com az416426.vo.msecnd.net connect.facebook.net snap.licdn.com static.ads-twitter.com www.google-analytics.com www.googletagmanager.com googleads.g.doubleclick.net c.go-mpulse.net www.adobetag.com www.gstatic.com www.youtube.com www.google.com s.pinimg.com ct.pinterest.com www.dropbox.com www.googleadservices.com www.scrible.com ajax.googleapis.com cdnjs.cloudflare.com googletagmanager.com script.hotjar.com static.hotjar.com; script-src-attr 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' cdn.flowplayer.com cdn.jsdelivr.net fonts.googleapis.com cdnjs.cloudflare.com www.gstatic.com www.scrible.com use.fontawesome.com; style-src-attr 'unsafe-inline'; img-src 'self' data: *.oerproject.com analytics.twitter.com px.ads.linkedin.com www.facebook.com www.google.com cm.everesttech.net t.co *.bighistoryproject.com www.google-analytics.com googleads.g.doubleclick.net www.googletagmanager.com bgc3worldhistorydev.112.2o7.net csi.gstatic.com ssl.gstatic.com www.google.co.uk www.google.com.ar www.googleadservices.com cfdc4d69b.lwcdn.com stats.g.doubleclick.net www.google.ca www.google.co.in www.google.co.jp www.google.co.kr www.google.co.th www.google.com.au www.google.com.bz www.google.com.co www.google.com.hk www.google.com.mx www.google.com.ng www.google.com.ph www.google.com.sg www.google.mn cm.g.doubleclick.net www.google.cl www.google.co.id www.google.ae www.google.am www.google.at www.google.ba www.google.be www.google.bg www.google.bs www.google.bt www.google.ch www.google.ci www.google.co.cr www.google.co.il www.google.co.ke www.google.co.ls www.google.co.ma www.google.co.nz www.google.co.tz www.google.co.ug www.google.co.uz www.google.co.ve www.google.co.vi www.google.co.za www.google.co.zm www.google.com.af www.google.com.bd www.google.com.bh www.google.com.bo www.google.com.br www.google.com.cu www.google.com.do www.google.com.ec www.google.com.eg www.google.com.et www.google.com.gh www.google.com.gt www.google.com.jm www.google.com.kh www.google.com.lb www.google.com.my www.google.com.np www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.pk www.google.com.pr www.google.com.py www.google.com.qa www.google.com.sa www.google.com.sv www.google.com.tj www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.vn www.google.cv www.google.cz www.google.de www.google.es www.google.fi www.google.fr www.google.gl www.google.gm www.google.gr www.google.gy www.google.hr www.google.ht www.google.hu www.google.ie www.google.iq www.google.is www.google.it www.google.jo www.google.kg www.google.kz www.google.lk www.google.lv www.google.nl www.google.no www.google.pl www.google.pt www.google.ro www.google.ru www.google.rw www.google.se www.google.sk www.google.so www.google.tn www.linkedin.com fonts.gstatic.com translate.google.com ad.doubleclick.net adservice.google.com px4.ads.linkedin.com i.ytimg.com live.rezync.com yastatic.net dpm.demdex.net cdn.honey.io bat.bing.com 20537739p.rfihub.com 20537741p.rfihub.com a.rfihub.com blob: assets.clever.com www.google.as www.google.az www.google.bj www.google.by www.google.cg www.google.co.ao www.google.co.ck www.google.co.zw www.google.com.cy www.google.com.fj www.google.com.kw www.google.com.ly www.google.com.mm www.google.com.mt www.google.com.na www.google.com.ni www.google.com.sl www.google.com.uy www.google.dj www.google.dk www.google.dz www.google.ee www.google.ga www.google.ge www.google.hn www.google.la www.google.lt www.google.lu www.google.md www.google.me www.google.mk www.google.mu www.google.mw www.google.ps www.google.rs www.google.si www.google.sc accounts.google.com connect.facebook.net google.com l.facebook.com www.google.ad www.google.al www.google.bf www.google.cd www.google.cm www.google.co.mz www.google.com.bn www.google.com.gi www.google.dm www.google.gg www.google.je www.google.ml www.google.mv www.google.ne www.google.sn www.google.td www.google.tl www.google.tt www.youtube.com; font-src 'self' fonts.gstatic.com assets.clever.com use.fontawesome.com; connect-src 'self' dc.services.visualstudio.com dpm.demdex.net px.ads.linkedin.com *.oerproject.com www.google-analytics.com c.go-mpulse.net cfdc4d69b.lwcdn.com ihi.flowplayer.com ljsp.lwcdn.com ptm.flowplayer.com www.facebook.com adservice.google.com ct.pinterest.com apis.google.com google.com pmi.flowplayer.com region1.google-analytics.com www.google.com analytics.google.com api.facebook.com region1.analytics.google.com stats.g.doubleclick.net translate-pa.googleapis.com translate.googleapis.com www.googleadservices.com www.googletagmanager.com www.scrible.com ad.doubleclick.net api.fbanalytics.org cdn.flowplayer.com fonts.googleapis.com fonts.gstatic.com analytics.twitter.com edge.microsoft.com oerproject.report-uri.com t.co www.google.ca; frame-src 'self' bgc3.demdex.net www.google.com ct.pinterest.com td.doubleclick.net accounts.google.com drive.google.com *.oerproject.com www.facebook.com www.googletagmanager.com www.youtube.com; frame-ancestors * 'self'; form-action 'self'; worker-src 'self' blob:; report-uri https://oerproject.report-uri.com/r/d/csp/wizard 2
font-src https://www.googletagmanager.com *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.cloudflare.com 'self' data: *.hotjar.com *.hotjar.io data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * www.facebook.com 'self' connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.doubleclick.net *.googlesyndication.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com 'self' data: *.paypal.com *.gstatic.com *.googleapis.com *.googlesyndication.com *.google.com *.google.rs *.google.hr *.google.ba *.google.si *.google.bg *.google.me *.google.mk *.google.nl *.google.de *.google.be *.google.fr *.googleadservices.com www.facebook.com trengo.s3.eu-central-1.amazonaws.com *.openstreetmap.org ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com connect.facebook.net graph.facebook.com business.facebook.com *.cmi.co.ma data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com tagmanager.google.com https://www.googletagmanager.com *.googleapis.com *.gstatic.com *.googlesyndication.com *.googleadservices.com *.google.com *.google.rs *.google.hr *.google.ba *.google.si *.google.bg *.google.me *.google.mk www.facebook.com *.widget.trengo.eu map.gls-croatia.com map.gls-czech.com map.gls-hungary.com map.gls-romania.com map.gls-slovenia.com map.gls-slovakia.com map.gls-serbia.com *.openstreetmap.org chimpstatic.com downloads.mailchimp.com *.list-manage.com s7.addthis.com connect.facebook.net graph.facebook.com business.facebook.com *.hotjar.com *.hotjar.io onesignal.com *.onesignal.com *.criteo.com *.adsmurai.com gateway.bankart.si 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com fonts.googleapis.com *.bootstrapcdn.com downloads.mailchimp.com onesignal.com *.onesignal.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com static.widget.trengo.eu 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://www.google-analytics.com *.googleapis.com *.google.com *.google.rs *.google.hr *.google.ba *.google.si *.google.bg *.google.me *.google.mk *.google.nl *.google.de *.google.be *.google.fr *.googlesyndication.com *.doubleclick.net www.facebook.com *.trengo.eu map.gls-croatia.com map.gls-czech.com map.gls-hungary.com map.gls-romania.com map.gls-slovenia.com map.gls-slovakia.com map.gls-serbia.com *.openstreetmap.org ekr.zdassets.com/ connect.facebook.net graph.facebook.com business.facebook.com wss://ws.hotjar.com *.hotjar.io 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self' https://fonts.gstatic.com/ https://www.google-analytics.com/ https://stats.g.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.sa.gov.au/__data/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://cdn.botframework.com/; style-src 'unsafe-inline' https://fonts.googleapis.com/ https://www.sa.gov.au/_design/ https://www.sa.gov.au/__data/assets/css_file/; 2
frame-ancestors *.vee24.com 2
font-src *.bounceexchange.com *.google-analytics.com *.gstatic.com likeshop.me *.global-e.com data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.nosto.com *.nos.to *.bounceexchange.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ *.affirm.com *.affirm.ca *.authorize.net *.nosto.com *.nos.to www.xtento.com *.shoprunner.com *.facebook.com insight.adsrvr.org match.adsrvr.org *.signifyd.com *.online-metrix.net *.doubleclick.net *.cookiebot.com *.bounceexchange.com *.office365.com *.google.com *.google.lv *.bglobale.com *.global-e.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.affirm.com *.affirm.ca store.paradoxlabs.com *.nosto.com *.nos.to www.xtento.com cdn.xtento.com *.shoprunner.com *.bounceexchange.com *.bouncex.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.gstatic.com *.googleapis.com *.facebook.com connect.facebook.net www.google.lv *.bing.com *.lafayette148ny.com *.signifyd.com *.online-metrix.net *.postcodeanywhere.co.uk *.doubleclick.net heapanalytics.com *.heapanalytics.com *.bizrate.com *.dashhudson.com likeshop.me *.atdmt.com *.cdnwidget.com *.bglobale.com *.global-e.com *.clarity.ms *.cloudfront.net *.cookiebot.com *.rakuten.com *.linksynergy.com *.xg4ken.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io *.affirm.com *.affirm.ca *.authorize.net sandbox-assets.secure.checkout.visa.com *.nosto.com *.nos.to www.xtento.com cdn.xtento.com *.shoprunner.io *.shoprunner.com *.googletagmanager.com www.google.com www.google.lv www.gstatic.com *.bing.com *.upsellit.com connect.facebook.net *.sociomantic.com js.adsrvr.org *.algolianet.com *.algolia.net *.signifyd.com *.pcapredict.com *.addressy.com *.bizrate.com *.googleapis.com *.heapanalytics.com *.zdassets.com tag.wknd.ai *.bounceexchange.com *.dashhudson.com *.luckyorange.com *.cookiebot.com *.securedvisit.com *.pingdom.net *.cloudfront.net *.newrelic.com *.nr-data.net klear.com *.mczbf.com *.bglobale.com *.global-e.com *.clarity.ms cdn.noibu.com *.salesforce.com api.smooch.io *.online-metrix.net *.fbot.me *.rakuten.com *.linksynergy.com *.xg4ken.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.nosto.com *.nos.to *.bounceexchange.com *.googleapis.com *.addressy.com *.bizrate.com *.bglobale.com *.global-e.com *.cloudfront.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cloudfront.net *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.affirm.com *.affirm.ca *.authorize.net *.nosto.com *.nos.to *.shoprunner.io *.shoprunner.com *.signifyd.com *.signifyd.com:* *.addressy.com *.bing.com *.bounceexchange.com *.bouncex.net *.zdassets.com *.zendesk.com *.zopim.com *.doubleclick.net *.google-analytics.com *.googleapis.com likeshop.me *.heapanalytics.com wss: *.luckyorange.net *.cookiebot.com *.cdnbasket.net *.cdnwidget.com *.pingdom.net *.nr-data.net *.facebook.com klear.com *.mczbf.com *.sjwoe.com *.clarity.ms input.noibu.com cdn.noibu.com www.google.com *.analytics.google.com *.salesforce.com *.fbot.me https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src *.bounceexchange.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
object-src 'none'; script-src 'self' 'unsafe-eval' fonts.googleapis translate.google.com translate.googleapis.com translate-pa.googleapis.com *.gstatic.com siteimproveanalytics.com *.siteimprove.com svc.webspellchecker.net js-agent.newrelic.com bam.nr-data.net assets.pinterest.com cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://rebilly.github.io https://unpkg.com maps.googleapis.com platform.instagram.com platform.twitter.com; script-src-attr 'self'; script-src-elem 'self' fonts.googleapis translate.google.com translate.googleapis.com translate-pa.googleapis.com *.gstatic.com siteimproveanalytics.com *.siteimprove.com svc.webspellchecker.net js-agent.newrelic.com bam.nr-data.net assets.pinterest.com cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://rebilly.github.io https://unpkg.com maps.googleapis.com platform.instagram.com platform.twitter.com; style-src 'self' fonts.googleapis translate.google.com translate.googleapis.com translate-pa.googleapis.com *.gstatic.com siteimproveanalytics.com *.siteimprove.com svc.webspellchecker.net js-agent.newrelic.com bam.nr-data.net cdn.jsdelivr.net fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; style-src-attr 'self'; frame-ancestors 'self' 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: techport.ru *.techport.ru https://*.yandex.net https://techport.api.useinsider.com https://vk.com https://*.vk.com https://www.odnoklassniki.ru https://odnoklassniki.ru https://ok.ru https://connect.ok.ru https://yandex.ru https://*.yandex.ru https://ya.ru https://yandex.st https://yastatic.net https://*.yadro.ru https://webvisor.com https://mc.webwisor.org https://google.com https://*.google.com https://google.ru https://*.google.ru https://translate.google.cn https://*.googleapis.com https://*.googleadservices.com https://googletagservices.com https://*.googletagservices.com https://google-analytics.com https://*.google-analytics.com https://gstatic.com https://*.gstatic.com https://*.googlesyndication.com https://*.mail.ru https://top-fwz1.mail.ru https://youtube.ru https://*.youtube.ru https://youtube.com https://*.youtube.com https://s.ytimg.com https://video.bosch-pt-video.com https://uc.xddi.ru https://9khj7ltnoi.a.trbcdn.net https://techpont.ru https://*.flixfacts.com https://*.flixcar.com https://*.flix360.com https://*.flix360.io https://logo.flixfacts.co.uk https://media.flixsyndication.net https://*.doubleclick.net https://www.alexa.com https://*.alexa.com https://ssp.rambler.ru https://profile.ssp.rambler.ru https://*.paymentgate.ru https://*.robokassa.ru https://*.sandbox.paypal.com https://*.paypal.com https://paypal.com https://www.paypal.com https://*.mkb.ru https://*.rbsuat.com https://*.begun.ru https://newrelic.com https://*.newrelic.com https://bam.nr-data.net https://techport.api.sociaplus.com https://flv.isitetv.com https://rum.ngenix.net https://*.cdnvideo.ru https://app.clicker.one https://*.24ttl.stream https://goodmod.ru https://p95bxv.ru https://x.cnt.my/ https://dmrtx.com/ https://*.searchbooster.io https://*.searchbooster.net https://cdn.diginetica.net https://getrcmx.com https://cdn.enkod.ru/script/enpop.min.js https://cdn.enkod.ru/script/enpop-main.min.js https://ext.enkod.ru https://ga.segmel.com https://api.b2pos.ru/shop/v2/connect.js https://dpartaptm.com/ https://widget.yourgood.app https://cdn1.imshop.io; report-uri //www.techport.ru/csp; report-to //www.techport.ru/csp; 2
default-src 'self' https://*.securetrustbank.com https://*.v12retailfinance.com https://*.googletagmanager.com;; connect-src 'self' https://*.securetrustbank.com https://*.v12retailfinance.com https://stats.g.doubleclick.net https://*.google-analytics.com https://cdn.cookielaw.org https://*.feefo.com https://*.trustpilot.com;; img-src 'self' https://*.securetrustbank.com https://*.v12retailfinance.com data: https://*.google-analytics.com https://*.google.com https://*.google.co.uk https://siteimproveanalytics.com https://*.siteimproveanalytics.com https://*.siteimproveanalytics.io https://*.feefo.com https://*.trustpilot.com;; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.securetrustbank.com https://*.v12retailfinance.com https://*.googletagmanager.com https://static.srcspot.com https://cdn.cookielaw.org https://*.google-analytics.com https://siteimproveanalytics.com https://*.siteimproveanalytics.com https://code.jquery.com https://*.feefo.com; https://*.trustpilot.com;; style-src 'self' 'unsafe-inline' https://*.securetrustbank.com https://*.v12retailfinance.com https://siteimproveanalytics.com https://*.siteimproveanalytics.com https://*.feefo.com https://*.trustpilot.com;; font-src 'self' https://*.securetrustbank.com https://*.v12retailfinance.com https://*.trustpilot.com;; frame-src 'self' https://*.securetrustbank.com https://*.v12retailfinance.com https://*.youtube-nocookie.com https://*.trustpilot.com;; frame-ancestors 'self' 2
font-src data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self' https://myrgroup.com; script-src 'self' 'unsafe-inline' blob: https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com https://maps.gstatic.com https://fonts.gstatic.com https://www.chasepaymentechhostedpay.com https://js.stripe.com 'unsafe-eval' https://*.mailgun.net https://myrgroup.com; script-src-elem 'self' blob: https://www.googletagmanager.com https://www.google-analytics.com 'unsafe-inline' https://maps.googleapis.com https://maps.gstatic.com https://fonts.gstatic.com https://www.chasepaymentechhostedpay.com https://js.stripe.com 'unsafe-eval' https://www.gstatic.com https://myrgroup.com; style-src 'self' 'unsafe-inline' blob: https://use.typekit.net https://p.typekit.net https://maps.googleapis.com https://maps.gstatic.com https://fonts.googleapis.com https://fonts.gstatic.com https://myrgroup.com; style-src-elem 'self' https://use.typekit.net https://p.typekit.net 'unsafe-inline' https://maps.googleapis.com https://maps.gstatic.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.gstatic.com/ https://myrgroup.com; font-src 'self' https://use.typekit.net https://p.typekit.net data: 'unsafe-inline' https://s0.wp.com https://maps.googleapis.com https://maps.gstatic.com https://fonts.googleapis.com https://fonts.gstatic.com https://myrgroup.com; img-src 'self' data: https://myrgroup.com https://myrgroup.myr.studiothink.com https://myrgroup.stg.studiothink.com https://www.plpredimix.com https://s.w.org https://maps.googleapis.com https://maps.gstatic.com https://www.google.ca https://www.google-analytics.com; connect-src 'self' https://analytics.google.com https://www.google-analytics.com https://www.google.ca https://maps.googleapis.com https://maps.gstatic.com https://fonts.gstatic.com https://*.mailgun.net https://myrgroup.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://www.google.co.in https://www.google.fr; object-src 'none'; frame-src https://www.youtube.com https://www.chasepaymentechhostedpay.com https://js.stripe.com/ https://checkout.stripe.com https://myrgroup.com; report-to https://myrgroup.com/csp-report.php;; report-uri https://myrgroup.com/csp-report.php;; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: ace.de *.ace.de 1rx.io 360yield.com 3lift.com adentifi.com adform.net adnxs.com adsrvr.org agkn.com analytics.yahoo.com bidr.io bidswitch.net bing.com bugsnag.com bussgeldrechner.org casalemedia.com clarity.ms clmbtech.com co.kr connect.facebook.net cookielaw.org criteo.com demdex.net dmxleo.com doubleclick.net dwin1.com finanzcheck.de fonts.gstatic.com fwmrm.net ggpht.com google.com googleadservices.com googlesyndication.com googletagmanager.com gsitrix.com liadm.com media.net mediavine.com mediawallahscript.com outbrain.com pippio.com postrelease.com pr-bh.ybp.yahoo.com pubmatic.com revcontent.com rezync.com rfihub.com roeye.com roeyecdn.com rubiconproject.com smartadserver.com springserve.com stape.net stapecdn.com stickyadstv.com taboola.com tapad.com teads.tv thrtle.com tpmn.io tremorhub.com turn.com ubembed.com unrulymedia.com usemaxserver.de w55c.net www.google.com youtube.com ytimg.com; frame-ancestors 'self' ace.de *.ace.de; 2
font-src *.fontawesome.com fonts.googleapis.com https://www.gstatic.com https://fonts.gstatic.com fonts.gstatic.com *.yotpo.com *.googleapis.com *.gstatic.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.weltpixel.com https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.wesupply.xyz https://wesupplylabs.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.googletagmanager.com *.doubleclick.net www.xtento.com *.yotpo.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com maps.googleapis.com maps.gstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com *.facebook.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.com *.klaviyo.com *.clarity.ms *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com www.xtento.com cdn.xtento.com *.yotpo.com dhv2ziothpgrr.cloudfront.net https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com maps.googleapis.com get.geojs.io *.cloudflare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googletagmanager.com *.googleadservices.com *.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.clarity.ms *.klaviyo.com unpkg.com *.doubleclick.net www.xtento.com cdn.xtento.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://static.klaviyo.com *.fontawesome.com fonts.googleapis.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.googleapis.com *.addtoany.com unsafe-inline assets.braintreegateway.com *.tagmanager.google.com *.googletagmanager.com *.yotpo.com dhv2ziothpgrr.cloudfront.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com maps.googleapis.com http://dpm.demdex.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.klaviyo.com *.clarity.ms *.doubleclick.net *.run.app *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src *.fontawesome.com *.cloudflare.com cdnjs.cloudflare.com cdn.jsdelivr.net cookiechimp.com www.cookiechimp.com *.cookiechimp.com *.frogbikes.com frogbikes.com static.klaviyo.com fonts.gstatic.com *.gstatic.com self data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.adyen.com *.sharethis.com *.dotdigital-pages.com *.dotdigital.com account.fetchify.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.frogbikes.com *.usercentrics.eu www.xtento.com widget.trustpilot.com *.userway.org www.google.com *.gstatic.com app.usercentrics.eu *.doubleclick.net cookiechimp.com www.cookiechimp.com *.cookiechimp.com frogbikes.com self 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.adyen.com *.sharethis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.frogbikes.com *.usercentrics.eu www.xtento.com cdn.xtento.com *.userway.org *.cloudfront.net cookiechimp.com www.cookiechimp.com *.cookiechimp.com www.facebook.com www.googletagmanager.com *.gstatic.com frogbikes.com alb.reddit.com bat.bing.com c.clarity.ms c.bing.com *.jsdelivr.net self data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com *.sharethis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.usercentrics.eu *.jquery.com *.frogbikes.com *.newrelic.com *.lr-in-prod.com www.xtento.com cdn.xtento.com widget.trustpilot.com *.userway.org *.jsdelivr.net app.termly.io js.klarna.com js-agent.newrelic.com code.jquery.com *.klaviyo.com connect.facebook.net bat.bing.com www.clarity.ms cdn.storerocket.io cookiechimp.com www.cookiechimp.com *.cookiechimp.com frogbikes.com www.redditstatic.com maps.googleapis.com *.gstatic.com cdnjs.cloudflare.com *.cloudflare.com self 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.sharethis.com cc-cdn.com https://static.klaviyo.com *.fontawesome.com unsafe-inline *.frogbikes.com *.cloudflare.com fonts.googleapis.com *.gstatic.com *.userway.org *.jsdelivr.net static.klaviyo.com cookiechimp.com www.cookiechimp.com *.cookiechimp.com frogbikes.com cdnjs.cloudflare.com self 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.sharethis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com bam.nr-data.net *.usercentrics.eu *.google-analytics.com *.lr-in-prod.com *.analytics.google.com maps.googleapis.com *.gstatic.com *.userway.org app.termly.io widget.trustpilot.com storerocket.io *.klaviyo.com a.clarity.ms cookiechimp.com www.cookiechimp.com *.cookiechimp.com *.reddit.com www.redditstatic.com *.frogbikes.com frogbikes.com bat.bing.com bat.bing.net www.google.com self 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.tawk.to cdnjs.cloudflare.com cdn.jsdelivr.net voidlabs.containers.piwik.pro dl.frontapp.com hcaptcha.com; connect-src 'self' wss://*.tawk.to *.tawk.to newassets.hcaptcha.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com embed.tawk.to; frame-src 'self' demo.voxmail.it www.youtube-nocookie.com newassets.hcaptcha.com; font-src 'self' cdnjs.cloudflare.com fonts.gstatic.com embed.tawk.to; media-src 'self' embed.tawk.to; report-uri https://catbzhkx.uriports.com/reports/report 2
object-src 'none'; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://connect.facebook.net https://googleads.g.doubleclick.net https://d3js.org https://www.gstatic.com https://cse.google.com cdn.jsdelivr.net https://cdn.ckeditor.com https://cdn.datatables.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://www.google.com; script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://connect.facebook.net https://googleads.g.doubleclick.net https://d3js.org https://www.gstatic.com https://cse.google.com cdn.jsdelivr.net https://cdn.ckeditor.com https://cdn.datatables.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://www.google.com; style-src 'self' 'report-sample' 'unsafe-inline' https://fonts.googleapis.com https://cdn.datatables.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://unpkg.com; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.datatables.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://unpkg.com; worker-src 'self'; base-uri 'self'; form-action 'self'; frame-ancestors 'self' 2
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self' https://*.zdassets.com https://*.zopim.com https://*.zendesk.com wss://*.zendesk.com wss://*.zopim.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js.squarecdn.com/ https://api.smooch.io/ https://applepay.cdn-apple.com/ https://*.googleadservices.com/ https://assets.braintreegateway.com/web/ https://*.bazaarvoice.com/ https://*.doubleclick.net/ https://storage.googleapis.com/workbox-cdn/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://cfjump.drmartens.com.au/ https://cfjump.drmartens.co.nz/ https://*.fullstory.com https://www.googletagmanager.com/ https://analytics.tiktok.com https://cdn.unidays.world https://*.truefitcorp.com https://www.paypalobjects.com/api/checkout.min.js https://*.klaviyo.com https://t.cfjump.com/ https://*.zdassets.com https://connect.facebook.net/ https://maps.googleapis.com/ https://dma-cdn.staging.truefitcorp.com/fitrec/dma/js/tracker.js https://js-agent.newrelic.com/ js.datadome.co ct.captcha-delivery.com https://*.adobedtm.com https://*.afterpay.com https://*.demdex.net https://*.forter.com https://dlthst9q2beh8.cloudfront.net https://d2nww8zpyj5pk0.cloudfront.net https://*.google-analytics.com https://*.paypal.com afterpay.com https://foursixty.com https://*.useinsider.com https://*.roymorgan.com https://*.adobemc.com https://ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js https://js-sandbox.squarecdn.com/ https://s.pinimg.com https://lantern.roeyecdn.com https://ct.pinterest.com ; style-src 'self' 'unsafe-inline' https://static.klaviyo.com/onsite/js/ https://display.ugc.bazaarvoice.com/ https://maxcdn.bootstrapcdn.com/font-awesome/ https://*.typekit.net/ https://fonts.googleapis.com/ https://assets.braintreegateway.com/web/dropin/1.43.0/css/dropin.css https://assets.braintreegateway.com/web/dropin/1.16.0/css/dropin.css https://*.adobetm.com https://foursixty.com https://*.adobemc.com ; img-src data: 'self' https://*.zendesk.com/ https://dpm.demdex.net/ https://www.googleadservices.com/ccm/ https://www.magentocommerce.com/products/media/ https://*.drmartens.co.nz/ https://*.drmartens.com.au/ https://cm.everesttech.net/cm/dd https://googleads.g.doubleclick.net/ https://ad.doubleclick.net/ https://www.google.com/ccm/ https://www.paypalobjects.com https://www.google.com/ https://www.google.com.au/ https://www.google.co.nz/ https://www.google.com.vn/ https://maps.gstatic.com/mapfiles/ https://scontent.cdninstagram.com/ https://*.afterpay.com/ https://*.accentgra.com https://www.googletagmanager.com/ https://www.facebook.com/ https://*.bazaarvoice.com https://t.paypal.com/ https://duuytoqss3gu4.cloudfront.net/ https://df45ay5pw60dy.cloudfront.net/ https://d3nocrch4qti4v.cloudfront.net/ https://*.google-analytics.com https://*.pinterest.com https://*.tiktok.com https://*.useinsider.com https://maps.googleapis.com/maps/ https://developers.google.com https://*.zopim.io https://*.zdassets.com https://adservice.google.com https://www.drmartens.com/ https://lantern.roeye.com ; object-src 'none' ; base-uri 'self' ; child-src 'self' blob: ; connect-src 'self' https://analytics.google.com/g/collect https://iq.afterpay.com/us/v1/ https://iq.afterpay-beta.com/us/v1/ https://*.my.sentry.io/ wss://api.smooch.io/ https://*.accentgra.com/ https://www.facebook.com/tr/ https://google.com/ https://www.google.com/ https://collect-ap2.attraqt.io/ https://smetrics.drmartens.co.nz/ https://*.fullstory.com https://*.klaviyo.com https://smetrics.drmartens.com.au/ https://api-js.datadome.co https://*.adobedc.net https://*.afterpay.com https://*.bazaarvoice.com https://*.braintree-api.com https://*.braintreegateway.com https://*.demdex.net https://*.forter.com https://*.foursixty.com https://google.com/ccm/ https://www.google.com/ccm/ https://*.google-analytics.com https://*.googleapis.com https://*.nr-data.net https://*.paypal.com https://*.truefitcorp.com https://*.zdassets.com https://*.zendesk.com https://*.zopim.com https://accentgroupxpdev.112.2o7.net https://afterpay.com https://analytics.tiktok.com https://facebook.com https://*.roymorgan.com foursixty.com https://kleber.datatoolscloud.net.au https://sentry.io https://vimeo.com wss://widget-mediator.zopim.com https://d2o5idwacg3gyw.cloudfront.net https://dz8rit8v72mig.cloudfront.net https://d2lxqodqbpy7c2.cloudfront.net https://d6rak4b14t5gp.cloudfront.net https://d3k4bt74u9esq1.cloudfront.net wss://cdn0.forter.com api.useinsider.com api.myunidays.com https://opreq.observepoint.com/ https://ct.pinterest.com/ https://*.api.useinsider.com; font-src data: 'self' https://maxcdn.bootstrapcdn.com/font-awesome/ https://fonts.gstatic.com https://*.truefitcorp.com https://*.useinsider.com static.klaviyo.com use.typekit.net ; frame-src 'self' https://www.googletagmanager.com/ geo.captcha-delivery.com https://*.formstack.com https://*.afterpay.com https://*.bazaarvoice.com https://*.demdex.net https://*.everesttech.net https://*.everestjs.net https://*.doubleclick.net https://*.facebook.com https://*.myunidays.com https://*.omniparcelreturns.com https://*.paypal.com https://*.paypalobjects.com https://*.truefitcorp.com https://*.useinsider.com https://*.vimeo.com https://*.youtu.be https://*.youtube.com https://afterpay.com https://assets.braintreegateway.com https://everestjs.net https://facebook.com https://foursixty.com https://google.com https://www.google.com/ vimeo.com https://ct.pinterest.com/ ; worker-src 'self' blob: https://*.accentgra.com https://*.drmartens.co.nz https://*.drmartens.com.au; 2
default-src 'self' https://stm.smile.eu https://js.hs-scripts.com https://js.hubspot.com https://js.hs-banner.com https://js.usemessages.com https://js.hs-analytics.net https://js.hscollectedforms.net https://www.addtoany.com https://www.googletagmanager.com https://tag.aticdn.net https://api.mapbox.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://static.addtoany.com https://unpkg.com js.hsforms.net unpkg.com https://bwkjgjr.pa-cd.com https://forms.hscollectedforms.net https://track.hubspot.com https://api.hubspot.com https://cta-service-cms2.hubspot.com https://forms.hsforms.com https://perf-na1.hsforms.com https://app.hubspot.com http://www.w3.org/2000/svg https://www.google.com https://www.gstatic.com data: https://forms-na1.hsforms.com https://www.youtube.com https://ariane.abtasty.com https://dcinfos-cache.abtasty.com https://b.tile.openstreetmap.org https://a.tile.openstreetmap.org https://c.tile.openstreetmap.org https://lh7-eu.googleusercontent.com https://maps.gstatic.com https://exceptions.hs-embed-reporting.com https://translate.google.com https://www.collinsdictionary.com https://www.facebook.com https://c.clarity.ms https://forms-na1.hubspot.com; connect-src 'self' https://stm.smile.eu https://js.hs-scripts.com https://js.hubspot.com https://js.hs-banner.com https://js.usemessages.com https://js.hs-analytics.net https://js.hscollectedforms.net https://www.addtoany.com https://www.googletagmanager.com https://tag.aticdn.net https://api.mapbox.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://static.addtoany.com https://unpkg.com js.hsforms.net unpkg.com https://bwkjgjr.pa-cd.com https://forms.hscollectedforms.net https://track.hubspot.com https://api.hubspot.com https://cta-service-cms2.hubspot.com https://forms.hsforms.com https://perf-na1.hsforms.com https://app.hubspot.com http://www.w3.org/2000/svg https://www.google.com https://www.gstatic.com data: https://forms-na1.hsforms.com https://www.youtube.com https://ariane.abtasty.com https://dcinfos-cache.abtasty.com https://b.tile.openstreetmap.org https://a.tile.openstreetmap.org https://c.tile.openstreetmap.org https://lh7-eu.googleusercontent.com https://maps.gstatic.com https://exceptions.hs-embed-reporting.com https://translate.google.com https://www.collinsdictionary.com https://www.facebook.com https://c.clarity.ms https://forms-na1.hubspot.com https://www.google-analytics.com; font-src *; img-src 'self' https://stm.smile.eu https://js.hs-scripts.com https://js.hubspot.com https://js.hs-banner.com https://js.usemessages.com https://js.hs-analytics.net https://js.hscollectedforms.net https://www.addtoany.com https://www.googletagmanager.com https://tag.aticdn.net https://api.mapbox.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://static.addtoany.com https://unpkg.com js.hsforms.net unpkg.com https://bwkjgjr.pa-cd.com https://forms.hscollectedforms.net https://track.hubspot.com https://api.hubspot.com https://cta-service-cms2.hubspot.com https://forms.hsforms.com https://perf-na1.hsforms.com https://app.hubspot.com http://www.w3.org/2000/svg https://www.google.com https://www.gstatic.com data: https://forms-na1.hsforms.com https://www.youtube.com https://ariane.abtasty.com https://dcinfos-cache.abtasty.com https://b.tile.openstreetmap.org https://a.tile.openstreetmap.org https://c.tile.openstreetmap.org https://lh7-eu.googleusercontent.com https://maps.gstatic.com https://exceptions.hs-embed-reporting.com https://translate.google.com https://www.collinsdictionary.com https://www.facebook.com https://c.clarity.ms https://forms-na1.hubspot.com https://www.google-analytics.com; script-src 'self' 'unsafe-eval' https://js.hs-scripts.com https://js.hubspot.com https://js.hs-banner.com https://js.usemessages.com https://js.hs-analytics.net https://js.hscollectedforms.net https://www.addtoany.com https://www.googletagmanager.com https://tag.aticdn.net https://try.abtasty.com https://api.mapbox.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://static.addtoany.com https://unpkg.com js.hsforms.net unpkg.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://js.hs-scripts.com https://js.hubspot.com https://js.hs-banner.com https://js.usemessages.com https://js.hs-analytics.net https://js.hscollectedforms.net https://www.addtoany.com https://www.googletagmanager.com https://tag.aticdn.net https://api.mapbox.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://static.addtoany.com https://unpkg.com js.hsforms.net unpkg.com https://bwkjgjr.pa-cd.com https://forms.hscollectedforms.net https://track.hubspot.com https://api.hubspot.com https://cta-service-cms2.hubspot.com https://forms.hsforms.com https://perf-na1.hsforms.com https://app.hubspot.com http://www.w3.org/2000/svg https://www.google.com https://www.gstatic.com data: https://forms-na1.hsforms.com/https://js.hs-scripts.com https://forms-na1.hsforms.com https://try.abtasty.com https://www.clarity.ms https://analytics.tiktok.com https://api.livechatinc.com https://s.yimg.jp https://www.google-analytics.com https://cdn.qgraph.io https://script.infinity-tracking.com https://loader.wisepops.com https://connect.facebook.net https://cdn.livechatinc.com https://bat.bing.com https://script.hotjar.com https://b92.yahoo.co.jp/ https://img.macromill.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.google.com https://api.mapbox.com https://cdnjs.cloudflare.com https://unpkg.com unpkg.com; style-src-elem * 'unsafe-inline'; report-uri https://qasmileeu.report-uri.com/r/d/csp/reportOnly 2
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.klevu.com *.ksearchnet.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.facebook.com *.googlesyndication.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com www.paypal.com www.sandbox.paypal.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * s7.addthis.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.googlesyndication.com *.klevu.com *.ksearchnet.com www.paypal.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com halonen.fi www.halonen.fi stage.avarda.org avarda.org google.fi www.google.fi data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com js.klevu.com *.ksearchnet.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com s7.addthis.com m.addthis.com v1.addthisedge.com z.moatads.com stage.avarda.org avarda.org 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.klevu.com *.ksearchnet.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com https://statsjs.klevu.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.doubleclick.net *.googlesyndication.com *.klevu.com *.ksearchnet.com www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com s7.addthis.com m.addthis.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src *.typekit.net *.gstatic.com fonts.gstatic.com use.typekit.net *.klevu.com *.ksearchnet.com *.fontawesome.com maxcdn.bootstrapcdn.com *.google.com *.google.ca *.omappapi.com *.hotjar.com *.freshbots.ai *.pusher.com *.freshworksapi.com *.attn.tv *.route.io *.routeapp.io *.klaviyo.com d1cwup7r903a1d.cloudfront.net *.trycaddie.com caddie-ai-public.s3.us-east-2.amazonaws.com prod-caddie-public-custom-stylesheets.s3.us-east-2.amazonaws.com *.posthog.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.net *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.affirm.com *.affirm.ca c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.hotjar.com *.kaptcha.com *.tdotperformance.ca *.automotivestuff.com *.addthis.com *.nort.ca *.google.ca *.bing.com *.facebook.com *.freshbots.ai *.pusher.com *.freshworksapi.com *.attn.tv *.trycaddie.com caddie-ai-public.s3.us-east-2.amazonaws.com prod-caddie-public-custom-stylesheets.s3.us-east-2.amazonaws.com *.posthog.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com p.typekit.net validator.swagger.io *.ftcdn.net *.behance.net *.affirm.com *.affirm.ca https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.bing.com *.freshbots.ai *.googletagmanager.com *.shopperapproved.com *.tdotperformance.ca *.automotivestuff.com *.nort.ca *.google.com *.google.ca *.doubleclick.net *.facebook.net *.facebook.com *.hotjar.com *.riskified.com *.clarity.ms *.cloudfront.net *.omappapi.com *.crazyegg.com *.pusher.com *.freshworksapi.com *.attn.tv *.route.io *.routeapp.io *.convertexperiments.com *.trycaddie.com caddie-ai-public.s3.us-east-2.amazonaws.com prod-caddie-public-custom-stylesheets.s3.us-east-2.amazonaws.com *.posthog.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.commerce-payment-services.com *.typekit.net google.com *.google.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.affirm.com *.affirm.ca https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.klevu.com *.ksearchnet.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.forter.com *.cloudfront.net *.optnmstr.com *.hotjar.com *.shopperapproved.com *.bing.com *.freshbots.ai *.clarity.ms *.googleapis.com *.tdotperformance.ca *.automotivestuff.com *.addthis.com *.addthisedge.com *.moatads.com *.nort.ca *.google.ca *.omappapi.com *.facebook.net *.facebook.com *.riskified.com *.doubleclick.net *.klaviyo.com *.crazyegg.com *.pusher.com *.freshworksapi.com *.noibu.com *.attn.tv *.omniconvert.com *.route.io *.routeapp.io *.route.com unpkg.com *.convertexperiments.com *.trycaddie.com caddie-ai-public.s3.us-east-2.amazonaws.com prod-caddie-public-custom-stylesheets.s3.us-east-2.amazonaws.com *.posthog.com cdn.routeapp.io fonts.googleapis.com https://js.klevu.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://static.klaviyo.com *.klevu.com *.ksearchnet.com *.fontawesome.com maxcdn.bootstrapcdn.com assets.braintreegateway.com *.omappapi.com *.freshbots.ai *.tdotperformance.ca *.automotivestuff.com *.nort.ca *.google.com *.google.ca *.shopperapproved.com *.klaviyo.com *.crazyegg.com *.pusher.com *.freshworksapi.com *.attn.tv *.route.io *.routeapp.io *.convertexperiments.com *.trycaddie.com caddie-ai-public.s3.us-east-2.amazonaws.com prod-caddie-public-custom-stylesheets.s3.us-east-2.amazonaws.com *.posthog.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.adobe.io performance.typekit.net *.sentry.io *.affirm.com *.affirm.ca https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.cloudfront.net *.forter.com *.omappapi.com *.hotjar.com *.doubleclick.net *.shopperapproved.com *.freshbots.ai *.googleapis.com *.tdotperformance.ca *.automotivestuff.com *.addthis.com *.nort.ca *.clarity.ms *.youtube.com *.google.ca *.facebook.net *.facebook.com *.bing.com *.riskified.com *.klaviyo.com *.crazyegg.com *.hotjar.io *.pusher.com *.freshworksapi.com wss://rts-us.freshworksapi.com wss://ws.hotjar.com *.noibu.com wss://*.noibu.com *.attn.tv events.attentivemobile.com *.omniconvert.com *.route.io *.routeapp.io *.route.com *.convertexperiments.com *.trycaddie.com caddie-ai-public.s3.us-east-2.amazonaws.com prod-caddie-public-custom-stylesheets.s3.us-east-2.amazonaws.com *.posthog.com api.route.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.cloudfront.net *.podigee-cdn.net 'self' data: d3c2yqbxx52o4l.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com d3c2yqbxx52o4l.cloudfront.net 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com https://www.googletagmanager.com/ *.facebook.com js.mollie.com *.office365.com schoeffel-lowa.de *.podigee-cdn.net komoot.com d3c2yqbxx52o4l.cloudfront.net www.komoot.com d3ms8mre5rhtvu.cloudfront.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io maps.googleapis.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.cdninstagram.com https://www.mollie.com *.usercentrics.eu *.hubspot.com *.podigee-cdn.net *.hsforms.net *.hsforms.com 'self' data: d3c2yqbxx52o4l.cloudfront.net maps.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com maps.googleapis.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ player.vimeo.com connect.facebook.net cdnjs.cloudflare.com js.mollie.com *.googleadservices.com *.usercentrics.eu *.googleapis.com *.hs-scripts.com *.hs-banner.com *.hs-analytics.net *.podigee-cdn.net *.hsforms.net *.hsforms.com *.gstatic.com d3c2yqbxx52o4l.cloudfront.net pagead2.googlesyndication.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.podigee-cdn.net *.googleapis.com *.gstatic.com d3c2yqbxx52o4l.cloudfront.net 'self' 'unsafe-inline'; object-src d3c2yqbxx52o4l.cloudfront.net 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ *.cloudfront.net d3c2yqbxx52o4l.cloudfront.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com maps.googleapis.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.usercentrics.eu *.googleapis.com *.googlesyndication.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com d3c2yqbxx52o4l.cloudfront.net *.cardinalcommerce.com paypal.com *.paypalobjects.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com d3c2yqbxx52o4l.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src *.typekit.net fonts.gstatic.com use.typekit.net *.gstatic.com *.googleapis.com *.klarnacdn.net *.klevu.com *.ksearchnet.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnaevt.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.instagram.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com webchat.dotdigital.com webchat.staging.dotdigital.com *.klarna.com *.stripe.com klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.trustpilot.com *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.googleapis.com *.cdninstagram.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com *.trackedlink.net *.klarna.com *.klarnaevt.com *.klarnacdn.net *.klevu.com *.ksearchnet.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com beacon-qa.magento-datasolutions.com beacon-stage.magento-ds.com beacon.magento-ds.com beacon-audiences.magento-ds.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net *.commerce-payment-services.com *.magento-ds.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.googleapis.com *.gstatic.com *.instagram.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal webchat.dotdigital.com webchat.staging.dotdigital.com *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com js.klevu.com *.ksearchnet.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarnaevt.com *.amazon.com *.link.com *.trustpilot.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com beacon-audiences.magento-ds.com fonts.googleapis.com webchat.dotdigital.com webchat.staging.dotdigital.com *.klarnacdn.net *.klevu.com *.ksearchnet.com *.googleapis.com *.stripe.network *.stripecdn.com *.amazon.com *.trustpilot.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.snplow.net commerce.adobedc.net p13n-mr.adobe.io beacon-audiences.magento-ds.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net *.sentry.io www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.paypal.com google.com *.google.com *.adobedc.net *.demdex.net *.googleapis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com *.klevu.com *.ksearchnet.com *.stripe.com klarna.com *.link.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://7dc0cf2f-7ee0-4e32-abdf-e62b11896390.sansec.watch/; report-to report-endpoint; 2
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.google.com www.google-analytics.com www.googleadservices.com *.googleapis.com map.googleapis.com maps.googleapis.com *.googletagmanager.com *.google.com.ua 'self' data: data: *.magentocommerce.com *.zonos.com *.yotpo.com yotpo.com www.yotpo.com *.fontawesome.com *.authorize.net *.facebook.net *.facebook.com *.bootstrapcdn.com *.hubspot.com *.mailchimp.com *.tinymce.com *.tiny.cloud cdn.iglobalstores.com *.licdn.com *.bing.com *.dwin1.com www.dwin1.com *.bounceexchange.com linkedin.com *.adsymptotic.com p.adsymptotic.com *.cdnbasket.net *.cdnwidget.com *.iglobalstores.com xtento.com *.xtento.com *.cloudmaestro.com *.unpkg.com wss://widget-mediator.zopim.com *.widget-mediator.zopim.com *.sandbox.paypal.com *.paypal.com *.paypalobjects.com *.youtube.com *.apptrian.com www.apptrian.com *.vimeo.com *.use.typekit.net *.fls.doubleclick.net 11158761.fls.doubleclick.net js.authorize.net ssl.kaptcha.com *.kaptcha.com *.bouncex.net ciqtracking.com 'self' * data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.reviews.io *.reviews.co.uk *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.certcapture.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.affirm.com *.affirm.ca *.certcapture.com *.reviews.io *.reviews.co.uk c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * www.google-analytics.com www.googleadservices.com *.googleapis.com map.googleapis.com maps.googleapis.com *.googletagmanager.com *.google.com.ua *.iglobalstores.com *.authorize.net *.spreedly.com *.hubspot.com *.getbread.com paypal.com *.braintree-api.com *.addthis.com www.youtube.com *.online-metrix.net *.signifyd.com *.demdex.net *.tinymce.com *.tiny.cloud cdn.iglobalstores.com *.licdn.com *.bing.com dwin1.com www.dwin1.com *.bounceexchange.com linkedin.com *.adsymptotic.com p.adsymptotic.com *.cdnbasket.net *.cdnwidget.com *.yotpo.com yotpo.com www.yotpo.com xtento.com *.xtento.com *.g.doubleclick.net *.cloudmaestro.com vimeo.com *.fls.doubleclick.net 11158761.fls.doubleclick.net js.authorize.net ssl.kaptcha.com *.kaptcha.com *.bouncex.net ciqtracking.com 'self' www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.affirm.com *.affirm.ca *.certcapture.com *.b0e8.com https://images.unsplash.com *.cloudfront.net *.reviews.io *.reviews.co.uk magefan.com cm.magefan.com *.disqus.com https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.google.com *.googleapis.com map.googleapis.com maps.googleapis.com *.googletagmanager.com *.google.com.ua 'self' data: *.magentocommerce.com *.zonos.com *.yotpo.com yotpo.com www.yotpo.com *.ytimg.com *.s3.amazonaws.com *.amazonaws.com *.klaviyo.com *.g.doubleclick.net *.hubspot.com *.authorize.net *.bazaarvoice.org *.bazaarvoice.com display.ugc.bazaarvoice.com *.getbread.com *.signifyd.com *.e.aa.online-metrix.net *.bbb.org *.facebook.net *.facebook.com *.addthis.com *.collect.igodigital.com *.salesforceliveagent.com *.moatads.com *.addthisedge.com *.la1-c2-iad.salesforceliveagent.com *.la1-c2-ord.salesforceliveagent.com *.secure.force.com *.mailchimp.com *.demdex.net *.tinymce.com *.tiny.cloud cdn.iglobalstores.com *.licdn.com *.bing.com dwin1.com www.dwin1.com *.bounceexchange.com linkedin.com *.adsymptotic.com p.adsymptotic.com *.cdnbasket.net *.cdnwidget.com *.iglobalstores.com www.xtento.com cdn.xtento.com px.ads.linkedin.com bat.bing.com pippio.com *.cloudmaestro.com *.events.bouncex.net *.fls.doubleclick.net 11158761.fls.doubleclick.net tr2.smarterhq.io *.smarterhq.io js.authorize.net ssl.kaptcha.com *.kaptcha.com www.shareasale.com *.shareasale.com *.bouncex.net ciqtracking.com *.doubleclick.net jsstore.s3-us-west-2.amazonaws.com *.s3-us-west-2.amazonaws.com 'self' * *.hsforms.net *.hsforms.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.affirm.com *.affirm.ca *.certcapture.com *.b0e8.com *.bc0a.com https://maps.googleapis.com *.reviews.io *.reviews.co.uk *.disqus.com *.jsdelivr.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com *.googleapis.com map.googleapis.com maps.googleapis.com *.googletagmanager.com *.google.com.ua *.gstatic.com *.cloudflare.com acsbapp.com *.impactcdn.com *.trustedshops.com *.usercentrics.eu *.cardinalcommerce.com *.ccdc02.com *.authorize.net *.spreedly.com *.zonos.com *.yotpo.com *.braintreegateway.com *.bootstrapcdn.com bam.nr-data.net *.zopim.com *.facebook.net *.facebook.com *.zdassets.com *.klaviyo.com *.zendesk.com *.hs-scripts.com *.hs-analytics.net *.hs-banner.com fast.a.klaviyo.com *.hubspot.com wss://widget-mediator.zopim.com *.widget-mediator.zopim.com *.cookielaw.org *.bazaarvoice.org *.bazaarvoice.com display.ugc.bazaarvoice.com *.getbread.com *.onetrust.com paypal.com *.signifyd.com *.g.doubleclick.net *.addthis.com *.collect.igodigital.com *.salesforceliveagent.com *.moatads.com *.addthisedge.com *.la1-c2-iad.salesforceliveagent.com *.la1-c2-ord.salesforceliveagent.com *.braintree-api.com chimpstatic.com *.mailchimp.com mc.us18.list-manage.com *.tinymce.com *.tiny.cloud cdn.iglobalstores.com *.licdn.com *.bing.com dwin1.com www.dwin1.com *.bounceexchange.com linkedin.com *.adsymptotic.com p.adsymptotic.com *.cdnbasket.net *.cdnwidget.com *.iglobalstores.com yotpo.com www.yotpo.com xtento.com *.xtento.com *.cloudmaestro.com undefined/api/v2/sites/74088/recordings/content unpkg.com *.unpkg.com *.cloudfront.net d1n00d49gkbray.cloudfront.net/wknd/wknd_cartridge.js tr2.smarterhq.io *.apptrian.com hello.zonos.com staticw2.yotpo.com brainmd.com stats.g.doubleclick.net js.authorize.net ssl.kaptcha.com *.kaptcha.com *.go2sdk.com ciqtracking.com *.doubleclick.net script.crazyegg.com *.crazyegg.com js.adsrvr.org cdn.attn.tv container.pepperjam.com forms.hscollectedforms.net js.hscollectedforms.net salsify-ecdn.com fs19.formsite.com *.s3.amazonaws.com *.amazonaws.com s3.amazonaws.com s3-us-west-2.amazonaws.com *.execute-api.us-west-2.amazonaws.com alocdn.com b-code.liadm.com *.liadm.com api.retention.com cdn.oribi.io www.snapengage.com www.mnpa6gtrk.com shop.pe shopper.shop.pe static.cloudflareinsights.com cdn.cookie.pii.ai 'self' *.hsforms.net *.hsforms.com www.xtento.com cdn.xtento.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.certcapture.com *.cloudfront.net *.reviews.io *.reviews.co.uk https://cdn.jsdelivr.net assets.braintreegateway.com *.google.com www.google-analytics.com www.googleadservices.com *.googleapis.com map.googleapis.com maps.googleapis.com *.googletagmanager.com *.google.com.ua *.gstatic.com *.magentocommerce.com *.zonos.com *.yotpo.com *.fontawesome.com getfirebug.com *.klaviyo.com *.bootstrapcdn.com *.authorize.net display.ugc.bazaarvoice.com *.signifyd.com *.facebook.net *.facebook.com *.mailchimp.com *.tinymce.com *.tiny.cloud cdn.iglobalstores.com *.licdn.com *.bing.com dwin1.com www.dwin1.com *.bounceexchange.com linkedin.com *.adsymptotic.com p.adsymptotic.com *.cdnbasket.net *.cdnwidget.com *.iglobalstores.com yotpo.com www.yotpo.com xtento.com *.xtento.com *.cloudmaestro.com www.sandbox.paypal.com *.fls.doubleclick.net 11158761.fls.doubleclick.net tr2.smarterhq.io *.smarterhq.io js.authorize.net ssl.kaptcha.com *.kaptcha.com *.bouncex.net ciqtracking.com 'self' * data: tagmanager.google.com fonts.google.com 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.google.com www.google-analytics.com www.googleadservices.com *.googleapis.com map.googleapis.com maps.googleapis.com *.googletagmanager.com *.google.com.ua *.zdassets.com *.tinymce.com *.tiny.cloud cdn.iglobalstores.com *.licdn.com *.bing.com dwin1.com www.dwin1.com *.bounceexchange.com linkedin.com *.adsymptotic.com p.adsymptotic.com *.cdnbasket.net *.cdnwidget.com *.iglobalstores.com *.yotpo.com yotpo.com www.yotpo.com xtento.com *.xtento.com *.cloudmaestro.com *.fls.doubleclick.net 11158761.fls.doubleclick.net js.authorize.net *.authorize.net ssl.kaptcha.com *.kaptcha.com *.bouncex.net ciqtracking.com 'self' * 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.affirm.com *.affirm.ca *.certcapture.com https://maps.googleapis.com https://player.vimeo.com *.cloudfront.net *.reviews.io *.reviews.co.uk api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google-analytics.com *.googleapis.com map.googleapis.com maps.googleapis.com *.googletagmanager.com *.google.com.ua *.gstatic.com *.adobedtm.com *.acsbapp.com *.impactcdn.com *.ccdc02.com *.authorize.net *.zonos.com *.yotpo.com *.cloudflare.com *.jsdelivr.net *.trustedshops.com *.usercentrics.eu *.facebook.net *.facebook.com bam.nr-data.net *.zopim.com *.zdassets.com *.klaviyo.com *.zendesk.com *.hs-scripts.com *.hs-analytics.net *.hs-banner.com fast.a.klaviyo.com *.hubspot.com wss://widget-mediator.zopim.com *.widget-mediator.zopim.com *.cookielaw.org *.bazaarvoice.org *.bazaarvoice.com display.ugc.bazaarvoice.com *.getbread.com *.onetrust.com paypal.com *.signifyd.com *.g.doubleclick.net *.addthis.com *.collect.igodigital.com *.salesforceliveagent.com *.moatads.com *.addthisedge.com *.la1-c2-iad.salesforceliveagent.com *.la1-c2-ord.salesforceliveagent.com *.braintreegateway.com chimpstatic.com *.mailchimp.com *.demdex.net *.tinymce.com cdn.iglobalstores.com *.licdn.com *.bing.com dwin1.com www.dwin1.com *.bounceexchange.com linkedin.com *.adsymptotic.com p.adsymptotic.com *.cdnbasket.net *.cdnwidget.com *.iglobalstores.com yotpo.com www.yotpo.com xtento.com *.xtento.com *.cloudmaestro.com undefined/api/v2/sites/74088/recordings/content unpkg.com *.unpkg.com d1n00d49gkbray.cloudfront.net/wknd/wknd_cartridge.js tr2.smarterhq.io *.apptrian.com hello.zonos.com staticw2.yotpo.com brainmd.com stats.g.doubleclick.net js.authorize.net ssl.kaptcha.com *.kaptcha.com *.bouncex.net *.go2sdk.com ciqtracking.com *.doubleclick.net retail-client-events-service.internal.salsify.com script.crazyegg.com salsify-ecdn.com forms.hscollectedforms.net js.hscollectedforms.net events.attentivemobile.com *.attentivemobile.com shelterlogic-us.attn.tv *.attn.tv shelterlogic.sjv.io *.sjv.io tracking.crazyegg.com assets-tracking.crazyegg.com *.crazyegg.com api.retention.com b-code.liadm.com *.liadm.com *.execute-api.us-west-2.amazonaws.com manage.safeopt.com app.shop.pe alocdn.com shopper.shop.pe cdn.cookie.pii.ai geo.pii.ai consent-api.pii.ai 'self' t.elasticsuite.io *.hsforms.net *.hsforms.com *.analytics.google.com 'self' 'unsafe-inline'; child-src *.certcapture.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
base-uri 'self'; default-src 'self' https:; connect-src 'self' data: blob: https://ga.jspm.io *.sentry.io https://consentcdn.cookiebot.com https://consent.cookiebot.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.googleapis.com *.google.com https://*.gstatic.com https://static.raspberrypi.org; font-src 'self' https: data: https://fonts.gstatic.com https://*.hotjar.com; frame-src 'self' https://challenges.cloudflare.com https://consentcdn.cookiebot.com *.google.com e.issuu.com prezi.com storify.com youtube.com www.youtube.com youtube-nocookie.com www.youtube-nocookie.com; img-src 'self' https: data: https://*.raspberrypi.org https://*.hotjar.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; media-src 'self' https: data:; object-src 'none'; script-src 'self' https: 'unsafe-inline' blob: https://static.raspberrypi.org/js/global-nav-web-component/ https://challenges.cloudflare.com https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com https://*.googletagmanager.com https://*.hotjar.com https://browser.sentry-cdn.com https://js.sentry-cdn.com; style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://*.hotjar.com https://static.raspberrypi.org/styles/design-system/ https://*.cookiebot.com; worker-src blob:; report-uri https://o17504.ingest.us.sentry.io/api/4507769026707457/security/?sentry_key=53fc037dc5040a1a9fe07334577adc13&sentry_environment=production 2
base-uri 'self' ; connect-src https://*.ampproject.org https://*.appsflyer.com https://bat.bing.com https://*.clarity.ms https://*.cloudfront.net https://*.compare.com https://*.criteo.com https://*.criteo.net https://stats.g.doubleclick.net https://www.facebook.com https://app.five9.com https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.insurify.com https://insurify.com https://insurifycdn.com https://*.klaviyo.com https://*.logrocket.com https://*.logrocket.io https://*.lr-in.com https://*.lr-ingest.io https://*.makestories.io https://*.mixpanel.com https://*.mxpnl.com https://*.pinterest.com wss://ws.pusherapp.com https://insurify.sjv.io https://*.snapchat.com https://lux.speedcurve.com https://analytics.tiktok.com https://widget.trustpilot.com https://*.usersnap.com https://ifrm.insurify.com 'self' ; default-src 'self' ; font-src https://*.insurify.com https://fonts.gstatic.com https://*.bootstrapcdn.com https://insurifycdn.com https://widget.trustpilot.com https://ifrm.insurify.com 'self' data: ; form-action https://www.facebook.com https://tr.snapchat.com https://widget.trustpilot.com https://ifrm.insurify.com 'self' ; frame-ancestors 'self' ; frame-src https://insight.adsrvr.org https://match.adsrvr.org https://cj.dotomi.com https://*.doubleclick.net https://www.emjcd.com https://www.facebook.com https://*.pinterest.com https://www.quotelab.com https://tr.snapchat.com https://www.googletagmanager.com https://widget.trustpilot.com https://app.usecanopy.com https://ifrm.insurify.com 'self' ; img-src https://*.google.com https://*.googleapis.com https://www.google.bg https://www.google.com.pk https://www.googletagmanager.com https://maps.gstatic.com https://ib.adnxs.com https://*.appsflyer.com https://segment.prod.bidr.io https://*.bing.com https://*.clarity.ms https://*.cloudfront.net https://*.compare.com https://*.doubleclick.net https://www.facebook.com https://*.google-analytics.com https://www.gstatic.com https://insurifycdn.com *.makestories.io https://*.mediaalpha.com https://*.nextinsure.com https://*.pinterest.com https://www.shopperapproved.com https://*.snapchat.com https://lux.speedcurve.com https://*.storyblok.com https://cdn.transparent.ly https://widget.trustpilot.com https://*.usersnap.com 'self' data: ; media-src *.googlevideo.com 'self' ; script-src https://*.google.com https://*.googleapis.com https://www.google.bg https://www.google.com.pk https://maps.gstatic.com https://acdn.adnxs.com https://js.adsrvr.org *.ampproject.org https://*.appsflyer.com https://bat.bing.com https://*.bootstrapcdn.com https://*.clarity.ms https://*.cloudflare.com https://*.cloudfront.net https://*.compare.com https://*.criteo.com https://*.criteo.net https://googleads.g.doubleclick.net https://connect.facebook.net https://app.five9.com https://*.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://d.impactradius-event.com https://*.insurify.com https://insurifycdn.com https://*.jquery.com https://*.klaviyo.com https://cdn.logrocket.io https://cdn.lr-in.com https://cdn.lr-ingest.io https://cdn.lr-in-prod.com https://insurance.mediaalpha.com https://*.mixpanel.com https://*.mxpnl.com https://s.pinimg.com https://*.pinterest.com https://sc-static.net https://www.shopperapproved.com https://cdn.speedcurve.com https://analytics.tiktok.com https://widget.trustpilot.com https://unpkg.com https://*.usersnap.com https://ifrm.insurify.com 'self' 'unsafe-inline' 'unsafe-eval' ; style-src https://fonts.googleapis.com https://*.bootstrapcdn.com https://*.googleapis.com https://*.ampproject.org https://widget.trustpilot.com https://ifrm.insurify.com 'self' 'unsafe-inline' ; worker-src 'self' blob: ; report-uri https://report-uri.insurify.com/json; 2
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com https://fonts.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors *.certcapture.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.certcapture.com https://fast.amc.demdex.net https://vimeo.com *.player.vimeo.com http://consent-pref.trustarc.com https://consent-pref.trustarc.com https://player.vimeo.com https://www.youtube-nocookie.com https://plumrocket.com *.weltpixel.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src *.assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.googleapis.com https://maps.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com *.certcapture.com https://cdn1.1800flowers.com *.googletagmanager.com *.amcglobal.sc.omtrdc.net *.portotheme.com https://images.contentstack.io https://px.ads.linkedin.com https://p.adsymptotic.com http://consent.trustarc.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ blob: https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com https://img.youtube.com http://live.staticflickr.com https://live.staticflickr.com *.cdninstagram.com *.fbcdn.net maps.googleapis.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com www.googletagmanager.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://maps.googleapis.com *.gstatic.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.certcapture.com https://optimize.google.com https://www.googleoptimize.com/optimize.js http://tags.tiqcdn.com https://js-agent.newrelic.com https://cdn.auth0.com https://bam.nr-data.net *.jquery.com https://assets.adobedtm.com *.auth0.com data: https://snap.licdn.com/li.lms-analytics/insight.min.js https://px.ads.linkedin.com https://www.googleoptimize.com https://edge.fullstory.com/s/fs.js *.rs.fullstory.com https://rs.fullstory.com/rec/integrations https://snap.licdn.com/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://player.vimeo.com https://www.youtube.com *.googletagmanager.com ajax.googleapis.com https://www.googletagmanager.com tagmanager.google.com analytics.google.com unpkg.com *.instagram.com maps.googleapis.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com https://h64.online-metrix.net https://hello.zonos.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com assets.braintreegateway.com *.certcapture.com https://fonts.googleapis.com https://static.klaviyo.com http://fonts.googleapis.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com blob: *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.googleapis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.certcapture.com *.google-analytics.com https://stats.g.doubleclick.net https://bam.nr-data.net *.dpm.demdex.net *.rs.fullstory.com https://rs.fullstory.com/rec/page https://rs.fullstory.com/rec/bundle *.assets.adobedtm.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io analytics.google.com https://www.google-analytics.com *.instagram.com *.googleusercontent.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com *.certcapture.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src fonts.gstatic.com use.typekit.net https://s3-eu-west-1.amazonaws.com/globale-prod/Images/Help-Center/fonts/TitilliumWeb-Regular.ttf https://s3.global-e.com d1dwsi2ysdg1so.cloudfront.net d15ll0qrusyhmh.cloudfront.net fonts.googleapis.com *.fontawesome.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * api.bazaarvoice.com stg.api.bazaarvoice.com *.snapchat.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.gomoxie.solutions *.braintreegateway.com *.snapchat.com *.doubleclick.net *.paypalobjects.com *.google.com *.kaptcha.com *.adsrvr.org https://plumrocket.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com *.sprinklr.com *.global-e.com *.bglobale.com *.gstatic.com *.ietf.org *.cookielaw.org *.doubleclick.net d1dwsi2ysdg1so.cloudfront.net us.coca-cola.com cocacola.scene7.com ct.pinterest.com *.facebook.com *.userway.org *.agkn.com *.google.com *.snapchat.com https://firebasestorage.googleapis.com maps.gstatic.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com *.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com *.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com https://static.queue-it.net https://assets.queue-it.net https://edge.adobedc.net *.global-e.com *.bglobale.com https://analytics.tiktok.com https://queue.cokestore.com d1dwsi2ysdg1so.cloudfront.net d15ll0qrusyhmh.cloudfront.net rpxnow.com *.rpxnow.com forty11115.pcapredict.com *.gomoxie.solutions js-agent.newrelic.com *.google.com *.gstatic.com bam.nr-data.net *.coca-cola.com *.pricespider.com *.googletagmanager.com sc-static.net *.sc-static.net *.pinimg.com cdn.kxrd.net *.userway.org *.doubleclick.net connect.facebook.net cdn.krxd.net cdn.cookielaw.org api.addressy.com *.ccnag.com *.sprinklr.com *.adsrvr.org *.snapchat.com *.googleoptimize.com *.coke.com *.avada.io maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com unsafe-inline assets.braintreegateway.com display.ugc.bazaarvoice.com *.global-e.com *.bglobale.com https://cdn.userway.org d1dwsi2ysdg1so.cloudfront.net d15ll0qrusyhmh.cloudfront.net *.gomoxie.solutions p.typekit.net *.pricespider.com api.addressy.com cdn.cookielaw.org *.fontawesome.com https://fonts.bunny.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.sprinklr.com *.global-e.com *.bglobale.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.magento-datasolutions.com *.magento-ds.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com https://edge.adobedc.net *.sprinklr.com https://analytics.tiktok.com https://privacyportal.onetrust.com d1dwsi2ysdg1so.cloudfront.net d15ll0qrusyhmh.cloudfront.net *.shareacoke.com *.gomoxie.solutions bam.nr-data.net *.braintreegateway.com *.google-analytics.com *.doubleclick.net *.coca-cola.com *.coke.com *.b2clogin.com *.facebook.com ct.pinterest.com *.userway.org api.addressy.com *.ccnag.com *.paypalobjects.com *.snapchat.com *.googleapis.com *.cookielaw.org https://get.geojs.io *.avada.io maps.googleapis.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com d1dwsi2ysdg1so.cloudfront.net d15ll0qrusyhmh.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://cokestore.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' bat.bing.com cdn.cookie-script.com clientcdn.pushengage.com connect.facebook.net www.google-analytics.com www.gstatic.com www.google.com www.googletagmanager.com www.youtube.com *.hotjar.com googleads.g.doubleclick.net jobs.platform.jobster.com res.cloudinary.com securepubads.g.doubleclick.net cdn.platform.jobster.com *.adtrafficquality.google; style-src 'self' 'unsafe-inline' clientcdn.pushengage.com; img-src 'self' data: *.adtrafficquality.google bat.bing.com www.google-analytics.com www.google.com www.googletagmanager.com googleads.g.doubleclick.net www.facebook.com res.cloudinary.com; font-src 'self' data: clientcdn.pushengage.com res.cloudinary.com; connect-src 'self' bat.bing.com api.cloudinary.com *.googlesyndication.com analytics.google.com www.google-analytics.com www.google.com www.googletagmanager.com stats.g.doubleclick.net googleads.g.doubleclick.net script.hotjar.com clientcdn.pushengage.com web-sdk.pushengage.com *.hotjar.io ws.hotjar.com *.ingest.sentry.io securepubads.g.doubleclick.net *.adtrafficquality.google jobs.platform.jobster.com; frame-src 'self' www.facebook.com www.google.com www.googletagmanager.com *.doubleclick.net www.youtube.com securepubads.g.doubleclick.net *.safeframe.googlesyndication.com *.adtrafficquality.google; object-src 'none'; base-uri 'self'; 2
font-src *.stripe.com *.google.com *.sagepay.com *.opayo.eu.elavon.com *.gstatic.com https://*.typekit.net static.lipscore.com *.fontawesome.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com *.stripe.com *.google.com *.sagepay.com *.opayo.eu.elavon.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com pay.google.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com *.stripe.com https://*.google.com *.sagepay.com *.opayo.eu.elavon.com https://*.doubleclick.net https://*.hotjar.com https://player.vimeo.com c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com *.paypal.com * *.trustpilot.com landofcoder.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com www.gstatic.com *.stripe.com https://*.google.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.sagepay.com *.paypal.com *.opayo.eu.elavon.com https://*.doubleclick.net https://*.google.co.uk https://*.cloudfront.net static.lipscore.com blob: img.youtube.com magefan.com cm.magefan.com *.disqus.com https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.online-metrix.net testflex.cybersource.com flex.cybersource.com pay.google.com x.klarnacdn.net centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.stripe.com https://www.google.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.sagepay.com *.opayo.eu.elavon.com widget.freshworks.com m2epro.freshdesk.com https://*.pcapredict.com/js/sensor.js https://www.googletagmanager.com https://www.gstatic.com https://*.hotjar.com https://*.doubleclick.net https://secure.leadforensics.com https://*.googleapis.com static.lipscore.com *.disqus.com player.vimeo.com https://player.vimeo.com https://www.youtube.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.trustpilot.com landofcoder.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.stripe.com https://*.googleapis.com downloads.mailchimp.com *.sagepay.com *.opayo.eu.elavon.com widget.freshworks.com m2epro.freshdesk.com https://*.typekit.net static.lipscore.com *.fontawesome.com https://fonts.googleapis.com http://fonts.googleapis.com unsafe-inline assets.braintreegateway.com *.trustpilot.com tagmanager.google.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.stripe.com *.google.com *.sagepay.com *.paypal.com *.opayo.eu.elavon.com widget.freshworks.com m2epro.freshdesk.com https://*.hotjar.com https://*.adobedc.net https://*.nr-data.net wapi.lipscore.com users.lipscore.com https://fonts.googleapis.com https://fonts.gstatic.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com google.com landofcoder.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self'; connect-src 'self' dc.services.visualstudio.com ssl.google-analytics.com stats.g.doubleclick.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com partner.testseek.com intranet.microk12.com middleman.microk12.com; font-src 'self' data: fonts.gstatic.com static.stockinthechannel.com; frame-src 'self' accounts.us.stockinthechannel.com app.powerbi.com ad.doubleclick.net bid.g.doubleclick.net www.youtube.com www.google.com; frame-ancestors accounts.us.stockinthechannel.com; img-src * data:; media-src 'self' images.us.stockinthechannel.com media.stockinthechannel.com static.stockinthechannel.com; manifest-src images.us.stockinthechannel.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' accounts.us.stockinthechannel.com images.us.stockinthechannel.com static.stockinthechannel.com www.googleadservices.com ssl.google-analytics.com googleads.g.doubleclick.net https://*.googletagmanager.com www.google.com www.gstatic.com www.youtube.com; style-src 'self' 'unsafe-inline' static.stockinthechannel.com fonts.googleapis.com ajax.googleapis.com; report-uri https://stockchannel.report-uri.com/r/d/csp/reportOnly 2
font-src *.fontawesome.com https://fonts.bunny.net *.searchspring.io facebook.net *.facebook.net visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com elfsight.com *.elfsight.com acsbapp.com *.acsbapp.com northbeam.io *.northbeam.io listrakbi.com *.listrakbi.com refersion.com *.refersion.com bing.com *.bing.com ywxi.net *.ywxi.net bootstrapcdn.com *.bootstrapcdn.com storelocatorwidgets.com *.storelocatorwidgets.com purityassets.com *.purityassets.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com *.searchspring.io listrakbi.com *.listrakbi.com purityassets.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.searchspring.io facebook.com *.facebook.com facebook.net *.facebook.net visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com elfsight.com *.elfsight.com acsbapp.com *.acsbapp.com northbeam.io *.northbeam.io listrakbi.com *.listrakbi.com refersion.com *.refersion.com bing.com *.bing.com amazonaws.com *.amazonaws.com ywxi.net *.ywxi.net pinterest.com *.pinterest.com purityassets.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ magefan.com cm.magefan.com https://firebasestorage.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.searchspring.io elfsightcdn.com *.elfsightcdn.com facebook.com *.facebook.com facebook.net *.facebook.net visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com elfsight.com *.elfsight.com acsbapp.com *.acsbapp.com northbeam.io *.northbeam.io listrakbi.com *.listrakbi.com refersion.com *.refersion.com bing.com *.bing.com cloudfront.net *.cloudfront.net ywxi.net *.ywxi.net purityassets.com *.purityassets.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.attn.tv events.attentivemobile.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com https://cdn.searchspring.net/intellisuggest/is.min.js *.searchspring.io facebook.net *.facebook.net visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com elfsight.com *.elfsight.com acsbapp.com *.acsbapp.com northbeam.io *.northbeam.io listrak.com *.listrak.com listrakbi.com *.listrakbi.com refersion.com *.refersion.com bing.com *.bing.com amazonaws.com *.amazonaws.com ywxi.net *.ywxi.net googleapis.com *.googleapis.com storelocatorwidgets.com *.storelocatorwidgets.com purityassets.com *.purityassets.com *.godaddy.com *.getangler.ai *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://static.klaviyo.com *.fontawesome.com https://fonts.bunny.net unsafe-inline *.searchspring.io facebook.net *.facebook.net visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com elfsight.com *.elfsight.com acsbapp.com *.acsbapp.com northbeam.io *.northbeam.io listrakbi.com *.listrakbi.com refersion.com *.refersion.com bing.com *.bing.com ywxi.net *.ywxi.net bootstrapcdn.com *.bootstrapcdn.com storelocatorwidgets.com *.storelocatorwidgets.com mapbox.com *.mapbox.com purityassets.com *.purityassets.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com purityassets.com *.purityassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.attn.tv events.attentivemobile.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com https://beacon.searchspring.io/beacon *.searchspring.io facebook.com *.facebook.com facebook.net *.facebook.net visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com elfsight.com *.elfsight.com acsbapp.com *.acsbapp.com northbeam.io *.northbeam.io listrakbi.com *.listrakbi.com refersion.com *.refersion.com bing.com *.bing.com amazonaws.com *.amazonaws.com ywxi.net *.ywxi.net purityassets.com *.purityassets.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src https: data: wss: blob: 'unsafe-inline' 'unsafe-eval'; report-uri /csp-violation-report.php 2
font-src *.gstatic.com 'self' data: *.zopim.com *.loyaltylion.com *.loyaltylion.net *.bootstrapcdn.com *.googleapis.com *.hotjar.com wss://ws.hotjar.com *.typekit.net *.fontawesome.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.loyaltylion.com *.loyaltylion.net *.bootstrapcdn.com *.googleapis.com *.zopim.com wss://*.zopim.com *.demdex.net *.klarnaservices.com *.studentbeans.com *.beans.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.reviews.io *.reviews.co.uk 'self' 'unsafe-inline'; frame-ancestors *.reviews.co.uk *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.facebook.com *.addthis.com *.demdex.net *.criteo.com *.doubleclick.net *.vimeo.com *.google-analytics.com *.googleadservices.com *.paypal.com *.paypalobjects.com *.loyaltylion.com *.loyaltylion.net *.bootstrapcdn.com *.googleapis.com *.zopim.com wss://*.zopim.com https://rcgmal4n.klarnaservices.com *.klarnaservices.com *.dotmailer-surveys.com *.google.com *.freshchat.com *.reviews.co.uk *.hotjar.com wss://ws.hotjar.com *.zenaps.com *.braintreegateway.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.reviews.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.feefo.com *.nosto.com *.bing.com *.facebook.com *.facebook.net *.google.com *.google.co.uk *.google.co.in *.googletagmanager.com *.postcodeanywhere.co.uk *.klevu.com *.demdex.net *.omtrdc.net *.doubleclick.net *.google-analytics.com *.googleadservices.com *.paypal.com *.paypalobjects.com *.loyaltylion.com *.loyaltylion.net *.googleapis.com https://www.facebook.com https://www.google-analytics.com *.zopim.com wss://*.zopim.com *.dotmailer-surveys.com blob: *.klarnaservices.com *.pinterest.com *.bootstrapcdn.com https://yznrgxhu.klarnaservices.com *.klarnacdn.net *.icons8.com *.linkedin.com ids-couk.m2.s.ayko.com *.gstatic.com *.awin1.com *.zenaps.com *.dancedirect.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.cloudfront.net *.reviews.io *.reviews.co.uk data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googletagmanager.com chimpstatic.com *.nosto.com *.trackedweb.net trackedweb.net *.zopim.com *.dotmailer-surveys.com *.pcapredict.com *.loyaltylion.com *.klevu.com *.facebook.net *.bing.com *.rakuten.com *.zdassets.com *.jquery.com *.windows.net *.criteo.net *.criteo.com *.doubleclick.net *.addthis.com *.addthisedge.com *.moatads.com *.postcodeanywhere.co.uk *.google.com *.google.co.in *.gstatic.com *.cloudflare.com *.google-analytics.com *.googleadservices.com *.paypal.com *.paypalobjects.com *.loyaltylion.net *.bootstrapcdn.com *.googleapis.com https://eu-library.klarnaservices.com/ *.pinterest.com *.klarnaservices.com *.klarnacdn.net *.adyen.com *.fontawesome.com *.freshchat.com *.hotjar.com wss://ws.hotjar.com *.pingdom.com *.dwin1.com *.pingdom.net *.scenttrail.co.uk scenttrail.co.uk *.licdn.com *.instagram.com *.adt313.net *.zenaps.com *.sciencebehindecommerce.com *.studentbeans.com *.beans.com downloads.mailchimp.com *.list-manage.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com *.reviews.io *.reviews.co.uk *.stripe.com klarna.com *.klarna.com *.klarnaevt.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.loyaltylion.com *.klevu.com *.windows.net *.postcodeanywhere.co.uk *.google-analytics.com *.googleadservices.com *.paypal.com *.paypalobjects.com *.loyaltylion.net *.bootstrapcdn.com fonts.googleapis.com *.zopim.com wss://*.zopim.com http://fonts.googleapis.com https://fonts.googleapis.com *.freshchat.com *.typekit.net data: downloads.mailchimp.com https://static.klaviyo.com *.fontawesome.com unsafe-inline assets.braintreegateway.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.amazonaws.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.trackedweb.net *.zdassets.com *.zopim.com wss://*.zopim.com *.google-analytics.com *.doubleclick.net *.loyaltylion.com *.demdex.net *.postcodeanywhere.co.uk *.addthis.com *.bing.com *.facebook.com *.googleadservices.com *.paypal.com *.paypalobjects.com *.loyaltylion.net *.wpengine.com *.bootstrapcdn.com *.googleapis.com https://babea371.klarnauserservices.com *.feefo.com *.omtrdc.net *.klarnaservices.com *.klarnauserservices.com *.klarnaevt.com *.google.co.in *.hotjar.com *.hotjar.io wss://ws.hotjar.com wss://ws.hotjar.io *.pingdom.net *.dancedirect.com *.linkedin.com *.google.co.uk *.sciencebehindecommerce.com *.adt690.com *.amazonaws.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.stripe.com klarna.com *.klarna.com *.klarnacdn.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.klarna.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/youtube-marketing/artists_youtube 2
default-src 'self'; script-src 'self' 'strict-dynamic' https: data:; object-src 'none'; style-src 'self' 'unsafe-inline'; img-src 'self' https: data:; connect-src 'self' https://www.google-analytics.com https://www.googletagmanager.com; report-uri /report-csp-violation; upgrade-insecure-requests 2
worker-src blob: *.osano.com; font-src 'self' data: *.gstatic.com; style-src 'self' data: fonts.googleapis.com *.leadoo.com 'unsafe-inline' *.osano.com; default-src 'self' 'unsafe-eval' data: media.hachettelearning.com; frame-src passport.hoddereducation.co.uk *.trustpayments.com *.securetrading.net *.secure.checkout.visa.com secure.checkout.visa.com *.cardinalcommerce.com pay.google.com thm.visa.com *.datadoghq-browser-agent.com *.browser-intake-datadoghq.eu *.trustpilot.com *.youtube.com *.vimeo.com *.osano.com td.doubleclick.net verify.monzo.com; connect-src *.algolia.net *.algolianet.com 'self' *.algolia.io *.sentry.io *.browser-intake-datadoghq.eu *.sentry.io google.com/pay *.cardinalcommerce.com *.fontawesome.com vimeo.com *.osano.com *.ads.linkedin.com analytics.tiktok.com *.analytics.google.com *.google-analytics.com *.googlesyndication.com *.hotjar.io www.google.com googleads.g.doubleclick.net ws.hotjar.com adservice.google.com analytics.google.com stats.g.doubleclick.net; frame-ancestors admin.hachettelearning.com 'self' admin.hachettelearning.com; script-src cdn.eu.trustpayments.com 'self' *.securetrading.net *.secure.checkout.visa.com secure.checkout.visa.com *.cardinalcommerce.com *.datadoghq-browser-agent.com *.browser-intake-datadoghq.eu pay.google.com *.fontawesome.com *.trustpilot.com *.youtube.com *.vimeo.com *.cloudflare.com *.osano.com www.googletagmanager.com 'unsafe-inline' snap.licdn.com static.hotjar.com connect.facebook.net static.ads-twitter.com analytics.tiktok.com *.analytics.google.com script.hotjar.com googleads.g.doubleclick.net; img-src secure.checkout.visa.com *.secure.checkout.visa.com *.vims.visa.com 'self' data: resourcehub-resource-api.hodder.education analytics.twitter.com *.ads.linkedin.com www.facebook.com/tr www.facebook.com www.googletagmanager.com www.google.com t.co www.google.co.uk googleads.g.doubleclick.net media.hachettelearning.com; form-action 'self' *.cardinalcommerce.com *.securetrading.net verify.monzo.com; base-uri 'self'; report-uri https://www.hachettelearning.com/csp-report 2
default-src 'self'; script-src 'self' 'unsafe-eval'; script-src-elem 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; style-src-attr 'self' 'unsafe-inline'; font-src 'self' data:; img-src 'self' data:; object-src 'none'; frame-ancestors 'none'; report-to csp-endpoint; report-uri https://www.llb.li/rest/weak/logs/csp-reports 2
default-src 'self' *.a8b.co 2
font-src fonts.gstatic.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.sagepay.com *.opayo.eu.elavon.com *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.stripe.com *.stripe.network *.google.com *.sagepay.com *.opayo.eu.elavon.com *.arcot.com *.rsa3dsauth.co.uk *.rsa3dsauth.com *.boc.cn *.afs.com.bh *.enfuce.com *.cardcenter.ch *.nexigroup.com *.pluscard.de *.qiib.com.qa *.paylife.at *.redsys.es *.3dsecure.no *.modirum.com *.edb.com *.viseca.ch *.apata.io *.capitalone.com *.dnp-cdms.jp *.revolut.com *.bankserv.co.za *.swisscard.ch *.six-group.com *.marqeta.com *.cardinalcommerce.com *.wlp-acs.com *.imbank.com *.tsys.co.uk *.sia.eu *.garanti.com.tr *.commerzbank.de *.cmbchina.com *.alahli.com *.mycardsecure.com *.gps.com.bh *.citibank.com *.wibmo.com *.dkb.de *.monzo.com *.alinma.com *.nccc.com.tw *.starlingbank.com *.danskebank.com *.pekao24.pl *.lloydsbank.co.uk/ *.lloydsbank.com/ *.lloydsbankinggroup.com/ *.channel-cards-auth-api.lloydsbankinggroup.com/ *.sparebank1.no *.rabobank.nl *.s-id-check-sparkassen.de *.sparkassen-kreditkarten.de *.mbank.pl *.secure2gw.ro *.btrl.ro *.cafis-paynet.jp *.borica.bg *.fibank.bg *.cic.fr *.zaba.hr *.citibank.co.in *.centrum24.pl *.bankmillennium.pl *.icps.mu *.egolomt.mn *.lcl.fr *.ctbcbank.com *.qiwi.com *.postfinance.ch *.citadele.lv *.kib.com.kw *.cathaybk.com.tw *.pkobp.pl *.acdcproc.com *.abanca.com *.n26.com *.klikbca.com *.psa.at *.sumup.com *.eglobal.com.mx *.pl.ing.com *.qnb.com *.rpc-raiffeisen.com *.sebkort.com *.ocbc.com *.tapngo.com.hk *.stcpay.com.sa *.creditmutuel.fr *.luottokunta.fi *.swedbank.se *.unibank.am *.estcard.ee *.hyundaicard.com *.privatbank.ua *.fssnet.co.in *.kbcard.com *.luminorgroup.com *.mashreq.com *.mercurypaymentservices.it *.moneta.cz *.sensebank.com.ua *.sibs.pt *.stripeauthentications.com *.dskbank.bg *.otpbank.hu *.techcombank.com.vn *.touch.tech *.asseco-see.hr *.3dsecure-csas.cz *.cyris.com *.secureacs.com *.acb.com.vn 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.stripe.network *.link.com *.amazon.com *.google.com pay.google.com 'self'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.bugherd.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.sagepay.com *.opayo.eu.elavon.com *.arcot.com *.rsa3dsauth.co.uk *.rsa3dsauth.com *.boc.cn *.afs.com.bh *.enfuce.com *.cardcenter.ch *.pluscard.de *.qiib.com.qa *.nexigroup.com *.paylife.at *.redsys.es *.3dsecure.no *.modirum.com *.edb.com *.viseca.ch *.apata.io *.capitalone.com *.dnp-cdms.jp *.revolut.com *.bankserv.co.za *.swisscard.ch *.six-group.com *.marqeta.com *.cardinalcommerce.com *.wlp-acs.com *.imbank.com *.tsys.co.uk *.sia.eu *.garanti.com.tr *.commerzbank.de *.cmbchina.com *.alahli.com *.mycardsecure.com *.gps.com.bh *.citibank.com *.wibmo.com *.dkb.de *.monzo.com *.alinma.com *.nccc.com.tw *.starlingbank.com *.danskebank.com *.pekao24.pl *.lloydsbank.co.uk/ *.lloydsbank.com/ *.lloydsbankinggroup.com/ *.channel-cards-auth-api.lloydsbankinggroup.com/ *.sparebank1.no *.rabobank.nl *.s-id-check-sparkassen.de *.sparkassen-kreditkarten.de *.mbank.pl *.secure2gw.ro *.btrl.ro *.cafis-paynet.jp *.borica.bg *.fibank.bg *.cic.fr *.zaba.hr *.citibank.co.in *.centrum24.pl *.bankmillennium.pl *.icps.mu *.egolomt.mn *.lcl.fr *.ctbcbank.com *.qiwi.com *.postfinance.ch *.citadele.lv *.kib.com.kw *.cathaybk.com.tw *.pkobp.pl *.acdcproc.com *.abanca.com *.n26.com *.klikbca.com *.psa.at *.sumup.com *.eglobal.com.mx *.pl.ing.com *.qnb.com *.rpc-raiffeisen.com *.sebkort.com *.ocbc.com *.tapngo.com.hk *.stcpay.com.sa *.creditmutuel.fr *.luottokunta.fi *.swedbank.se *.unibank.am *.estcard.ee *.hyundaicard.com *.privatbank.ua *.fssnet.co.in *.kbcard.com *.luminorgroup.com *.mashreq.com *.mercurypaymentservices.it *.moneta.cz *.sensebank.com.ua *.sibs.pt *.stripeauthentications.com *.dskbank.bg *.otpbank.hu *.techcombank.com.vn *.touch.tech *.asseco-see.hr *.3dsecure-csas.cz *.cyris.com *.secureacs.com *.acb.com.vn account.fetchify.com *.mention-me.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.sweetanalytics.com *.brooktaverner.us *.ometria.com *.visualwebsiteoptimizer.com *.bing.com *.clarity.ms *.google.co.uk *.stripe.com *.stripe.network *.google.com ebizmarts-website.s3.amazonaws.com *.sagepay.com *.paypal.com *.opayo.eu.elavon.com *.klarna.com *.klarnaevt.com *.klarnacdn.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://maps.gstatic.com data: 'self' 'unsafe-inline'; script-src secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.trustpilot.com *.glopal.com *.sweetanalytics.com *.ometria.com *.ads-twitter.com *.twitter.com *.googletagmanager.com *.visualwebsiteoptimizer.com *.zdassets.com *.bing.com *.clarity.ms *.adroll.com *.bugherd.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com *.google.com *.sagepay.com *.opayo.eu.elavon.com *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io https://maps.googleapis.com *.mention-me.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.glopal.com *.googleapis.com *.stripe.network *.stripecdn.com *.amazon.com *.google.com *.sagepay.com *.opayo.eu.elavon.com cc-cdn.com *.klarnacdn.net https://static.klaviyo.com *.fontawesome.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.ometria.com *.sweetanalytics.com *.zopim.com *.clarity.ms *.google-analytics.com brooktaverner.zendesk.com *.zdassets.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.sagepay.com *.paypal.com *.opayo.eu.elavon.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://maps.googleapis.com *.mention-me.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self'; frame-ancestors 'self'; form-action 'self'; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.audioeye.com akstat.io *.akstat.io cookielaw.org cdn.cookielaw.org *.google-analytics.com *.quantummetric.com quantummetric.com *.typekit.net www.googletagmanager.com tapestry.com *.tapestry.com tapestry.support *.licdn.com *.jwplatform.com *.jwpcdn.com cdn.jwplayer.com prd.jwpltx.com *.jwpsrv.com jsdelivr.net *.jsdelivr.net *.newrelic.com *-tapestry-news.pantheonsite.io cdnjs.cloudflare.com fonts.googleapis.com secure.gravatar.com px.ads.linkedin.com cdn.linkedin.oribi.io p.adsymptotic.com tapestry.gcs-web.com opensupplyhub.org *.akamaihd.net go-mpulse.net *.go-mpulse.net geolocation.onetrust.com stats.g.doubleclick.net fonts.gstatic.com data: blob:; 2
script-src 'self' 'unsafe-eval' https://use.fontawesome.com https://www.googletagmanager.com https://cdn.jsdelivr.net https://static.ctctcdn.com https://translate.googleapis.com https://cdnjs.cloudflare.com https://www.weps.org; script-src-elem 'self' 'unsafe-inline' translate.google.com www.google.com www.gstatic.com static.ctctcdn.com www.googletagmanager.com cdn.jsdelivr.net www.google-analytics.com translate.googleapis.com bam.nr-data.net js-agent.newrelic.com cdn.gtranslate.net https://cdnjs.cloudflare.com https://www.weps.org; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://use.fontawesome.com https://www.weps.org; style-src-elem 'self' 'unsafe-inline' cdn.jsdelivr.net translate.googleapis.com static.ctctcdn.com www.gstatic.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://use.fontawesome.com https://www.weps.org; frame-ancestors 'self' 2
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.sagepay.com *.opayo.eu.elavon.com *.fontawesome.com *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.googleapis.com *.usablenet.com *.udev1a.net *.narvar.com *.narvar.qa *.tawk.to data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.sagepay.com *.opayo.eu.elavon.com *.arcot.com *.rsa3dsauth.co.uk *.rsa3dsauth.com *.boc.cn *.afs.com.bh *.enfuce.com *.cardcenter.ch *.nexigroup.com *.pluscard.de *.qiib.com.qa *.paylife.at *.redsys.es *.3dsecure.no *.modirum.com *.edb.com *.viseca.ch *.apata.io *.capitalone.com *.dnp-cdms.jp *.revolut.com *.bankserv.co.za *.swisscard.ch *.six-group.com *.marqeta.com *.cardinalcommerce.com *.wlp-acs.com *.imbank.com *.tsys.co.uk *.sia.eu *.garanti.com.tr *.commerzbank.de *.cmbchina.com *.alahli.com *.mycardsecure.com *.gps.com.bh *.citibank.com *.wibmo.com *.dkb.de *.monzo.com *.alinma.com *.nccc.com.tw *.starlingbank.com *.danskebank.com *.pekao24.pl *.lloydsbank.co.uk/ *.lloydsbank.com/ *.lloydsbankinggroup.com/ *.channel-cards-auth-api.lloydsbankinggroup.com/ *.sparebank1.no *.rabobank.nl *.s-id-check-sparkassen.de *.sparkassen-kreditkarten.de *.mbank.pl *.secure2gw.ro *.btrl.ro *.cafis-paynet.jp *.borica.bg *.fibank.bg *.cic.fr *.zaba.hr *.citibank.co.in *.centrum24.pl *.bankmillennium.pl *.icps.mu *.egolomt.mn *.lcl.fr *.ctbcbank.com *.qiwi.com *.postfinance.ch *.citadele.lv *.kib.com.kw *.cathaybk.com.tw *.pkobp.pl *.acdcproc.com *.abanca.com *.n26.com *.klikbca.com *.psa.at *.sumup.com *.eglobal.com.mx *.pl.ing.com *.qnb.com *.rpc-raiffeisen.com *.sebkort.com *.ocbc.com *.tapngo.com.hk *.stcpay.com.sa *.creditmutuel.fr *.luottokunta.fi *.swedbank.se *.unibank.am *.estcard.ee *.hyundaicard.com *.privatbank.ua *.fssnet.co.in *.kbcard.com *.luminorgroup.com *.mashreq.com *.mercurypaymentservices.it *.moneta.cz *.sensebank.com.ua *.sibs.pt *.stripeauthentications.com *.dskbank.bg *.otpbank.hu *.techcombank.com.vn *.touch.tech *.asseco-see.hr *.3dsecure-csas.cz *.cyris.com *.secureacs.com *.acb.com.vn https://logistics-stage.ecpay.com.tw/Express/map https://logistics.ecpay.com.tw/Express/map https://logistics-stage.ecpay.com.tw/helper/printTradeDocument https://logistics.ecpay.com.tw/helper/printTradeDocument *.twitter.com *.usablenet.com *.udev1a.net https://plumrocket.com *.authorize.net 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com * *.tawk.to 'self' 'unsafe-inline'; frame-ancestors *.certcapture.com *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.affirm.com *.affirm.ca *.certcapture.com *.sagepay.com *.opayo.eu.elavon.com *.arcot.com *.rsa3dsauth.co.uk *.rsa3dsauth.com *.boc.cn *.afs.com.bh *.enfuce.com *.cardcenter.ch *.pluscard.de *.qiib.com.qa *.nexigroup.com *.paylife.at *.redsys.es *.3dsecure.no *.modirum.com *.edb.com *.viseca.ch *.apata.io *.capitalone.com *.dnp-cdms.jp *.revolut.com *.bankserv.co.za *.swisscard.ch *.six-group.com *.marqeta.com *.cardinalcommerce.com *.wlp-acs.com *.imbank.com *.tsys.co.uk *.sia.eu *.garanti.com.tr *.commerzbank.de *.cmbchina.com *.alahli.com *.mycardsecure.com *.gps.com.bh *.citibank.com *.wibmo.com *.dkb.de *.monzo.com *.alinma.com *.nccc.com.tw *.starlingbank.com *.danskebank.com *.pekao24.pl *.lloydsbank.co.uk/ *.lloydsbank.com/ *.lloydsbankinggroup.com/ *.channel-cards-auth-api.lloydsbankinggroup.com/ *.sparebank1.no *.rabobank.nl *.s-id-check-sparkassen.de *.sparkassen-kreditkarten.de *.mbank.pl *.secure2gw.ro *.btrl.ro *.cafis-paynet.jp *.borica.bg *.fibank.bg *.cic.fr *.zaba.hr *.citibank.co.in *.centrum24.pl *.bankmillennium.pl *.icps.mu *.egolomt.mn *.lcl.fr *.ctbcbank.com *.qiwi.com *.postfinance.ch *.citadele.lv *.kib.com.kw *.cathaybk.com.tw *.pkobp.pl *.acdcproc.com *.abanca.com *.n26.com *.klikbca.com *.psa.at *.sumup.com *.eglobal.com.mx *.pl.ing.com *.qnb.com *.rpc-raiffeisen.com *.sebkort.com *.ocbc.com *.tapngo.com.hk *.stcpay.com.sa *.creditmutuel.fr *.luottokunta.fi *.swedbank.se *.unibank.am *.estcard.ee *.hyundaicard.com *.privatbank.ua *.fssnet.co.in *.kbcard.com *.luminorgroup.com *.mashreq.com *.mercurypaymentservices.it *.moneta.cz *.sensebank.com.ua *.sibs.pt *.stripeauthentications.com *.dskbank.bg *.otpbank.hu *.techcombank.com.vn *.touch.tech *.asseco-see.hr *.3dsecure-csas.cz *.cyris.com *.secureacs.com *.acb.com.vn landofcoder.com maps.googleapis.com chart.googleapis.com *.twitter.com *.usablenet.com *.udev1a.net https://plumrocket.com *.authorize.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com * https://accounts.google.com *.tawk.to 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com p.typekit.net *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net data: d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.affirm.com *.affirm.ca *.certcapture.com *.sagepay.com *.opayo.eu.elavon.com ebizmarts-website.s3.amazonaws.com magefan.com cm.magefan.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.usablenet.com *.udev1a.net *.narvar.com *.narvar.qa hexagon-analytics.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.tawk.to cdn.jsdelivr.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.magento-ds.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.magento-datasolutions.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.affirm.com *.affirm.ca *.certcapture.com *.sagepay.com *.opayo.eu.elavon.com landofcoder.com maps.googleapis.com chart.googleapis.com *.paypal.com *.sandbox.paypal.com *.googletagmanager.com *.plumrocket.com *.tawk.to *.bam-cell.nr-data.net *.gstatic.com *.usablenet.com *.udev1a.net cdn.sift.com api3.veritrans.co.jp *.authorize.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com https://accounts.google.com https://www.gstatic.com cdn.jsdelivr.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.certcapture.com *.sagepay.com *.opayo.eu.elavon.com *.fontawesome.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.usablenet.com *.udev1a.net assets.braintreegateway.com https://accounts.google.com https://www.gstatic.com *.tawk.to cdn.jsdelivr.net 'self' 'unsafe-inline'; object-src landofcoder.com maps.googleapis.com chart.googleapis.com 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.narvar.com *.narvar.qa 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com *.adobe.io performance.typekit.net commerce.adobe.io *.sentry.io *.paypal.com google.com *.google.com *.magento-datasolutions.com *.magento-ds.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.affirm.com *.affirm.ca *.certcapture.com *.sagepay.com *.opayo.eu.elavon.com landofcoder.com maps.googleapis.com chart.googleapis.com *.cloudflare.com *.twitter.com *.twimg.com *.usablenet.com *.udev1a.net api3.veritrans.co.jp *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com https://accounts.google.com *.tawk.to wss://*.tawk.to 'self' 'unsafe-inline'; child-src *.certcapture.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://mcstaging.mikimoto.com/; report-to report-endpoint; 2
font-src *.fontawesome.com fonts.gstatic.com www.google.com www.gstatic.com maxcdn.bootstrapcdn.com crmbots.uniongroup.holdings data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com td.doubleclick.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.co *.facebook.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com zolotakraina.ua www.google.com.ua crmbots.uniongroup.holdings *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://www.googletagmanager.com https://polyfill.io polyfill.io multisearch.io connect.facebook.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com secure.authorize.net test.authorize.net js.braintreegateway.com *.googleapis.com *.google.com *.gstatic.com *.avada.io assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com static.hotjar.com script.hotjar.com js-agent.newrelic.com www.youtube.com crmbots.uniongroup.holdings songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com crmbots.uniongroup.holdings maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io bam.nr-data.net wss://crmbots.uniongroup.holdings crmbots.uniongroup.holdings *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src fonts.gstatic.com use.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com *.googleapis.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.googlesyndication.com https://plumrocket.com *.yotpo.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com https://plumrocket.com https://accounts.google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.googlesyndication.com https://images.unsplash.com *.yotpo.com *.klarna.com *.klarnaevt.com *.klarnacdn.net *.koongo.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com commerce.adobe.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com https://vimeo.com https://player.vimeo.com https://accounts.google.com https://www.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com *.klarnaservices.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com https://accounts.google.com https://www.gstatic.com *.yotpo.com *.klarnacdn.net maxcdn.bootstrapcdn.com cdnjs.cloudflare.com/ajax/libs/highlight.js/9.3.0/styles/darkula.min.css unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.magento-datasolutions.com *.magento-ds.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.doubleclick.net *.googlesyndication.com https://accounts.google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com *.klarnaservices.com *.koongo.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
script-src-elem *.bestheating.com *.bestheating.ie *.bigbathroomshop.co.uk *.bigbathroomshop.ie *.hudsonreed.com *.magedev.co.uk *.magedev2.co.uk *.magedev3.co.uk *.magedev4.co.uk *.magedev5.co.uk *.magedev6.co.uk *.magestage.co.uk *.mageweb.co.uk *.localdev.com *.ldgdev.co.uk *.adalyser.com *.payments-amazon.com *.cdn-apple.com *.billiger.de billiger.de *.bing.com *.bing.net js.braintreegateway.com *.braintreegateway.com *.cardinalcommerce.com *.cloudfront.net *.digitalbridgehq.com *.doubleclick.net *.equalweb.com www.facebook.com connect.facebook.net *.avocet.io avocet.io *.gstatic.com *.google.com *.google.co.uk www.googleadservices.com www.google-analytics.com *.googleapis.com *.googlecommerce.com *.googlesyndication.com www.googletagmanager.com s.kk-resources.com *.klarna.com *.klarnacdn.net *.klaviyo.com *.klevu.com secure.cimg.leguide.com *.clarity.ms js-agent.newrelic.com bam.nr-data.net *.onetrust.com www.paypalobjects.com *.paypal.com services.postcodeanywhere.co.uk trues11114.pcapredict.com s.pinimg.com ct.pinterest.com *.salesforce.com *.force.com *.salesforceliveagent.com ldg.my.site.com ldg.my.salesforce-scrt.com host *.solutenetwork.com *.trustpilot.com unpkg.com 'unsafe-inline' app.vwo.com *.visualwebsiteoptimizer.com *.jsdelivr.net *.fabric-analytics.com *.growthbook.io *.gb-ingest.com *.appzi.io *.webgains.io *.webgains.com; font-src *.klarnacdn.net *.klevu.com *.ksearchnet.com *.bestheating.com *.bestheating.ie *.bigbathroomshop.co.uk *.bigbathroomshop.ie *.hudsonreed.com *.magedev.co.uk *.magedev2.co.uk *.magedev3.co.uk *.magedev4.co.uk *.magedev5.co.uk *.magedev6.co.uk *.magestage.co.uk *.mageweb.co.uk *.localdev.com *.ldgdev.co.uk *.equalweb.com *.googleusercontent.com *.typekit.net fonts.gstatic.com *.sirv.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://hpp.worldpay.com/app/hpp-iframe/integration/wpg/corporate https://secure-test.worldpay.com/shopper/3ds/ddc.html https://secure.worldpay.com/shopper/3ds/ddc.html https://payments-test.worldpay.com/app/hpp-iframe/integration/wpg/corporate https://payments-live.hpp.apps.eu-west-1-7z55k.dev.msp.worldpay.io/app/hpp-iframe/integration/wpg/corporate https://payments.worldpay.com/app/hpp-iframe/integration/wpg/corporate 'self' 'unsafe-inline'; frame-ancestors https://pay.google.com/ 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.klarna.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.bestheating.com *.bestheating.ie *.bigbathroomshop.co.uk *.bigbathroomshop.ie *.hudsonreed.com *.magedev.co.uk *.magedev2.co.uk *.magedev3.co.uk *.magedev4.co.uk *.magedev5.co.uk *.magedev6.co.uk *.magestage.co.uk *.mageweb.co.uk *.localdev.com *.ldgdev.co.uk *.equalweb.com *.google.com *.google.co.uk *.googlecommerce.com *.salesforce.com *.force.com *.salesforceliveagent.com ldg.my.site.com ldg.my.salesforce-scrt.com *.visualwebsiteoptimizer.com app.vwo.com https://payments-test.worldpay.com/app/hpp-iframe/integration/wpg/corporate https://payments.worldpay.com/app/hpp-iframe/integration/wpg/corporate https://payments-live.hpp.apps.eu-west-1-7z55k.dev.msp.worldpay.io/app/hpp-iframe/integration/wpg/corporate https://pay.google.com https://secure-test.worldpay.com https://hpp.worldpay.com/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com *.klarna.com *.klarnaevt.com *.klarnacdn.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.bestheating.com *.bestheating.ie *.bigbathroomshop.co.uk *.bigbathroomshop.ie *.hudsonreed.com *.magedev.co.uk *.magedev2.co.uk *.magedev3.co.uk *.magedev4.co.uk *.magedev5.co.uk *.magedev6.co.uk *.magestage.co.uk *.mageweb.co.uk *.localdev.com *.ldgdev.co.uk *.adalyser.com *.s3.eu-west-1.amazonaws.com *.bing.com *.bing.net *.cloudfront.net *.doubleclick.net *.equalweb.com www.facebook.com connect.facebook.net *.google.com *.google.co.uk www.google.es www.google.it www.google.fr www.google.de www.google.nl www.google.be www.google.at www.google.ie *.googlesyndication.com *.googleusercontent.com *.gstatic.com *.clarity.ms *.onetrust.com www.paypalobjects.com *.paypal.com services.postcodeanywhere.co.uk s.pinimg.com ct.pinterest.com *.salesforce.com *.force.com *.salesforceliveagent.com ldg.my.site.com ldg.my.salesforce-scrt.com *.sirv.com *.visualwebsiteoptimizer.com app.vwo.com useruploads.vwo.io *.jsdelivr.net *.fabric-analytics.com *.growthbook.io *.gb-ingest.com *.appzi.io *.cloudflare.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.klarna.com *.klarnacdn.net *.klarnacdn.net *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.klevu.com *.ksearchnet.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com *.bestheating.com *.bestheating.ie *.bigbathroomshop.co.uk *.bigbathroomshop.ie *.hudsonreed.com *.magedev.co.uk *.magedev2.co.uk *.magedev3.co.uk *.magedev4.co.uk *.magedev5.co.uk *.magedev6.co.uk *.magestage.co.uk *.mageweb.co.uk *.localdev.com *.ldgdev.co.uk *.adalyser.com *.cdn-apple.com *.billiger.de billiger.de *.bing.com *.bing.net *.braintreegateway.com *.cardinalcommerce.com *.cloudfront.net *.digitalbridgehq.com *.doubleclick.net *.equalweb.com www.facebook.com connect.facebook.net *.avocet.io avocet.io *.google.com *.google.co.uk *.googleapis.com *.googlecommerce.com *.googlesyndication.com *.gstatic.com s.kk-resources.com *.klaviyo.com *.klevu.com secure.cimg.leguide.com *.clarity.ms js-agent.newrelic.com bam.nr-data.net *.onetrust.com www.paypalobjects.com *.paypal.com services.postcodeanywhere.co.uk trues11114.pcapredict.com s.pinimg.com ct.pinterest.com *.salesforce.com *.force.com *.salesforceliveagent.com ldg.my.site.com ldg.my.salesforce-scrt.com *.solutenetwork.com *.trustpilot.com unpkg.com app.vwo.com *.visualwebsiteoptimizer.com *.jsdelivr.net *.fabric-analytics.com *.growthbook.io *.gb-ingest.com *.appzi.io *.webgains.io *.webgains.com https://www.google.com/recaptcha/api.js *.cloudflare.com https://pay.google.com/gp/p/js/pay.js https://applepay.cdn-apple.com/jsapi/v1/apple-pay-sdk.js https://payments.worldpay.com/resources/cse/js/worldpay-cse-1.0.2.min.js https://payments.worldpay.com/resources/hpp/integrations/embedded/js/hpp-embedded-integration-library.js https://d35p4vvdul393k.cloudfront.net/sdk_library/us/stg/ops/pc_gsmpi_web_sdk.js https://d16i99j5zwwv51.cloudfront.net/sdk_library/us/prd/ops/pc_gsmpi_web_sdk.js *.sirv.com player.vimeo.com https://js.klevu.com https://cdn-ukwest.onetrust.com https://service.force.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.klarnacdn.net https://static.klaviyo.com *.klevu.com *.ksearchnet.com unsafe-inline assets.braintreegateway.com *.bestheating.com *.bestheating.ie *.bigbathroomshop.co.uk *.bigbathroomshop.ie *.hudsonreed.com *.magedev.co.uk *.magedev2.co.uk *.magedev3.co.uk *.magedev4.co.uk *.magedev5.co.uk *.magedev6.co.uk *.magestage.co.uk *.mageweb.co.uk *.localdev.com *.ldgdev.co.uk *.equalweb.com fonts.googleapis.com www.googletagmanager.com *.gstatic.com *.klaviyo.com services.postcodeanywhere.co.uk *.salesforce.com *.force.com *.salesforceliveagent.com ldg.my.site.com ldg.my.salesforce-scrt.com *.typekit.net *.visualwebsiteoptimizer.com app.vwo.com useruploads.vwo.io *.jsdelivr.net *.fabric-analytics.com *.growthbook.io *.gb-ingest.com *.appzi.io *.cloudflare.com https://fonts.googleapis.com/css *.sirv.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.bestheating.com *.bestheating.ie *.bigbathroomshop.co.uk *.bigbathroomshop.ie *.hudsonreed.com *.magedev.co.uk *.magedev2.co.uk *.magedev3.co.uk *.magedev4.co.uk *.magedev5.co.uk *.magedev6.co.uk *.magestage.co.uk *.mageweb.co.uk *.localdev.com *.ldgdev.co.uk *.bing.com *.bing.net *.equalweb.com *.gstatic.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.bestheating.com *.bestheating.ie *.bigbathroomshop.co.uk *.bigbathroomshop.ie *.hudsonreed.com *.magedev.co.uk *.magedev2.co.uk *.magedev3.co.uk *.magedev4.co.uk *.magedev5.co.uk *.magedev6.co.uk *.magestage.co.uk *.mageweb.co.uk *.localdev.com *.ldgdev.co.uk payments-eu.amazon.com *.s3.eu-west-1.amazonaws.com *.bing.com *.bing.net payments.braintree-api.com *.datadome.co *.digitalbridgehq.com eu.prd.impact.fixtuur.com *.doubleclick.net *.equalweb.com *.facebook.com *.google.com *.google.co.uk www.google.es www.google.it www.google.fr www.google.de www.google.nl www.google.be www.google.at www.google.ie *.googleapis.com *.googlesyndication.com *.clarity.ms js-agent.newrelic.com bam.nr-data.net *.onetrust.com www.paypalobjects.com *.paypal.com s.pinimg.com ct.pinterest.com services.postcodeanywhere.co.uk region1.google-analytics.com *.salesforce.com *.force.com *.salesforceliveagent.com ldg.my.site.com ldg.my.salesforce-scrt.com *.samsung.com *.typekit.net *.webgains.io *.visualwebsiteoptimizer.com app.vwo.com *.jsdelivr.net *.fabric-analytics.com *.growthbook.io *.gb-ingest.com *.appzi.io https://www.google.com/pay https://pay.google.com/gp/p/web_manifest.json https://pay.google.com/gp/p/payment_method_manifest.json https://pay.google.com/ https://google.com/pay *.worldpay.com https://hpp.worldpay.com/app/hpp/135-0/telemetry https://hpp.worldpay.com/app/hpp/135-0/payment/paypalsmartbutton/continue https://payments.worldpay.com/app/hpp/135-0/telemetry/iframe *.sirv.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri *.onetrust.com 'self' 'unsafe-inline'; report-uri https://f4ea971e-20d9-420f-b92f-973abc905556.sansec.watch/; report-to report-endpoint; 2
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.googletagmanager.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: https://cdn.velovita.com https://images.ctfassets.net https://secure.gravatar.com; connect-src 'self'; report-uri https://YOUR_ENDPOINT/csp-report 2
font-src fonts.gstatic.com wsv3cdn.audioeye.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * bid.g.doubleclick.net/ ssl.kaptcha.com tst.kaptcha.com wsv3cdn.audioeye.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https: https://meetanshi.com/media/logo.png data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de chimpstatic.com downloads.mailchimp.com *.list-manage.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com buttons-config.sharethis.com platform-api.sharethis.com t.sharethis.com www.redditstatic.com www.mczbf.com connect.facebook.net wsmcdn.audioeye.com wsv3cdn.audioeye.com cmp.osano.com appleid.cdn-apple.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com unsafe-inline assets.braintreegateway.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com s3.amazonaws.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com googleads.g.doubleclick.net stats.g.doubleclick.net l.sharethis.com platform-api.sharethis.com *.braintreegateway.com *.sandbox.paypal.com www.mczbf.com analytics.audioeye.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com https://seo.mageplaza.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.instagram.com *.google.com *.doubleclick.net *.facebook.com *.richcall.io *.getflowbox.com *.hotjar.com creativecdn.com *.cookiebot.com *.criteo.net *.criteo.com *.datatrics.com *.meubelo.nl *.fonteyn.nl *.fonteyn.dev *.fonteyn.co.uk *.folm.de *.fonteynspas.com *.fonteynspas.de *.fonteynspas.co.uk js.mollie.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.cdninstagram.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com www.apptrian.com *.cloudfront.net *.hipex.cloud *.bing.com *.cheqzone.com *.pinterest.com *.clarity.ms *.yahoo.com *.criteo.net *.criteo.com *.datatrics.com *.meubelo.nl *.fonteyn.nl *.fonteyn.dev *.fonteyn.co.uk *.folm.de *.fonteynspas.com *.fonteynspas.de *.fonteynspas.co.uk https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ magefan.com cm.magefan.com mageside.com https://www.mollie.com ts.tradetracker.net www.magmodules.eu www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.instagram.com *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com www.apptrian.com *.richcall.io *.getflowbox.com *.cookiebot.com *.pinimg.com *.criteo.net *.hotjar.com *.zdassets.com *.bing.com *.cheqzone.com *.clarity.ms *.criteo.com *.datatrics.com unpkg.com *.unpkg.com *.adcalls.nl *.meubelo.nl *.fonteyn.nl *.fonteyn.dev *.fonteyn.co.uk *.folm.de *.fonteynspas.com *.fonteynspas.de *.fonteynspas.co.uk https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.fontawesome.com *.googleapis.com *.avada.io js.mollie.com tm.tradetracker.net www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.fontawesome.com *.fonteyn.nl *.fonteyn.dev *.fonteyn.co.uk *.folm.de *.fonteynspas.com *.fonteynspas.de *.fonteynspas.co.uk https://static.klaviyo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com www.apptrian.com *.zdassets.com *.meubelo.nl *.fonteyn.nl *.fonteyn.dev *.fonteyn.co.uk *.folm.de *.fonteynspas.com *.fonteynspas.de *.fonteynspas.co.uk 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com www.apptrian.com *.richcall.io *.getflowbox.com *.zendesk.com *.zdassets.com *.pinterest.com *.clarity.ms *.cheqzone.com *.hotjar.com *.zopim.com *.datatrics.com *.doubleclick.net *.adcalls.nl wss://widget-mediator.zopim.com/ *.meubelo.nl *.fonteyn.nl *.fonteyn.dev *.fonteyn.co.uk *.folm.de *.fonteynspas.com *.fonteynspas.de *.fonteynspas.co.uk https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src *.richcall.io *.getflowbox.com *.meubelo.nl *.fonteyn.nl *.fonteyn.dev *.fonteyn.co.uk *.folm.de *.fonteynspas.com *.fonteynspas.de *.fonteynspas.co.uk http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com https://fonts.gstatic.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com v2.zopim.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.googlesyndication.com *.twitter.com https://www.facebook.com www.googletagmanager.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com https://*.google.com *.doubleclick.net *.googlesyndication.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.twitter.com axi.maxiaxi.com *.pinterest.com *.addthis.com https://consentcdn.cookiebot.com *.fast.amc.demdex.net https://tr.snapchat.com https://www.facebook.com *.cookiebot.eu googletagmanager.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://*.google.com *.google.bg *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.googlesyndication.com *.roeye.com https://static.buckaroo.nl validate.fishpig.co.uk https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com magefan.com cm.magefan.com https://firebasestorage.googleapis.com https://redchamps.com ts.tradetracker.net www.magmodules.eu *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.cloudfront.net *.maxiaxi.com bat.bing.com www.google.nl *.squeezely.tech tm-tradetracker.net *.pinterest.com *.googleapis.com *.googleoptimize.com *.linkedin.com *.cookiebot.com *.etrusted.com *.adobedtm.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://*.google.com *.google.bg *.googletagmanager.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com https://static.buckaroo.nl https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://buckaroo.nl https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.avada.io tm.tradetracker.net *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.googleapis.com app.aiden.cx js-agent.newrelic.com bam.nr-data.net rum-static.pingdom.net *.trustpilot.com *.zopim.com static.sooqr.com *.zdassets.com bat.bing.com static.buckaroo.nl *.squeezely.tech tm-tradetracker.net *.maxiaxi.com *.clarity.ms *.googleoptimize.com *.zendesk.com bam.eu01.nr-data.net *.pinimg.com *.addthis.com *.addthisedge.com *.moatads.com *.hotjar.com *.hotjar.io *.licdn.com *.beslist.nl *.tiktok.com *.stripe.com *.cookiebot.com *.etrusted.com *.smooch.io *.pinterest.com *.convertexperiments.com d5yoctgpv4cpx.cloudfront.net *.cookiebot.eu squeezely.tech 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.cloudflare.com *.twitter.com *.twimg.com *.typekit.net *.trustedshops.com *.usercentrics.eu static.sooqr.com *.etrusted.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.google-analytics.com *.facebook.net https://*.google.com *.doubleclick.net *.googlesyndication.com https://static.buckaroo.nl wss://websockets.buckaroo.io/ https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://applepay.buckaroo.io https://ipinfo.io https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com https://get.geojs.io *.avada.io *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com bam.nr-data.net *.zdassets.com widget-mediator.zopim.com stats.g.doubleclick.net squeezely.tech cognito-identity.eu-central-1.amazonaws.com rum-collector-2.pingdom.net wss://widget-mediator.zopim.com *.maxiaxi.com *.clarity.ms *.googleapis.com *.googleoptimize.com *.googletagmanager.com *.pinterest.com measurement-api.criteo.com *.zendesk.com bam.eu01.nr-data.net *.addthis.com *.hotjar.com *.beslist.nl *.tiktok.com app.aiden.cx *.hotjar.io wss://ws.hotjar.com analytics.pangle-ads.com googleads.g.doubleclick.net *.ads.linkedin.com *.cookiebot.com *.etrusted.com *.smooch.io *.convertexperiments.com p2iqhncxyh.execute-api.eu-central-1.amazonaws.com *.bing.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.hotjar.com *.hotjar.io wss://*.hotjar.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src https: 'unsafe-inline' 2
font-src *.fontawesome.com script.hotjar.com hyfin.app data: maxcdn.bootstrapcdn.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.weltpixel.com *.wesupply.xyz https://wesupplylabs.com vars.hotjar.com maps.googleapis.com stats.g.doubleclick.net *.fls.doubleclick.net cdn.evgnet.com hyfin.app *.globalpay.com *.verygoodvault.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io static.hotjar.com script.hotjar.com maps.googleapis.com stats.g.doubleclick.net cdn.evgnet.com hyfin.app *.globalpay.com *.verygoodvault.com *.gstatic.com *.googleapis.com *.cdninstagram.com *.fbcdn.net * www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.cloudflare.com script.hotjar.com static.hotjar.com maps.googleapis.com stats.g.doubleclick.net cdn.evgnet.com *.us-6.evergage.com hyfin.app *.globalpay.com *.verygoodvault.com *.smartystreets.com *.googleapis.com *.gstatic.com * www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com ajax.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com static.hotjar.com script.hotjar.com cdn.evgnet.com hyfin.app *.globalpay.com *.verygoodvault.com *.gstatic.com *.googleapis.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.hotjar.com *.hotjar.io wss://*.hotjar.com bam.nr-data.net stats.g.doubleclick.net cookie-cdn.cookiepro.com maps.googleapis.com cdn.evgnet.com *.us-6.evergage.com wss://*.hyfin.app hyfin.app *.globalpay.com *.verygoodvault.com *.smartystreets.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self' *.umbraco.com https://stats.g.doubleclick.net *.wandel.nl *.avond4daagse.nl *.pinterest.com *.cookiebot.com *.google-analytics.com packages.umbraco.org our.umbraco.org www.gravatar.com our.umbraco.com *.akamaized.net *.vimeo.com *.vimeocdn.com https://youtu.be https://www.youtube.com cdnjs.cloudflare.com *.facebook.com *.hotjar.com *.hotjar.io;              object-src 'none';              script-src 'self' 'unsafe-inline' 'unsafe-eval' wandel.blueconic.net *.avond4daagse.nl *.umbraco.com https://s.pinimg.com https://snap.licdn.com https://connect.facebook.net *.wandel.nl https://script.hotjar.com https://static.hotjar.com https://wandel.blueconic.net https://cdn.blueconic.net *.cookiebot.com ajax.aspnetcdn.com www.googletagmanager.com www.google-analytics.com www.google.com www.gstatic.com https://tagmanager.google.com https://spotlerscript.com https://maps.googleapis.com https://t.spotlerleads.nl cdnjs.cloudflare.com cdn.jsdelivr.net www.google-analytics.com www.googletagmanager.com;     script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.avond4daagse.nl cdn.blueconic.net static.hotjar.com script.hotjar.com www.google-analytics.com *.pinimg.com *.facebook.net *.facebook.com cdn.jsdelivr.net www.googletagmanager.com *.wandel.nl wandel.blueconic.net *.cookiebot.com *.atleta.cc;              style-src 'self' 'unsafe-inline' *.umbraco.com *.typekit.net *.wandel.nl https://tagmanager.google.com https://fonts.googleapis.com cdnjs.cloudflare.com;              img-src 'self' data: *.umbraco.com *.pinterest.com *.umbraco.com *.facebook.com *.facebook.net *.linkedin.com www.gravatar.com umbraco.tv our.umbraco.org our.umbraco.com dashboard.umbraco.org https://i.ytimg.com https://csi.gstatic.com https://maps.gstatic.com www.gravatar.com umbraco.tv *.googleapis.com www.google-analytics.com stats.g.doubleclick.net https://ssl.gstatic.com https://www.gstatic.com cdnjs.cloudflare.com *.azureedge.net *.wandel.nl *.googletagmanager.com *.facebook.com wandel.gxcloud.net www.github.com www.bing.com *.vimeocdn.com     *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat;              font-src 'self' data: *.umbraco.com *.cookiebot.com https://use.typekit.net https://fonts.gstatic.com data: cdnjs.cloudflare.com *.avast.com *.facebook.net;              frame-src 'self' *.umbraco.com https://www.pinterest.com https://vars.hotjar.com *.cookiebot.com youtu.be www.youtube.com www.google.com https://player.vimeo.com *.pinterest.com *.facebook.com *.googletagmanager.com https://atleta.cc;     connect-src 'self' wandel.blueconic.net *.avond4daagse.nl *.facebook.com *.hotjar.com *.hotjar.io code.jquery.com *.cookiebot.com *.umbraco.com; 2
font-src *.gstatic.com data: 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.typekit.net *.trustedshops.com *.dhlparcel.nl script.hotjar.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net *.facebook.com *.googlesyndication.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.multisafepay.com https://pay.google.com 'self'; frame-src secure.authorize.net test.authorize.net player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com *.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com 'self' data: *.bookerz.nl www.googletagmanager.com https://*.dpdconnect.nl *.multisafepay.com https://pay.google.com www.xtento.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: *.vimeocdn.com i.ytimg.com www.googleadservices.com www.google-analytics.com *.gstatic.com *.googleapis.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.roeye.com *.trustedshops.com *.google.nl www.googletagmanager.com *.bing.com bat.bing.net *.sooqr.com *.multisafepay.com www.magmodules.eu *.squeezely.tech www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src secure.authorize.net test.authorize.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googleadservices.com www.google-analytics.com *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com 'self' data: *.trustedshops.com *.convertexperiments.com *.robinhq.com *.windows.net *.msecnd.net *.dhlparcel.nl script.hotjar.com *.bing.com *.deacto.nl www.googletagmanager.com *.multisafepay.com js-agent.newrelic.com static.hotjar.com https://*.dpdconnect.nl s7.addthis.com *.avada.io *.sooqr.com https://pay.google.com squeezely.tech www.squeezely.tech *.squeezely.tech www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com 'self' data: *.typekit.net *.trustedshops.com *.dhlparcel.nl *.fontawesome.com *.sooqr.com *.multisafepay.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com *.google-analytics.com *.facebook.com *.facebook.net *.google.nl *.doubleclick.net *.googlesyndication.com 'self' data: *.visualstudio.com *.amazonaws.com *.google.com *.trustedshops.com *.bing.com bat.bing.net *.convertexperiments.com *.deacto.nl *.googleapis.com google-analytics.com bam.eu01.nr-data.net surveystats.hotjar.io ekr.zdassets.com/ https://get.geojs.io *.avada.io *.multisafepay.com squeezely.tech *.squeezely.tech 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src * data: 'unsafe-inline'; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: email.score-invest.com ajax.googleapis.com *.bing.com c.clarity.ms cdn.cookielaw.org cdn.early-birds.fr cdn.early-birds.io cdnjs.cloudflare.com ajax.cloudflare.com googleads.g.doubleclick.net h.clarity.ms sibautomation.com static.cloudflareinsights.com pixel.rubiconproject.com widgets.trustedshops.com *.google-analytics.com *.google.fr *.google.com *.googletagmanager.com *.googleapis.com fonts.gstatic.com connect.facebook.net *.criteo.net *.criteo.com *.zdassets.com *.zendesk.com *.zopim.com *.zopim.io wss://*.zendesk.com wss://*.zopim.com *.liadm.com criteo-partners.tremorhub.com sync.outbrain.com sync-t1.taboola.com rtb-csync.smartadserver.com eb2.3lift.com ad.360yield.com simage2.pubmatic.com r.casalemedia.com criteo-sync.teads.tv contextual.media.net cm.adform.net visitor.omnitagjs.com match.sharethrough.com matching.ivitrack.com *.stickyadstv.com exchange.mediavine.com s.ad.smaato.net *.doubleclick.net *.dmxLeo.com e1.emxdgt.com *.yahoo.com *.adnxs.com x.bidswitch.net api.early-birds.fr *.badminton-point.com  *.badminton-point.de *.brevo.com *.onetrust.com 2
font-src *.fontawesome.com www.searchanise.com *.searchserverapi.com *.gstatic.com 'self' data: fonts.gstatic.com *.yotpo.com *.googleapis.com *.cloudflare.com fonts.googleapis.com 'unsafe-inline' data: *.abakhan.co.uk *.woolbox.co.uk *.fabriczone.co.uk data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * www.searchanise.com *.searchserverapi.com *.twitter.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.meetanshi.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com www.google.com *.awin1.com *.zenaps.com *.fls.doubleclick.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.meetanshi.com js.mollie.com www.searchanise.com *.searchserverapi.com *.twitter.com www.xtento.com *.yotpo.com widget.trustpilot.com lpcdn.lpsnmedia.net www.paypalobjects.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.awin1.com *.zenaps.com https://images.unsplash.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://meetanshi.com/media/logo.png *.meetanshi.com https://www.mollie.com *.twitter.com *.twimg.com www.google.ru www.searchanise.com *.searchserverapi.com s3.amazonaws.com *.hsforms.net *.hsforms.com 'self' data: www.xtento.com cdn.xtento.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com *.yotpo.com *.cloudflare.com *.mdoq.io *.ibottles.co.uk *.google.com *.google.co.uk *.abakhan.co.uk *.woolbox.co.uk *.fabriczone.co.uk data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.awin1.com www.dwin1.com *.zenaps.com https://the.sciencebehindecommerce.com widget.freshworks.com m2epro.freshdesk.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io *.meetanshi.com js.mollie.com searchanise-ef84.kxcdn.com s3.amazonaws.com ajax.aspnetcdn.com www.searchanise.com *.searchserverapi.com *.searchanise.com api.amplitude.com *.twitter.com *.twimg.com *.hsforms.net *.hsforms.com *.google.com *.gstatic.com www.xtento.com cdn.xtento.com *.googletagmanager.com tagmanager.google.com *.yotpo.com *.cloudflare.com *.fontawesome.com *.liveperson.net *.trustpilot.com static.zdassets.com *.abakhan.co.uk *.woolbox.co.uk *.fabriczone.co.uk 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com widget.freshworks.com m2epro.freshdesk.com unsafe-inline assets.braintreegateway.com https://static.klaviyo.com *.fontawesome.com www.searchanise.com *.searchserverapi.com searchanise-ef84.kxcdn.com s3.amazonaws.com *.twitter.com ton.twimg.com *.googleapis.com *.gstatic.com tagmanager.google.com fonts.google.com *.yotpo.com *.cloudflare.com *.bootstrapcdn.com fonts.googleapis.com *.abakhan.co.uk *.woolbox.co.uk *.fabriczone.co.uk 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://the.sciencebehindecommerce.com widget.freshworks.com m2epro.freshdesk.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.ideal-postcodes.co.uk https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io *.meetanshi.com api.amplitude.com stats.g.doubleclick.net t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.yotpo.com *.cloudflare.com *.abakhan.co.uk *.woolbox.co.uk *.fabriczone.co.uk *.zendesk.com 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self'; font-src 'self' *.typekit.net *.gstatic.com https://widget.whisbi.com https://maxcdn.bootstrapcdn.com data:; script-src 'self' *.typekit.net *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.google-analytics.com *.googleadservices.com *.facebook.net *.ads-twitter.com https://wurfl.io https://config1.veinteractive.com https://static.whisbi.com https://px.veinteractive.com https://api.ipify.org https://library.whisbi.com https://code.jquery.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com widget.whisbi.com https://nebula-cdn.kampyle.com https://www.irishlife.ie https://script.crazyegg.com https://secure.quantserve.com https://snap.licdn.com https://bat.bing.com https://asset.gomoxie.solutions https://screencapture.kampyle.com https://screencaptue-cdn.kampyle.com https://cdn.cookielaw.org/scripttemplates/ https://googleads.g.doubleclick.net/pagead/viewthroughconversion/ https://rules.quantcount.com/rules-p-YVPTYyQxqBHy-.js https://analytics.twitter.com/i/ https://cdn.cookielaw.org/consent/f16f9427-5e76-4da0-81ad-7617fbf6cdf4/OtAutoBlock.js  https://cdn.cookielaw.org/ https://bat.bing.com/ https://cdn.cookielaw.org/ https://cdnjs.cloudflare.com/ https://googleads.g.doubleclick.net/ https://platform.twitter.com/ https://player.vimeo.com/ https://rules.quantcount.com/ https://script.crazyegg.com/ https://secure.quantserve.com/ https://static.ads-twitter.com/ https://www.google-analytics.com/ https://www.pagespeed-mod.com/ https://www.permanenttsb.ie/ 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.typekit.net https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://widget.whisbi.com https://www.irishlife.ie https://script.crazyegg.com *.gomoxie.solutions https://config1.veinteractive.com/scripts/ https://cdn.honey.io/ https://md-scp.kampyle.com/ https://www.googletagmanager.com/ https://www.gstatic.com/ 'unsafe-inline'; frame-src 'self' *.googletagmanager.com *.google.com *.vimeo.com  *.fls.doubleclick.net https://www.irishlife.ie https://config1.veinteractive.com https://script.crazyegg.com *.fls.doubleclick.net https://nebula-cdn.kampyle.com *.gomoxie.solutions https://permanenttsb.ehosts.net https://pay.realexpayments.com/ https://block.opendns.com/ https://filter.techloq.com/ https://gateway.zscalerthree.net/ https://gateway.zscalertwo.net/ https://td.doubleclick.net/ https://www.youtube.com/ https://zscaler-blockpage.endress.com/ https://zswpmanager.wip.mmc.com/;img-src 'self' *.google.ie *.typekit.net *.google-analytics.com *.gstatic.com *.googleapis.com *.google.com *.fls.doubleclick.net https://stats.g.doubleclick.net https://udc-neb.kampyle.com data: about: https://a.volvelle.tech https://x.bidswitch.net https://cookiee1.veinteractive.com https://www.irishlife.ie https://nebula-cdn.kampyle.com https://moxie-concierge.s3.amazonaws.com https://asset.gomoxie.solutions https://bat.bing.com/action/ https://t.co/i/ https://www.google.co.uk/pagead/ https://pixel.quantserve.com/ https://px.ads.linkedin.com/ https://www.facebook.com/tr/ https://p.adsymptotic.com/d/px/ https://www.linkedin.com/px/ https://www.google.co.uk/ads/ https://cdn.cookielaw.org/logos/ https://ad.doubleclick.net/ddm/ https://www.googletagmanager.com/ https://px4.ads.linkedin.com/ https://analytics.twitter.com/ https://ad.doubleclick.net/https://analytics.twitter.com/ https://i.vimeocdn.com/ https://i.ytimg.com/ https://lh3.ggpht.com/ https://pixel.quantserve.com/ https://prreqcroab.icu/ https://t.co/ https://udc-neb.kampyle.com/ https://www.google.ae/ https://www.google.at/ https://www.google.be/ https://www.google.ca/ https://www.google.ch/ https://www.google.co.il/ https://www.google.co.in/ https://www.google.co.nz/ https://www.google.co.th/ https://www.google.co.uk/ https://www.google.com/ https://www.google.com.ar/ https://www.google.com.au/ https://www.google.com.br/ https://www.google.com.co/ https://www.google.com.gi/ https://www.google.com.kh/ https://www.google.com.ng/ https://www.google.com.pe/https://www.google.com.sa/ https://www.google.cz/ https://www.google.de/ https://www.google.ee/ https://www.google.es/ https://www.google.fr/ https://www.google.gr/ https://www.google.hu/ https://www.google.im/ https://www.google.it/ https://www.google.lu/ https://www.google.nl/ https://www.google.pl/ https://www.google.pt/ https://www.google.ro/ https://www.permanenttsb.ie/ https://ad.doubleclick.net/;connect-src 'self' *.typekit.net *.google-analytics.com https://www.google.co.uk/ads/ https://bats.bing.com https://analytics.google.com/ https://privacyportal-de.onetrust.com https://cookiee1.veinteractive.com https://api.whisbi.com https://sessionapi.veinteractive.com https://dtrc.veinteractive.com https://apps.irishlife.ie https://script.crazyegg.com https://nebula-cdn.kampyle.com https://udc-neb.kampyle.com *.gomoxie.solutions https://asset.gomoxie.solutions https://cdn.cookielaw.org/consent/ https://cdn.cookielaw.org/scripttemplates/ https://panel-settings-cdn-e1.ve.com/panelsettings/live/ https://stats.g.doubleclick.net/ https://panel-settings-cdn-e1.ve.com https://tracking.crazyegg.com/ https://pagestates-tracking.crazyegg.com/healthcheck https://assets-tracking.crazyegg.com/healthcheck https://fontawesome.com/ https://cookies-data.onetrust.io/bannersdk/ https://panel-settings-cdn-e1.veinteractive.com/da20settings/live/ https://region1.analytics.google.com/g/ https://drs2.veinteractive.com/ https://bat.bing.com/actionp/ https://adservice.google.com/ https://api.blocksly.org/ https://api.datacloudstat.com/ https://api.solarspireconsulting.com/ https://maps.googleapis.com/ https://pixel.quantcount.com/ https://stats.g.doubleclick.net/ https://translate.googleapis.com/ https://wurfl.io/ https://www.google.ie/ https://cdn.cookielaw.org/ ;worker-src 'self' blob:;object-src 'self' blob:; report-uri /api/contentSecurityPolicy/log 2
font-src fonts.gstatic.com use.typekit.net *.gstatic.com 'self' data: *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.klaviyo.com *.cdnfonts.com *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com checkout.sezzle.com sandbox.checkout.sezzle.com checkout.eu.sezzle.com sandbox.checkout.eu.sezzle.com tracking.sezzle.com tracking.eu.sezzle.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.facebook.com *.amazon-adsystem.com *.doubleclick.net *.sitescout.com *.adsrvr.org *.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net https://images.unsplash.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ magefan.com cm.magefan.com *.disqus.com media.sezzle.com 'self' data: *.gstatic.com/mapfiles/api-3/images/* *.gstatic.com *.s3.amazonaws.com *.net/company/SPJKye/images/* *.google.co.in *.cloudfront.net *.facebook.com *.amazonaws.com https://maps.googleapis.com *.sitescout.com trkn.us *.zdassets.com *.zendesk.com *.zdusercontent.com *.nextdoor.com *.reddit.com *.amazon-adsystem.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.disqus.com https://z.moatads.com https://cdn.jsdelivr.net checkout-sdk.sezzle.com sandbox.checkout-sdk.sezzle.com checkout-sdk.eu.sezzle.com sandbox.checkout-sdk.eu.sezzle.com widget.sezzle.com widget.eu.sezzle.com widget.sezzle.in *.google.com *.gstatic.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com *.cloudfront.net/js/grin-sdk.js *.googleapis.com/maps/* *.googleapis.com *.googleapis.com/maps-api-v3/api/js *.zdassets.com *.mouseflow.com *.jquery.com *.direct/feathersnap.js *.facebook.net/en_US/fbevents.js *.facebook.net *.facebook.com *.googletagmanager.com *.amazon-adsystem.com *.googleadservices.com *.google-analytics.com *.klaviyo.com q.stripe.com *.basis.net *.smooch.io *.adsrvr.org *.redditstatic.com *.nextdoor.com tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com https://static.klaviyo.com https://cdn.jsdelivr.net *.googleapis.com *.gstatic.com *.stripe.network *.stripecdn.com *.amazon.com *.cdnfonts.com *.typekit.net *.sezzle.com *.net/ffj4apz.css *.klaviyo.com tagmanager.google.com fonts.google.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com *.newrelic.com *.nr-data.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ t.elasticsuite.io *.google-analytics.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.cloudflare.com/cdn-cgi/trace *.googleapis.com/maps/api/* *.grin.co/fingerprint/* *.sezzle.com *.grin.co *.g.doubleclick.net https://ipapi.co *.zendesk.com *.googleapis.com *.ipdata.co *.googletagmanager.com *.mouseflow.com *.amazon-adsystem.com *.paa-reporting-advertising.amazon *.webpagefx.org *.facebook.com *.google.com google.com *.zdassets.com *.smooch.io wss://api.smooch.io *.reddit.com *.adsrvr.org *.analytics.google.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src *.googleapis.com *.gstatic.com data: *.klarnacdn.net *.klevu.com *.ksearchnet.com *.zopim.com *.fontawesome.com *.alothemes.com *.magepow.com maxcdn.bootstrapcdn.com https://widgets.trustedshops.com *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com use.fontawesome.com fonts.gstatic.com *.yotpo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.twitter.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.google.com magento-cloudflare.jetrails.com *.klarna.com js.mollie.com *.twitter.com *.hotjar.com *.criteo.com *.criteo.net *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: *.paypal.com *.gstatic.com *.googleapis.com www.apptrian.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.ytimg.com *.klarna.com *.klarnaevt.com *.klarnacdn.net *.klevu.com *.ksearchnet.com *.zopim.com *.zopim.io *.alothemes.com *.magepow.com flagpedia.net https://www.mollie.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com *.cloudflare.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com bat.bing.com *.lightemporium.com *.usercentrics.eu *.facebook.com *.google.de *.bidswitch.net *.doubleclick.net *.adnxs.com *.360yield.com *.media.net *.outbrain.com *.rubiconproject.com *.sharethrough.com *.smartadserver.com *.taboola.com *.criteo.com *.krxd.net *.thebrighttag.com *.yahoo.com *.casalemedia.com *.emxdgt.com *.yieldmo.com *.yieldlab.net *.tremorhub.com *.pubmatic.com *.mediavine.com *.ivitrack.com *.id5-sync.com *.omnitagjs.com *.adform.net *.3lift.com *.teads.tv *.twiago.com *.yotpo.com swellrewards.com *.swellrewards.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.klarna.com *.klarnacdn.net *.klarnaservices.com *.klevu.com *.ksearchnet.com *.zopim.com *.zdassets.com *.alothemes.com *.magepow.com maps.googleapis.com js.mollie.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com bat.bing.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.tiktok.com *.facebook.net *.hotjar.com *.deinetorte.de *.pingdom.net *.criteo.com *.yotpo.com swellrewards.com *.swellrewards.com https://js.klevu.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com downloads.mailchimp.com *.klarnacdn.net *.klevu.com *.ksearchnet.com *.fontawesome.com *.alothemes.com *.magepow.com maxcdn.bootstrapcdn.com *.gstatic.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.yotpo.com swellrewards.com *.swellrewards.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com www.apptrian.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com *.klevu.com *.ksearchnet.com *.zdassets.com *.zopim.com widget-mediator.zopim.com *.alothemes.com *.magepow.com www.gstatic.com maps.googleapis.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site *.cloudflare.com *.twitter.com *.twimg.com *.zendesk.com *.tiktok.com *.facebook.com *.pingdom.net wss://widget-mediator.zopim.com *.google-analytics.com *.doubleclick.net *.deinetorte.de *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.deinetorte.de/; report-to report-endpoint; 2
default-src 'self' fonts.gstatic.com; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com ctrack.trafficjunky.net geo-tracker.smadex.com 'self' https://newassets.hcaptcha.com;;style-src 'self' 'unsafe-inline' fonts.googleapis.com;script-src 'self' 'unsafe-inline' *.googletagmanager.com mc.yandex.ru *.google-analytics.com *.youtube.com mc.yandex.com mc.yandex.ru *.google.com *.gstatic.com *.mightytips.com my.rtmark.net *.hybrid.ai https://*.g.doubleclick.net ctrack.trafficjunky.net geo-tracker.smadex.com;img-src * data:;font-src 'self' fonts.gstatic.com;connect-src 'self' *.youtube.com mc.yandex.ru *.analytics.google.com *.google-analytics.com doubleclick.net *.googletagmanager.com mc.yandex.com mc.yandex.ru mc.yandex.md yandexmetrica.com *.mightytips.com https://*.g.doubleclick.net ctrack.trafficjunky.net geo-tracker.smadex.com https://analytics.google.com https://*.hcaptcha.com;frame-src 'self' *.youtube.com *.instagram.com *.twitter.com *.yandex.com *.google.com my.rtmark.net *.hybrid.ai https://*.g.doubleclick.net ctrack.trafficjunky.net geo-tracker.smadex.com 'self' https://newassets.hcaptcha.com;;script-src-elem 'self' 'unsafe-inline' *.instagram.com *.googletagmanager.com *.yandex.ru *.google-analytics.com *.twitter.com *.youtube.com mc.yandex.com *.google.com *.gstatic.com mc.yandex.ru *.mightytips.com my.rtmark.net *.hybrid.ai https://*.g.doubleclick.net ctrack.trafficjunky.net geo-tracker.smadex.com track.trackingtraffo.com https://js.hcaptcha.com/1/api.js;frame-ancestors 'self';report-uri /cspreport.php 2
font-src https://*.gstatic.com https://fonts.gstatic.com *.googleapis.com *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com *.fontawesome.com *.yotpo.com *.klevu.com *.ksearchnet.com fonts.gstatic.com use.fontawesome.com app.christies.test static.klaviyo.com https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com *.googlesyndication.com *.tiktok.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.adyen.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * js.stripe.com *.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com https://*.dpdconnect.nl *.yotpo.com *.multisafepay.com https://pay.google.com www.googletagmanager.com widget.trustpilot.com d.la1-core1.sfdc-cehfhs.salesforceliveagent.com service.force.com insight.adsrvr.org 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com https://images.unsplash.com https://*.gstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.roeye.com *.tiktok.com www.feedoptimise.com cdn.feedoptimise.com *.yotpo.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com *.multisafepay.com app.christies.test cdn-ukwest.onetrust.com cdn.christiesdirect.com x.klarnacdn.net apple-resources.s3.amazonaws.com play.google.com www.facebook.com js.klevu.com bat.bing.com maps.gstatic.com bat.bing.net www.google.co.uk static.klaviyo.com static-forms.klaviyo.com fast.a.klaviyo.com static-tracking.klaviyo.com a.klaviyo.com telemetrics.klaviyo.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com https://maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js js.stripe.com *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.googlesyndication.com *.jsdelivr.net *.tiktok.com https://*.dpdconnect.nl www.feedoptimise.com cdn.feedoptimise.com *.yotpo.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.klevu.com *.ksearchnet.com *.multisafepay.com https://pay.google.com app.christies.test widget.trustpilot.com js.klarna.com integrations.etrusted.com www.dwin1.com connect.facebook.net lantern.roeyecdn.com cdn-ukwest.onetrust.com bat.bing.com static.hotjar.com cdn.attn.tv service.force.com js.adsrvr.org analytics.tiktok.com www.clarity.ms d.la2-c2-cdg.salesforceliveagent.com d.la1-core1.sfdc-cehfhs.salesforceliveagent.com christiesdirect-dev.my.salesforce-sites.com tag.mention-me.com static.mention-me.com maps.googleapis.com static.klaviyo.com static-forms.klaviyo.com fast.a.klaviyo.com static-tracking.klaviyo.com a.klaviyo.com telemetrics.klaviyo.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://fonts.googleapis.com/ https://fonts.googleapis.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.tiktok.com *.fontawesome.com *.yotpo.com https://static.klaviyo.com *.klevu.com *.ksearchnet.com *.multisafepay.com app.christies.test use.fontawesome.com x.klarnacdn.net js.klevu.com service.force.com pay.multisafepay.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com https://js.klevu.com 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com https://maps.googleapis.com https://player.vimeo.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com *.google-analytics.com *.facebook.com *.facebook.net *.doubleclick.net *.googlesyndication.com *.tiktok.com *.yotpo.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com *.multisafepay.com region1.google-analytics.com s.clarity.ms js.klarna.com app.christies.test widget.trustpilot.com cdn-ukwest.onetrust.com geolocation.onetrust.com pay.google.com play.google.com maps.googleapis.com bat.bing.net static.klaviyo.com static-forms.klaviyo.com fast.a.klaviyo.com static-tracking.klaviyo.com a.klaviyo.com telemetrics.klaviyo.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src app.christies.test bat.bing.com s.clarity.ms pagead2.googlesyndication.com analytics.tiktok.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src https://fonts.gstatic.com https://ws.colissimo.fr data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://www.youtube.com https://www.googletagmanager.com/ secure-gateway.hipay-tpp.com *.hipay.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * payment.preprod.direct.worldline-solutions.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.xiti.com *.ati-host.net https://maps.googleapis.com https://maps.gstatic.com https://ws.colissimo.fr https://*.tile.openstreetmap.fr http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ tag.aticdn.net https://widgets.rr.skeepers.io/ https://api-product-reviews.rr.skeepers.io/ https://cl-ppr.rr.skeepers.io/ https://maps.googleapis.com https://www.google.com https://www.gstatic.com https://ws.colissimo.fr https://api.mapbox.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ https://tarteaucitron.io secure-gateway.hipay-tpp.com *.hipay.com mpsnare.iesnare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.target2sell.com payment.preprod.direct.worldline-solutions.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://fonts.googleapis.com https://ws.colissimo.fr https://api.mapbox.com *.hipay.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ data: mpsnare.iesnare.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://widgets.rr.skeepers.io/ https://api-product-reviews.rr.skeepers.io/ https://cl-ppr.rr.skeepers.io/ https://nominatim.openstreetmap.org http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.hipay.com wss://mpsnare.iesnare.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.target2sell.com payment.preprod.direct.worldline-solutions.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; media-src https: data:; object-src https: data:; img-src https: data:; font-src https: data:; report-uri /csp-report 2
font-src fonts.gstatic.com use.typekit.net *.bglobale.com *.global-e.com *.fontawesome.com *.alothemes.com *.magepow.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.facebook.net *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com *.stripe.com stripe.com *.link.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com https://*.vimeo.com https://*.youtube.com *.bglobale.com *.global-e.com landofcoder.com *.facebook.com *.facebook.net *.google.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://plumrocket.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com p.typekit.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net https://bluesound.com https://forms-na1.hsforms.com https://mcstaging.bluesound.com https://static.zdassets.com https://static.hotjar.com https://cdn.cookielaw.org https://www.google.co.uk *.bglobale.com *.global-e.com magefan.com cm.magefan.com *.facebook.com *.facebook.net *.alothemes.com *.magepow.com https://www.milople.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com commerce.adobedtm.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com https://js.hsforms.net https://cdn.weglot.com unsafe-inline unsafe-eval https://static.zdassets.com https://static.hotjar.com https://script.hotjar.com https://cdn.cookielaw.org https://widget-mediator.zopim.com https://js.hs-scripts.com *.bglobale.com *.global-e.com landofcoder.com *.facebook.com *.facebook.net *.alothemes.com *.magepow.com *.google.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src http://*.adobe.com fonts.googleapis.com http://fonts.googleapis.com https://js.digitalriverws.com *.fontawesome.com http://*.alothemes.com http://*.magepow.com http://assets.braintreegateway.com http://tagmanager.google.com https://www.googletagmanager.com 'self' 'unsafe-inline' https://cdn.weglot.com *.bglobale.com *.global-e.com *.alothemes.com *.magepow.com unsafe-inline assets.braintreegateway.com *.stripe.network *.stripecdn.com tagmanager.google.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com https://*.adobe.com https://mcstaging.bluesound.com https://www.bluesound.com https://bluesound.com https://content-bluesound-com.s3.amazonaws.com 'self' 'unsafe-inline' 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com commerce.adobedtm.com commerce.adobedc.net *.snplow.net *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com *.adobe.io performance.typekit.net commerce.adobe.io commerce.adobe.net *.bolt.com qa-api.magedevteam.com *.sentry.io https://forms.hsforms.com https://js.hsforms.net https://cdn.weglot.com 'self' https://ekr.zdassets.com https://script.hotjar.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://bluesound.zendesk.com https://psbspeakers.zendesk.com wss://widget-mediator.zopim.com https://region1.analytics.google.com landofcoder.com *.facebook.com *.facebook.net *.alothemes.com *.magepow.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
script-src 'unsafe-inline';report-uri https://csp.withgoogle.com/csp/script-inclusions/1a74b362328347702024274e29d77eb5 2
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com cdn.jsdelivr.net cdn.almapay.com https://cdnjs.cloudflare.com *.fontawesome.com https://www.gstatic.com https://fonts.gstatic.com horace.com cdn.kustomerapp.com static.klaviyo.com *.klarnacdn.net https://fonts.bunny.net maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.sharethis.com *.getalma.eu *.almapay.com/ *.stripe.com/ *.checkout.com/ *.adyen.com/ *.klarna.com js.stripe.com js.mollie.com *.weltpixel.com *.googletagmanager.com *.doubleclick.net https://www.google.com td.doubleclick.net www.facebook.com tr.snapchat.com tr6.snapchat.com www.googletagmanager.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com *.sharethis.com https://images.unsplash.com *.klarna.com *.klarnaevt.com *.klarnacdn.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://www.mollie.com https://maps.googleapis.com https://maps.gstatic.com *.facebook.com *.reddit.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com maps.googleapis.com maps.gstatic.com horace.com www.facebook.com bat.bing.net c.contentsquare.net cdn.cookielaw.org bat.bing.com www.google.fr cdn.prod2.kustomerhostedcontent.com www.google.es www.google.us www.google.co.uk www.google.de www.google.ir tr.snapchat.com tr6.snapchat.com https://firebasestorage.googleapis.com https://www.google.fr https://api.mapbox.com *.tile.openstreetmap.org data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.sharethis.com cdn.jsdelivr.net https://maps.googleapis.com *.klarna.com *.klarnacdn.net x.klarnacdn.net js.stripe.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://browser.sentry-cdn.com js.mollie.com https://cdnjs.cloudflare.com *.googletagmanager.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com unpkg.com *.doubleclick.net maps.googleapis.com https://www.google.com https://www.gstatic.com cdn.cookielaw.org horace.com browser.sentry-cdn.com polyfill-fastly.io static.klaviyo.com connect.facebook.net try.abtasty.com static-tracking.klaviyo.com www.artfut.com bat.bing.com www.tag4arm.com t.contentsquare.net static.affilae.com sc-static.net analytics.tiktok.com www.clarity.ms cdn.amplitude.com cdn.kustomerapp.com ajax.cloudflare.com tr.snapchat.com k-aeu1.contentsquare.net *.klarnaservices.com *.avada.io *.shopify.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com *.sharethis.com cdn.jsdelivr.net https://static.klaviyo.com https://fonts.googleapis.com https://cdnjs.cloudflare.com *.fontawesome.com *.tagmanager.google.com *.googletagmanager.com horace.com *.klarnacdn.net https://fonts.bunny.net maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src download-video-ak.vimeocdn.com player.vimeo.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.sharethis.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io *.getalma.eu *.almapay.com https://maps.googleapis.com https://player.vimeo.com *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://*.ingest.sentry.io *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.doubleclick.net *.run.app maps.googleapis.com horace.com region1.analytics.google.com cdn.cookielaw.org o4508795589427200.ingest.de.sentry.io fast.a.klaviyo.com static-forms.klaviyo.com v.clarity.ms j.clarity.ms ariane.abtasty.com try.abtasty.com dcinfos-cache.abtasty.com region1.google-analytics.com horace.api.kustomerapp.com k-aeu1.contentsquare.net tr.snapchat.com tr6.snapchat.com s.clarity.ms bat.bing.net c.contentsquare.net www.tag4arm.com matomo.horace.app api.eu.amplitude.com *.klarnaservices.com *.klarna.com https://get.geojs.io *.avada.io https://nominatim.openstreetmap.org 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src horace.com bat.bing.com bat.bing.net c.contentsquare.net k-aeu1.contentsquare.net v.clarity.ms j.clarity.ms googleads.g.doubleclick.net www.tag4arm.com matomo.horace.app tr6.snapchat.com analytics.tiktok.com www.google.fr www.google.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src *.insidebrady.com cdnjs.cloudflare.com *.googleapis.com *.gstatic.com *.google.com *.google.co.in *.bootstrapcdn.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com player.vimeo.com *.worldpay.com *.insidebrady.com *.lpsnmedia.net *.freshchat.com *.doubleclick.net *.force.com *.consentmanager.net payment.preprod.direct.worldline-solutions.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.media-brady.com api.feefo.com *.linkedin.com *.quora.com *.clarity.ms *.google.com *.google.co.in *.google.com.au *.bing.com *.doubleclick.net *.monetate.net *.shopperapproved.com *.consentmanager.net https://www.facebook.com https://pixel.lesperformads.com https://dashboard.whoisvisiting.com *.collect.igodigital.com https://register.feefo.com *.google.fr *.google.it *.google.es *.google.se *.google.nl data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.media-brady.com *.insidebrady.com cdnjs.cloudflare.com *.worldpay.com unpkg.com *.liveperson.net *.elfsight.com *.lpsnmedia.net/ *.quora.com *.tiqcdn.com *.facebook.net *.licdn.com *.tealiumiq.com *.clarity.ms *.google.com *.google.co.in *.xiecomm.worldpay.com *.cert-xiecomm.worldpay.com *.fontawesome.com *.googleapi.com *.googlecommerce.com *.monetate.net *.bing.com *.doubleclick.net *.qualtrics.com client.rum.us-east-1.amazonaws.com fw-cdn.com *.freshchat.com *.feefo.com *.force.com bradycorp.my.salesforce-sites.com *.salesforceliveagent.com *.shopperapproved.com https://media.richrelevance.com *.consentmanager.net *.quantummetric.com https://px.ads.linkedin.com https://brady.my.salesforce.com https://support.bradyid.com https://partner.seton.fr https://notifpush.com https://ws.zoominfo.com https://pixel.lesperformads.com https://js.cookieless-data.com https://dashboard.whoisvisiting.com *.collect.igodigital.com https://collect.feefo.com https://register.feefo.com https://api.feefo.com *.algorecs.com payment.preprod.direct.worldline-solutions.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.media-brady.com *.insidebrady.com cdnjs.cloudflare.com *.googleapis.com *.google.com *.google.co.in *.fontawesome.com *.bootstrapcdn.com *.freshchat.com *.jsdelivr.net *.force.com bradycorp.my.salesforce-sites.com https://support.bradyid.com https://register.feefo.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com *.media-brady.com *.insidebrady.com *.tealiumiq.com *.clarity.ms *.google.com *.google.co.in *.google-analytics.com dataplane.rum.eu-central-1.amazonaws.com cognito-identity.eu-central-1.amazonaws.com sts.eu-central-1.amazonaws.com dataplane.rum.us-east-1.amazonaws.com cognito-identity.us-east-1.amazonaws.com sts.us-east-1.amazonaws.com *.algorecs.com *.quantummetric.com https://support.bradyid.com https://ws.zoominfo.com https://px.ads.linkedin.com https://notifpush.com *.fact-finder.de *.fact-finder.com *.fact-finder.co.uk *.fact-finder.fr *.fact-finder.pl *.fact-finder.it *.fact-finder.at *.fact-finder.ch *.fact-finder.cloud https://collect.feefo.com https://api.feefo.com *.google.fr *.google.it *.google.es *.google.se *.google.nl https://pagead2.googlesyndication.com https://siteintercept.qualtrics.com https://bat.bing.com payment.preprod.direct.worldline-solutions.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self';                   connect-src 'self' data: 'unsafe-inline' 'unsafe-eval' wss://*.adobe.io wss://ws.hotjar.com/api/v2/client/ws *.adobe.io *.cookiebot.com *.cookielaw.org *.facebook.com *.google-analytics.com *.googletagmanager.com *.google.com *.hotjar.io *.hotjar.com *.microsoftonline.com *.onetrust.com *.youtube.com *.google.co.uk *.doubleclick.net *.cdn.cookielaw.org *.922-xyq-905.mktoresp.com *.getaddress.io;                 script-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.adoberesources.net *.adobe.com *.google-analytics.com *.googletagmanager.com *.getaddress.io *.cdn.jsdelivr.net *.3chillies.report-uri.io *.cookiebot.com *.fonts.googleapis.com *.ajax.googleapis.com         *.ssl.google-analytics.com *.jsdelivr.net *.www.youtube.com *.www.google.com *.bat.bing.com         *.googleadservices.com *.gstatic.com *.connect.facebook.net *.platform.twitter.com        *.s3.amazonaws.com *.youtube.com *.munchkin.marketo.net getaddress.io *.googleapis.com         *.bing.com *.facebook.net *.twitter.com *.amazonaws.com;                 script-src-elem 'self' data: 'unsafe-inline' 'unsafe-eval' *.adoberesources.net *.adobe.com *.google-analytics.com *.googletagmanager.com *.google.com *.facebook.com *.hotjar.com *.microsoftonline.com *.cookiebot.com *.getaddress.io *.cdn.jsdelivr.net *.consent.cookiebot.com *.cdn.getaddress.io *.munchkin.marketo.net *.youtube.com *.pressebox.de *.cdn.cookielaw.org;                 style-src 'self' data: 'unsafe-inline' *.typekit.net *.fonts.googleapis.com *.ajax.googleapis.com *.googleapis.com;                 img-src * data: *.adoberesources.net *.adobeusercontent.com *.lh3.googleusercontent.com;                 frame-src * data: *.adobe.com;                  font-src 'self' data: *.gstatic.com *.getaddress.io *.googleapis.com *.typekit.net *.googleusercontent.com *.hotjar.com;                 child-src 'self' data: *.getaddress.io *.fonts.googleapis.com *.youtube.com *.www.google.com *.accounts.google.com *.googletagmanager.com *.google.com *.googleapis.com;                 frame-ancestors 'self';                 report-uri https://3chillies.report-uri.com/r/d/csp/reportOnly; 2
font-src fonts.gstatic.com use.typekit.net *.abtasty.com https://static.payzen.eu/static/ data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com  *.prolians.fr *.hydralians.fr *.dexis.fr https://secure.payzen.eu/vads-payment/ https://api.payzen.eu/api-payment/ https://static.payzen.eu/static/ 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net https://www.google.com/recaptcha/ https://www.youtube.com https://www.youtube-nocookie.com *.doubleclick.net https://caast.tv https://*.caast.tv https://*.youtube.com consentcdn.cookiebot.com *.googletagmanager.com https://secure.payzen.eu/vads-payment/ https://static.payzen.eu/static/ challenges.cloudflare.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com p.typekit.net validator.swagger.io *.ftcdn.net *.behance.net media.descours-cabaud.net *.prolians.fr *.hydralians.fr *.picsum.photos *.placehold.co doc.xhander.com doc.dexis-4mp.com doc.opsial.com *.google.fr https://*.caast.tv https://i.ytimg.com imgsct.cookiebot.com *.facebook.com *.contentsquare.net *.igodigital.com medias.descours-cabaud.com https://secure.payzen.eu/static/latest/images/type-carte/ https://static.payzen.eu/static/ https://secure.payzen.eu/vads-payment/ data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.commerce-payment-services.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.zdassets.com *.zopim.com static.cloudflareinsights.com https://caast.tv https://*.caast.tv https://cdn.caast.tv consent.cookiebot.com sdk.privacy-center.org *.facebook.net *.igodigital.com *.contentsquare.net *.abtasty.com js-agent.newrelic.com https://api.payzen.eu/api-payment/ https://static.payzen.eu/static/ challenges.cloudflare.com https://ajax.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://static.payzen.eu/static/ 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://*.mux.com https://*.caast.tv *.zdassets.com blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googleadservices.com *.google-analytics.com analytics.google.com www.googletagmanager.com *.adobe.io performance.typekit.net *.sentry.io https://caast.tv https://*.caast.tv wss://*.caast.tv https://*.mux.com *.zdassets.com *.zendesk.com *.zopim.com wss://widget-mediator.zopim.com https://cache.caast.tv stats.g.doubleclick.net api.privacy-center.org *.google.com *.contentsquare.net *.abtasty.com *.nr-data.net https://secure.payzen.eu/vads-payment/ https://api.payzen.eu/api-payment/ 'self' 'unsafe-inline'; child-src https://caast.tv https://*.caast.tv http: https: blob: 'self' 'unsafe-inline'; default-src https://secure.payzen.eu/vads-payment/ https://api.payzen.eu/api-payment/ https://static.payzen.eu/static/ 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self' https://*.trinitywallstreet.org; connect-src 'self' https://translate.googleapis.com https://bam.nr-data.net https://*.kaltura.com https://analytics.google.com https://stats.g.doubleclick.net; font-src * data:; img-src * data:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://translate.google.com https://translate.googleapis.com addevent.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://js.hs-scripts.com https://unpkg.com https://www.google.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://*.newrelic.com https://*.kaltura.com https://*.addevent.com/ https://www.googletagmanager.com addevent.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://js.hs-scripts.com https://unpkg.com https://www.google.com; style-src 'self' 'unsafe-inline' https://www.gstatic.com cloud.typography.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://www.gstatic.com https://live-tcws-new.pantheonsite.io https://*.googleapis.com/ cloud.typography.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; worker-src 'self' blob:; frame-ancestors 'self'; report-uri https://trinitychurchnyc.org/report-uri/reportOnly 2
font-src fonts.gstatic.com use.typekit.net data: *.hotjar.com github.com cdn.honey.io *.photoslurp.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.redsys.es facebook.com *.adyen.com *.redsys.com *.pinterest.com sas.redsys.es *.facebook.com sas.redsys.com checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.hotjar.com *.google.com *.addthis.com *.kampyle.com facebook.com docs.google.com *.facebook.com *.pinterest.es *.pinterest.com service.force.com *.criteo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.ftcdn.net *.behance.net magefan.com cm.magefan.com *.disqus.com blob: *.w3.org *.bing.com c.bing.com *.hotjar.com *.paypal.com bat.bing.com *.clarity.ms *.google.fr facebook.com *.kampyle.com *.gstatic.com *.ladybird.nl *.google.com *.fbcdn.net *.cookiepro.com *.pinterest.com *.pronovias.com *.facebook.com *.google.es *.photoslurp.com *.googleapis.com *.sanpatrick.com *.nicolemilano.com *.cdninstagram.com instagram.com *.verawangbride.com *.whiteonebridal.com *.googletagmanager.com scontent.fmad7-1.fna.fbcdn.net click.s50.exacttarget.com * data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.disqus.com unpkg.com *.force.com bat.bing.com *.adyen.com *.pinimg.com *.google.com *.hotjar.com *.tiktok.com dropbox.com gstatic.com *.clarity.ms *.moatads.com *.addthis.com *.kampyle.com *.gstatic.com *.dropbox.com *.cookiepro.com *.facebook.net *.facebook.com facebook.net *.photoslurp.com *.googleapis.com *.salesforce.com *.addthisedge.com *.secure.force.com http://polyfill.io service.force.com bam.eu01.nr-data.net *.nicolemilano.com *.empathybroker.com x.empathy.co x.staging.empathy.co *.lightning.force.com analytics.tiktok.com *.googletagmanager.com googletagmanager.com *.salesforceliveagent.com static.lightning.force.com *.la3-c1cs-fra.salesforceliveagent.com d.la3-c1cs-fra.salesforceliveagent.com pronoviasgroup.my.salesforce.com *.pinterest.com player.vimeo.com *.criteo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.honey.io *.kampyle.com *.force.com *.photoslurp.com service.force.com *.nicolemilano.com gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.vimeo.com *.akamaized.net *.photoslurp.com player.vimeo.com vod-progressive.akamaized.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net *.tt.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com *.adobe.io performance.typekit.net *.sentry.io wss: bat.bing.com *.force.com *.tiktok.com *.google.com *.hotjar.io *.clarity.ms *.vimeo.com d.clarity.ms h.clarity.ms *.kampyle.com *.hotjar.com google.com vc.hotjar.io ws7.hotjar.com *.instagram.com *.cookiepro.com *.pinterest.com *.amazonaws.com client.rum.us-east-1.amazonaws.com sts.eu-west-1.amazonaws.com ws16.hotjar.com ws20.hotjar.com ws22.hotjar.com ws23.hotjar.com ws33.hotjar.com ws34.hotjar.com *.facebook.com *.googleapis.com *.photoslurp.com *.secure.force.com bam.eu01.nr-data.net *.empathybroker.com x.empathy.co x.staging.empathy.co stats.g.doubleclick.net *.google-analytics.com api.empathybroker.com api.empathy.co api.staging.empathy.co *.cardinalcommerce.com api-staging.empathybroker.com pronoviasgroupcti.secure.force.com analytics.pangle-ads.com properties *.criteo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src fonts.gstatic.com use.typekit.net *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com https://commercehub-secure-data-capture.fiservapps.com https://prod.api.fiservapps.com https://cert.api.fiservapps.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.ftcdn.net *.behance.net https://images.unsplash.com *.hsforms.net *.hsforms.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com beacon-qa.magento-datasolutions.com beacon-stage.magento-ds.com beacon.magento-ds.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net https://commercehub-secure-data-capture.fiservapps.com https://prod.api.fiservapps.com https://cert.api.fiservapps.com https://maps.googleapis.com *.hsforms.net *.hsforms.com *.google.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net p13n-mr.adobe.io *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.adobedc.net *.demdex.net https://maps.googleapis.com https://player.vimeo.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src *; script-src *; style-src *; img-src *; 2
script-src 'unsafe-eval' 'self' 'unsafe-inline' https://www.google.com https://apis.google.com https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://*.youtube.com https://*.google.com https://*.gstatic.com https://youtube.com https://google.com https://static.doubleclick.net https://www.googleadservices.com https://tpc.googlesyndication.com https://www.youtubekids.com;report-uri /cspreport/allowlist 2
font-src fonts.gstatic.com use.typekit.net *.klevu.com *.ksearchnet.com *.fontawesome.com *.gstatic.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.yotpo.com *.googleapis.com dhv2ziothpgrr.cloudfront.net *.wistia.com yotpo-stool.s3.amazonaws.com data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.nosto.com *.nos.to *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.nosto.com *.nos.to c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com www.xtento.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.ftcdn.net *.behance.net *.b0e8.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com *.klevu.com *.ksearchnet.com magefan.com cm.magefan.com *.mageside.com mageside.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.nosto.com *.nos.to www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com *.facebook.com www.xtento.com cdn.xtento.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.attentivemobile.com *.attn.tv *.bing.com *.bing.net *.doubleclick.net *.googleadservices.com *.googleapis.com www.google.ad www.google.ae www.google.al www.google.am www.google.at www.google.az www.google.ba www.google.be www.google.bg www.google.bs www.google.by www.google.ca www.google.cg www.google.ch www.google.cm www.google.co.bw www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ma www.google.com.au www.google.com.bd www.google.com.bh www.google.com.bn www.google.com.cy www.google.com.eg www.google.com.et www.google.com.gh www.google.com.gi www.google.com.hk www.google.com.kh www.google.com.kw www.google.com.lb www.google.com.ly www.google.com.mm www.google.com.mt www.google.com.my www.google.com.na www.google.com.ng www.google.com.np www.google.com.om www.google.com.ph www.google.com.pk www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.sl www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.vn www.google.co.mz www.google.co.nz www.google.co.th www.google.co.tz www.google.co.ug www.google.co.uk www.google.co.uz www.google.co.ve www.google.co.za www.google.co.zm www.google.co.zw www.google.cz www.google.de www.google.dk www.google.dz www.google.ee www.google.es www.google.fi www.google.fr www.google.ga www.google.ge www.google.gg www.google.gm www.google.gr www.google.hr www.google.hu www.google.ie www.google.im www.google.iq www.google.is www.google.it www.google.je www.google.jo www.google.kg www.google.kz www.google.lk www.google.lt www.google.lu www.google.lv www.google.md www.google.me www.google.mg www.google.mk www.google.mn www.google.mu www.google.mv www.google.nl www.google.no www.google.pl www.google.ps www.google.pt www.google.ro www.google.rs www.google.ru www.google.rw www.google.se www.google.si www.google.sk www.google.sn www.google.tg www.google.tn google.com *.google.com *.googlesyndication.com *.googletagmanager.com *.kaltura.com *.linksynergy.com *.ometria.com *.onetrust.com *.pinterest.com *.portmeirion.co.uk *.postcodeanywhere.co.uk *.wistia.com yastatic.net yotpo-editor-production.s3.amazonaws.com data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.attn.tv events.attentivemobile.com *.b0e8.com *.bc0a.com chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com js.klevu.com *.ksearchnet.com s7.addthis.com *.avada.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.nosto.com *.nos.to js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net www.xtento.com cdn.xtento.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net *.ometria.com *.bing.com d21m4dsqdd3b9h.cloudfront.net *.doubleclick.net *.googleapis.com *.google.com *.googlesyndication.com *.googletagmanager.com *.kaltura.com *.klevu.com *.livechatinc.com *.onetrust.com *.pcapredict.com *.pinimg.com *.pinterest.com *.postcodeanywhere.co.uk *.rakuten.com *.sentry-cdn.com *.wistia.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; style-src *.adobe.com fonts.googleapis.com downloads.mailchimp.com *.klevu.com *.ksearchnet.com *.fontawesome.com *.nosto.com *.nos.to unsafe-inline assets.braintreegateway.com *.stripe.network *.stripecdn.com *.amazon.com tagmanager.google.com *.yotpo.com *.googleapis.com dhv2ziothpgrr.cloudfront.net https://statsjs.klevu.com https://js.klevu.com d21m4dsqdd3b9h.cloudfront.net *.gstatic.com *.postcodeanywhere.co.uk *.typekit.net 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.wistia.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.attn.tv events.attentivemobile.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com *.klevu.com *.ksearchnet.com ekr.zdassets.com/ https://get.geojs.io *.avada.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.nosto.com *.nos.to api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.google-analytics.com *.facebook.net *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com *.ometria.com *.attentivemobile.com *.bing.com *.bing.net *.doubleclick.net *.facebook.com *.googleadservices.com *.googleapis.com www.google.ae www.google.al www.google.am www.google.at www.google.az www.google.ba www.google.be www.google.bg www.google.by www.google.ca www.google.ch www.google.cm www.google.co.bw www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ma www.google.com.au www.google.com.bd www.google.com.bh www.google.com.bn www.google.com.cy www.google.com.eg www.google.com.gh www.google.com.gi www.google.com.hk www.google.com.kw www.google.com.lb www.google.com.mm www.google.com.mt www.google.com.my www.google.com.ng www.google.com.np www.google.com.om www.google.com.ph www.google.com.pk www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.vn www.google.co.nz www.google.co.th www.google.co.ug www.google.co.uk www.google.co.uz www.google.co.ve www.google.co.za www.google.co.zm www.google.co.zw www.google.cz www.google.de www.google.dk www.google.dz www.google.ee www.google.es www.google.fi www.google.fr www.google.ga www.google.ge www.google.gg www.google.gr www.google.hr www.google.hu www.google.ie www.google.im www.google.is www.google.it www.google.je www.google.jo www.google.kg www.google.kz www.google.lk www.google.lt www.google.lu www.google.lv www.google.md www.google.me www.google.mg www.google.mk www.google.mn www.google.mu www.google.mv www.google.nl www.google.no www.google.pl www.google.ps www.google.pt www.google.ro www.google.rs www.google.ru www.google.se www.google.si www.google.sk www.google.sn www.google.tg www.google.tn *.googlesyndication.com *.kaltura.com *.onetrust.com *.pinterest.com *.portmeirion.com *.postcodeanywhere.co.uk *.samsung.com *.spode.com *.wistia.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://32ede476-ded8-4814-88cb-f8ecfa864227.sansec.watch/; report-to report-endpoint; 2
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.klarnacdn.net *.fontawesome.com https://fonts.bunny.net *.cloudfront.net *.reviews.io *.reviews.co.uk *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnaevt.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.reviews.io *.reviews.co.uk 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.facebook.com *.klarna.com *.reviews.io *.reviews.co.uk *.stripe.com klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.excelclothing.com *.facebook.com *.google.co.uk *.google.com *.klarna.com *.klarnaevt.com *.klarnacdn.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://firebasestorage.googleapis.com *.cloudfront.net *.reviews.io *.reviews.co.uk data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.clerk.io *.doubleclick.net *.facebook.net *.jsdelivr.net *.omappapi.com *.pcapredict.com *.webgains.io *.zdassets.com *.klarna.com *.klarnacdn.net *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io player.vimeo.com *.reviews.io *.reviews.co.uk *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarnaevt.com *.amazon.com *.link.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.mailchimp.com *.omappapi.com *.klarnacdn.net https://static.klaviyo.com *.fontawesome.com https://fonts.bunny.net *.cloudfront.net *.reviews.io *.reviews.co.uk *.stripe.network *.stripecdn.com *.amazon.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io *.doubleclick.net *.omappapi.com *.zendesk.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.addressy.com https://get.geojs.io *.avada.io *.cloudfront.net *.reviews.io *.reviews.co.uk *.stripe.com klarna.com *.link.com *.amazon.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src *.typekit.net *.gstatic.com fonts.gstatic.com use.typekit.net maxcdn.bootstrapcdn.com 'self' data: *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.weltpixel.com www.facebook.com platform.twitter.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.wesupply.xyz https://wesupplylabs.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com p.typekit.net validator.swagger.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com maps.googleapis.com *.hsforms.net *.hsforms.com 'self' data: *.cdninstagram.com *.fbcdn.net *.google.co.in *.sansha.com *.magento2.sansha.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.commerce-payment-services.com *.typekit.net google.com *.google.com assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.chimpstatic.com downloads.mailchimp.com *.list-manage.com connect.facebook.net twitter.com platform.twitter.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleadservices.com *.google-analytics.com *.doubleclick.net *.googletagmanager.com *.cardinalcommerce.com *.ccdc02.com *.paypalobjects.com *.ytimg.com *.googleapis.com *.vimeo.eu *.vimeo.com *.gstatic.com *.omtrdc.net *.mailchimp.com *.braintreegateway.com *.packeta.com *.app-wallee.com *.cdek.ru *.chronopost.fr *.authorize.net *.stripe.com *.hsforms.net *.hsforms.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.cloudflare.com *.instagram.com maps.googleapis.com klarna.com ajax.googleapis.com https://www.googletagmanager.com tagmanager.google.com embed.tawk.to *.tawk.to *.jsdelivr.net www.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com downloads.mailchimp.com maxcdn.bootstrapcdn.com assets.braintreegateway.com *.googleapis.com *.gstatic.com tagmanager.google.com embed.tawk.to *.tawk.to *.jsdelivr.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.adobe.io performance.typekit.net *.sentry.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com *.instagram.com *.googleusercontent.com embed.tawk.to *.tawk.to *.jsdelivr.net vsa104.tawk.to vsa94.tawk.to vsa79.tawk.to 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
frame-ancestors 'self'; report-uri https://www.klik.de/api/csp-reports; report-to csp-endpoint; 2
font-src *.typekit.net fonts.gstatic.com use.typekit.net fonts.googleapis.com maxcdn.bootstrapcdn.com acsbapp.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com payflowlink.paypal.com *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com *.google.com *.braintreegateway.com *.paypal.com www.googletagmanager.com *.certcapture.com *.dotdigital-pages.com *.dotdigital.com *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com d1l7z5ofrj6ab8.cloudfront.net payflowlink.paypal.com googleads.g.doubleclick.net data: *.google.co.in *.weltpixel.com *.googletagmanager.com *.doubleclick.net *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net p.typekit.net validator.swagger.io *.ftcdn.net *.behance.net *.googleapis.com *.gstatic.com *.certcapture.com *.trackedlink.net *.authorize.net assets.secure.checkout.visa.com sandbox.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com *.keekaroo.com *.specialtomato.com *.adaptivemall.com *.adaptivemall.ca app.certcapture.com nxtuploads.s3.amazonaws.com i.imgur.com verify.authorize.net *.bizrate.com blob: *.bing.com *.facebook.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.net *.klaviyo.com *.clarity.ms *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.googleapis.com fonts.gstatic.com *.certcapture.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com *.nextopia.net *.ecomm-nav.com www.gstatic.com www.google.com checkout.getbread.com app.certcapture.com www.adaptivemall.com staging.adaptivemall.com vector.nextopiasoftware.com verify.authorize.net bat.bing.com js-agent.newrelic.com connect.facebook.net d1l7z5ofrj6ab8.cloudfront.net *.bizrate.com bam.nr-data.net *.googleadservices.com acsbapp.com https://cdn.searchspring.net/intellisuggest/is.min.js *.googletagmanager.com *.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.clarity.ms *.klaviyo.com unpkg.com *.doubleclick.net *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.certcapture.com *.nextopia.net *.ecomm-nav.com fonts.gstatic.com maxcdn.bootstrapcdn.com app.certcapture.com *.bizrate.com *.tagmanager.google.com *.googletagmanager.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.googleapis.com *.certcapture.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com app.certcapture.com happyfoxchat.com bam.nr-data.net *.bizrate.com stats.g.doubleclick.net cdn.acsbapp.com acsbapp.com https://beacon.searchspring.io/beacon *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.doubleclick.net *.run.app *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.nextopia.net *.ecomm-nav.com fonts.gstatic.com fonts.googleapis.com checkout.getbread.com www.googletagmanager.com www.google.com www.facebook.com connect.facebook.net bat.bing.com app.certcapture.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
script-src-elem *.cfjump.com *.popupsmart.com embedsocial.com *.preezie.com *.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network-stg.bazaarvoice.com network.bazaarvoice.com; font-src fonts.gstatic.com use.typekit.net *.squarecdn.com *.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network-stg.bazaarvoice.com network.bazaarvoice.com *.gstatic.com data: 'self' 'unsafe-inline' 'unsafe-eval'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com api.bazaarvoice.com stg.api.bazaarvoice.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com widgets.sandbox.afterpay.com *.cash.app display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * zip.co static.zip.co sandbox.zip.co zipmoney.com.au sandbox.zipmoney.com.au checkout.gb.zip.co checkout.quadpay.com checkout-sandbox.quadpay.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.afterpay.com/ *.cash.app display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com *.trackedlink.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com t.zip.co static.zipmoney.com.au static.zip.co *.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com *.riskified.com *.bing.com *.legitscript.com data: 'self' 'unsafe-inline' 'unsafe-eval'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com assets.adobedtm.com commerce.adobe.net magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com *.squarecdn.com https://hbiq.net *.cash.app apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.googletagmanager.com https://www.googletagmanager.com tagmanager.google.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com static.zipmoney.com.au static.zip.co zip.co *.cfjump.com *.popupsmart.com embedsocial.com *.preezie.com *.bazaarvoice.com https://apps.bazaarvoice.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net static.afterpay.com/ *.squarecdn.com *.cash.app display.ugc.bazaarvoice.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com unsafe-inline assets.braintreegateway.com embedsocial.com *.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network-stg.bazaarvoice.com network.bazaarvoice.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com *.adobe.io performance.typekit.net commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.afterpay.com *.squarecdn.com https://hbiq.net https://iq.afterpay-beta.com https://iq.afterpay.com *.cash.app api.lab.amplitude.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.google-analytics.com https://www.google-analytics.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.popupsmart.com *.bazaarvoice.com *.demdex.net *.riskified.com *.bing.com 'self' 'unsafe-inline' 'unsafe-eval'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src 'unsafe-inline' data: *.gstatic.com *.iadvize.com *.fontawesome.com https://fonts.gstatic.com/ data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://seo.mageplaza.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.google.com *.iadvize.com *.facebook.com *.critizr.com https://critizr.com/ *.fittingbox.com *.v-psp.com *.facil-iti.com 'self' data: vto-advanced-integration-api.fittingbox.com https://maps.google.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * payment.direct.worldline-solutions.com payment.preprod.direct.worldline-solutions.com payment.anzworldline-solutions.com.au payment.preprod.anzworldline-solutions.com.au payment.payone.com payment.preprod.payone.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'unsafe-inline' data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.opticiens-atol.com *.google.com *.google.fr *.gstatic.com *.google-analytics.com *.googleapis.com *.facebook.com *.doubleclick.net *.amazonaws.com *.filerobot.com *.atol.fr bat.bing.com editor-assets.abtasty.com p1.zemanta.com c.clarity.ms c.bing.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ clicrdv-assets.s3.amazonaws.com *.google.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.googleadservices.com *.fittingbox.com *.abtasty.com *.facebook.net *.iadvize.com *.critizr.com *.facil-iti.com *.doubleclick.net *.privacy-center.org analytics.tiktok.com *.atol.fr s.pinimg.com p.teads.tv bat.bing.com dynamic.criteo.com c.amazon-adsystem.com www.clarity.ms js-tag.zemanta.com ct.pinterest.com *.algolia.net https://cdnjs.cloudflare.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com payment.direct.worldline-solutions.com payment.preprod.direct.worldline-solutions.com payment.anzworldline-solutions.com.au payment.preprod.anzworldline-solutions.com.au payment.payone.com payment.preprod.payone.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.critizr.com *.iadvize.com *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com/ unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.googleapis.com *.google.com *.googleusercontent.com *.google-analytics.com *.doubleclick.net *.abtasty.com *.iadvize.com *.instagram.com *.pinterest.com *.critizr.com *.atol.fr *.amazon-adsystem.com cm.teads.tv analytics.tiktok.com *.criteo.com *.algolia.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com payment.direct.worldline-solutions.com payment.preprod.direct.worldline-solutions.com payment.anzworldline-solutions.com.au payment.preprod.anzworldline-solutions.com.au payment.payone.com payment.preprod.payone.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self' https:; font-src 'self' https: data:; img-src 'self' https: data:; object-src 'none'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; connect-src 'self' https:; report-uri /csp-violation-report-endpoint 2
font-src https://cdn.riverty.design/ *.googleapis.com https://www.gstatic.com https://fonts.gstatic.com https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com uc8.tv 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ uc8.tv https://documents.riverty.com/ consentcdn.cookiebot.com https://www.googletagmanager.com/ https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.multisafepay.com https://pay.google.com 'self' 'unsafe-inline'; img-src cdn.annadiva.nl assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://cdn.myafterpay.com/ uc8.tv https://cdn.riverty.design/ *.googleapis.com https://*.gstatic.com imgsct.cookiebot.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://*.google.com https://*.googleapis.com https://*.googleusercontent.com magefan.com cm.magefan.com *.disqus.com *.multisafepay.com maps.gstatic.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com data: https: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ uc8.tv https://cdn.myafterpay.com/ https://cdn.bnpl.riverty.io/ *.googleapis.com https://*.gstatic.com https://widget-acc.paazl.com www.googleoptimize.com d36mpcpuzc4ztk.cloudfront.net consent.cookiebot.com consentcdn.cookiebot.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.voyado.com https://browser.sentry-cdn.com https://*.google.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.disqus.com *.multisafepay.com https://pay.google.com maps.googleapis.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://widget-acc.paazl.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.multisafepay.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com uc8.tv https://cdn.myafterpay.com/ https://documents.myafterpay.com/ https://documents.riverty.com/ https://www.afterpay.nl/ https://cdn.bnpl.riverty.io/ https://trace-api.newrelic.com/ https://distributions.crowdin.net/ https://api.crowdin.com/ *.googleapis.com https://widget-acc.paazl.com chat.freshdesk.com consentcdn.cookiebot.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://*.ingest.sentry.io https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.multisafepay.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self'; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://widget.intercom.io https://js.intercomcdn.com https://a.quora.com https://connect.facebook.net https://mc.yandex.ru https://bat.bing.com https://static.ads-twitter.com https://www.redditstatic.com https://top-fwz1.mail.ru https://www.clarity.ms https://analytics.tiktok.com https://telegram.org https://googleads.g.doubleclick.net https://vk.com https://www.clarity.ms https://www.redditstatic.com;  style-src 'self' 'unsafe-inline' https://widget.intercom.io;  style-src-elem 'self' 'unsafe-inline'; style-src-attr 'self' 'unsafe-inline'; img-src 'self' data: https: https://a.quora.com https://c.admetr.ru https://mc.yandex.ru https://vk.com https://q.quora.com https://www.google.ru; connect-src 'self' https: wss: https://api-iam.intercom.io https://analytics.google.com https://www.google-analytics.com https://connect.facebook.net https://mc.yandex.ru https://sc-static.net https://widget.intercom.io https://dolphin-anty.com https://dolph.in https://telegram.org https://www.google.com https://stats.g.doubleclick.net; font-src 'self' data: https:; object-src 'none'; frame-src 'self' https://www.googletagmanager.com https://td.doubleclick.net https://widget.intercom.io; frame-ancestors 'none'; base-uri 'self'; worker-src 'self' blob:; form-action 'self'; upgrade-insecure-requests; report-uri https://dolph.in/csp_report.php;  2
base-uri 'self'; connect-src 'self' *.ingest.sentry.io *.ingest.us.sentry.io https://log.ablyft.com https://log.ablyft.com/ https://com-tourlane-main.collector.snplow.net https://cfa-api-production.fly.dev https://api.iconify.design https://api.unisvg.com https://tr.outbrain.com https://amplify.outbrain.com https://paid.outbrain.com https://bat.bing.com https://bat.bing.net https://measurement-api.criteo.com https://sslwidget.criteo.com https://psb.taboola.com https://trc-events.taboola.com https://trc.taboola.com https://www.googleadservices.com https://*.clarity.ms https://www.clarity.ms https://identification-api.sovondus.com https://identification-api.sovendus.com https://ingesteer.services-prod.nsvcs.net https://sdk.fra-02.braze.eu https://api.simplevisag.com https://www.wepowerconnections.com https://thesciencebehindcommerce.com https://api.simplesvg.com https://the.sciencebehindecommerce.com cfa-api-production.fly.dev https://www.googletagmanager.com https://www.google-analytics.com https://analytics.google.com https://stats.g.doubleclick.net https://ampcid.google.com https://www.facebook.com https://region1.google-analytics.com https://region1.analytics.google.com https://pagead2.googlesyndication.com https://www.google.com https://server-side-tagging-fcwy3lwxvq-uc.a.run.app https://com-tourlane-prod1.mini.snplow.net https://api.privacy-center.org https://sdk.privacy-center.org https://*.googleapis.com https://maps.googleapis.com https://*.google.com https://*.gstatic.com data: blob:; default-src 'none'; font-src 'self' https://www.vinci.com https://fonts.gstatic.com data: https://use.fontawesome.com https://ka-p.fontawesome.com; form-action 'self'; frame-src https://tourlane.com https://tourlane.de https://tourlane.fr https://gum.criteo.com https://gumi.criteo.com https://www.awint.com https://www.awin1.com https://www.sovondus-connect.com https://fatcoupon.com https://link.fatcoupon.com https://redirect.partner.fatcoupon.com https://datawrapper.dwcdn.net https://static.criteo.net https://adnx.de https://oponas.com https://bcsgsrv.com https://www.googletagmanager.com https://www.google.com https://bid.g.doubleclick.net https://www.youtube.com https://www.facebook.com https://server-side-tagging-fcwy3lwxvq-uc.a.run.app https://*.google.com https://www.google.com/maps/embed/ https://www.google.com/maps/preview/; img-src 'self' https: blob: https://tourlane-dm-images.imgix.net https://tourlane-crm-assets.imgix.net https://tourlane-ui.imgix.net https://sslwidget.criteo.com https://www.googletagmanager.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.google.de https://www.googleadservices.com https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://www.gstatic.com https://ssl.gstatic.com https://www.facebook.com https://server-side-tagging-fcwy3lwxvq-uc.a.run.app data: https://sdk.privacy-center.org https://*.googleapis.com https://maps.googleapis.com https://*.gstatic.com https://maps.gstatic.com https://khms0.googleapis.com https://khms1.googleapis.com https://streetviewpixels-pa.googleapis.com https://*.google.com https://*.googleusercontent.com; manifest-src 'self'; media-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.ablyft.com https://reise.tourlane.de https://voyage.tourlane.fr https://www.tourlane.fr https://amplify.outbrain.com https://wave.outbrain.com https://tr.outbrain.com https://bat.bing.com https://sslwidget.criteo.com https://dynamic.criteo.com https://cdn.taboola.com https://trc.taboola.com https://connect.facebook.net https://www.clarity.ms https://www.awin1.com https://api.sovondus.com https://www.dwin1.com https://lantern.roeyecdn.com https://js.appboycdn.com https://thesciencebehindcommerce.com https://the.sciencebehindecommerce.com https://rialto-gms.s3.amazonaws.com https://www.googletagmanager.com https://tagmanager.google.com https://ssl.gstatic.com https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://www.google.com https://www.youtube.com https://www.gstatic.com https://accounts.google.com https://d1v1f48xjw0b9w.cloudfront.net/3.24.1/sp.min.js https://d1v1f48xjw0b9w.cloudfront.net/3.24.1/index.umd.min.js https://unpkg.com/web-vitals@3/dist/web-vitals.iife.js https://sdk.privacy-center.org https://maps.googleapis.com https://maps.google.com https://maps.gstatic.com blob:; script-src-elem cdn.ablyft.com https://reise.tourlane.de https://voyage.tourlane.fr https://www.tourlane.fr https://amplify.outbrain.com https://wave.outbrain.com https://tr.outbrain.com https://bat.bing.com https://sslwidget.criteo.com https://dynamic.criteo.com https://cdn.taboola.com https://trc.taboola.com https://connect.facebook.net https://www.clarity.ms https://www.awin1.com https://api.sovondus.com https://www.dwin1.com https://lantern.roeyecdn.com https://js.appboycdn.com https://thesciencebehindcommerce.com https://the.sciencebehindecommerce.com https://rialto-gms.s3.amazonaws.com https://www.googletagmanager.com https://tagmanager.google.com https://ssl.gstatic.com https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://www.google.com https://www.youtube.com https://www.gstatic.com https://accounts.google.com https://d1v1f48xjw0b9w.cloudfront.net/3.24.1/sp.min.js https://d1v1f48xjw0b9w.cloudfront.net/3.24.1/index.umd.min.js https://unpkg.com/web-vitals@3/dist/web-vitals.iife.js; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://www.gstatic.com https://use.fontawesome.com https://ka-p.fontawesome.com https://maps.googleapis.com; style-src-elem 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://www.gstatic.com https://use.fontawesome.com https://ka-p.fontawesome.com; worker-src 'self' blob: 2
font-src *.fontawesome.com fonts.gstatic.com 'self' 'unsafe-inline'; form-action 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src *.vimeo.com *.texdecor.test *.texdecor.com www.google.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com *.vimeocdn.com s.ytimg.com data *.cdninstagram.com 'self' 'unsafe-inline'; script-src *.sbc29.com *.sbc30.net *.sbc33.com *.sbc35.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com *.texdecor.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.fontawesome.com fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src api.sarbacane.com *.texdecor.test *.texdecor.com *.fact-finder.fr www.google-analytics.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self' https:; connect-src *; font-src *; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 2
font-src *.fontawesome.com *.gstatic.com 'self' data: fonts.gstatic.com *.yotpo.com *.googleapis.com *.alicdn.com allamericanswim.com *.cloudflare.com *.klaviyo.com s3.amazonaws.com *.typekit.net *.wistia.com data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.weltpixel.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://plumrocket.com *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com *.yotpo.com https://*.online-metrix.net https://imgs.signifyd.com *.googletagmanager.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.cloudfront.net *.hubspot.com yotpo-editor-production.s3.amazonaws.com thelifeguardstore.com app.webfx.com kiefer.com placehold.co https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.authorize.net assets.secure.checkout.visa.com sandbox.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com *.hsforms.net *.hsforms.com 'self' data: *.gstatic.com maps.googleapis.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com *.yotpo.com https://imgs.signifyd.com https://*.online-metrix.net allamericanswim.com *.arenasport.com *.bing.com *.certcapture.com *.cloudflare.com d3k81ch9hvuctc.cloudfront.net *.doubleclick.net *.googleadservices.com *.google.com *.hscollectedforms.net *.kiefer.com *.marketingcloudfx.com *.paypalobjects.com s3.amazonaws.com theswimteamstore.net *.tyr.com *.wistia.com *.wistia.net data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.cloudfront.net globalshopex.com js.hs-scripts.com js.hs-banner.com js.hscollectedforms.net js.hs-analytics.net acsbapp.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com *.hsforms.net *.hsforms.com *.google.com *.gstatic.com ajax.googleapis.com https://www.googletagmanager.com tagmanager.google.com maps.googleapis.com *.googletagmanager.com *.yotpo.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com https://h64.online-metrix.net allamericanswim.com *.certcapture.com *.cloudflare.com *.crazyegg.com *.doubleclick.net *.hs-analytics.net *.hs-banner.com *.hs-scripts.com *.klaviyo.com s3.amazonaws.com *.signifyd.com *.wistia.com *.wistia.net 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; style-src *.adobe.com *.cloudfront.net static-tracking.klaviyo.com *.fontawesome.com https://static.klaviyo.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com fonts.googleapis.com tagmanager.google.com fonts.google.com *.yotpo.com allamericanswim.com *.certcapture.com *.cloudflare.com *.googletagmanager.com *.klaviyo.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cloudfront.net *.bing.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com cdn.acsbapp.com *.doubleclick.net forms.hscollectedforms.net settings.luckyorange.net wss://visitors.live wss://in.visitors.live https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com https://www.google-analytics.com *.analytics.google.com *.googletagmanager.com *.yotpo.com https://imgs.signifyd.com *.acsbapp.com acsbapp.com *.browser-intake-us5-datadoghq.com *.certcapture.com *.crazyegg.com d3k81ch9hvuctc.cloudfront.net *.datadome.co *.googleadservices.com *.googleapis.com kg668dbov0.execute-api.us-east-1.amazonaws.com *.kiefer.com *.klaviyo.com *.luckyorange.net *.sentry.io sentry.io thelifeguardstore.com *.wistia.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://7e98474e-5de7-4054-99d8-67792cfeaa79.sansec.watch/; report-to report-endpoint; 2
font-src fonts.googleapis.com fonts.gstatic.com *.googleapis.com *.gstatic.com data: *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com *.zopim.com *.zopim.io *.klevu.com *.ksearchnet.com *.fontawesome.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.twitter.com *.facebook.com 'self' data: *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.chasepaymentechhostedpay.com *.chasepaymentechhostedpay-var.com *.chase.hostedpaymentservice.net *.chase-var.hostedpaymentservice.net 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com *.chasepaymentechhostedpay.com *.chasepaymentechhostedpay-var.com *.chase.hostedpaymentservice.net *.chase-var.hostedpaymentservice.net https://www.youtube.com http://www.sandbox.paypal.com *.twitter.com *.facebook.com 'self' data: js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.weltpixel.com *.googletagmanager.com *.doubleclick.net www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com maps.googleapis.com maps.gstatic.com *.gstatic.com *.googleapis.com https://www.facebook.com/ connect.facebook.net graph.facebook.com business.facebook.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.bing.com *.zopim.com *.zopim.io *.doubleclick.net *.google.com *.google.co.in *.mastercard.com *.klevu.com *.ksearchnet.com https://firebasestorage.googleapis.com https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.facebook.com *.reddit.com *.googletagmanager.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://maps.googleapis.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.gstatic.com https://connect.facebook.net/ connect.facebook.net graph.facebook.com business.facebook.com apis.google.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.chasepaymentechhostedpay.com *.chasepaymentechhostedpay-var.com *.chase.hostedpaymentservice.net *.chase-var.hostedpaymentservice.net *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.bing.com *.zopim.com *.zdassets.com *.google.com *.dwin1.com *.getsitecontrol.com/ https://js-agent.newrelic.com/ https://cdn.cookielaw.org/ https://cdn.equalweb.com js.klevu.com *.ksearchnet.com *.avada.io js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googletagmanager.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com unpkg.com *.doubleclick.net www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.fontawesome.com *.bing.com *.klevu.com *.ksearchnet.com https://fonts.bunny.net unsafe-inline assets.braintreegateway.com *.tagmanager.google.com *.googletagmanager.com https://statsjs.klevu.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zopim.com *.zopim.io 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://maps.googleapis.com https://player.vimeo.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com https://www.facebook.com/ connect.facebook.net graph.facebook.com business.facebook.com *.chasepaymentechhostedpay.com *.chasepaymentechhostedpay-var.com *.chase.hostedpaymentservice.net *.chase-var.hostedpaymentservice.net *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.zdassets.com *.zopim.com *.zopim.io wss://widget-mediator.zopim.com *.google-analytics.com https://stats.g.doubleclick.net/ *.getsitecontrol.com/ https://bam.nr-data.net/ https://cdn.equalweb.com/ https://events.getsitectrl.com/ https://cdn.cookielaw.org/ *.klevu.com *.ksearchnet.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.doubleclick.net *.run.app 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.klarnacdn.net *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.hipay-tpp.com *.hipay.com *.googleapis.com *.klarna.com https://www.googletagmanager.com/ *.addthis.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com *.hipay.com *.googleapis.com *.klarna.com *.klarnaevt.com *.klarnacdn.net http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ magefan.com cm.magefan.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.hipay-tpp.com *.hipay.com mpsnare.iesnare.com *.paypal.com *.googleapis.com *.klarna.com *.klarnacdn.net *.klarnaservices.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.addthis.com *.moatads.com *.addthisedge.com *.pinterest.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.hipay.com *.googleapis.com *.klarnacdn.net *.fontawesome.com maxcdn.bootstrapcdn.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com data: mpsnare.iesnare.com *.googleapis.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.hipay-tpp.com *.hipay.com wss://mpsnare.iesnare.com *.googleapis.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.addthis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
frame-src 'self'             https://*.adyen.com             *.cookiebot.com             https://cdn.tagcommander.com             https://cdn.trustcommander.net             https://privacy.trustcommander.net             https://privacy.commander1.com             https://apps.apple.com             https://*.zebet.fr             https://*.zebet.com             https://*.zebet.be             https://*.zebet.es             https://*.zebet.nl             https://*.zeturf.be             https://*.zeturf.com             https://*.zeturf.es             https://*.zeturf.fr             https://*.zeturf.nl             https://*.m-itrust.com             https://*.redsys.es             https://*.apata.io             https://*.abanca.com             https://*.n26.com             https://*.postfinance.ch             https://*.ing.fr             https://*.monext.fr             https://*.ing.com             https://*.vinea.es             https://*.verifiedbyvisa.com             https://*.cic.fr             https://*.cm-cic.com             https://*.creditmutuel.fr             https://*.modirum.com             https://*.gbp.ma             https://*.cornercard.ch             https://*.wlp-acs.com ;    report-uri /en/webservice/api/report-csp 2
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.cleverreach.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.awin1.com *.zenaps.com *.fls.doubleclick.net https://www.googletagmanager.com/ js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com *.awin1.com *.zenaps.com *.wepowerconnections.com *.cloudfront.net http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://firebasestorage.googleapis.com https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com maps.gstatic.com 1rx.io *.1rx.io 360yield.com *.360yield.com 3lift.com *.3lift.com adnxs.com *.adnxs.com billiger.de *.billiger.de bing.com *.bing.com criteo.com *.criteo.com doubleclick.net *.doubleclick.net facebook.com *.facebook.com google.de *.google.de idealo.com *.idealo.com media.net *.media.net omnitagjs.com *.omnitagjs.com roeye.com *.roeye.com roeyecdn.com *.roeyecdn.com sharethrough.com *.sharethrough.com smartadserver.com *.smartadserver.com taboola.com *.taboola.com teads.tv *.teads.tv tremorhub.com *.tremorhub.com twiago.com *.twiago.com uimserv.net *.uimserv.net usd.de *.usd.de usercentrics.eu *.usercentrics.eu yieldlab.net *.yieldlab.net https://widgets.trustedshops.com https://widgets-qa.trustedshops.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.awin1.com *.dwin1.com *.zenaps.com *.wepowerconnections.com https://the.sciencebehindecommerce.com lantern.roeyecdn.com *.googleapis.com *.gstatic.com widget.freshworks.com m2epro.freshdesk.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io *.shopify.com js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com bing.com *.bing.com criteo.com *.criteo.com cdnsrv.de *.cdnsrv.de clickcease.com *.clickcease.com df-srv.de *.df-srv.de fatmedia.io *.fatmedia.io facebook.net *.facebook.net id5-sync.com *.id5-sync.com kuponacdn.de *.kuponacdn.de livechatinc.com *.livechatinc.com pinimg.com *.pinimg.com roeyecdn.com *.roeyecdn.com shopgate.com *.shopgate.com uicdn.com *.uicdn.com usercentrics.eu *.usercentrics.eu https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com www.xtento.com cdn.xtento.com https://www.dwin1.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com widget.freshworks.com m2epro.freshdesk.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com assets.braintreegateway.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de wepowerconnections.com https://the.sciencebehindecommerce.com widget.freshworks.com m2epro.freshdesk.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com criteo.com *.criteo.com doubleclick.net *.doubleclick.net facebook.com *.facebook.com livechatinc.com *.livechatinc.com pinterest.com *.pinterest.com usercentrics.eu *.usercentrics.eu *.wepowerconnections.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src fonts.gstatic.com use.typekit.net cash-f.squarecdn.com https://client.crisp.chat https://plugin-magento-ui.glopalservice.com *.fontawesome.com https://fonts.bunny.net *.cloudflare.com fonts.gstatic.com/ maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com applepay.cdn-apple.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com * p.monetico-services.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ * ct.pinterest.com js.mollie.com *.payplug.com *.dalenys.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io * https://images.unsplash.com https://image.crisp.chat https://cdn-redirector.glopal.com https://plugin-magento-ui.glopalservice.com *.jardindupicvert.com *.jardindupicvert.com.localhost *.promessedefleurs.com *.promessedefleurs.com.localhost cl.avis-verifies.com ct.pinterest.com bat.bing.com www.google.com.vn https://firebasestorage.googleapis.com https://www.mollie.com https://secure-magenta.dalenys.com https://redchamps.com *.openstreetmap.fr *.openstreetmap.org unpkg.com *.google.com *.google.fr *.google.ie data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com https://maps.googleapis.com https://client.crisp.chat https://cdn-redirector.glopal.com https://plugin-magento-ui.glopalservice.com cdn-renderer.glopalstore.com cl.avis-verifies.com bat.bing.com s.pinimg.com *.avada.io js.mollie.com https://cdnjs.cloudflare.com https://secure-magenta.dalenys.com applepay.cdn-apple.com api-qa.payplug.com cdn-qa.payplug.com api.payplug.com cdn.payplug.com *.google.com *.google.fr *.google.ie *.googletagmanager.com *.googleadservices.com https://unpkg.com/pwacompat 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.cash.app https://client.crisp.chat https://cdn-redirector.glopal.com https://plugin-magento-ui.glopalservice.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://cdnjs.cloudflare.com https://secure-magenta.dalenys.com unpkg.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io * https://maps.googleapis.com https://player.vimeo.com https://client.crisp.chat wss://client.relay.crisp.chat https://plugins.crisp.chat https://api-plugin-facade.glopalservice.com https://cognito-idp.eu-west-1.amazonaws.com api.glopaltranslator.com *.jardindupicvert.com *.jardindupicvert.com.localhost *.promessedefleurs.com *.promessedefleurs.com.localhost ct.pinterest.com https://get.geojs.io *.avada.io *.openstreetmap.org *.arcgis.com *.google-analytics.com *.doubleclick.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src cl.avis-verifies.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src data: *.fontawesome.com https://fonts.bunny.net *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.gstatic.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de consentcdn.cookiebot.com ct.pinterest.com google.com google.co.uk secure.livechatinc.com www.google.com www.google.co.uk c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.trustpilot.com www.xtento.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de angus.finance-calculator.co.uk connectionflooring.s3.amazonaws.com bat.bing.com c.bing.com c.clarity.ms facebook.com google.com google.co.uk images-static.trustpilot.com imgsct.cookiebot.com www.google.com www.google.co.uk p.yotpo.com *.dycdn.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ magefan.com cm.magefan.com https://img.youtube.com https://firebasestorage.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com www.xtento.com cdn.xtento.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de api.livechatinc.com bat.bing.com cdn.jsdelivr.net cdn.livechatinc.com clarity.ms connect.facebook.net consent.cookiebot.com consentcdn.cookiebot.com google.com google.co.uk googleads.g.doubleclick.net js-agent.newrelic.com s.pinimg.com static.cloudflareinsights.com static-eu.payments-amazon.com tag.rmp.rakuten.com unpkg.com www.clarity.ms www.google.com www.google.co.uk www.googletagmanager.com www.gstatic.com *.dycdn.net dn1i8v75r669j.cloudfront.net dkpklk99llpj0.cloudfront.net ds9p2a60lh6fp.cloudfront.net am.freshrelevance.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ s7.addthis.com *.avada.io assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com *.trustpilot.com www.xtento.com cdn.xtento.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com angus.finance-calculator.co.uk https://static.klaviyo.com *.fontawesome.com https://fonts.bunny.net unsafe-inline *.stripe.network *.stripecdn.com *.amazon.com *.trustpilot.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de api.livechatinc.com bam.eu01.nr-data.net consentcdn.cookiebot.com ct.pinterest.com google.com google.co.uk googleads.g.doubleclick.net region1.analytics.google.com shopify-bridge.leafgrow.io u.clarity.ms www.google.com www.google.co.uk *.dycdn.net am.freshrelevance.com wss://am.freshrelevance.com wss://am.dycdn.net dn1i8v75r669j.cloudfront.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ ekr.zdassets.com/ https://get.geojs.io *.avada.io www.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com https://fonts.bunny.net *.alothemes.com *.magepow.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.paypal.com *.vivapayments.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.awin1.com *.zenaps.com td.doubleclick.net *.googletagmanager.com app.youshouldask.ai *.sendcloud.sc *.jsdelivr.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.paypal.com *.typekit.net *.gstatic.com *.awin1.com *.zenaps.com *.wepowerconnections.com https://images.unsplash.com magefan.com cm.magefan.com *.disqus.com https://img.youtube.com https://firebasestorage.googleapis.com *.alothemes.com *.magepow.com s.w.org *.degezondewereld.nl *.degezondewereld.be cdn.klarna.com *.google.nl *.google.com *.tinymce.com app.youshouldask.ai *.googleapis.com flagpedia.net *.amazonaws.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.awin1.com *.dwin1.com *.zenaps.com *.wepowerconnections.com https://the.sciencebehindecommerce.com lantern.roeyecdn.com *.vivapayments.com https://maps.googleapis.com *.disqus.com https://cdn.jsdelivr.net *.avada.io *.alothemes.com *.magepow.com *.dutch-headshop.nl *.dutch-headshop.eu *.dutch-headshop.fr *.dutch-headshop.be *.dutch-headshop.de *.dutch-headshop.at *.degezondewereld.nl *.degezondewereld.be *.tiny.cloud app.youshouldask.ai *.gstatic.com maps.googleapis.com *.sendcloud.sc *.jsdelivr.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com https://cdn.jsdelivr.net maxcdn.bootstrapcdn.com https://fonts.bunny.net *.alothemes.com *.magepow.com *.typekit.net app.youshouldask.ai *.gstatic.com *.sendcloud.sc *.jsdelivr.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.wepowerconnections.com https://the.sciencebehindecommerce.com https://maps.googleapis.com https://player.vimeo.com https://get.geojs.io *.avada.io *.alothemes.com *.magepow.com stats.g.doubleclick.net *.dutch-headshop.nl *.dutch-headshop.eu *.dutch-headshop.fr *.dutch-headshop.be *.dutch-headshop.de *.dutch-headshop.at *.degezondewereld.nl *.degezondewereld.be pagead2.googlesyndication.com *.tiny.cloud app.youshouldask.ai www.gstatic.com maps.googleapis.com *.sendcloud.sc *.cdn.jsdelivr.net *.mapbox.com 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src https:; connect-src https: wss:; font-src https: data:; frame-src https:; img-src https: data:; media-src https:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob:; style-src 'unsafe-inline' https:; report-uri https://www.tarifcheck-partnerprogramm.de/csp-violation-ezmd9dpdxv7nb0ecejb9/ 2
font-src maxcdn.bootstrapcdn.com *.googleapis.com *.gstatic.com lancerto-proxy.eu-de.mybluemix.net actionbot-proxy-lancerto.12lsncf5rsle.eu-de.codeengine.appdomain.cloud https://geowidget.easypack24.net data: https://cdn.thulium.com/ script.hotjar.com widget.fitanalytics.com/ fontawesome.com *.fontawesome.com widget.fitanalytics.com static.lancerto.com data: 'self' 'unsafe-inline'; form-action www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ consentcdn.cookiebot.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.instagram.com pay.google.com play.google.com testpay.autopay.eu pay.autopay.eu testcards.autopay.eu cards.autopay.eu secure.payu.com merch-prod.snd.payu.com smartforms.ekomi.com *.ekomiapps.de https://geowidget-app.inpost.pl/ https://pudofinder.dpd.com.pl/ *.google.com *.fls.doubleclick.net creativecdn.com gum.criteo.com *.hotjar.com facebook.com start.paypo.pl https://tbs.tradedoubler.com https://imgstatic.eu *.tradedoubler.com *.imgstatic.eu static.criteo.net 'self' fledge.eu.criteo.com td.doubleclick.net *.creativecdn.com ct.pinterest.com ms.lancerto.com js-agent.newrelic.com *.googletagmanager.com csr.onet.pl ms.prochnik.pl 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'unsafe-inline' data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io imgsct.cookiebot.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cdninstagram.com *.tiktok.com platnosci.bm.pl platnosci-accept.bm.pl www.gstatic.com testimages.autopay.eu images.autopay.eu *.inpost.pl static.payu.com *.gstatic.com *.googleapis.com *.ggpht lancerto-proxy.eu-de.mybluemix.net actionbot-proxy-lancerto.12lsncf5rsle.eu-de.codeengine.appdomain.cloud https://lancerto.com https://geowidget.easypack24.net https://osm.inpost.pl *.revhunter.tech assets.swarmcdn.com analytics.tiktok.com https://maps.googleapis.com/ https://maps.gstatic.com/ https://developers.google.com *.g.doubleclick.net pixel.wp.pl *.google.com facebook.com *.google-analytics.com www.google.pl google.pl script.hotjar.com  data: smart-widget-assets.ekomiapps.de tbl.tradedoubler.com *.stickyadstv.com *.bing.com *.adform.net *.advertising.com ade.clmbtech.com *.criteo.com *.adnxs.com sync.outbrain.com *.analytics.yahoo.com *.yahoo.com *.tribalfusion.com sw-assets.ekomiapps.de *.taboola.com *.3lift.com *.rtb-csync.smartadserver.com *.casalemedia.com *.pixel.rubiconproject.com *.simage2.pubmatic.com *.criteo-sync.teads.tv *.360yield.com *.pubmatic.com *.bidswitch.net criteo-sync.teads.tv *.adscale.de *.omnitagjs.com *.smartadserver.com *.ivitrack.com *.ad.smaato.net *.sharethrough.com *.ssp.rambler.ru *.fls.doubleclick.net *.atdmt.com *.rubiconproject.com *.yieldlab.net *.e-planning.net *.ads.linkedin.com sync-tm.everesttech.net s-cs.send.microad.jp contextual.media.net us-u.openx.net cm.mgid.com pixel.tapad.com ad.as.amanad.adtdp.com an.yandex.ru trends.revcontent.com cw.addthis.com crb.kargo.com i.liadm.com jadserve.postrelease.com sync.aralego.com ad.mail.ru sync-criteo.ads.yieldmo.com a.twiago.com idsync.rlcdn.com criteo-partners.tremorhub.com d.turn.com https://tbs.tradedoubler.com https://imgstatic.eu *.tradedoubler.com *.imgstatic.eu googleads4.g.doubleclick.net *.emxdgt.com *.googletagmanager.com static.lancerto.com htlfkw.lancerto.com s.thebrighttag.com beacon.krxd.net id5-sync.com exchange.mediavine.com https://csr.onet.pl https://upload.snrcdn.net *.clarity.ms dmp.adform.net ad.doubleclick.net ekomi-srr.s3.eu-central-1.amazonaws.com *.googlesyndication.com hb.yahoo.net *.salestube.pl dot.wp.pl mapa.orlenpaczka.pl tile.openstreetmap.org lantern.roeye.com *.analytics.google.com *.google.pl region1.analytics.google.com media.prochnik.pl data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ consent.cookiebot.com consentcdn.cookiebot.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.instagram.com *.tiktok.com testcards.autopay.eu cards.autopay.eu pay.google.com *.google-analytics.com *.googletagmanager.com *.inpost.pl *.snrbox.com secure.payu.com secure.snd.payu.com *.googleapis.com *.gstatic.com lancerto-proxy.eu-de.mybluemix.net actionbot-proxy-lancerto.12lsncf5rsle.eu-de.codeengine.appdomain.cloud smartforms.ekomi.com *.ekomiapps.de https://geowidget.easypack24.net https://geowidget.inpost.pl https://bat.bing.com/ https://www.clarity.ms/ assets.swarmcdn.com web.snrbox.com https://cdn.thulium.com/ analytics.tiktok.com https://maps.googleapis.com/ *.google.com sw-assets.ekomiapps.de smart-widget-assets.ekomiapps.de *.googleadservices.com px.leadexpert.pl static.lamoda.pl *.hotjar.com pixel.wp.pl wrap.tradedoubler.com static.criteo.net sslwidget.criteo.com widget.fitanalytics.com metrics.fitanalytics.com metrics-nl.fitanalytics.com cdn.wootric.com swrap.tradedoubler.com ocdn.eu js-agent.newrelic.com bam-cell.nr-data.net *.platform.hicloud.com snap.licdn.com www.snrcdn.net unpkg.com *.doubleclick.net googletagservices.com *.googlesyndication.com www.googletagservices.com https://tbs.tradedoubler.com *.tradedoubler.com https://imgstatic.eu *.imgstatic.eu maps.googleapis.com 'unsafe-inline' https://tagmanager.google.com/ https://www.googletagmanager.com/ https://cdnjs.cloudflare.com https://cdn.juo.io https://sgqcvfjvr.onet.pl https://artemis-cdn.ocdn.eu https://player.vimeo.com https://lib.onet.pl dc.cux.io js.go2sdk.com *.creativecdn.com s.pinimg.com ct.pinterest.com cdn.jsdelivr.net ms.lancerto.com mapa.orlenpaczka.pl stapecdn.com ms.prochnik.pl www.dwin1.com *.bam.eu01.nr-data.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com testpay.autopay.eu pay.autopay.eu testcards.autopay.eu cards.autopay.eu *.googleapis.com *.snrcdn.net maxcdn.bootstrapcdn.com *.gstatic.com lancerto-proxy.eu-de.mybluemix.net actionbot-proxy-lancerto.12lsncf5rsle.eu-de.codeengine.appdomain.cloud https://geowidget.easypack24.net https://geowidget.inpost.pl assets.swarmcdn.com sw-assets.ekomiapps.de widget.fitanalytics.com customizations.fitanalytics.com www.snrcdn.net 'self' 'unsafe-inline'; object-src 'self' 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com assets.swarmcdn.com swarmify: blob: video-node.swarmcdn.com https://cdn.thulium.com/ chat-widget.thulium.com static.lancerto.com https://static.lancerto.com media.lancerto.com media.prochnik.pl 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com consentcdn.cookiebot.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.tiktok.com *.google-analytics.com *.snrbox.com secure.payu.com merch-prod.snd.payu.com lancerto-proxy.eu-de.mybluemix.net actionbot-proxy-lancerto.12lsncf5rsle.eu-de.codeengine.appdomain.cloud smartforms.ekomi.com *.ekomiapps.de https://geowidget.easypack24.net https://api-pl-points.easypack24.net https://osm.inpost.pl https://bat.bing.com/ *.clarity.ms video-node.swarmcdn.com wss://hornets.swarmcdn.com *.swarmcdn.com https://cdn.thulium.com/ analytics.tiktok.com https://maps.googleapis.com/ *.g.doubleclick.net wss://v18dxapjmd.execute-api.eu-west-1.amazonaws.com *.google.com smart-widget-assets.ekomiapps.de *.hotjar.com *.facebook.com clk.leadexpert.pl wss://ws17.hotjar.com  data: eligibility.wootric.com bam-cell.nr-data.net web.snrbox.com widget.fitanalytics.com https://in.juo.io https://csr.onet.pl wss://n-541921153-0-27272500-1569843303-5d91e8674295d.track.cux.io events.ocdn.eu bat.bing.com google.com/pay *.analytics.google.com pixel.wp.pl measurement-api.criteo.com pagead2.googlesyndication.com *.creativecdn.com ct.pinterest.com ms.lancerto.com js-agent.newrelic.com ms.prochnik.pl *.google.pl *.bam.eu01.nr-data.net 'self' 'unsafe-inline'; child-src https://tbs.tradedoubler.com https://imgstatic.eu *.tradedoubler.com *.imgstatic.eu http: https: blob: 'self' 'unsafe-inline'; default-src 'self' *.bam.eu01.nr-data.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' unpkg.com *.cookieinformation.com *.episerver.net *.itxuc.com *.googletagmanager.com *.imgi.no *.youtube.com siteimproveanalytics.com *.siteimproveanalytics.io *.doubleclick.net localhost:5000 *.snapchat.com *.google.com *.facebook.com js.monitor.azure.com *.facebook.net snap.licdn.com sc-static.net *.tiktok.com px.ads.linkedin.com *.cloudfront.net *.eu1.odp.optimizely.com *.bing.com *.ads.linkedin.com *.services.visualstudio.com *.googlesyndication.com *.aptrinsic.com cdn.siteimprove.net adservice.google.com *.googleapis.com *.gstatic.com elvia.my.site.com elvia.my.salesforce-scrt.com elvia--test.sandbox.my.site.com elvia--test.sandbox.my.salesforce-scrt.com cookie-cdn.cookiepro.com fonts.vev.design;report-uri https://phoenix-csp-reporting.azurewebsites.net/cspreport 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://service.force.com https://*.googletagmanager.com https://*.google-analytics.com https://*.doubleclick.net https://*.osano.com https://www.youtube.com https://*.instagram.com https://acsbapp.com https://connect.facebook.net https://*.edology.com https://dev.visualwebsiteoptimizer.com https://*.bing.com https://*.bing.net https://snap.licdn.com https://*.googleadservices.com https://*.googlesyndication.com https://*.clarity.ms https://*.facebook.com https://*.youtube.com https://*.ads.linkedin.com https://*.tiktok.com https://*.quora.com https://*.ofgreencolumn.com https://*.snapchat.com https://*.ue-germany.com https://sc-static.net https://*.visualwebsiteoptimizer.com https://pixel.byspotify.com https://*.pardot.com https://*.googleapis.com https://instapage-scripts.s3.amazonaws.com https://bat.bing-int.com; worker-src 'self' blob:; child-src 'self' blob:; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.osano.com https://connect.facebook.net https://*.youtube.com https://*.ads.linkedin.com https://dev.visualwebsiteoptimizer.com https://*.bing.com https://*.bing.net https://*.googleadservices.com https://*.clarity.ms https://*.googlesyndication.com https://*.google.com https://*.facebook.com https://*.ytimg.com https://*.quora.com https://*.snapchat.com https://*.ofgreencolumn.com https://*.google.ru https://*.google.es https://*.google.de https://*.google.gr https://*.google.com.ng https://*.google.lk https://*.google.co.in https://*.google.co.th https://*.google.it https://*.google.com.mx https://*.google.com.tr https://*.google.com.ke https://*.google.com.gh https://*.google.cm https://*.google.pl https://*.google.pt https://*.google.ie https://*.google.iq https://*.google.com.eg https://*.google.az https://*.google.com.pk https://*.google.ge https://*.google.com.np https://*.google.al https://*.google.bg https://*.google.hu https://*.google.co.uz https://*.google.ca https://*.google.com.bd https://*.google.co.kr https://*.google.dz https://*.google.ae https://*.google.by https://*.google.com.sa https://*.google.nl; media-src 'self' data:; connect-src 'self' https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.osano.com https://*.tiktok.com https://*.tiktokv.com https://*.tiktokw.us https://*.acsbapp.com https://acsbapp.com https://*.ads.linkedin.com https://*.edology.com https://dev.visualwebsiteoptimizer.com https://*.bing.com https://*.bing.net https://*.googleadservices.com https://*.googlesyndication.com https://*.clarity.ms https://*.google.com https://google.com https://*.facebook.com https://capi.gus.global wp.globaluniversitysystems.com https://noembed.com https://*.ue-germany.com https://*.snapchat.com https://*.quora.com https://*.ofgreencolumn.com https://pixels.spotify.com https://bat.bing-int.com https://*.google.com.pk https://*.google.co.in https://*.google.de https://*.google.co.kr https://*.google.com.ng https://*.google.com.gh https://*.google.com.co; frame-src 'self' https://*.doubleclick.net https://*.googletagmanager.com https://youtube.com https://*.youtube.com https://youtu.be https://vimeo.com https://instagram.com https://*.instagram.com https://*.tiktok.com https://*.twitter.com https://*.spotify.com https://*.facebook.com https://*.google.com https://datawrapper.dwcdn.net https://*.snapchat.com https://open.spotify.com https://*.cloudfront.net; frame-ancestors 'self'; font-src 'self' data:; report-to csp-endpoint; report-uri https://www.ue-germany.com/api/csp-report 2
font-src fonts.gstatic.com use.typekit.net *.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net https://*.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk www.google.com https://*.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com *.braintreegateway.com *.google.com *.doubleclick.net *.shophumm.com.au *.criteo.com *.hotjar.com *.adsrvr.org *.freshchat.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com www.xtento.com zip.co static.zip.co sandbox.zip.co zipmoney.com.au sandbox.zipmoney.com.au checkout.gb.zip.co checkout.quadpay.com checkout-sandbox.quadpay.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com https://img.youtube.com validator.swagger.io *.ftcdn.net *.behance.net https://static.afterpay.com https://site-assets.afterpay.com/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://*.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.klevu.com *.cloudflare.com https://cdn.klarna.com *.paypal.com *.afterpay.com *.cloudfront.net https://*.paypal.com *.nextopia.net https://*.zipmoney.com.au *.data-dynamic.net images.latitudepayapps.com *.godfreys.com.au *.feefo.com *.google.com *.google.com.au *.googletagmanager.com.au *.googletagmanager.com *.gstatic.com *.googleapis.com *.bing.com *.criteo.com *.bluekai.com *.socdm.com *.krxd.net *.pubmatic.com *.outbrain.com *.mediavine.com *.aralego.com *.aralego.net *.smaato.net *.clmbtech.com *.yieldmo.com *.emxdgt.com *.doubleclick.net *.bidswitch.net *.adnxs.com *.media.net *.rubiconproject.com *.sharethrough.com *.smartadserver.com *.taboola.com *.teads.tv *.yahoo.com *.casalemedia.com *.dable.io *.adingo.jp *.stickyadstv.com *.rlcdn.com *.3lift.com *.360yield.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com maps.gstatic.com *.facebook.com www.xtento.com cdn.xtento.com t.zip.co static.zipmoney.com.au static.zip.co data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com https://js.sandbox.afterpay.com https://js.afterpay.com polyfill.io www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.facebook.net connect.facebook.net graph.facebook.com business.facebook.com *.forter.com *.cloudfront.net *.openpay.com.au https://js-agent.newrelic.com https://oc-library.playground.klarnaservices.com/lib.js *.bing.com *.criteo.com *.mytopia.com.au *.google.com *.googleoptimize.com *.cfjump.com *.freshchat.com *.zip.co js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com unpkg.com www.xtento.com cdn.xtento.com static.zipmoney.com.au static.zip.co zip.co 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com static.afterpay.com/ js.sandbox.afterpay.com js.afterpay.com https://static.klaviyo.com https://js.klevu.com/klevu-css/* *.klevu.com *.cloudflare.com *.bootstrapcdn.com *.fontawesome.com *.googleapis.com *.ecomm-nav.com https://*.zipmoney.com.au *.nextopiasoftware.com https://*.facebook.com https://*.safelinks.protection.outlook.com/ *.zdassets.com *.barilliance.com *.barilliance.net *.newrelic.com *.nr-data.net data: https://fonts.googleapis.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://use.typekit.net https://p.typekit.net *.nextopia.net *.cloudfront.net *.freshchat.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io static.afterpay.com static.sandbox.afterpay.com js.sandbox.afterpay.com js.afterpay.com *.algolia.net *.algolia.io *.algolianet.com *.insights.algolia.io insights.algolia.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cloudfront.net *.forter.com *.zipmoney.com.au *.zip.co *.criteo.com *.googlesyndication.com *.googleapis.com *.afterpay.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com maps.googleapis.com *.google-analytics.com *.facebook.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src *.googleapis.com *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.fontawesome.com maxcdn.bootstrapcdn.com www.piercingmania.test piercingmania.test piercingmania.co.uk www.piercingmania.co.uk piercingmania.com www.piercingmania.com piercingmania.nl www.piercingmania.nl fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com *.googlesyndication.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.google.com *.google.com/ *.doubleclick.net *.facebook.com *.googlesyndication.com *.multisafepay.com https://pay.google.com www.googletagmanager.com www.piercingmania.test piercingmania.test piercingmania.co.uk www.piercingmania.co.uk piercingmania.com www.piercingmania.com piercingmania.nl www.piercingmania.nl *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.roeye.com magefan.com cm.magefan.com https://www.magezon.com *.multisafepay.com www.piercingmania.test piercingmania.test piercingmania.co.uk www.piercingmania.co.uk piercingmania.com www.piercingmania.com piercingmania.nl www.piercingmania.nl www.google.nl google.nl www.google.co.uk google.com bat.bing.com bat.bing.net c.bing.com log.cookieyes.com cdn-cookieyes.com google-analytics.com connect.facebook.net www.facebook.com maps.googleapis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com/ *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.googlesyndication.com *.jsdelivr.net *.multisafepay.com https://pay.google.com static.cloudflareinsights.com cdn-cookieyes.com bat.bing.com www.gstatic.com pay.multisafepay.com www.piercingmania.test piercingmania.test piercingmania.co.uk www.piercingmania.co.uk piercingmania.com www.piercingmania.com piercingmania.nl www.piercingmania.nl googleadservices.com google-analytics.com maps.googleapis.com sst.piercingmania.com sst.staging.piercingmania.com sst.piercingmania.nl sst.piercingmania.co.uk ajax.cloudflare.com cdn.staging.piercingmania.com staging.piercingmania.com s.pinimg.com ct.pinterest.com connect.facebook.net ajax.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.fontawesome.com maxcdn.bootstrapcdn.com *.multisafepay.com www.piercingmania.test piercingmania.test piercingmania.co.uk www.piercingmania.co.uk piercingmania.com www.piercingmania.com piercingmania.nl www.piercingmania.nl www.googletagmanager.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com *.google-analytics.com *.facebook.com *.facebook.net *.doubleclick.net *.googlesyndication.com *.multisafepay.com https://postcode-checkout.nl https://www.postcode-checkout.nl https://postcode-checkout.nl/api/v2/ https://www.postcode-checkout.nl/api/v2/ googleads.g.doubleclick.net stats.g.doubleclick.net pagead2.googlesyndication.com pay.google.com www.piercingmania.test piercingmania.test piercingmania.co.uk www.piercingmania.co.uk piercingmania.com www.piercingmania.com piercingmania.nl www.piercingmania.nl log.cookieyes.com cdn-cookieyes.com google-analytics.com sst.staging.piercingmania.com sst.piercingmania.com sst.piercingmania.nl sst.piercingmania.co.uk bat.bing.net bat.bing.com directory.cookieyes.com ct.pinterest.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src *.googleapis.com *.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com *.restorio.cz *.restorio.sk *.restorio.eu *.vegadesign.cz *.vegadesign.local 'self' data: *.twitter.com *.twimg.com *.zopim.com data: 'self' 'unsafe-inline'; form-action self *.restorio.cz *.restorio.sk *.restorio.eu *.vegadesign.cz *.vegadesign.local *.facebook.com *.twitter.com yaby.eu 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.restorio.cz 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com www.facebook.com platform.twitter.com *.restorio.cz *.restorio.sk *.restorio.eu *.vegadesign.cz *.vegadesign.local *.criteo.com *.criteo.net *.doubleclick.net *.facebook.com *.google.com *.googletagmanager.com *.ladesk.com elibro.ladesk.com *.ec1.vbus.apps.ladesk.com *.gopay.cz *.gopay.com *.hotjar.com *.outfindo.com *.packeta.com *.pinterest.com *.twitter.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.googleapis.com *.gstatic.com data: *.facebook.com www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com *.restorio.cz *.restorio.sk *.restorio.eu media.restorio.cz media.restorio.sk media.restorio.eu yaby.eu *.vegadesign.cz *.vegadesign.local blob: *.ceneo.pl *.bing.com *.bing.net *.clarity.ms *.doofinder.com *.doubleclick.net *.g.doubleclick.net *.facebook.net *.google.at *.google.be *.google.bg *.google.com google.com *.google.com.au *.google.com.cr *.google.com.cy *.google.com.do *.google.com.eg *.google.com.mt *.google.com.mx *.google.com.ph *.google.com.tr *.google.com.ua *.google.co.il *.google.co.in *.google.co.jp *.google.co.ma *.google.co.nz *.google.co.th *.google.co.tw *.google.co.uk *.google.ae *.google.by *.google.ca *.google.ch *.google.cz *.google.de *.google.dk *.google.es *.google.fi *.google.fr *.google.gr *.google.hr *.google.hu *.google.ie *.google.is *.google.it *.google.lu *.google.lv *.google.md *.google.me *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.ru *.google.rs *.google.se *.google.sk *.google.tn *.google.tr *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.googleusercontent.com *.googlesyndication.com *.heureka.cz *.heureka.sk im9.cz *.imedia.cz *.packeta.com *.seznam.cz t.co *.tiktok.com *.twiago.com *.twitter.com *.twimg.com *.ytimg.com *.zopim.com *.ziskejte.cz *.zbozi.cz *.criteo.com *.criteo.net ad.360yield.com eb2.3lift.com *.adform.net *.adnxs.com *.adnxs.net *.bidswitch.net r.casalemedia.com *.emxdgt.com id5-sync.com matching.ivitrack.com beacon.krxd.net *.1rx.io exchange.mediavine.com contextual.media.net visitor.omnitagjs.com sync.outbrain.com jadserve.postrelease.com simage2.pubmatic.com pixel.rubiconproject.com match.sharethrough.com rtb-csync.smartadserver.com sync-t1.taboola.com/ criteo-sync.teads.tv criteo-partners.tremorhub.com sync.targeting.unrulymedia.com *.yahoo.net ad.yieldlab.net sync-criteo.ads.yieldmo.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://browser.sentry-cdn.com *.googletagmanager.com *.facebook.net cdn.jsdelivr.net connect.facebook.net twitter.com platform.twitter.com *.restorio.cz *.restorio.sk *.restorio.eu static.restorio.cz static.restorio.sk static.restorio.eu *.vegadesign.cz *.vegadesign.local *.addthis.com *.bing.com *.cloudflare.com *.ceneo.pl *.clarity.ms *.cloudflareinsights.com *.cookiehub.com cookiehub.net *.cookiehub.eu *.criteo.com *.criteo.net *.daktela.com *.dognet.sk login.dognet.sk *.doofinder.com *.doubleclick.net *.facebook.com *.fontawesome.com *.googleadservices.com *.google-analytics.com *.googlesyndication.com *.google.com *.google.cz *.gopay.cz *.gopay.com *.hotjar.com im9.cz *.im9.cz *.imedia.cz *.ladesk.com *.outfindo.com *.packeta.com *.pinterest.com *.pinimg.com *.seznam.cz sc-static.net *.srovname.cz *.tiktok.com *.ads-twitter.com *.twitter.com *.twimg.com *.zbozi.cz *.zdassets.com *.zopim.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com cdn.jsdelivr.net maxcdn.bootstrapcdn.com *.restorio.cz *.restorio.sk *.restorio.eu static.restorio.cz static.restorio.sk static.restorio.eu *.vegadesign.cz *.vegadesign.local *.cloudflare.com *.cookiehub.com *.cookiehub.eu cookiehub.net *.doofinder.com *.googleapis.com *.gstatic.com *.twitter.com *.twimg.com *.zopim.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com data: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com *.googleapis.com https://*.ingest.sentry.io *.google-analytics.com *.restorio.cz *.restorio.sk *.restorio.eu yaby.eu *.vegadesign.cz *.vegadesign.local *.bing.com *.bing.net *.clarity.ms *.cookiehub.com *.cookiehub.net cookiehub.net *.cookiehub.eu *.criteo.com *.criteo.net *.doofinder.com wss://eu1-layer.doofinder.com wss://eu1-recommendations.doofinder.com *.doubleclick.net *.facebook.com *.facebook.net google.com *.google.com *.google.cz *.google.sk adservice.google.com *.googleadservices.com *.googlesyndication.com *.gopay.cz *.gopay.com *.outfindo.com *.packeta.com *.pinterest.com *.seznam.cz *.srovname.cz *.tiktok.com *.tiktokw.us *.twitter.com *.twimg.com *.yaby.eu *.zdassets.com wss://widget-mediator.zopim.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.restorio.cz *.restorio.sk *.restorio.eu *.vegadesign.cz *.vegadesign.local *.gopay.cz *.gopay.com *.yaby.eu yaby.eu 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://sentry.vegadesign.cz/api/4/security/?sentry_key=aabf49608cca46b2bf8fb3c0ad2a8eba; report-to report-endpoint; 2
default-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: blob: 'unsafe-inline' 2
img-src https://higherlogicdownload.s3.amazonaws.com/CSIRESOURCES/ https://cdn.jsdelivr.net/jquery.slick/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/CSIRESOURCES/ https://img.youtube.com/vi/ https://d2x5ku95bkycr3.cloudfront.net https://higherlogiclongterm.s3.amazonaws.com/CSIRESOURCES/ https://d132x6oi8ychic.cloudfront.net 'self'; style-src https://d132x6oi8ychic.cloudfront.net 'unsafe-inline' https://higherlogiccloudfront.s3.amazonaws.com https://cdn.jsdelivr.net/jquery.slick/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://d2x5ku95bkycr3.cloudfront.net/ https://ajax.googleapis.com/ajax/libs/jqueryui/ https://use.fortawesome.com/ https://fonts.googleapis.com/ https://d3uf7shreuzboy.cloudfront.net/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/CSIRESOURCES/ https://higherlogicdownload.s3.amazonaws.com/CSIRESOURCES/ https://higherlogiclongterm.s3.amazonaws.com/CSIRESOURCES/ 'self'; font-src https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://cdn.jsdelivr.net/jquery.slick/ https://higherlogiccloudfront.s3.amazonaws.com https://higherlogicdownload.s3.amazonaws.com/CSIRESOURCES/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/CSIRESOURCES/ 'self' https://higherlogiclongterm.s3.amazonaws.com/CSIRESOURCES/ https://maxcdn.bootstrapcdn.com/font-awesome/ https://d2x5ku95bkycr3.cloudfront.net https://d132x6oi8ychic.cloudfront.net data:; script-src-elem https://www.google.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-ui-1.13.3.min.js https://d3uf7shreuzboy.cloudfront.net/ https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-3.7.1.min.js https://d2x5ku95bkycr3.cloudfront.net/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://www.gstatic.com/recaptcha/ https://static.filestackapi.com/filestack-js/ 'self' https://ajax.aspnetcdn.com/ajax/ 'unsafe-eval' 'unsafe-inline'; media-src https://higherlogiclongterm.s3.amazonaws.com/CSIRESOURCES/ https://higherlogicdownload.s3.amazonaws.com/CSIRESOURCES/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/CSIRESOURCES/ https://higherlogicstream.s3.amazonaws.com/CSIRESOURCES/ 'self' https://d132x6oi8ychic.cloudfront.net; script-src https://higherlogiclongterm.s3.amazonaws.com/CSIRESOURCES/ https://higherlogicdownload.s3.amazonaws.com/CSIRESOURCES/ https://ajax.aspnetcdn.com/ajax/ https://cdn.jsdelivr.net/jquery.slick/ https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-ui-1.13.3.min.js https://d132x6oi8ychic.cloudfront.net https://cdn.informz.net 'unsafe-eval' https://use.fortawesome.com/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/CSIRESOURCES/ https://cdnjs.cloudflare.com/ajax/libs/prism/ 'unsafe-inline' https://d2x5ku95bkycr3.cloudfront.net/ https://higherlogiccloudfront.s3.amazonaws.com https://static.filestackapi.com https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-3.7.1.min.js https://d3uf7shreuzboy.cloudfront.net/ 'self'; frame-src https://www.google.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://api.connectedcommunity.org/ 'self' https://www.youtube.com/embed/; worker-src 'self'; default-src 'self'; base-uri 'self'; connect-src 'self' https://hl-managedservices.informz.net; frame-ancestors https://*.connectedcommunity.org/ 'self'; object-src 'none'; manifest-src 'self'; 2
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.fontawesome.com maxcdn.bootstrapcdn.com *.salesfire.co.uk *.typekit.net *.klarnacdn.net fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.facebook.com *.googlesyndication.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.salesfire.co.uk *.googleapis.com *.trustpilot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.googlesyndication.com *.roeye.com *.trackedlink.net ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com * www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.salesfire.co.uk maps.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com *.jsdelivr.net *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com chimpstatic.com downloads.mailchimp.com *.list-manage.com * js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.salesfire.co.uk *.googleapis.com *.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com downloads.mailchimp.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com *.salesfire.co.uk *.typekit.net fonts.googleapis.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.doubleclick.net *.googlesyndication.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com https://bam.nr-data.net/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com *.salesfire.co.uk *.smartmetrics.co.uk *.googleapis.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com cash-f.squarecdn.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com * *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com * *.pinterest.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net * *.trustedshops.com cdn.cookielaw.org res.cloudinary.com www.b2c-nfinity.com t.squeezely.tech cdn-icons-png.flaticon.com docker.creative-serving.com trkr.shoppingminds.net bam.nr-data.net *.googleapis.com *.etrusted.com *.pinterest.com bat.bing.com *.adyen.com *.facebook.com img.youtube.com a.tile.openstreetmap.org b.tile.openstreetmap.org c.tile.openstreetmap.org cdn.doofinder.com *.google.com *.google.co.uk *.google.ca b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com ts.tradetracker.net blob: www.google.ge magefan.com cm.magefan.com *.disqus.com https://img.youtube.com www.sandbox.paypal.com www.magmodules.eu data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net *.commerce-payment-services.com *.magento-ds.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.magento-datasolutions.com *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com *.trustedshops.com squeezely.tech bat.bing.com *.etrusted.com *.kk-resources.com *.googleoptimize.com cdn.cookielaw.org l.getsitecontrol.com script.shoppingminds.com script.shoppingminds.net js-agent.newrelic.com bam.nr-data.net static.hotjar.com script.hotjar.com s2.getsitecontrol.com *.pinterest.com s.pinimg.com analytics.topdrinks.nl analytics.topdrinks.fr analytics.topdrinks.dk analytics.topdrinks.de analytics.topdrinks.at analytics.topdrinks.be unpkg.com cdn.jsdelivr.net commerce.adobe.net *.googletagmanager.com cdn.doofinder.com analytics.tiktok.com *.google.co.uk *.google.ca s7.addthis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com songbirdstag.cardinalcommerce.com tm.tradetracker.net *.trustpilot.com https://connect.facebook.net *.google.fr *.disqus.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.cash.app *.etrusted.com *.pinterest.com *.fontawesome.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.youtube.com youtu.be www.youtube-nocookie.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net *.sentry.io www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.paypal.com google.com *.google.com *.magento-datasolutions.com *.magento-ds.com * *.google.lk analytics.topdrinks.nl ws.hotjar.com wss://ws.hotjar.com content.hotjar.io analytics.topdrinks.fr analytics.topdrinks.dk analytics.topdrinks.de analytics.topdrinks.at analytics.topdrinks.be cdn.cookielaw.org geolocation.onetrust.com *.g.doubleclick.net l.getsitecontrol.com *.shoppingminds.net *.googleapis.com bam.nr-data.net cdn1.api.trustedshops.com pay.google.com privacyportal-de.onetrust.com vc.hotjar.io events.getsitectrl.com *.etrusted.com *.pinterest.com *.adyen.com maps.googleapis.com nominatim.openstreetmap.org *.onyourmap.com *.mapbox.com *.doofinder.com wss://*.doofinder.com analytics.tiktok.com ekr.zdassets.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google-analytics.com https://analytics.tiktok.com *.google.fr *.google.co.uk *.google.ca 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src *.fontawesome.com maxcdn.bootstrapcdn.com fonts.gstatic.com fonts.googleapis.com *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com data: *.retailcrm.tech https://geowidget.easypack24.net *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.yotpo.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.twitter.com *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com player.vimeo.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de magento-cloudflare.jetrails.com www.youtube.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com secure.payu.com merch-prod.snd.payu.com *.twitter.com *.googletagmanager.com *.facebook.com *.aquamonkey.pl.local *.aquamonkey.pl *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com 'unsafe-inline' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.ytimg.com *.facebook.com quickchart.io img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com static.payu.com aquapolis.ua *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.google.com *.google.com.ua *.paypal.com *.twitter.com *.twimg.com *.lightemporium.com *.usercentrics.eu *.fontawesome.com *.retailcrm.tech https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://polyfill-fastly.io https://browser.sentry-cdn.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com secure.payu.com secure.snd.payu.com *.cloudflare.com *.twitter.com *.google-analytics.com *.google.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.unpkg.com *.retailcrm.tech *.googletagmanager.com *.facebook.net *.facebook.com *.newrelic.com *.nr-data.net *.cdn-apple.com *.stripe.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org https://static.payu.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.fontawesome.com maxcdn.bootstrapcdn.com fonts.gstatic.com fonts.googleapis.com unsafe-inline *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu data: *.retailcrm.tech *.easypack24.net https://geowidget.easypack24.net *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src aquapolis.ua https://geowidget.easypack24.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de https://*.ingest.sentry.io www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com secure.payu.com merch-prod.snd.payu.com *.cloudflare.com *.google-analytics.com *.doubleclick.net *.google.com *.twitter.com *.paypal.com *.twimg.com *.retailcrm.tech *.googletagmanager.com *.facebook.com *.newrelic.com *.nr-data.net *.stripe.com *.easypack24.net *.inpost.pl *.openstreetmap.org klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src *.klarnacdn.net *.klevu.com *.ksearchnet.com *.fontawesome.com *.googleapis.com *.gstatic.com maxcdn.bootstrapcdn.com static.klaviyo.com fonts.gstatic.com tvape.com torontovaporizer.ca stonersguardian.com api.payengine.de payengine.de *.olark.com cdn.tvape.fr *.cloudflare.com cdnjs.cloudflare.com cloudflare.com js.klevu.com *.yotpo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.google.com accounts.google.com *.canadapost.ca https://sso.epost.ca *.purolator.com hubspot.com forms.hubspot.com hsforms.net forms.hsforms.com hsforms.com js.hsforms.net stonersguardian.com api.payengine.de payengine.de signin.ebay.com auth.ebay.com ebay.com www.ebay.com *.cardinalcommerce.com tvape.de *.rfihub.com *.wibmo.com *.hsforms.com *.epost.ca *.paypal.com *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.certcapture.com *.meetanshi.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.certcapture.com consentcdn.cookiebot.com consentcdn.cookiebot.eu *.klarna.com www.google.com accounts.google.com *.meetanshi.com *.purolator.com https://hosted.paysafe.com *.sendcloud.sc *.jsdelivr.net checkout.sezzle.com sandbox.checkout.sezzle.com tracking.sezzle.com customer-upskkbfxkf3xe5cz.cloudflarestream.com iframe.videodelivery.net static.olark.com online.fliphtml5.com r1.dotmailer-surveys.com pp.payengine.de hsforms.net forms.hsforms.com js.hsforms.net dpm.demdex.net demdex.net youtu.be youtube.com stonersguardian.com api.payengine.de payengine.de vimeo.com 20813811p.rfihub.com *.cardinalcommerce.com *.rfihub.com *.wibmo.com *.hsforms.com *.epost.ca *.paypal.com *.weltpixel.com *.wesupply.xyz https://wesupplylabs.com *.googletagmanager.com *.doubleclick.net *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.twitter.com *.ads-twitter.com *.certcapture.com imgsct.cookiebot.com imgsct.cookiebot.eu validate.fishpig.co.uk *.klarna.com *.klarnaevt.com *.klarnacdn.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com accounts.google.com mageside.com *.canadapost.ca *.googleapis.com *.gstatic.com *.meetanshi.com https://redchamps.com *.amazonaws.com media.sezzle.com c.clarity.ms c.bing.com videodelivery.net 6064173.fs1.hubspotusercontent-na1.net customer-upskkbfxkf3xe5cz.cloudflarestream.com tvape.co.uk verify.bluecheck.me torontovaporizer.ca cdn.torontovaporizer.ca tvape.com stats.g.doubleclick.net maps.gstatic.com d3svog4tlx445w.cloudfront.net static.olark.com log.olark.com maps.googleapis.com js.hsforms.net hsforms.net forms.hsforms.com perf.hsforms.com forms.hubspot.com *.tvape.com demdex.net chart.googleapis.com stonersguardian.com api.payengine.de payengine.de r1-t.trackedlink.net img.onesignal.com *.cardinalcommerce.com js.klevu.com x.klarnacdn.net *.facebook.com *.reddit.com t.co *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.twitter.com *.ads-twitter.com *.certcapture.com consent.cookiebot.com consent.cookiebot.eu widget.freshworks.com m2epro.freshdesk.com *.klarna.com *.klarnacdn.net *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.klevu.com *.ksearchnet.com www.google.com accounts.google.com *.googleapis.com *.google.com *.gstatic.com *.meetanshi.com *.purolator.com https://hosted.paysafe.com https://api.test.paysafe.com https://api.paysafe.com  https://songbirdstag.cardinalcommerce.com embed.sendcloud.sc *.jsdelivr.net checkout-sdk.sezzle.com sandbox.checkout-sdk.sezzle.com widget.sezzle.com www.youtube.com cdn.jsdelivr.net embed.cloudflarestream.com embed.videodelivery.net knrpc.olark.com static.cloudflareinsights.com maps.googleapis.com stats.g.doubleclick.net www.gstatic.com r1-t.trackedlink.net c1.rfihub.net a.rfihub.net pp.payengine.de static.olark.com assets.olark.com api.olark.com a.optnmstr.com r1.dotmailer-surveys.com g1782759016.co js.hsforms.net hsforms.net forms.hsforms.com dpm.demdex.net demdex.net stonersguardian.com ajax.cloudflare.com api.payengine.de payengine.de g594253005.co verify.bluecheck.me g1782759015.co.de g1782759015.co cdn.onesignal.com onesignal.com bam.nr-data.net *.cardinalcommerce.com script.crazyegg.com cdn.noibu.com cdn4.mxpnl.com *.mxpnl.com *.mantisadnetwork.com g594253006.co *.crazyegg.com *.newrelic.com *.clarity.ms data: *.cloudflare.com *.googletagmanager.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.bing.com *.klaviyo.com unpkg.com *.doubleclick.net *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.certcapture.com widget.freshworks.com m2epro.freshdesk.com *.klarnacdn.net https://static.klaviyo.com *.klevu.com *.ksearchnet.com *.fontawesome.com *.googleapis.com maxcdn.bootstrapcdn.com *.sendcloud.sc *.jsdelivr.net static.olark.com media.sezzle.com fonts.googleapis.com hsforms.net forms.hsforms.com dpm.demdex.net demdex.net stonersguardian.com api.payengine.de payengine.de accounts.google.com onesignal.com cdn.tvape.fr verify.bluecheck.me *.cloudflare.com cdnjs.cloudflare.com cloudflare.com js.klevu.com *.tagmanager.google.com *.googletagmanager.com *.yotpo.com https://statsjs.klevu.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com tvape.co.uk torontovaporizer.ca static.olark.com cdn.torontovaporizer.ca stonersguardian.com api.payengine.de payengine.de cdn.tvape.fr *.cardinalcommerce.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.twitter.com *.ads-twitter.com *.certcapture.com consentcdn.cookiebot.com consentcdn.cookiebot.eu consent.cookiebot.com consent.cookiebot.eu widget.freshworks.com m2epro.freshdesk.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com www.google.com accounts.google.com *.meetanshi.com https://api.test.paysafe.com https://api.paysafe.com *.sendcloud.sc *.cdn.jsdelivr.net *.mapbox.com gateway.sezzle.com sandbox.gateway.sezzle.com region1.google-analytics.com *.crazyegg.com knrpc.olark.com api.omappapi.com geoip.sezzle.com media.sezzle.com *.googleapis.com stats.g.doubleclick.net developer.google.com hsforms.net forms.hsforms.com demdex.net stonersguardian.com api.payengine.de payengine.de bam.nr-data.net onesignal.com *.cardinalcommerce.com cdn.noibu.com script.crazyegg.com input.noibu.com *.noibu.com wss://input.noibu.com/pv_part verify.bluecheck.me *.bluecheck.me cdn4.mxpnl.com *.mxpnl.com api-js.mixpanel.com *.mixpanel.com *.paypal.com *.amazonaws.com *.clarity.ms *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.bing.com *.bing.net *.klaviyo.com *.doubleclick.net *.run.app *.yotpo.com 'self' 'unsafe-inline'; child-src *.certcapture.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://torontovaporizer.ca/; report-to report-endpoint; 2
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com *.fontawesome.com 'self' data: https://widgets.trustedshops.com https://integrations.etrusted.com *.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.cleverreach.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * www.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com secure.pay1.de payments.amazon.de jsctool.com www.jsctool.com js.playground.klarna.com *.hotjar.com secure.pay1.de/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.googleapis.com *.cloudfront.net ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://api.mapbox.com cdn.pay1.de x.klarnacdn.net m.media-amazon.com static-eu.payments-amazon.com *.hsforms.net *.hsforms.com 'self' data: https://widgets.trustedshops.com https://integrations.etrusted.com widgets.trustedshops.com mcstagingmedia.carou.com mcprodmedia.carou.com *.google.com www.google.com.ua ct.pinterest.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ chimpstatic.com downloads.mailchimp.com *.list-manage.com widget.freshworks.com m2epro.freshdesk.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com secure.pay1.de d.ratepay.com static-eu.payments-amazon.com x.klarnacdn.net cdn.klarna.com jsctool.com d.payla.io *.hotjar.com unsafe-inline *.hsforms.net *.hsforms.com https://widgets.trustedshops.com https://integrations.etrusted.com widgets.trustedshops.com bam.nr-data.net js-agent.newrelic *.ratepay.com js-agent.newrelic.com s.pinimg.com analytics.tiktok.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com assets.braintreegateway.com downloads.mailchimp.com widget.freshworks.com m2epro.freshdesk.com *.fontawesome.com d.ratepay.com d.payla.io dr.payla.io maxcdn.bootstrapcdn.com *.googleapis.com *.gstatic.com https://widgets.trustedshops.com https://integrations.etrusted.com *.bootstrapcdn.com maxcdn.bootstrapcdn.com/ *.ratepay.com/ 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.googleapis.com widget.freshworks.com m2epro.freshdesk.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com payments.amazon.de payments-eu.amazon.com d.ratepay.com jsctool.com eu.playground.klarnaevt.com autocomplete2.postdirekt.de t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com *.trustedshops.com *.etrusted.com *.hotjar.com wss://*.hotjar.com/ bam.nr-data.net www.carou.com stats.g.doubleclick.net vc.hotjar.io ct.pinterest.com analytics.tiktok.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.adyen.com pay.google.com payments-eu.amazon.com *.amazon.de *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.adyen.com pay.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.adyen.com pay.google.com *.payments-amazon.com *.media-amazon.com *.paypalobjects.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de https://www.magezon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.avada.io *.google.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.adyen.com payments-eu.amazon.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
worker-src * blob:; font-src *.typekit.net *.gstatic.com fonts.gstatic.com use.typekit.net *.fontawesome.com *.zdassets.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.mb-app.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.hcaptcha.com hcaptcha.com cdn.jsdelivr.net *.cloudflare.com *.twitter.com *.google.co.in *.facebook.com *.googleadservices.com *.google-analytics.com *.gstatic.com *.usercentrics.eu *.fontawesome.com connect.facebook.net *.paypalobjects.com *.googletagmanager.com *.trustpilot.com *.cookiebot.com *.doubleclick.net *.stripe.com *.zendesk.com *.zdassets.com *.googleapis.com *.atlantic.fr *.azurewebsites.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com p.typekit.net validator.swagger.io groupe-mb.scene7.com *.cloudflare.com *.google.com *.google.co.in www.facebook.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.connect.facebook.net *.doubleclick.net *.google.fr *.trustpilot.com * *.stripe.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.commerce-payment-services.com *.typekit.net google.com *.google.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.hcaptcha.com hcaptcha.com maps.googleapis.com cdn.jsdelivr.net *.cloudflare.com *.twitter.com *.google.co.in *.facebook.com *.googleadservices.com *.google-analytics.com *.gstatic.com *.usercentrics.eu *.fontawesome.com connect.facebook.net *.paypalobjects.com *.paypal.com *.googletagmanager.com *.trustpilot.com *.cookiebot.com *.doubleclick.net *.stripe.com *.licdn.com *.bing.com *.zendesk.com *.zdassets.com *.clarity.ms *.sparkow.net t4.my-probance.one *.contentsquare.net *.googleapis.com bam.nr-data.net bam.eu01.nr-data.net *.octipas-emerch.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.gstatic.com *.zoovu.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.adobe.io performance.typekit.net *.sentry.io *.hcaptcha.com hcaptcha.com cdn.jsdelivr.net *.cloudflare.com *.twitter.com *.google.co.in *.facebook.com *.googleadservices.com *.google-analytics.com *.gstatic.com *.usercentrics.eu *.fontawesome.com connect.facebook.net *.paypalobjects.com *.googletagmanager.com *.youtube.com *.trustpilot.com *.cookiebot.com *.doubleclick.net *.stripe.com *.clarity.ms *.scandit.com *.zendesk.com tereva.zendesk.com mabeo.zendesk.com tereva.zendesk.com/frontendevents mabeo.zendesk.com/frontendevents *.zdassets.com *.bing.com *.sparkow.net *.contentsquare.net bam.nr-data.net bam.eu01.nr-data.net *.googleapis.com *.octipas-emerch.net *.linkedin.com px.ads.linkedin.com/wa/ *.zoovu.com *.cloudfront.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.fontawesome.com *.klevu.com *.ksearchnet.com https://fonts.bunny.net *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.yotpo.com *.googleapis.com *.shopify.com *.philipkingsley.co.uk data: 'self' 'unsafe-inline'; form-action *.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.googlesyndication.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com *.tiktok.com https://seo.mageplaza.com *.nosto.com *.nos.to *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com *.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.google.com/ *.doubleclick.net www.facebook.com *.googlesyndication.com www.apptrian.com facebook.com connect.facebook.net graph.facebook.com tiktok.com *.tiktok.com bytedance: sslocal: *.dotdigital-pages.com *.dotdigital.com business.facebook.com *.nosto.com *.nos.to *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com www.xtento.com *.yotpo.com email.philipkingsley.co.uk ams.creativecdn.com consentcdn.cookiebot.com *.googletagmanager.com *.freshchat.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io 'self' data: *.google.com *.google.bg www.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.roeye.com www.apptrian.com facebook.com connect.facebook.net graph.facebook.com tiktok.com *.tiktok.com business.facebook.com *.klevu.com *.ksearchnet.com https://firebasestorage.googleapis.com https://www.magezon.com *.nosto.com *.nos.to www.xtento.com cdn.xtento.com *.yotpo.com imgsct.cookiebot.com *.cloudfront.net *.google.com.ua *.google.co.uk services.postcodeanywhere.co.uk *.creativecdn.com *.philipkingsley.co.uk d21m4dsqdd3b9h.cloudfront.net cfvod.kaltura.com *.philipkingsley.com ads.stickyadstv.com sync.outbrain.com ih.adscale.de sync.taboola.com dsum-sec.casalemedia.com sync.teads.tv eb2.3lift.com *.google.rs data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.google.com/ *.google.bg *.googletagmanager.com www.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com *.jsdelivr.net www.apptrian.com facebook.com connect.facebook.net graph.facebook.com tiktok.com *.tiktok.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com widget.freshworks.com m2epro.freshdesk.com business.facebook.com js.klevu.com *.ksearchnet.com *.avada.io *.nosto.com *.nos.to *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com www.xtento.com cdn.xtento.com *.yotpo.com *.salesfire.co.uk email.philipkingsley.co.uk *.cookiebot.com *.ordergroove.com *.feefo.com analytics.webgains.io tags.creativecdn.com *.hotjar.com *.freshworks.com *.clarity.ms *.freshchat.com klear.com *.mention-me.com *.pcapredict.com services.postcodeanywhere.co.uk *.zoovu.com *.zuko.io *.googleadservices.com cdn.salesfire.co.uk *.philipkingsley.co.uk gstatic.com connect.nosto.com cdn-sitegainer.com cdnapisec.kaltura.com pro.ip-api.com r.lrkt-in.com https://cdn.lrkt-in.com 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.fontawesome.com widget.freshworks.com m2epro.freshdesk.com *.klevu.com *.ksearchnet.com https://fonts.bunny.net *.nosto.com *.nos.to *.stripe.network *.stripecdn.com *.amazon.com *.yotpo.com *.feefo.com *.freshworks.com services.postcodeanywhere.co.uk https://statsjs.klevu.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com *.tiktok.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com *.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.google-analytics.com www.facebook.com *.facebook.net *.doubleclick.net *.googlesyndication.com www.apptrian.com facebook.com connect.facebook.net graph.facebook.com tiktok.com *.tiktok.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com widget.freshworks.com m2epro.freshdesk.com business.facebook.com *.klevu.com *.ksearchnet.com https://get.geojs.io *.avada.io *.nosto.com *.nos.to *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.yotpo.com *.ordergroove.com *.smartmetrics.co.uk ams.creativecdn.com *.freshworks.com *.feefo.com *.cookiebot.com *.clarity.ms klear.com services.postcodeanywhere.co.uk *.salesfire.co.uk *.webgains.io *.mention-me.com *.zuko.io connect.nosto.com o970468.ingest.us.sentry.io *.freshdesk.com r.lrkt-in.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src *.typekit.net *.gstatic.com fonts.gstatic.com use.typekit.net fonts.googleapis.com *.googleapis.com data: https://www.googletagmanager.com *.fontawesome.com https://fonts.bunny.net https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.sharethis.com https://static.addtoany.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com *.multisafepay.com https://pay.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com p.typekit.net validator.swagger.io *.sharethis.com https://images.unsplash.com maps.googleapis.com maps.gstatic.com *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://firebasestorage.googleapis.com *.multisafepay.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://www.google.co.in https://widget.paazl.com https://integrations.etrusted.com https://maps.googleapis.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.commerce-payment-services.com *.typekit.net google.com *.google.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.sharethis.com https://static.addtoany.com/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.gstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com tagmanager.google.com https://www.googletagmanager.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js www.google.com/recaptcha/ www.gstatic.com/recaptcha/ chimpstatic.com downloads.mailchimp.com *.list-manage.com *.avada.io *.multisafepay.com https://pay.google.com https://widget-acc.paazl.com https://api-acc.paazl.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com http://maps.googleapis.com https://api.paazl.com https://widgets.trustedshops.com http://widgets.trustedshops.com https://www.googleadservices.com/ https://bootstrap.smartsuppchat.com https://www.smartsuppchat.com https://consent.studio https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.sharethis.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com downloads.mailchimp.com *.fontawesome.com https://fonts.bunny.net *.multisafepay.com https://widget-acc.paazl.com https://api-acc.paazl.com/ assets.braintreegateway.com https://integrations.etrusted.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.adobe.io performance.typekit.net *.sentry.io *.sharethis.com https://stats.addtoany.com/menu maps.googleapis.com maps.gstatic.com fonts.googleapis.com http://maps.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.google-analytics.com fcmregistrations.googleapis.com firebaseinstallations.googleapis.com https://get.geojs.io *.avada.io *.multisafepay.com https://widget-acc.paazl.com https://api-acc.paazl.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com https://api.paazl.com https://widgets.trustedshops.com https://bootstrap.smartsuppchat.com https://consent.studio https://widget.paazl.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src fonts.gstatic.com use.typekit.net https://cdn.riverty.design/ *.cloudfront.net https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com uc8.tv *.facebook.com *.facebook.net 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com uc8.tv https://documents.riverty.com/ *.dotdigital-pages.com *.dotdigital.com *.facebook.com *.facebook.net *.doubleclick.net *.paypal.com *.vimeo.com *.google.com *.googletagmanager.com https://documents.riverty.com https://documents.myafterpay.com https://tag.heylink.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.everesttech.net *.demdex.net searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com https://cdn.myafterpay.com/ uc8.tv https://cdn.riverty.design/ imgsct.cookiebot.com https://info.dibs.se *.trackedlink.net magefan.com cm.magefan.com *.facebook.com *.facebook.net *.cloudfront.net *.adobe.com *.adobe.net *.google.com *.googleapis.com *.gstatic.com https://bat.bing.com https://cdn.myafterpay.com https://instore.prisjakt.no https://pricerunner.dk https://pricerunner.se *.googleadservices.com *.google-analytics.com *.googletagmanager.com data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.adobedtm.com *.sentry.io *.sentry-cdn.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com *.magento-datasolutions.com *.magento-ds.com uc8.tv https://cdn.myafterpay.com/ https://cdn.bnpl.riverty.io/ consent.cookiebot.com https://*.dibspayment.eu *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal *.facebook.com *.facebook.net *.cloudfront.net *.adobe.com *.adobe.net *.google.com *.googleapis.com *.gstatic.com https://cdn.cookie-script.com https://bat.bing.com *.clarity.ms *.doubleclick.net https://r1-t.trackedlink.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.paypal.com https://tag.heylink.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com https://*.dibspayment.eu *.cloudfront.net *.adobe.com *.adobe.net *.google.com *.facebook.com *.facebook.net *.googleapis.com *.gstatic.com https://bat.bing.com https://maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io amcglobal.sc.omtrdc.net p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com performance.typekit.net *.magento-datasolutions.com *.magento-ds.com *.adobe.io uc8.tv https://cdn.myafterpay.com/ https://documents.myafterpay.com/ https://documents.riverty.com/ https://www.afterpay.nl/ https://cdn.bnpl.riverty.io/ https://trace-api.newrelic.com/ https://distributions.crowdin.net/ https://api.crowdin.com/ https://*.dibspayment.eu *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.facebook.com *.facebook.net *.cloudfront.net *.adobe.com *.adobe.net *.google.com *.googleapis.com *.gstatic.com https://bat.bing.com *.clarity.ms *.doubleclick.net https://fraktguide.bring.no *.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self'; font-src 'self'; img-src 'self'; script-src 'self'; style-src 'self'; frame-ancestors 'self'; report-uri https://lleung.uriports.com/reports/report; report-to default 2
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.googleapis.com use.fontawesome.com maxcdn.bootstrapcdn.com *.yotpo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.twitter.com *.google.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com *.meetanshi.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.youtube.com/ https://platform-api.sharethis.com https://buttons-config.sharethis.com https://l.sharethis.com https://scontent-ams4-1.cdninstagram.com https://www.googletagmanager.com/ *.meetanshi.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net data: *.paypal.com *.typekit.net *.gstatic.com https://static.afterpay.com https://site-assets.afterpay.com/ d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://platform-api.sharethis.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.google.com *.maps.gstatic.com maps.gstatic.com maps.googleapis.com https://clauem2.arrowtheme.com https://scontent.cdninstagram.com/ https://buttons-config.sharethis.com https://l.sharethis.com https://platform-cdn.sharethis.com https://scontent-ams4-1.cdninstagram.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.meetanshi.com *.yotpo.com swellrewards.com *.swellrewards.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.commerce-payment-services.com *.magento-ds.com *.typekit.net google.com *.google.com https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com *.squarecdn.com https://hbiq.net *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ widget.freshworks.com m2epro.freshdesk.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.maps.googleapis.com *.trackedlink.net *.maps.gstatic.com maps.googleapis.com *.googletagmanager.com *.googleadservices.com https://connect.facebook.net https://platform-api.sharethis.com https://buttons-config.sharethis.com https://l.sharethis.com https://scontent-ams4-1.cdninstagram.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.googleapis.com *.avada.io *.meetanshi.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com static.afterpay.com/ *.squarecdn.com unsafe-inline assets.braintreegateway.com *.fontawesome.com https://static.klaviyo.com widget.freshworks.com m2epro.freshdesk.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.google.com *.maps.gstatic.com maps.gstatic.com maps.googleapis.com *.google-analytics.com https://platform-api.sharethis.com https://buttons-config.sharethis.com https://l.sharethis.com *.yotpo.com swellrewards.com *.swellrewards.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net *.bolt.com qa-api.magedevteam.com *.sentry.io *.paypal.com google.com *.google.com static.afterpay.com static.sandbox.afterpay.com *.squarecdn.com https://hbiq.net https://iq.afterpay-beta.com https://iq.afterpay.com *.clearpay.co.uk *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ widget.freshworks.com m2epro.freshdesk.com *.cloudflare.com *.twitter.com *.twimg.com *.googleadservices.com *.google-analytics.com *.sandbox.paypal.com *.paypalobjects.com *.trackedlink.net *.ampproject.org *.google.co.in *.maps.gstatic.com *.maps.googleapis.com maps.googleapis.com https://platform-api.sharethis.com https://buttons-config.sharethis.com https://l.sharethis.com https://scontent-ams4-1.cdninstagram.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://get.geojs.io *.avada.io *.meetanshi.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self' https://www.google.com https://apikeys.civiccomputing.com; font-src 'self' https://fonts.gstatic.com https://script.hotjar.com; img-src 'self' data: https://www.hostellingscotland.org.uk https://hostellingscotland.org.uk https://static.hotjar.com https://maps.gstatic.com https://maps.googleapis.com https://developers.google.com https://ssl.google-analytics.com https://stats.g.doubleclick.net https://www.google.co.uk https://www.facebook.com https://t.co https://analytics.twitter.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://hostelbookings.net https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://maps.googleapis.com https://www.google-analytics.com https://ssl.google-analytics.com https://cc.cdn.civiccomputing.com https://static.ctctcdn.com https://www.youtube.com https://e.issuu.com https://cdnjs.cloudflare.com https://script.crazyegg.com https://static.hotjar.com https://script.hotjar.com https://connect.facebook.net https://static.ads-twitter.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://static.ctctcdn.com; connect-src 'self' https://listgrowth.ctctcdn.com https://script.crazyegg.com https://in.hotjar.com https://stats.g.doubleclick.net https://apikeys.civiccomputing.com https://surveystats.hotjar.io; object-src 'none'; frame-ancestors 'self'; frame-src https://www.youtube.com https://e.issuu.com https://www.google.com https://www.gstatic.com; 2
font-src *.fontawesome.com *.relaxdays.com *.gstatic.com *.trustami.com cdn.userway.org *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' data: data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.facebook.com ct.pinterest.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de cdn.consentmanager.net www.google.com tpc.googlesyndication.com www.youtube.com youtube.com www.facebook.com ct.pinterest.com www.pinterest.com www.pinterest.de *.sibforms.com sibautomation.com www.paypalobjects.com www.googletagmanager.com cdn.userway.org *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com magefan.com cm.magefan.com cdn.consentmanager.net *.delivery.consentmanager.net delivery.consentmanager.net www.it-recht-kanzlei.de *.relaxdays.com i.pinimg.com log.pinterest.com www.pinterest.com ct.pinterest.com *.g.doubleclick.net *.googleadservices.com www.google.com www.google.de www.google.ch www.google.at www.google.es www.google.it www.google.nl www.google.pl www.google.be www.google.sk www.google.pt www.google.fr www.google.dk www.google.se www.google.co.uk www.google.bg www.google.cz www.google.ee www.google.gr www.google.hu www.google.lv www.google.lt www.google.lu www.google.ro www.google.si www.google.ie www.google.hr www.google.fi www.google.com.mt www.google.com.cy www.google-analytics.com www.googletagmanager.com *.gstatic.com *.googleusercontent.com www.facebook.com connect.facebook.com *.cloudfront.net bat.bing.com analytics.tiktok.com alb.reddit.com www.datenschutz.net *.trustami.com bat.bing.net cdn.userway.org *.hsforms.net *.hsforms.com 'self' data: data: 'self' 'unsafe-inline'; script-src www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://*.billie.io/ cdn.consentmanager.net *.delivery.consentmanager.net delivery.consentmanager.net *.relaxdays.com assets.pinterest.com widgets.pinterest.com ct.pinterest.com s.pinimg.com www.googletagmanager.com tagmanager.google.com www.google.com www.googleadservices.com www.google-analytics.com www.gstatic.com www.google.de www.google.ch www.google.at www.google.es www.google.it www.google.nl www.google.pl www.google.be www.google.sk www.google.pt www.google.fr www.google.dk www.google.se www.google.co.uk www.google.bg www.google.cz www.google.ee www.google.gr www.google.hu www.google.lv www.google.lt www.google.lu www.google.ro www.google.si www.google.ie www.google.hr www.google.fi connect.facebook.net googleads.g.doubleclick.net tpc.googlesyndication.com bat.bing.com bat.bing.net analytics.tiktok.com sibautomation.com *.sendinblue.com www.redditstatic.com *.hotjar.com *.trustami.com conversations-widget.brevo.com cdn.userway.org *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com *.hsforms.net *.hsforms.com *.google.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src https://*.billie.io/ *.fontawesome.com *.relaxdays.com *.googletagmanager.com *.googleapis.com *.gstatic.com cdn.userway.org *.stripe.network *.stripecdn.com *.amazon.com 'self' 'unsafe-inline'; object-src *.relaxdays.com 'self' 'unsafe-inline'; media-src *.relaxdays.com 'self' 'unsafe-inline'; manifest-src *.relaxdays.com 'self' 'unsafe-inline'; connect-src www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de https://*.billie.io/ blob: delivery.consentmanager.net *.relaxdays.com www.google-analytics.com www.googletagmanager.com *.google.com adservice.google.com stats.g.doubleclick.net *.g.doubleclick.net www.googleadservices.com pagead2.googlesyndication.com www.google.com www.google.de www.google.ch www.google.at www.google.es www.google.it www.google.nl www.google.pl www.google.be www.google.sk www.google.pt www.google.fr www.google.dk www.google.se www.google.co.uk www.google.bg www.google.cz www.google.ee www.google.gr www.google.hu www.google.lv www.google.lt www.google.lu www.google.ro www.google.si www.google.ie www.google.hr www.google.fi www.facebook.com log.pinterest.com www.pinterest.com ct.pinterest.com bat.bing.com bat.bing.net bat.bing-int.com analytics.tiktok.com *.sendinblue.com in-automate.brevo.com *.hotjar.com wss://ws.hotjar.com *.hotjar.io analytics.pangle-ads.com api.userway.org cdn.userway.org *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://relaxdays.com/_csp_report_; report-to report-endpoint; 2
report-uri /algemeen/report_CSP_error.php; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; 2
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://assets.adobedtm.com https://customer.cludo.com https://ds-aksb-a.akamaihd.net https://help.cybonline.co.uk https://googleservices.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://maps.googleapis.com https://www.google.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://fusiontables.google.com https://connect.facebook.net https://www.youtube.com https://s.ytimg.com https://cse.google.com https://www.advanced-web-analytics.com https://platform.twitter.com https://casper.tsbc.com https://healthcheck252.tsbc.com https://t.contentsquare.net https://contentsquare.com https://webapp.woosmap.com https://dispawsusva.inmoment.com https://intercept-client.inmoment.com https://*.evidon.com; style-src 'self' 'unsafe-inline' https://www.gstatic.com https://fonts.googleapis.com https://www.google.com https://platform.twitter.com https://casper.tsbc.com https://healthcheck252.tsbc.com; img-src 'self' https: data: ; font-src 'self' https: ; connect-src 'self' https://clydesdalebank.tt.omtrdc.net https://clydesdalebank.d3.sc.omtrdc.net https://dpm.demdex.net https://ds-aksb-a.akamaihd.net https://api-eu1.cludo.com https://api.cludo.com https://www.google.com https://www.facebook.com https://www.twitter.com https://www.linkedin.com https://www.youtube.com https://my.cybservices.co.uk https://adservice.google.com https://casper.tsbc.com https://*.contentsquare.net https://api.woosmap.com https://webapp-conf.woosmap.com https://cybg.egain.cloud https://dispawsusva.inmoment.com https://ad.doubleclick.net https://maps.googleapis.com https://*.evidon.com; media-src 'self'; object-src 'self'; worker-src 'self' blob:; child-src 'self' blob:; frame-src 'self' https://*.cybusinessonline.co.uk https://*.cbonline.co.uk https://*.ybonline.co.uk https://*.cybonline.co.uk https://clydesdalebankplc.demdex.net https://*.fls.doubleclick.net https://www.youtube.com https://bid.g.doubleclick.net https://www.google.com https://assets.adobedtm.com https://player.vimeo.com https://platform.twitter.com https://syndication.twitter.com https://www.youtube-nocookie.com https://healthcheck252.tsbc.com https://www.inmoment.com https://td.doubleclick.net; frame-ancestors 'self' https://*.cybusinessonline.co.uk https://*.cbonline.co.uk https://*.ybonline.co.uk https://*.cybonline.co.uk; report-uri https://cyburi.report-uri.com/r/t/csp/reportOnly; 2
object-src  'none'; connect-src 'self' *.playboytv.com cognito-identity.us-east-1.amazonaws.com backend.getbeamer.com *.comm100.io *.algolia.net insights.algolia.io *.algolianet.com *.gammaapis.com *.gammacdn.com analytics.google.com *.google-analytics.com adservice.google.com *.analytics.google.com *.doubleclick.net *.pubnub.com *.lovense.com *.handyfeeling.com www.gammaentertainment.com *.tiypa.com *.recombee.us dasasoveekepl.cloudfront.net capture.trackjs.com ws: jlduihq7lrcdxgw4vrndhdfcsq.appsync-api.us-east-1.amazonaws.com tcs4u525zrg5hnnoe5kzndxuaq.appsync-api.us-east-1.amazonaws.com xtnzefcqrb.execute-api.us-east-1.amazonaws.com 2aed6ghjsb4436qtebuqk3gfzq0xeauy.lambda-url.us-east-1.on.aws lzzos7clo5.execute-api.us-east-1.amazonaws.com *.izooto.com www.idealgasm.com 3tt0xhv5u7.execute-api.us-east-1.amazonaws.com; form-action 'self' *.playboytv.com join.gammasecure.com; script-src 'self' *.playboytv.com app.getbeamer.com static.getbeamer.com blob: vue.comm100.com standby.comm100vue.com *.gammacdn.com www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com code.jquery.com d3a3ewgd1iewwz.cloudfront.net cdn.izooto.com 'unsafe-eval' 'unsafe-inline'; frame-src 'self' *.playboytv.com push.getbeamer.com app.getbeamer.com www.google.com *.doubleclick.net cdn.izooto.com *.banhq.com; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub787d5a6164b329b26f2e4f7956bbed10&dd-evp-origin=content-security-policy&ddsource=csp-prod&ddtags=CSP-Prod; 2
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com https://use.typekit.net https://static.formstack.com https://css.zohocdn.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com maxcdn.bootstrapcdn.com *.fontawesome.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.googlesyndication.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com https://www.google.com https://www.youtube.com https://www.bullseyelocations.com landofcoder.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.googleapis.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com https://www.truck-lite.com https://www.rigidindustries.com https://www.clariencetechnologies.com https://www.lumiteclighting.com https://www.truck-lite.eu.com https://mcstaging.truck-lite.com https://trucklite.localhost https://mcstaging.clariencetechnologies.com https://pm.geniusmonkey.com https://css.zohocdn.com https://static.ctctcdn.com https://www.facebook.com https://www.google.com https://www.googletagmanager.com https://maps.googleapis.com https://maps.gstatic.com https://firebasestorage.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.googleapis.com https://www.gstatic.com https://www.google.com *.google.bg *.googletagmanager.com https://connect.facebook.net *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com https://browser-update.org https://wwwtrucklitecom.formstack.com https://static.formstack.com https://www.google.com/recaptcha/api.js https://code.jquery.com https://cdnjs.cloudflare.com https://static.ctctcdn.com https://salesiq.zoho.com https://js.zohocdn.com https://static.zohocdn.com https://js-agent.newrelic.com https://www.googletagmanager.com https://maps.googleapis.com https://googleads.g.doubleclick.net https://www.truck-lite.com https://mcstaging.truck-lite.com https://cdn.jsdelivr.net landofcoder.com *.avada.io *.shopify.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://js.stripe.com https://www.gstatic.com/recaptcha/releases/Trd6gj1dhC_fx0ma_AWHc1me/recaptcha__en.js 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com https://use.typekit.net https://p.typekit.net https://static.ctctcdn.com https://css.zohocdn.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://www.truck-lite.com https://mcstaging.truck-lite.com https://cdn.jsdelivr.net maxcdn.bootstrapcdn.com *.fontawesome.com https://fonts.bunny.net assets.braintreegateway.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.googleapis.com *.google-analytics.com *.facebook.com *.facebook.net *.doubleclick.net *.googlesyndication.com https://wwwtrucklitecom.formstack.com https://listgrowth.ctctcdn.com https://bam.nr-data.net https://salesiq.zohopublic.com https://www.google-analytics.com https://analytics.google.com https://www.facebook.com https://maps.googleapis.com https://www.truck-lite.com https://mcstaging.truck-lite.com landofcoder.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com fonts.googleapis.com *.googleapis.com https://*.gstatic.com data: maxcdn.bootstrapcdn.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com https://www.googletagmanager.com/ *.multisafepay.com https://pay.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io maps.googleapis.com maps.gstatic.com https://images.unsplash.com *.googleapis.com https://belco-prod.s3-eu-central-1.amazonaws.com *.google.nl *.disposablediscounter.nl *.bing.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.multisafepay.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com https://maps.googleapis.com *.googleapis.com *.gstatic.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://cdn.belco.io *.belco.io *.bing.com *.cloudfront.net http://www.googletagmanager.com/ https://www.googletagmanager.com/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ player.vimeo.com *.avada.io *.multisafepay.com https://pay.google.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://*.googleapis.com https://static.klaviyo.com maxcdn.bootstrapcdn.com *.fontawesome.com *.multisafepay.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com https://maps.googleapis.com https://player.vimeo.com *.googleapis.com wss://chat.belco.io https://cdn.belco.io *.belco.io *.klaviyo.com *.bing.com *.cloudfront.net *.doubleclick.net *.amazonaws.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io *.multisafepay.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src fonts.gstatic.com use.typekit.net *.fontawesome.com https://fonts.bunny.net *.gstatic.com 'self' data: *.googleapis.com *.hsappstatic.net data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; form-action *.facebook.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ *.cookiebot.com *.doubleclick.net js.mollie.com www.xtento.com *.bing.com *.facebook.com *.google.com google.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; img-src data: widgets.magentocommerce.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.bing.com *.hsforms.net *.hsforms.com *.prism.app-us1.com *.prismic.io https://images.unsplash.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://firebasestorage.googleapis.com https://www.mollie.com 'self' data: www.google.com.ua www.xtento.com cdn.xtento.com *.googletagmanager.com ssl.gstatic.com www.gstatic.com *.cookiebot.com *.doubleclick.net *.facebook.com *.facebook.net *.googleapis.com www.google.ad www.google.ae www.google.al www.google.am www.google.at www.google.ba www.google.be www.google.bg www.google.bj www.google.by www.google.ca www.google.ch www.google.ci www.google.cl www.google.cm www.google.co.ao www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ma www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bh www.google.com.bo www.google.com.br www.google.com.co www.google.com.cu www.google.com.cy www.google.com.do www.google.com.ec www.google.com.eg www.google.com.et www.google.com.fj www.google.com.gh www.google.com.gt www.google.com.hk www.google.com.kh www.google.com.kw www.google.com.mm www.google.com.mt www.google.com.mx www.google.com.my www.google.com.na www.google.com.ng www.google.com.ni www.google.com.np www.google.com.om www.google.com.pa www.google.com.pe www.google.com.ph www.google.com.pk www.google.com.pr www.google.com.py www.google.com.sa www.google.com.sg www.google.com.sl www.google.com.tr www.google.com.tw www.google.com.vn www.google.co.nz www.google.co.th www.google.co.tz www.google.co.ug www.google.co.uk www.google.co.uz www.google.co.ve www.google.co.za www.google.co.zw www.google.cv www.google.cz www.google.de www.google.dk www.google.dz www.google.ee www.google.es www.google.fi www.google.fr www.google.ga www.google.ge www.google.gg www.google.gl www.google.gm www.google.gr www.google.hn www.google.hr www.google.hu www.google.ie www.google.iq www.google.is www.google.it www.google.kz www.google.li www.google.lk www.google.lt www.google.lu www.google.lv www.google.md www.google.me www.google.mk www.google.mu www.google.mv www.google.nl www.google.no www.google.pl www.google.pt www.google.ro www.google.rs www.google.ru www.google.sc www.google.se www.google.si www.google.sk www.google.sn www.google.sr www.google.tn *.google.com google.com *.googlesyndication.com *.googleusercontent.com data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.cookiebot.com *.cloudfront.net *.bing.com *.facebook.net *.hsforms.net *.hsforms.com *.prism.app-us1.com *.prismic.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io *.shopify.com js.mollie.com *.google.com *.gstatic.com www.xtento.com cdn.xtento.com *.googletagmanager.com tagmanager.google.com *.doubleclick.net *.googleapis.com *.googlesyndication.com *.klaviyo.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; style-src fonts.googleapis.com https://static.klaviyo.com *.fontawesome.com https://fonts.bunny.net *.googleapis.com *.gstatic.com tagmanager.google.com fonts.google.com *.klaviyo.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com *.adobe.io performance.typekit.net *.sentry.io t.elasticsuite.io *.hsforms.net *.hsforms.com *.prism.app-us1.com *.prismic.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io *.googletagmanager.com *.bing.com *.cookiebot.com *.doubleclick.net *.facebook.com *.facebook.net *.googleapis.com www.google.ad www.google.ae www.google.al www.google.am www.google.at www.google.ba www.google.be www.google.bg www.google.bj www.google.ca www.google.ch www.google.cl www.google.cm www.google.co.ao www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ma www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bh www.google.com.bo www.google.com.br www.google.com.co www.google.com.cy www.google.com.do www.google.com.ec www.google.com.eg www.google.com.et www.google.com.gh www.google.com.hk www.google.com.kh www.google.com.kw www.google.com.mm www.google.com.mt www.google.com.mx www.google.com.my www.google.com.na www.google.com.np www.google.com.pe www.google.com.ph www.google.com.pk www.google.com.py www.google.com.sa www.google.com.sg www.google.com.sl www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.vn www.google.co.nz www.google.co.th www.google.co.tz www.google.co.ug www.google.co.uk www.google.co.ve www.google.co.za www.google.co.zw www.google.cv www.google.cz www.google.de www.google.dk www.google.dz www.google.ee www.google.es www.google.fi www.google.fr www.google.ga www.google.ge www.google.gm www.google.gr www.google.hr www.google.hu www.google.ie www.google.iq www.google.is www.google.it www.google.kz www.google.lk www.google.lt www.google.lu www.google.lv www.google.me www.google.mk www.google.mu www.google.nl www.google.no www.google.pl www.google.pt www.google.ro www.google.rs www.google.ru www.google.se www.google.si www.google.sk www.google.sn www.google.sr www.google.tn *.google.com google.com *.googlesyndication.com *.klaviyo.com p2iqhncxyh.execute-api.eu-central-1.amazonaws.com rkkck31tec.execute-api.eu-central-1.amazonaws.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://cc69216c-160f-49b7-b5a2-f80ae473753e.sansec.watch/; report-to report-endpoint; 2
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.nosto.com *.nos.to *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.doubleclick.net *.nosto.com *.nos.to c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.googleadservices.com *.analytics.google.com *.googletagmanager.com *.doubleclick.net cdn.cookielaw.org *.linkedin.com *.google.co.in *.facebook.com *.postcodeanywhere.co.uk *.googlesyndication.com bat.bing.com *.nosto.com *.nos.to www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.googleadservices.com *.analytics.google.com *.googletagmanager.com *.gstatic.com cdn.cookielaw.org connect.facebook.net googleapis.com *.pcapredict.com *.postcodeanywhere.co.uk *.cloudfront.net bat.bing.com *.cloudflareinsights.com *.licdn.com *.mouseflow.com *.nosto.com *.nos.to js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.postcodeanywhere.co.uk maxcdn.bootstrapcdn.com *.nosto.com *.nos.to assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.analytics.google.com *.google.co.in api.addressy.com *.braintree-api.com cdn.cookielaw.org *.pcapredict.com *.postcodeanywhere.co.uk *.googlesyndication.com *.onetrust.com *.licdn.com *.linkedin.com *.nosto.com *.nos.to *.doubleclick.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'none'; font-src 'self' https://fonts.gstatic.com https://cdnjs.cloudflare.com https://2854569.fs1.hubspotusercontent-na1.net; script-src 'self' 'unsafe-inline' https://*.clarity.ms https://connect.facebook.net https://*.hubspot.com https://bat.bing.com https://cdn-ukwest.onetrust.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://snap.licdn.com https://mm-uxrv.com https://*.hscollectedforms.net https://*.usemessages.com https://*.hsadspixel.net https://*.hsleadflows.net https://*.hs-banner.com https://*.hs-analytics.net https://static.hsappstatic.net https://7052064.fs1.hubspotusercontent-na1.net https://platform.twitter.com https://cdn.jsdelivr.net https://platform.linkedin.com; connect-src 'self' https://*.clarity.ms https://analytics.google.com https://cdn-ukwest.onetrust.com https://px.ads.linkedin.com https://www.google.com https://*.hubspot.com https://stats.g.doubleclick.net https://*.hscollectedforms.net https://*.hs-banner.com https://*.hubapi.com https://bat.bing.com https://www.google.ca; img-src 'self' https://*.clarity.ms https://www.facebook.com https://www.googletagmanager.com https://track.hubspot.com https://*.hsforms.com https://www.google.com https://www.google.ca https://cdn-ukwest.onetrust.com https://bat.bing.com https://static.hsappstatic.net https://px.ads.linkedin.com https://*.hubspot.com https://2854569.fs1.hubspotusercontent-na1.net https: data:; style-src 'self' 'unsafe-inline' https://7052064.fs1.hubspotusercontent-na1.net https://static.hsappstatic.net https://fonts.googleapis.com https://cdn.jsdelivr.net; base-uri 'self'; form-action 'self'; frame-src 'self' https://td.doubleclick.net https://www.googletagmanager.com https://*.hubspot.com https://*.hs-sites.com https://*.hubspotvideo.com https://platform.twitter.com; 2
default-src 'self'; script-src 'self'; 2
default-src 'self'; script-src 'self' https://trusted-scripts.example.com;style-src 'self'; 2
font-src *.googleapis.com *.gstatic.com data: maxcdn.bootstrapcdn.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cenpos.net *.cenpos.com *.google.com *.gstatic.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.cenpos.net *.cenpos.com *.google.com *.gstatic.com *.cardinalcommerce.com *.google.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com www.facebook.com *.cenpos.net *.cenpos.com https://www.magezon.com *.hubspot.com *.hsforms.com *.linkedin.com *.adsymptotic.com *.otcindustrial.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.hsforms.net 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ ws.zoominfo.com secure.venture-365-inspired.com js.hubspot.com cdn.callrail.com js.usemessages.com *.cenpos.com *.cenpos.net *.google.com *.cardinalcommerce.com *.termly.io *.fullstory.com *.licdn.com *.doubleclick.net *.listenlayer.com *.hs-scripts.com *.hscollectedforms.net *.hs-analytics.net *.hsadspixel.net *.hs-banner.com connect.facebook.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com ws.zoominfo.com idx.liadm.com px.ads.linkedin.com forms.hscollectedforms.net static.listenlayer.com pagead2.googlesyndication.com googleads.g.doubleclick.net js.hs-banner.com *.fullstory.com *.termly.io *.linkedin.oribi.io *.analytics.google.com *.hubspot.com *.hubapi.com *.google-analytics.com *.googletagmanager.com stats.g.doubleclick.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com t.elasticsuite.io *.hsforms.net *.hsforms.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.fixando.com/ https://cdn.fixando.com/ https://pics.fixando.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://www.googletagservices.com/ https://www.googleadservices.com/ https://fcm.googleapis.com/ https://tpc.googlesyndication.com/ https://pagead2.googlesyndication.com/ https://adservice.google.com.pk/ https://adservice.google.com.br/ https://adservice.google.com.py/ https://adservice.google.com.do/ https://adservice.google.com/ https://adservice.google.pt/ https://adservice.google.nl/ https://adservice.google.cl/ https://adservice.google.it/ https://adservice.google.pl/ https://adservice.google.no/ https://adservice.google.fr/ https://adservice.google.bg/ https://adservice.google.es/ https://adservice.google.se/ https://adservice.google.be/ https://adservice.google.de/ https://adservice.google.ch/ https://adservice.google.hu/ https://adservice.google.ie/ https://adservice.google.lu/ https://adservice.google.ru/ https://adservice.google.be/ https://adservice.google.co.uk/ https://adservice.google.co.ao/ https://adservice.google.co.in/ https://partner.googleadservices.com/ https://maps.googleapis.com/ https://optimize.google.com/ https://www.googleoptimize.com/ https://www.gstatic.com/ https://googleads.g.doubleclick.net/ https://pubads.g.doubleclick.net/ https://static.zdassets.com/ https://widget-mediator.zopim.com/ https://www.facebook.com/ https://connect.facebook.net/ https://static.hotjar.com/ https://script.hotjar.com/ https://cdn.jsdelivr.net/ https://static.zdassets.com/ https://d2wy8f7a9ursnm.cloudfront.net/ https://apis.google.com/ https://tagmanager.google.com/ https://accounts.google.com/ https://www.paypal.com/ https://cdn.socket.io/ https://widget.trustpilot.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://bucket.cdnwebcloud.com https://bat.bing.com https://www.clarity.ms https://www.google.com https://*.outbrain.com https://www.sandbox.paypal.com 2
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com https://fonts.gstatic.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.googlesyndication.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com js.mollie.com *.multisafepay.com https://pay.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.trustpilot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.googlesyndication.com https://www.mollie.com *.multisafepay.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://maps.googleapis.com *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com widget.freshworks.com m2epro.freshdesk.com *.avada.io js.mollie.com *.multisafepay.com https://pay.google.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com widget.freshworks.com m2epro.freshdesk.com https://fonts.googleapis.com *.fontawesome.com *.multisafepay.com unsafe-inline assets.braintreegateway.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://maps.googleapis.com https://player.vimeo.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.doubleclick.net *.googlesyndication.com widget.freshworks.com m2epro.freshdesk.com https://get.geojs.io *.avada.io *.multisafepay.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src https:; connect-src https: wss:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' *.google.com fonts.googleapis.com static.pazaruvaj.com unpkg.com api.mapbox.com cdn.jsdelivr.net geowidget.easypack24.net maxcdn.bootstrapcdn.com ssl.ceneo.pl s.kk-resources.com elnino.daktela.com www.wiarygodneopinie.pl ts.tradetracker.net cdn.foxentry.cz www.parfemy-elnino.cz geowidget.inpost.pl www.googletagmanager.com smartsuppcdn.com static.compari.ro *.demandware.net; object-src 'self'; img-src 'self' https: data:; font-src https: data:; frame-ancestors 'self' *.creativecdn.com *.hotjar.com *.googletagmanager.com; report-uri https://elnino.report-uri.com/r/d/csp/enforce 2
font-src *.cloudflare.com *.bootstrapcdn.com *.googleapis.com *.gstatic.com *.useinsider.com *.api.useinsider.com *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.youtube.com *.g.doubleclick.net *.facebook.com *.facebook.net *.useinsider.com *.api.useinsider.com appservice.ezcat.com.tw 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.g.doubleclick.net *.facebook.com *.facebook.net *.awoo.org *.tigerfly.tw *.awoo.com *.useinsider.com *.api.useinsider.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://mas.astralweb.com.tw *.facebook.com *.facebook.net *.cloudflare.com *.ytimg.com *.googleadservices.com *.googletagmanager.com *.google-analytics.com *.magentocommerce.com *.gstatic.com *.cloudfront.net *.google.com *.google.com.tw *.useinsider.com *.api.useinsider.com *.line.me data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.facebook.net *.cloudflare.com *.twitter.com *.fontawesome.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.google.com *.zdassets.com *.g.doubleclick.net *.facebook.com *.awoo.org *.tigerfly.tw *.awoo.com *.useinsider.com *.api.useinsider.com *.line-scdn.net *.avada.io https://www.googletagmanager.com tagmanager.google.com unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cloudflare.com *.fontawesome.com *.bootstrapcdn.com *.googleapis.com *.gstatic.com *.useinsider.com *.api.useinsider.com maxcdn.bootstrapcdn.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com *.useinsider.com *.api.useinsider.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.cloudflare.com *.google-analytics.com *.googletagmanager.com *.zendesk.com *.zopim.com *.zdassets.com *.gstatic.com wss://widget-mediator.zopim.com *.cardinalcommerce.com *.awoo.org *.tigerfly.tw *.awoo.com *.useinsider.com *.api.useinsider.com wss://*.useinsider.com https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.cloudflare.com *.fontawesome.com *.bootstrapcdn.com *.googleapis.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.google.com *.google.com.tw *.facebook.com *.facebook.net *.awoo.org *.tigerfly.tw *.awoo.com *.useinsider.com *.api.useinsider.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.sharethis.com *.rawgit.com *.jquery.com *.facebook.net *.cookiebot.com *.g.doubleclick.net *.fontawesome.com *.googleapis.com *.linkedin.com *.hotjar.com wasm-eval *.google-analytics.com *.googleoptimize.com *.googletagmanager.com *.gstatic.com; script-src-elem 'self' 'unsafe-inline' *.googleapis.com *.google.com *.sharethis.com *.rawgit.com *.cloudflare.com *.jquery.com *.facebook.net *.cookiebot.com *.g.doubleclick.net *.fontawesome.com *.bootstrapcdn.com *.wisoyekivo.com *.linkedin.com *.vimeo.com *.skedify.io *.plugin.skedify.io *.hotjar.com *.google-analytics.com *.googleoptimize.com *.googletagmanager.com *.gstatic.com *.pagespeed-mod.com; script-src-attr 'unsafe-inline'; style-src 'self' 'unsafe-inline' *.googleapis.com *.fontawesome.com *.sharethis.com *.gstatic.com *.pvgroup.be; style-src-elem 'self' 'unsafe-inline' *.jquery.com *.googleapis.com *.bootstrapcdn.com *.skedify.io pv.skedify.show *.fontawesome.com *.sharethis.com *.gstatic.com *.pvgroup.be; style-src-attr 'unsafe-inline'; img-src 'self' data: *.google.com *.skedify.io *.vimeocdn.com *.ytimg.com *.sharethis.com *.googleapis.com *.gstatic.com *.sharethis.com *.google-analytics.com *.hotjar.com *.gstatic.com *.sharethis.com *.google.com *.sharethis.com *.facebook.com *.google-analytics.com *.google.at *.google.be *.google.ch *.google.co.uk *.google.co.za *.google.com *.google.com.ng *.google.de *.google.es *.google.fi *.google.fr *.google.ie *.google.it *.google.lu *.google.nl *.google.pt *.google.se *.googletagmanager.com *.gstatic.com *.ondernemersbelang.nl *.pv.be *.pvgroep.coop *.pvgroup.be *.reprintsdesk.com *.researchsolutions.com *.verfvanniveau.nl *.google.co.in; font-src 'self' data: *.alicdn.com *.gstatic.com github.com *.fontawesome.com *.bootstrapcdn.com *.hotjar.com; connect-src 'self' *.doubleclick.net *.google.com *.eu1.kaskocloud.com *.skedify.io *.crwdcntrl.net *.cookiebot.com *.withgoogle.com *.stbuttons.click data: *.hotjar.com *.fontawesome.com *.sharethis.com *.google.com *.googleapis.com *.ingest.sentry.io *.googlesyndication.com properties *.google-analytics.com *.g.doubleclick.net *.hotjar.io *.facebook.com; media-src 'self'; child-src *.fls.doubleclick.net *.google.com *.esignlive.eu *.cookiebot.com *.sharethis.com *.facebook.com *.linkedin.com *.youtube-nocookie.com *.youtube.com; frame-src 'self' *.fls.doubleclick.net *.google.com *.esignlive.eu blob: *.cookiebot.com *.ebconnect.be *.zscaler.net *.zscalertwo.net *.vimeo.com *.plugin.skedify.io *.sharethis.com properties *.facebook.com *.sharethis.com *.facebook.com *.google.com *.linkedin.com *.sofiskonline.be *.youtube-nocookie.com *.youtube.com; frame-ancestors 'self'; form-action 'self' *.sips-services.com *.salesforce.com *.facebook.com; manifest-src 'self'; object-src 'none'; report-uri https://pvgroup.report-uri.com/r/d/csp/wizard 2
font-src fonts.gstatic.com use.typekit.net *.klarnacdn.net *.fontawesome.com maxcdn.bootstrapcdn.com *.klaviyo.com *.scratcher.io data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors https://api.clerk.io https://cdn.clerk.io 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.sharethis.com www.xtento.com *.klarna.com *.resurs.com *.vimeo.com *.google.com *.googletagmanager.com gtm.sharkgaming.dk gtm.sharkgaming.se gtm.sharkgaming.no gtm-p7bx89s-nwviz.uc.r.appspot.com *.chatbotize.com *.cookieinformation.com *.trustpilot.com *.viabill.com *.doubleclick.net *.getzowie.com chat.karlachat.com game.scratcher.io *.getblue.io *.facebook.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.sharethis.com www.xtento.com cdn.xtento.com *.bird.eu https://cdn.clerk.io *.klarna.com *.klarnaevt.com *.klarnacdn.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.facebook.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.bing.com *.magentocommerce.com *.sleeknote.com sharkgaming.dk sharkgaming.se sharkgaming.no *.sharkgaming.dk *.sharkgaming.se *.sharkgaming.no *.google.dk *.google.se *.google.no *.charpstar.net s7g10.scene7.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com commerce.adobe.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com *.sharethis.com www.xtento.com cdn.xtento.com https://api.clerk.io https://cdn.clerk.io *.klarna.com *.klarnacdn.net *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ connect.facebook.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.resurs.com *.sharkgaming.dk *.sharkgaming.se *.sharkgaming.no *.app.cookieinformation.com *.sleeknote.com *.viabill.com *.trustpilot.com *.emaerket.dk *.payever.org *.hotjar.com *.bing.com addrevenue.io *.retargeted.co *.getzowie.com *.zopim.com *.adii.se *.scratcher.io *.charpstar.net *.azureedge.net gtm-p7bx89s-nwviz.uc.r.appspot.com analytics.tiktok.com *.getblue.io analytics.bestofluck.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com *.sharethis.com https://api.clerk.io https://cdn.clerk.io *.klarnacdn.net https://static.klaviyo.com *.fontawesome.com maxcdn.bootstrapcdn.com app.scratcher.io game.scratcher.io 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com *.adobe.io *.omtrdc.net data: 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.magento-datasolutions.com *.magento-ds.com *.sharethis.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net *.charpstar.net *.klaviyo.com *.doubleclick.net *.google.com *.app.cookieinformation.com *.getzowie.com *.zopim.com wss://widget-mediator.zopim.com *.browser-intake-datadoghq.eu *.googlesyndication.com blob: *.sharkgaming.dk *.sharkgaming.se *.sharkgaming.no *.payever.org *.elastic-cloud.com addrevenue.io *.chatbotize.com mboxedge37.tt.omtrdc.net gtm-p7bx89s-nwviz.uc.r.appspot.com analytics.tiktok.com *.bing.com wss://ws.hotjar.com *.hotjar.com *.hotjar.io *.sparxpres.dk sparxpres.dk 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src fonts.gstatic.com use.typekit.net https://superkoch.com.br https://mcstaging.superkoch.com.br *.cloudflare.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com maxcdn.bootstrapcdn.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com https://superkoch.com.br https://mcstaging.superkoch.com.br 'self' 'unsafe-inline'; frame-ancestors https://h.online-metrix.net 'self'; frame-src fast.amc.demdex.net *.adobe.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com https://h.online-metrix.net *.cardinalcommerce.com https://superkoch.com.br https://mcstaging.superkoch.com.br https://targeting.voxus.tv/ *.paypal.com *.klarna.com *.trustedshops.com *.usercentrics.eu https://token.tuna-demo.uy https://token.tunagateway.com https://engine.tunagateway.com/ https://sandbox.tuna-demo.uy https://www.googletagmanager.com/ *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.ftcdn.net *.behance.net data: https://h.online-metrix.net *.d.aa.online-metrix.net https://superkoch.com.br http://mcstaging.superkoch.com.br https://www.superkoch.com.br/media/wysiwyg/logo-hibrido.svg *.cloudflare.com *.gstatic.com *.google.com *.google.com.br *.google.co.in https://www.facebook.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.paypalobjects.com *.googletagmanager.com *.bootstrapcdn.com *.mundipagg.com *.hotjar.com *.clearsale.com.br *.amazonaws.com https://standout.com.br https://www.standout.com.br https://token.tuna-demo.uy https://token.tunagateway.com https://engine.tunagateway.com/ https://sandbox.tuna-demo.uy http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.googletagmanager.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net www.googletagmanager.com https://h.online-metrix.net *.cardinalcommerce.com *.croapp.net https://bat.bing.com/bat.js https://cdn.targeting.voxus.com.br https://targeting.voxus.com.br https://superkoch.com.br https://mcstaging.superkoch.com.br *.cloudflare.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.googleadservices.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com https://connect.facebook.net *.paypalobjects.com *.paypal.com https://chimpstatic.com *.googletagmanager.com https://s.adroll.com https://d.adroll.com https://d.adroll.mgr.consensu.org *.bootstrapcdn.com *.mundipagg.com *.hotjar.com *.clearsale.com.br *.mouseflow.com *.cartstack.com.br https://conectiva.io *.getbutton.io *.goadopt.io *.amazonaws.com *.smartlook.com https://standout.com.br https://www.standout.com.br https://targeting.voxus.tv https://api.ipify.org https://api.voxus.tv https://loggly.com http://secure.adnxs.com *.targeting.voxus.com.br *.targeting.voxus.tv *.api.ipify.org *.api.voxus.tv *.loggly.com *.secure.adnxs.com https://cdn.cs.1worldsync.com/jsc/h1ws.js https://token.tuna-demo.uy https://token.tunagateway.com https://engine.tunagateway.com/ https://sandbox.tuna-demo.uy http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.googleapis.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://superkoch.com.br https://mcstaging.superkoch.com.br *.cloudflare.com *.googleapis.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.youtube.com *.bootstrapcdn.com *.mundipagg.com maxcdn.bootstrapcdn.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.snplow.net commerce.adobedc.net *.adobe.io performance.typekit.net *.sentry.io https://h.online-metrix.net https://mpisandbox.braspag.com.br/v2/3ds/validate https://writer.cardinalcommerce.com/stag/log https://mpisandbox.braspag.com.br/v2/3ds/enroll https://centinelapistag.cardinalcommerce.com/V1/Order/JWT/Continue *.amazonaws.com *.braspag.com.br https://superkoch.com.br https://mcstaging.superkoch.com.br *.cloudflare.com https://www.paypal.com *.klarna.com https://pay.google.com *.trustedshops.com *.usercentrics.eu https://standout.com.br https://www.standout.com.br https://api.ipify.org https://api.voxus.tv https://loggly.com http://secure.adnxs.com *.targeting.voxus.com.br *.targeting.voxus.tv *.api.ipify.org *.api.voxus.tv *.loggly.com *.secure.adnxs.com https://token.tuna-demo.uy https://token.tunagateway.com https://engine.tunagateway.com/ https://sandbox.tuna-demo.uy http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ http://dpm.demdex.net https://www.google.com https://www.gstatic.com t.elasticsuite.io *.google-analytics.com https://viacep.com.br *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src *.gstatic.com *.addtoany.com *.hotjar.com *.hotjar.io *.gettopple.com https://analytics.tiktok.com https://static.klaviyo.com *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.addtoany.com *.hotjar.com *.hotjar.io *.hsforms.com *.google.com *.braintreegateway.com *.paypal.com *.kaptcha.com https://bid.g.doubleclick.net *.gettopple.com https://analytics.tiktok.com *.weltpixel.com platform.twitter.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.paypal.com *.hubspot.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.facebook.com *.google.com blob: https://a5.behance.net https://www.googletagmanager.com *.hsforms.com https://forms.hsforms.com https://forms-na1.hsforms.com *.gettopple.com https://analytics.tiktok.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ pinterest.com assets.pinterest.com syndication.twitter.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://redchamps.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://developer.adobe.com https://magento.com https://cdn.avmws.com/ http://cdn.avmws.com/ *.gstatic.com https://ssl.avmws.com *.addtoany.com *.hotjar.com *.hotjar.io *.hsforms.com *.hsforms.net *.hs-scripts.com *.hsleadflows.net *.hs-analytics.net *.hs-banner.com *.google.com *.braintreegateway.com *.paypal.com amcglobal.sc.omtrdc.net https://js.hsadspixel.net https://connect.facebook.net https://googleads.g.doubleclick.net https://cdnjs.cloudflare.com *.gettopple.com https://analytics.tiktok.com player.vimeo.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io twitter.com platform.twitter.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com amcglobal.sc.omtrdc.net *.gettopple.com https://analytics.tiktok.com https://static.klaviyo.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://developer.adobe.com https://cdn.avmws.com/ http://cdn.avmws.com/ *.hubspot.com *.google.com hubspot-forms-static-embed.s3.amazonaws.com *.braintreegateway.com *.braintree-api.com *.paypal.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.hs-banner.com *.facebook.com *.facebook.net https://api.hubapi.com https://googleads.g.doubleclick.net *.doubleclick.net https://dpm.demdex.net *.hsforms.com https://forms.hsforms.com *.gettopple.com https://analytics.tiktok.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com google.com t.elasticsuite.io https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src *.googleapis.com *.gstatic.com data: *.klarnacdn.net *.fontawesome.com *.bootstrapcdn.com 'self' data: data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com *.facebook.com *.securetrading.net 1merchantacsstag.cardinalcommerce.com payments.securetrading.net 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src bid.g.doubleclick.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ https://www.youtube.com *.youtube-nocookie.com www.google.com www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com *.vimeo.com *.trustpilot.com *.hotjar.com *.facebook.com *.google.com *.livechatinc.com *.pinterest.co.uk cdn.eu.trustpayments.com *.googletagmanager.com www.xtento.com account.fetchify.com *.klarna.com *.google.com/ webservices.securetrading.net brw.3ds.trustpayments.com songbirdstag.cardinalcommerce.com 1merchantacsstag.cardinalcommerce.com *.weltpixel.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.gstatic.com *.googleapis.com www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.google.com *.google.co.uk *.doubleclick.net *.facebook.com *.livechatinc.com cladcodecking.co.uk *.cladcodecking.co.uk *.clarity.ms *.bing.com *.googletagmanager.com *.visualwebsiteoptimizer.com www.xtento.com cdn.xtento.com magefan.com cm.magefan.com https://www.magezon.com *.klarna.com *.klarnaevt.com *.klarnacdn.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.disqus.com gstatic.com maps.gstatic.com *.reddit.com data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com pinterest.com www.pinterest.com s.pinimg.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.googletagmanager.com *.chimpstatic.com *.trustpilot.com *.hotjar.com *.facebook.net *.bing.com *.livechatinc.com *.google.com/ *.google-analytics.com *.clarity.ms *.klarnaservices.com *.elfsight.com *.zoominfo.com *.pinterest.com player.vimeo.com www.xtento.com cdn.xtento.com widget.freshworks.com m2epro.freshdesk.com *.klarna.com *.klarnacdn.net x.klarnacdn.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.disqus.com webservices.securetrading.net cdn.eu.trustpayments.com songbirdstag.cardinalcommerce.com maps.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.redditstatic.com *.reddit.com unpkg.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com downloads.mailchimp.com *.fontawesome.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com *.klarnacdn.net *.trustpilot.com widget.freshworks.com m2epro.freshdesk.com cc-cdn.com https://static.klaviyo.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com *.livechatinc.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com vimeo.com *.googleapis.com www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com *.fontawesome.com *.hotjar.io *.hotjar.com *.craftyclicks.co.uk *.bing.com *.google-analytics.com *.doubleclick.net *.googleadservices.com *.clarity.ms *.google.co.uk *.klarna.com *.google.com *.visualwebsiteoptimizer.com *.elfsight.com *.facebook.com widget.freshworks.com m2epro.freshdesk.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ o402164.ingest.sentry.io *.facebook.net *.redditstatic.com *.reddit.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://portal.envisagedigital.co.uk/api/website/brtj8tbu2q/report-uri; report-to report-endpoint; 2
report-uri /nelmio/csp/report 2
font-src *.fontawesome.com *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com player.vimeo.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com www.google.com *.googletagmanager.com *.doubleclick.net insight.adsrvr.org *.weltpixel.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.linkedin.com www.facebook.com *.doubleclick.net www.google.com www.google.co.nz www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.gstatic.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com s7.addthis.com *.avada.io cdnjs.cloudflare.com connect.facebook.net snap.licdn.com js.adsrvr.org assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com https://www.googletagmanager.com tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com unsafe-inline tagmanager.google.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com ekr.zdassets.com/ analytics.google.com www.google.com www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com https://www.google-analytics.com *.yotpo.com cdnjs.cloudflare.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src *.fontawesome.com maxcdn.bootstrapcdn.com *.monetate.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com pay.google.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com *.paypal.com * www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.gstatic.com magefan.com cm.magefan.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.monetate.net maps.gstatic.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.online-metrix.net testflex.cybersource.com flex.cybersource.com pay.google.com x.klarnacdn.net centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.monetate.net *.en25.com maps.googleapis.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com https://static.klaviyo.com *.fontawesome.com maxcdn.bootstrapcdn.com *.monetate.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ maps.googleapis.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.ioteams.com https://hm.baidu.com https://assets.growingio.com https://res.wx.qq.com; report-uri https://m.sre.videoteams.cn:8043/monitor/csp-report.htm 2
font-src https://www.gstatic.com https://fonts.gstatic.com *.gstatic.com *.fontawesome.com https://fonts.bunny.net *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com https://a.klaviyo.com https://www.klaviyo.com *.klaviyo.com *.cloudflare.com *.adyen.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.adyen.com https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.googletagmanager.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com magefan.com cm.magefan.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.gstatic.com *.doubleclick.net *.googletagmanager.com https://firebasestorage.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.cookiebot.com *.google.se *.utils.elfsightcdn.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com chimpstatic.com downloads.mailchimp.com *.list-manage.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.gstatic.com *.googletagmanager.com *.doubleclick.net *.avada.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com *.klaviyo.com *.matomo.cloud *.locally.com instant.page *.cookiebot.com *.clarity.ms *.jsdelivr.net *.elfsight.com plausible.io analytics.optimalpeople.fr *.equalweb.com *.newrelic.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com https://static.klaviyo.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.googleapis.com *.googletagmanager.com *.fontawesome.com https://fonts.bunny.net unsafe-inline assets.braintreegateway.com *.stripe.network *.stripecdn.com *.amazon.com *.cloudflare.com https://static-tracking.klaviyo.com/ *.jsdelivr.net *.adyen.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.google-analytics.com *.google.com *.doubleclick.net *.googlesyndication.com https://get.geojs.io *.avada.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.klaviyo.com *.locally.com *.clarity.ms *.matomo.cloud *.instagram *.instagram.com *.elfsight.com analytics.optimalpeople.fr plausible.io *.equalweb.com *.cookiebot.com *.nr-data.net *.g.doubleclick.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://security-hub.vaimo.network/api/v2/content-security-policy; report-to report-endpoint; 2
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com *.cloudflare.com *.bootstrapcdn.com *.fontawesome.com *.facebook.com *.livechatinc.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.facebook.com *.doubleclick.net *.kaptcha.com *.livechatinc.com *.rfihub.com *.adnxs.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.googleapis.com *.cloudflare.com *.facebook.com *.google.com *.google.com.mx *.googleusercontent.com *.icons8.com *.marketo.net *.amazonaws.com *.magecomp.com *.bizibly.com *.showmethepartsdb2.com *.showmethepartsdb.com 3aa074a4dd.nxcli.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.googleapis.com *.gstatic.com *.cloudflare.com *.twitter.com *.fontawesome.com *.facebook.net *.doubleclick.net *.bizible.com *.bing.com *.marketo.net *.livechatinc.com *.weglot.com *.rezync.com *.licdn.com *.stackadapt.com *.hotjar.com *.rfihub.net *.boomtrain.com *.scaleflex.it *.googletagmanager.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com *.bootstrapcdn.com *.googleapis.com *.gstatic.com *.stackadapt.com *.typekit.net assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.googleapis.com *.cloudflare.com *.doubleclick.net *.google-analytics.com *.facebook.com *.gstatic.com *.boomtrain.com *.stackadapt.com *.livechatinc.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src fonts.googleapis.com fonts.gstatic.com *.googleapis.com https://*.gstatic.com data: https://www.googletagmanager.com *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com https://v2.zopim.com *.fontawesome.com https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com *.googlesyndication.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com https://api.clerk.io https://cdn.clerk.io 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.google.com *.google.com/ *.doubleclick.net *.facebook.com *.googlesyndication.com https://widget.trustpilot.com js.mollie.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://images.unsplash.com maps.googleapis.com maps.gstatic.com *.gstatic.com *.googleapis.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.roeye.com https://belco-prod.s3-eu-central-1.amazonaws.com https://cdn.clerk.io https://v2assets.zopim.io https://v2.zopim.com https://www.google.com https://www.google.rs https://www.google.nl https://www.google.pl https://www.google.uk https://www.google.de https://*.fbtest.io *.sooqr.com *.spotlersearch.com https://www.magezon.com https://www.mollie.com assets.myparcel.nl https://widgets.trustedshops.com https://widgets-qa.trustedshops.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://maps.googleapis.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.gstatic.com tagmanager.google.com https://www.googletagmanager.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com/ *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.googlesyndication.com *.jsdelivr.net https://cdn.belco.io https://api.clerk.io https://cdn.clerk.io https://devdocs.magento.com https://magento.com https://v2.zopim.com https://static.zdassets.com https://amcglobal.sc.omtrdc.net https://static.hotjar.com http://custom.clerk.io http://widgets.trustedshops.com https://widgets.trustedshops.com http://widgets-qa.trustedshops.com https://widgets-qa.trustedshops.com http://static-app.connect-qa.trustedshops.com https://static-app.connect-qa.trustedshops.com http://integrations.etrusted.com https://integrations.etrusted.com https://*.clerk.io *.sooqr.com *.spotlersearch.com spotlersearchanalytics.com js.mollie.com cdnjs.cloudflare.com cdn.jsdelivr.net https://integrations.etrusted.site https://static-app.connect.trustedshops.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com https://*.googleapis.com https://api.clerk.io https://cdn.clerk.io *.sooqr.com *.spotlersearch.com *.fontawesome.com cdn.jsdelivr.net https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://maps.googleapis.com https://player.vimeo.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com https://www.google-analytics.com *.google-analytics.com *.facebook.com *.facebook.net https://stats.g.doubleclick.net *.googlesyndication.com wss://chat.belco.io https://cdn.belco.io https://ekr.zendesk.com/ https://devdocs.magento.com wss://widget-mediator.zopim.com https://ekr.zdassets.com https://*.clerk.io *.sooqr.com *.spotlersearch.com api.myparcel.nl cdn.jsdelivr.net *.trustedshops.com *.etrusted.com https://integrations.etrusted.site 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com maxcdn.bootstrapcdn.com *.fontawesome.com https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.googlesyndication.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.google.com *.doubleclick.net www.facebook.com *.googlesyndication.com connect.facebook.net graph.facebook.com business.facebook.com https://www.googletagmanager.com/ *.addthis.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com https://flagcdn.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com 'self' data: *.google.com *.google.bg www.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.googlesyndication.com connect.facebook.net graph.facebook.com business.facebook.com *.faslet.net https://cdn.flbx.io http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ flagpedia.net https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com ts.tradetracker.net www.magmodules.eu https://widgets.trustedshops.com https://widgets-qa.trustedshops.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com www.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com connect.facebook.net graph.facebook.com business.facebook.com *.faslet.net https://cdn.flbx.io https://connect.getflowbox.com http://connect.getflowbox.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ s7.addthis.com *.addthis.com https://z.moatads.com https://v1.addthisedge.com https://cdn.jsdelivr.net *.avada.io maps.googleapis.com js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com tm.tradetracker.net https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com embed.pakketdienstqls.nl 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com maxcdn.bootstrapcdn.com https://cdn.jsdelivr.net *.fontawesome.com unsafe-inline assets.braintreegateway.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com www.facebook.com *.facebook.net *.google.com *.doubleclick.net *.googlesyndication.com connect.facebook.net graph.facebook.com business.facebook.com *.faslet.net https://*.amazonaws.com https://cdn.flbx.io https://connect.getflowbox.com http://connect.getflowbox.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ ekr.zdassets.com/ https://get.geojs.io *.avada.io www.gstatic.com maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src *.googleapis.com *.gstatic.com data: *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.reachout.global pos-kowzef.reachout.global 'self' 'unsafe-inline'; frame-ancestors *.bolt.com www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://static.addtoany.com/ *.doubleclick.net/ *.addthis.com *.doubleclick.com *.mercadolibre.com *.mercadolivre.com *.mlstatic.com *.mercadopago.com *.mercadopago.com.ar *.mercadopago.cl *.mercadopago.com.co *.mercadopago.com.br *.mercadopago.com.mx *.mercadopago.com.uy *.mercadopago.com.ve *.mercadopago.com.pe 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.kosiuko.com/ https://kosiuko.com/ *.afip.gob.ar *.cloudfront.net https://player.vimeo.com *.clarity.ms *.google.com.co *.bing.com *.facebook.com *.metricool.com *.google.com.ar *.google.com *.mercadolibre.com *.mercadolivre.com *.mlstatic.com *.mercadopago.com *.mercadopago.com.ar *.mercadopago.cl *.mercadopago.com.co *.mercadopago.com.br *.mercadopago.com.mx *.mercadopago.com.uy *.mercadopago.com.ve *.mercadopago.com.pe data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.addtoany.com *.cloudfront.net *.doubleclick.net *.vimeo.com https://f.vimeocdn.com https://player.vimeo.com *.clarity.ms *.aptrinsic.com *.facebook.net *.facebook.com *.googletagmanager.com track-icommkt.com *.icommarketing.com *.reachout.global *.mercadolibre.com *.mercadolivre.com *.mlstatic.com *.mercadopago.com *.mercadopago.com.ar *.mercadopago.cl *.mercadopago.com.co *.mercadopago.com.br *.mercadopago.com.mx *.mercadopago.com.uy *.mercadopago.com.ve *.mercadopago.com.pe 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.doubleclick.net *.vimeo.com https://vimeo.com *.vimeocdn.com https://f.vimeocdn.com *.clarity.ms *.facebook.net *.facebook.com *.googletagmanager.com track-icommkt.com *.notifications-icommkt.com https://notifications-icommkt.com pos-kowzef.reachout.global *.reachout.global *.mercadolibre.com *.mercadolivre.com *.mlstatic.com *.mercadopago.com *.mercadopago.com.ar *.mercadopago.cl *.mercadopago.com.co *.mercadopago.com.br *.mercadopago.com.mx *.mercadopago.com.uy *.mercadopago.com.ve *.mercadopago.com.pe 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.aptrinsic.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self' https://assetspwa.bananarepublic.com.mx; script-src 'self' https://assetspwa.bananarepublic.com.mx; script-src 'self' https://assetspwa.bananarepublic.com.mx* 'unsafe-inline'; font-src 'self' https://assetspwa.bananarepublic.com.mx; script-src https://assetspwa.bananarepublic.com.mx; style-src 'self' https://assetspwa.bananarepublic.com.mx 2
default-src 'self'; script-src 'report-sample' 'self' https://api.livechatinc.com/v3.6/customer/action/get_dynamic_configuration https://apj2.smixexpress.com/express/webv3.js https://bat.bing.com/bat.js https://cdn-4.convertexperiments.com/js/10041003-10044174.js https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js https://cdn.livechatinc.com/tracking.js https://cdn.mouseflow.com/projects/c4ee4ba3-0914-4afb-b961-a796c9c049cd.js https://cdnjs.cloudflare.com/ajax/libs/Swiper/8.3.1/swiper-bundle.min.js https://connect.livechatinc.com/api/v1/script/12081dbf-83da-4577-a727-43c7cb553c2e/widget.js https://kit.fontawesome.com/31f2af02b2.js https://maps.googleapis.com/maps/api/js https://mktdplp102cdn.azureedge.net/public/latest/js/form-loader.js https://pcinederland.stackbase.nl/ https://sc.lfeeder.com/lftracker_v1_bElvO73OmNK7ZMqj.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://sst.pci.nl/gtm.js https://www.clarity.ms/tag/56okb3ots0 https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/rKbTvxTxwcw5VqzrtN-ICwWt/recaptcha__nl.js; style-src 'report-sample' 'self' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://56276a63c9db4aaab453ffab5ac0f4f0.svc.dynamics.com https://adservice.google.com https://api.livechatinc.com https://bat.bing.com https://ka-p.fontawesome.com https://kit.fontawesome.com https://maps.googleapis.com https://pagead2.googlesyndication.com https://pcinederland.stackbase.nl https://px.ads.linkedin.com https://r.clarity.ms https://sst.pci.nl https://t.clarity.ms https://u.clarity.ms https://www.google.com https://x.clarity.ms https://z.clarity.ms; font-src 'self' data: https://fonts.gstatic.com https://ka-p.fontawesome.com; frame-src 'self' https://56276a63c9db4aaab453ffab5ac0f4f0.svc.dynamics.com https://apj2.smixexpress.com https://idmserver.euplatform.connectwise.com https://player.vimeo.com https://secure.livechatinc.com https://www.google.com https://www.youtube.com; img-src 'self' data: https://56276a63c9db4aaab453ffab5ac0f4f0.svc.dynamics.com https://api.taggrs.io https://bat.bing.com https://c.clarity.ms https://googleads.g.doubleclick.net https://i.ytimg.com https://maps.googleapis.com https://maps.gstatic.com https://px.ads.linkedin.com https://tr-rc.lfeeder.com; manifest-src 'self'; media-src 'self'; report-uri https://667e83c5d528e3ceb6b0e494.endpoint.csper.io/?v=2; worker-src 'none'; 2
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.flixcar.com *.flixfacts.com https://www.gstatic.com https://fonts.gstatic.com *.fontawesome.com https://fonts.bunny.net 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com api.bazaarvoice.com stg.api.bazaarvoice.com *.monetico-services.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.monetico-services.com https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com cdn.doofinder.com *.openstreetmap.org *.flix360.com *.flix360.io https://images.unsplash.com *.flixcar.com *.bazaarvoice.com *.jwpsrv.com *.flixfacts.com *.imgix.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com https://firebasestorage.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.hsforms.net *.hsforms.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com cdn.doofinder.com *.channelsight.com media.flixfacts.com *.flix360.io *.flixcar.com *.cloudflareinsights.com *.gitem.fr https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com display.ugc.bazaarvoice.com *.doofinder.com *.flixcar.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.fontawesome.com https://fonts.bunny.net assets.braintreegateway.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.monetico-services.com *.doofinder.com wss://*.doofinder.com *.openstreetmap.org *.flixcar.com *.axept.io https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src *.googleapis.com *.gstatic.com data: *.bootstrapcdn.com *.cloudflare.com *.klarnacdn.net *.trustedshops.com *.twimg.com *.twitter.com *.typekit.net 'self' data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com *.twitter.com 'self' 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.adyen.com www.google.com *.awin1.com *.zenaps.com *.fls.doubleclick.net *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com account.fetchify.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.facebook.com *.pinterest.com *.trustpilot.com *.twitter.com *.snapwidget.com 'self' www.googletagmanager.com 'self' 'unsafe-inline'; img-src *.adobedtm.com *.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com *.gstatic.com *.googleapis.com *.awin1.com *.zenaps.com *.wepowerconnections.com maps.gstatic.com *.trackedlink.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.bing.com *.clarity.ms *.cloudflare.com craftyclicks.co.uk *.demdex.net *.facebook.com fetchify.com *.goldboutique.com *.google-analytics.com *.google.co.uk *.google.com *.googleadservices.com *.googletagmanager.com *.klarna.com *.lightemporium.com *.magentocommerce.com *.pinterest.com *.elfsightcdn.com *.qpj.de *.qpj.fr *.qpjewellers.com *.rubyandoscar.com *.scarletocean.com *.twimg.com *.twitter.com *.usercentrics.eu *.wisepops.com *.ytimg.com *.roeye.com *.roeyecdn.com *.bailandstone.com *.roxoa.com 'self' https://*.google-analytics.com https://*.googletagmanager.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeocdn.com www.vimeo.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.awin1.com *.dwin1.com *.zenaps.com *.wepowerconnections.com https://the.sciencebehindecommerce.com lantern.roeyecdn.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com player.vimeo.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.bing.com *.clickcease.com *.cloudflare.com cc-cdn.com *.facebook.net *.fontawesome.com *.getdrip.com *.google-analytics.com *.pcapredict.com *.pinimg.com *.pinterest.com *.plerdy.com *.taboola.com *.termly.io *.tiktok.com *.trustedshops.com *.trustpilot.com *.twimg.com *.twitter.com *.usercentrics.eu *.wisepops.net *.wisepops.com https://wisepops.net https://wisepops.com *.zdassets.com *.klarnaservices.com *.klarna.com *.clarity.ms https://snapwidget.com *.elfsight.com *.elfsightcdn.com *.roeyecdn.com *.qpjewellers.com/connector/ajax/emailcapture *.rubyandoscar.com/connector/ajax/emailcapture *.goldboutique.com/connector/ajax/emailcapture *.bailandstone.com/connector/ajax/emailcapture https://*.googletagmanager.com *.dotdigital.com 'self' *.googletagmanager.com https://www.dwin1.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com cc-cdn.com assets.braintreegateway.com *.bootstrapcdn.com *.cloudflare.com *.fontawesome.com *.googleapis.com *.gstatic.com *.klarnacdn.net *.trustedshops.com *.twimg.com *.twitter.com *.typekit.net *.usercentrics.eu  *.zdassets.com 'self' *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com 'self' 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.googleapis.com *.wepowerconnections.com https://the.sciencebehindecommerce.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk *.slack.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.analytics.google.com *.bootstrapcdn.com *.bing.com *.clarity.ms *.cloudflare.com *.doubleclick.net *.facebook.com *.google-analytics.com https://google.com/pay *.googleadservices.com *.klarna.com *.klarnaservices.com *.klarnaevt.com *.paypalobjects.com *.pcapredict.com *.pinterest.com *.plerdy.com *.sandbox.paypal.com *.termly.io *.tiktok.com *.trustpilot.com https://invitejs.trustpilot.com *.twimg.com *.twitter.com *.vimeocdn.com *.wisepops.net *.wisepops.com https://wisepops.net https://wisepops.com  *.zdassets.com *.zendesk.com *.zopim.com wss://widget-mediator.zopim.com *.sentry.io *.elfsight.com 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src *.klarnacdn.net *.fontawesome.com https://widgets.trustedshops.com https://integrations.etrusted.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com https://www.paypal.com *.klarna.com js.mollie.com *.sendcloud.sc *.jsdelivr.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://portal.payconiq.com https://static.buckaroo.nl https://www.paypalobjects.com https://images.unsplash.com *.klarna.com *.klarnaevt.com *.klarnacdn.net https://www.mollie.com *.amazonaws.com https://widgets.trustedshops.com https://integrations.etrusted.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.gstatic.com www.magmodules.eu *.squeezely.tech www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://static.buckaroo.nl https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://buckaroo.nl https://www.paypal.com *.klarna.com *.klarnacdn.net *.klarnaservices.com js.mollie.com *.sendcloud.sc *.jsdelivr.net https://www.googletagmanager.com https://widgets.trustedshops.com https://integrations.etrusted.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com squeezely.tech www.squeezely.tech *.squeezely.tech polyfill.io cdn.cookie-script.com gallery.cevoid.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl *.klarnacdn.net *.fontawesome.com *.sendcloud.sc *.jsdelivr.net https://widgets.trustedshops.com https://integrations.etrusted.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com wss://websocketservice-externalapi.prod.buckaroo.io https://static.buckaroo.nl wss://websockets.buckaroo.io/ https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://applepay.buckaroo.io https://www.paypal.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com *.sendcloud.sc *.cdn.jsdelivr.net *.mapbox.com *.trustedshops.com *.etrusted.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com squeezely.tech *.squeezely.tech 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'none'; script-src 'self' https://*.typekit.net/ https://*.clarity.ms/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://*.googleapis.com/ https://*.gstatic.com/ https://seal.thawte.com/ https://secure.bluepay.com https://seal.digicert.com/ https://www.safewayxchange.com/ 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.clarity.ms/ https://stats.g.doubleclick.net; img-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://dev.virtualearth.net/ data: https://seal.digicert.com https://www.google.com; style-src 'self' 'unsafe-inline' https://*.typekit.net/ https://fonts.googleapis.com/ https://*.gstatic.com; font-src 'self' https://*.typekit.net/ https://fonts.gstatic.com/ https://fonts.googleapis.com/; frame-src 'self' https://secure.bluepay.com https://www.safewayxchange.com/; object-src 'self'; media-src 'self' https://www.google-analytics.com/; manifest-src 'self'; frame-ancestors 'self'; report-uri https://08bfb48ddcee7d64057e88503ec1149f.report-uri.com/r/t/csp/reportOnly 2
font-src fonts.gstatic.com use.typekit.net data: *.fontawesome.com *.gstatic.com 'self' data: *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de https://www.facebook.com/tr/ *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.bebemundo.com.do *.jugueton.com.do *.zdassets.com *.hotjar.com 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de cdn.dnky.co amc.demdex.net www.google.com www.facebook.com *.dotdigital-pages.com *.dotdigital.com webchat.dotdigital.com https://www.hotjar.com https://static.hotjar.com https://script.hotjar.com https://www.facebook.com/tr/ *.youtube.com *.yotpo.com *.doubleclick.net *.googletagmanager.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: p.typekit.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de maps.gstatic.com maps.googleapis.com accounts.google.com www.google.com www.facebook.com https://googleads.g.doubleclick.net www.google.com.ar www.google.com.do https://www.googletagmanager.com https://www.m.casacuesta.com *.youtube.com https://connect.facebook.net https://notifications-icommkt.website *.yotpo.com *.notifications-icommkt.com *.simpleanalyticscdn.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net commerce.adobedtm.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com video.google.com vimeo.com www.vimeo.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de cdn.dnky.co r1-t.trackedlink.net www.gstatic.com js-agent.newrelic.com bam.nr-data.net maps.googleapis.com connect.facebook.net *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.avada.io *.google.com *.gstatic.com https://www.hotjar.com https://static.hotjar.com https://script.hotjar.com https://www.google-analytics.com https://stats.g.doubleclick.net http://www.google.com/recaptcha/api.js https://d12zyq17vm1xwx.cloudfront.net/v2/wpn.min.js https://static.cloudflareinsights.com/ https://www.gstatic.com/recaptcha/releases/tFhBvPrftr7Y91fo1S1ASkA6/recaptcha__es.js https://externalassets.icommarketing.com/icomMkt_tracking_jquery.min.js *.youtube.com https://static.zdassets.com ekr.zdassets.com *.yotpo.com *.simpleanalyticscdn.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com getfirebug.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com *.googleapis.com *.gstatic.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src https://static.zdassets.com *.youtube.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net api.magento.com commerce.adobe.io commerce.adobedtm.com commerce.adobedc.net *.adobe.io performance.typekit.net commerce.adobe.net qa-api.magedevteam.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de api.comapi.com bam.nr-data.net *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com *.google-analytics.com https://www.hotjar.com https://script.hotjar.com https://analytics.google.com https://stats.g.doubleclick.net https://www.facebook.com/tr/ http://ccnecommerce.com/ https://notifications-icommkt.com/ https://track-icommkt.com/ wss://widget-mediator.zopim.com/ *.youtube.com https://static.zdassets.com ekr.zdassets.com jugueton.zendesk.com bebemundord.zendesk.com casacuesta.zendesk.com *.googletagmanager.com *.yotpo.com *.googleapis.com *.zdassets.com *.hotjar.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src fonts.gstatic.com use.typekit.net *.fontawesome.com *.gstatic.com 'self' data: data: surveys-static.survicate.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ cdn.dnky.co amc.demdex.net www.google.com www.facebook.com youtube.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net 'self' data: maps.gstatic.com maps.googleapis.com accounts.google.com www.facebook.com www.google.com.co js.intercomcdn.com intercomassets.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com https://www.google.com *.gstatic.com cdn.dnky.co r1-t.trackedlink.net www.gstatic.com js-agent.newrelic.com bam.nr-data.net maps.googleapis.com connect.facebook.net player.vimeo.com https://maps.googleapis.com *.snrbox.com static.hotjar.com *.clarity.ms surveys-static.survicate.com script.hotjar.com widget.intercom.io js.intercomcdn.com api-iam.intercom.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com *.googleapis.com *.gstatic.com cdn.dnky.co *.googletagmanager.com *.cookielaw.org *.snrcdn.net https://surveys-static.survicate.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io t.elasticsuite.io *.google-analytics.com maps.googleapis.com api.comapi.com bam.nr-data.net *.cookielaw.org *.snrbox.com t.clarity.ms stats.g.doubleclick.net api-iam.intercom.io wss://nexus-websocket-a.intercom.io wss://ws.hotjar.com https://content.hotjar.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
connect-src 'self' *.google.com *.linkedin.com *.licdn.com *.bing.com *.hubspot.com *.clarity.ms *.doubleclick.net *.googlesyndication.com *.google.com.mx *.google.co.uk *.google.com.br *.google.co.in *.google.de *.google.com.tr *.google.co.il *.google.ca *.google.ro *.google.nl *.google.fr *.google.es *.google.ie *.google.com.pr *.google.it *.google.com.au *.google.com.ec *.google.com.ph *.google.com.sg *.google.com.pk *.google.at *.google.no *.google.cl *.google.co.kr *.google.se *.google.co.jp *.google.com.pe *.google.com.my *.google.co.th *.google.co.za *.google.com.ua *.google.sk *.google.com.ng *.google.pl *.google.be *.google.fi *.google.ae *.google.com.co *.google.co.id *.google.co.ve *.google.com.hk *.google.com.eg *.google.com.uy *.google.com.ar *.google.ch *.google.ru *.google.co.ke *.google.pt *.google.mu *.google.com.sa *.google.com.vn *.google.com.tw *.google.gr *.google.com.bd *.google.dk *.google.com.py *.google.ee *.google.co.nz *.google.co.ma *.google.cz *.google.lk *.google.bg *.google.rs *.google.com.do *.google.hu *.google.iq *.google.co.cr *.google.al *.google.jo *.google.hr *.google.com.pa *.google.com.cy *.google.com.gh *.google.lt *.google.kz *.google.com.np *.google.by *.google.dz *.google.com.sv *.google.hn *.google.com.kw *.google.com.et *.google.mk *.google.ge *.google.cn *.google.com.jm *.google.si *.google.co.ug *.google.lv *.google.md *.google.co.mz *.google.lu *.google.am *.nr-data.net api.hubapi.com forms.hscollectedforms.net forms.hsforms.com fonts.gstatic.com fonts.googleapis.com js.hs-scripts.com js.hs-analytics.net js.hsadspixel.net js.hubspotfeedback.com js.hs-banner.com js.hsleadflows.net js.usemessages.com l.sharethis.com www.googleadservices.com www.googletagservices.com www.googletagmanager.com; default-src 'self'; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com; frame-src 'self' *.hubspot.com *.google.com *.doubleclick.net *.googlesyndication.com forms.hsforms.com js.usemessages.com js.hscollectedforms.net js.hsadspixel.net sdx.microsoft.com t.sharethis.com www.linkedin.com www.googletagmanager.com https://www.youtube.com; img-src 'self' data: *.linkedin.com *.licdn.com *.bing.com *.microsoft.com *.hubspot.com *.clarity.ms *.google.com *.doubleclick.net *.googlesyndication.com *.google.com.mx *.google.co.uk *.google.com.br *.google.co.in *.google.de *.google.com.tr *.google.co.il *.google.ca *.google.ro *.google.nl *.google.fr *.google.es *.google.ie *.google.com.pr *.google.it *.google.com.au *.google.com.ec *.google.com.ph *.google.com.sg *.google.com.pk *.google.at *.google.no *.google.cl *.google.co.kr *.google.se *.google.co.jp *.google.com.pe *.google.com.my *.google.co.th *.google.co.za *.google.com.ua *.google.sk *.google.com.ng *.google.pl *.google.be *.google.fi *.google.ae *.google.com.co *.google.co.id *.google.co.ve *.google.com.hk *.google.com.eg *.google.com.uy *.google.com.ar *.google.ch *.google.ru *.google.co.ke *.google.pt *.google.mu *.google.com.sa *.google.com.vn *.google.com.tw *.google.gr *.google.com.bd *.google.dk *.google.com.py *.google.ee *.google.co.nz *.google.co.ma *.google.cz *.google.lk *.google.bg *.google.rs *.google.com.do *.google.hu *.google.iq *.google.co.cr *.google.al *.google.jo *.google.hr *.google.com.pa *.google.com.cy *.google.com.gh *.google.lt *.google.kz *.google.com.np *.google.by *.google.dz *.google.com.sv *.google.hn *.google.com.kw *.google.com.et *.google.mk *.google.ge *.google.cn *.google.com.jm *.google.si *.google.co.ug *.google.lv *.google.md *.google.co.mz *.google.lu *.google.am *.nr-data.net cdn2.hubspot.net forms.hsforms.com fonts.gstatic.com p.adsymptotic.com pharm-int.supremeclients.com sync.sharethis.com www.googleadservices.com www.googletagmanager.com; media-src 'self' dai.google.com media.licdn.com; object-src *.googlesyndication.com; script-src 'unsafe-inline' 'unsafe-eval' https://*.nr-data.net https://*.googletagservices.com https://*.googlesyndication.com https://*.googleadservices.com https://*.doubleclick.net https://*.google.com https://bat.bing.com https://buttons-config.sharethis.com https://content.linkedin.com https://forms.hsforms.com https://googleads.g.doubleclick.net https://googletagmanager.com https://js-agent.newrelic.com https://js.hsforms.net https://js.hscollectedforms.net https://js.hs-analytics.net https://js.usemessages.com https://js.hubspotfeedback.com https://js.hsadspixel.net https://js.hs-banner.com https://js.hsleadflows.net https://js-na1.hs-scripts.com https://js.hs-scripts.com https://platform.linkedin.com https://platform-api.sharethis.com https://r.bing.com https://static-exp1.licdn.com https://snap.licdn.com https://t.sharethis.com https://tagmanager.google.com https://www.clarity.ms https://www.gstatic.com https://www.googletagmanager.com; style-src 'self' 'report-sample' 'unsafe-inline' *.google.com *.licdn.com *.bing.com fonts.googleapis.com www.googletagmanager.com; 2
default-src 'self' *.my127.site blob: *.my127.site inviqa.com inviqa.de youtube.com *.doubleclick.net *.google.com *.googleadservices.com *.google.co.uk *.hubspot.com *.trackedweb.net *.hotjar.com madixel.de cdn.cookielaw.org geolocation.onetrust.com; script-src 'self' 'unsafe-inline' blob: *.googleapis.com 'unsafe-eval' *.my127.site inviqa.com inviqa.de *.googletagmanager.com *.google-analytics.com *.doubleclick.net *.hotjar.com *.gstatic.com *.hs-scripts.com *.hs-banner.com *.hscollectedforms.net *.hs-analytics.net *.licdn.com *.twitter.com *.trackedweb.net *.trackedlink.net madixel.de *.googleadservices.com *.ads-twitter.com cdn.cookielaw.org; style-src 'self' 'unsafe-inline' *.my127.site inviqa.com inviqa.de; img-src 'self'  *.my127.site data: inviqa.com inviqa.de *.google.co.uk *.google.com *.google-analytics.com *.twitter.com *.linkedin.com t.co *.hubspot.com *.hsforms.com *.doubleclick.net cdn.cookielaw.org; frame-src *; frame-ancestors 'self'; child-src *; font-src 'self' *.my127.site data: inviqa.com inviqa.de; report-uri https://www.inviqa.report-uri.com/r/d/csp/reportOnly; upgrade-insecure-requests 2
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.klarnacdn.net *.cloudflare.com *.trustedshops.com *.googleapis.com *.klaviyo.com cdn1.stamped.io stamped.io *.fontawesome.com *.yotpo.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.adyen.com *.facebook.com *.nosto.com *.nos.to *.twitter.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.adyen.com *.doubleclick.net *.facebook.com *.klarna.com *.nosto.com *.nos.to *.freshchat.com *.twitter.com *.pinterest.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.yotpo.com *.ingrid.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com 'self' data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.paypal.com *.typekit.net *.gstatic.com *.adyen.com *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.klarna.com *.klarnaevt.com *.nosto.com *.nos.to *.rubiconproject.com/ *.sharethrough.com/ *.teads.tv/ *.tremorhub.com/ *.3lift.com/ *.yieldlab.net/ *.ads.yieldmo.com/ *.emxdgt.com/ *.adform.net/ *.demdex.net/ *.criteo.net *.adnxs.com/ *.cloudfront.net/ *.stamped.io *.freshchat.com/ *.cloudflare.com *.ytimg.com *.bing.com/ *.clarity.ms/ *.google.al/ *.google.am/ *.google.at/ *.google.az/ *.google.ba/ *.google.be/ *.google.bg/ *.google.by/ *.google.ch/ *.google.cz/ *.google.de/ *.google.dk/ *.google.ee/ *.google.es/ *.google.fi/ *.google.fr/ *.google.ge/ *.google.gr/ *.google.hr/ *.google.hu/ *.google.ie/ *.google.is/ *.google.it/ *.google.kz/ *.google.li/ *.google.lt/ *.google.lu/ *.google.lv/ *.google.md/ *.google.me/ *.google.mk/ *.google.mt/ *.google.nl/ *.google.no/ *.google.pl/ *.google.pt/ *.google.ro/ *.google.rs/ *.google.ru/ *.google.se/ *.google.si/ *.google.sk/ *.google.sm/ *.google.tr/ *.google.ua/ *.google.uk/ *.google.com.ua/ *.google.com.tr/ *.google.com.gr/ *.google.com.pt/ *.google.com.pl/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ cdn1.stamped.io stamped.io https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.hsforms.net *.hsforms.com *.yotpo.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.adyen.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.klarna.com/ *.nosto.com *.nos.to *.cloudfront.net/ *.cookiebot.com/ *.kuvio.io/ *.reamaze.com/ *.shopalike.fi/ *.chatbotize.com/ qanuk-stage.vercel.app *.tradedoubler.com *.criteo.com *.cookiefirst.com *.omappapi.com *.googleoptimize.com *.klaviyo.com reviewsonmywebsite.com 'self' data: *.fontawesome.com *.videoly.co/ *.freshchat.com cdnjs.cloudflare.com/ *.googleapis.com/ *.noibu.com/ *.pinimg.com/ *.bing.com/ *.tiktok.com/ *.pinterest.com/ *.intercom.io/ *.intercomcdn.com/ *.clarity.ms/ *.klarnaservices.com/ *.livechatinc.com/ *.hotjar.com/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ player.vimeo.com cdn1.stamped.io stamped.io js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net *.ingrid.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.nosto.com *.nos.to *.cookiefirst.com *.klarnacdn.net *.omappapi.com reviewsonmywebsite.com *.typekit.net *.freshchat.com/ *.cloudflare.com/ *.klaviyo.com/ https://static.klaviyo.com cdn1.stamped.io stamped.io *.fontawesome.com assets.braintreegateway.com *.yotpo.com dhv2ziothpgrr.cloudfront.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src cdn1.stamped.io stamped.io 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.adyen.com *.algolia.net *.algolia.com/ *.algolianet.com *.insights.algolia.io insights.algolia.io *.google-analytics.com *.facebook.com *.facebook.net *.google.com/ *.klarnaevt.com *.nosto.com *.nos.to *.criteo.com *.hobbybox.fi/ *.g.doubleclick.net/ *.reamaze.com/ *.cookiebot.com/ *.kelkoogroup.net/ *.chatbotize.com *.klarnaservices.com *.doubleclick.net *.qanuk.app *.cookiefirst.com *.omappapi.com *.googlesyndication.com reviewsonmywebsite.com *.cloudflare.com *.pinterest.com *.tiktok.com/ *.clarity.ms/ *.noibu.com/ wss://input.noibu.com/ wss://nexus-websocket-a.intercom.io/ *.intercom.io/ *.bing.com/ *.algolia.io/ *.klarna.com/ wss://ws.reamaze.com/ *.reamaze.io/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ cdn1.stamped.io stamped.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src self data: *.nosto.com/ *.klaviyo.com/ *.stamped.io/ https://stamped.io/ *.gstatic.com/ *.cloudfront.net/ *.cloudflare.com/ *.klarnaservices.com/ *.klarna.com/ *.klarnaevt.com/ *.klarnacdn.net/ *.yotpo.com/ *.reamaze.io/ *.reamaze.com/ wss://ws.reamaze.com/ *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src cash-f.squarecdn.com maxcdn.bootstrapcdn.com cdn1.stamped.io cdn.stamped.io ka-p.fontawesome.com s3-us-west-2.amazonaws.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ * secure.livechatinc.com *.trustpilot.com *.doubleclick.net www.facebook.com platform.twitter.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.weltpixel.com *.googletagmanager.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io * *.googletagmanager.com *.google.ie cdn.livechat-files.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ magefan.com cm.magefan.com www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com cdn1.stamped.io cdn2.stamped.io cdn.stamped.io cdn.shopify.com s3-us-west-2.amazonaws.com *.gstatic.com *.facebook.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.google-analytics.com *.doubleclick.net *.google.com maps.googleapis.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com cdn.livechatinc.com api.livechatinc.com *.tiktok.com *.trustpilot.com app.termly.io *.google.com *.google.ie region1.analytics.google.com *.doubleclick.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ connect.facebook.net twitter.com platform.twitter.com cdn1.stamped.io cdn.stamped.io stamped.io ka-p.fontawesome.com kit.fontawesome.com s3-us-west-2.amazonaws.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com ajax.googleapis.com *.googletagmanager.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.ads-twitter.com *.bing.com *.clarity.ms *.klaviyo.com unpkg.com https://www.googletagmanager.com tagmanager.google.com maps.googleapis.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cash.app https://static.klaviyo.com maxcdn.bootstrapcdn.com cdn1.stamped.io cdn.stamped.io stamped.io s3-us-west-2.amazonaws.com *.stripe.network *.stripecdn.com *.amazon.com fonts.googleapis.com *.tagmanager.google.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com cdn.livechatinc.com *.tiktok.com *.trustpilot.com cdn1.stamped.io cdn.stamped.io stamped.io 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com * *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io *.tiktok.com *.trustpilot.com app.termly.io *.google.com *.google.ie region1.analytics.google.com *.doubleclick.net *.ideal-postcodes.co.uk https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ cdn1.stamped.io cdn.stamped.io stamped.io ka-p.fontawesome.com kit.fontawesome.com s3-us-west-2.amazonaws.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.twitter.com *.ads-twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.run.app https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.klarnacdn.net *.klevu.com *.ksearchnet.com https://www.gstatic.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.nosto.com *.nos.to 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.awin1.com *.zenaps.com *.fls.doubleclick.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.nosto.com *.nos.to *.klarna.com js.mollie.com https://www.google.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com *.awin1.com *.zenaps.com *.wepowerconnections.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.nosto.com *.nos.to *.klarna.com *.klarnaevt.com *.klarnacdn.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com https://www.mollie.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.awin1.com *.dwin1.com *.zenaps.com *.wepowerconnections.com https://the.sciencebehindecommerce.com lantern.roeyecdn.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.nosto.com *.nos.to *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.klevu.com *.ksearchnet.com widget.freshworks.com m2epro.freshdesk.com js.mollie.com https://www.google.com https://www.gstatic.com https://js.klevu.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com assets.braintreegateway.com *.nosto.com *.nos.to *.klarnacdn.net https://static.klaviyo.com *.klevu.com *.ksearchnet.com widget.freshworks.com m2epro.freshdesk.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.wepowerconnections.com https://the.sciencebehindecommerce.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.nosto.com *.nos.to *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com widget.freshworks.com m2epro.freshdesk.com 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://20a27546-5165-4716-8e1c-c91dee6f68ae.sansec.watch/; report-to report-endpoint; 2
font-src cash-f.squarecdn.com *.fontawesome.com maxcdn.bootstrapcdn.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors https://*.etracker.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ * *.awin1.com *.zenaps.com *.fls.doubleclick.net js.mollie.com *.weltpixel.com *.googletagmanager.com *.doubleclick.net www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io * *.awin1.com *.zenaps.com *.wepowerconnections.com https://*.etracker.com https://*.etracker.de https://images.unsplash.com https://www.mollie.com *.gstatic.com *.facebook.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com *.awin1.com *.dwin1.com *.zenaps.com *.wepowerconnections.com https://the.sciencebehindecommerce.com lantern.roeyecdn.com https://*.etracker.com https://*.etracker.de https://maps.googleapis.com js.mollie.com *.googletagmanager.com *.googleadservices.com *.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.clarity.ms *.klaviyo.com unpkg.com *.doubleclick.net https://www.googletagmanager.com tagmanager.google.com www.xtento.com cdn.xtento.com https://www.dwin1.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cash.app *.fontawesome.com maxcdn.bootstrapcdn.com *.tagmanager.google.com *.googletagmanager.com fonts.googleapis.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com * *.wepowerconnections.com https://the.sciencebehindecommerce.com https://*.etracker.de https://maps.googleapis.com https://player.vimeo.com *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.doubleclick.net *.run.app https://www.google-analytics.com 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src fonts.gstatic.com use.typekit.net fonts.googleapis.com newrelic.com www.google.com maxcdn.bootstrapcdn.com *.myshopify.com *.shopify.com *.saas.talismaonline.com data: 'self' 'unsafe-inline'; form-action www.facebook.com *.facebook.com *.google.com *.saas.talismaonline.com 'self' 'unsafe-inline'; frame-ancestors gstatic.com *.saas.talismaonline.com *.myshopify.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com https://static.addtoany.com/ *.instagram.com social-plugins.line.me www.facebook.com www.google.com newrelic.com vault.omise.co www.youtube.com youtu.be https://cdn.omise.co *.weltpixel.com *.myshopify.com *.shopify.com *.saas.talismaonline.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.vimeocdn.com i.ytimg.com *.youtube.com *.cdninstagram.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.facebook.com maps.gstatic.com *.googleapis.com *.ggpht.com lh3.googleusercontent.com *.googleusercontent.com platform-lookaside.fbsbx.com www.w3.org newrelic.com www.paypalobjects.com t.paypal.com s.ytimg.com www.google.co.in api.omise.co omise-gateway-production.s3.ap-southeast-1.amazonaws.com *.gstatic.com flagpedia.net *.facebook.com *.reddit.com *.myshopify.com *.shopify.com *.saas.talismaonline.com *.google.com.vn data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com assets.adobedtm.com commerce.adobe.net magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com https://static.addtoany.com/ *.instagram.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ omise.co cdn.omise.co maps.googleapis.com connect.facebook.net d.line-scdn.net js-agent.newrelic.com bam-cell.nr-data.net www.google.com www.gstatic.com newrelic.com cdn.iubenda.com www.iubenda.com www.google.co.in f.vimeocdn.com https://cdn.omise.co *.gstatic.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com unpkg.com *.myshopify.com *.shopify.com *.saas.talismaonline.com *.nr-data.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com https://static.klaviyo.com newrelic.com www.google.com use.typekit.net p.typekit.net *.gstatic.com *.googleapis.com maxcdn.bootstrapcdn.com tagmanager.google.com *.myshopify.com *.shopify.com *.saas.talismaonline.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net vimeo.com api.magento.com *.adobe.io performance.typekit.net *.magento-datasolutions.com *.magento-ds.com https://stats.addtoany.com/menu https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ bam-cell.nr-data.net newrelic.com www.google.com youtube.com googletagmanager.com paypal.com bam.nr-data.net *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com stats.g.doubleclick.net hits-i.iubenda.com www.facebook.com maps.googleapis.com https://cdn.omise.co www.gstatic.com *.google-analytics.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.doubleclick.net *.run.app *.myshopify.com *.shopify.com *.saas.talismaonline.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
worker-src https://cdn.connectif.cloud; font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://cdn.cs.1worldsync.com https://script.hotjar.com https://fonts.cdnfonts.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com api.bazaarvoice.com stg.api.bazaarvoice.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com www.xtento.com *.weltpixel.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * td.doubleclick.net www.google.com https://www.google.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com www.xtento.com cdn.xtento.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com mcstaging.digitalixcomercio.com mcprod.digitalixcomercio.com rt.flix360.com media.flixcar.com www.google.com.co https://mcprod.digitalixcomercio.com https://cdn.cs.1worldsync.com https://photos-us.bazaarvoice.com https://www.facebook.com https://px.ads.linkedin.com https://www.linkedin.com/px/ https://ad.doubleclick.net https://px4.ads.linkedin.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.magento-ds.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.magento-datasolutions.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com www.xtento.com cdn.xtento.com https://cdn.connectif.cloud js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com unpkg.com *.cardinalcommerce.com www.google.com www.gstatic.com cdn.cs.1worldsync.com media.flixfacts.com ws.cs.1worldsync.com media.flixcar.com static.queue-it.net assets.queue-it.net static.hotjar.com script.hotjar.com static.zdassets.com js-agent.newrelic.com https://static.zdassets.com https://static.hotjar.com https://static.queue-it.net https://prod.flixgvid.flix360.io  https://connect.facebook.net https://snap.licdn.com https://analytics.tiktok.com https://pixels.lemonpi.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com display.ugc.bazaarvoice.com assets.braintreegateway.com tagmanager.google.com https://cdn.cs.1worldsync.com https://fonts.cdnfonts.com/css/satoshi https://www.googletagmanager.com/debug/badge.css 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com static.zdassets.com https://cdn.cs.1worldsync.com https://mcprod.shop.epson.com.co/media 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.sentry.io *.paypal.com google.com *.google.com *.magento-datasolutions.com *.magento-ds.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google-analytics.com *.doubleclick.net media.flixcar.com ekr.zdassets.com *.zendesk.com bam.nr-data.net googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://ekr.zdassets.com wss://widget-mediator.zopim.com https://am1-api.connectif.cloud https://surveystats.hotjar.io https://content.hotjar.io wss://ws.hotjar.com https://vc.hotjar.io https://analytics.tiktok.com https://px.ads.linkedin.com https://www.facebook.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com https: blob: 'self' 'unsafe-inline'; default-src googleads.g.doubleclick.net stats.g.doubleclick.net commerce.adobedc.net widget-mediator.zopim.com https://pagead2.googlesyndication.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.affirm.com *.affirm.ca c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.affirm.com *.affirm.ca https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://content.cylindo.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.gstatic.com *.gstatic.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.affirm.com *.affirm.ca https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://viewer-cdn.cylindo.com/v1/bar.mjs https://viewer-cdn.cylindo.com/v1/index.mjs js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com https://www.googletagmanager.com tagmanager.google.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://static.klaviyo.com https://fonts.googleapis.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.affirm.com *.affirm.ca https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://content.cylindo.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com maps.googleapis.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://widgets.trustedshops.com *.klarnacdn.net https://www.gstatic.com https://fonts.gstatic.com *.stape.io *.moca-bike.com *.urage.com *.eoto-objects.com *.stepbystep-schulranzen.com *.coocazoo.com *.hama.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.adyen.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.adyen.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de app.usercentrics.eu *.klarna.com https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.stape.io *.trbo.com *.moca-bike.com *.urage.com *.eoto-objects.com *.stepbystep-schulranzen.com *.coocazoo.com *.hama.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.adyen.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.doubleclick.net cdn.scarabresearch.com orbitvu.co *.orbitvu.co media.brand-distribution.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com app.usercentrics.eu privacy-proxy-server.usercentrics.eu uct.service.usercentrics.eu *.klarna.com *.klarnaevt.com *.klarnacdn.net https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com *.stape.io www.facebook.com connect.facebook.com www.google.de piwik.hama.com *.trbo.com *.moca-bike.com *.urage.com *.eoto-objects.com *.stepbystep-schulranzen.com *.coocazoo.com *.hama.com *.hsforms.net *.hsforms.com 'self' data: widgets.trustedshops.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.adyen.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.gstatic.com *.googletagmanager.com *.doubleclick.net https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://userlike-cdn-umm.b-cdn.net/ cdn.scarabresearch.com s7.addthis.com orbitvu.co *.orbitvu.co https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com aggregator.service.usercentrics.eu app.usercentrics.eu api.usercentrics.eu graphql.usercentrics.eu privacy-proxy.usercentrics.eu consent-api.service.consent.usercentrics.eu *.klarna.com *.klarnacdn.net *.klarnaservices.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.stape.io connect.facebook.com connect.facebook.net www.google.com www.google.de piwik.hama.com *.trbo.com *.moca-bike.com *.urage.com *.eoto-objects.com *.stepbystep-schulranzen.com *.coocazoo.com *.hama.com *.hsforms.net *.hsforms.com widgets.trustedshops.com https://app.usercentrics.eu https://privacy-proxy.usercentrics.eu 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.googletagmanager.com *.orbitvu.co hello.myfonts.net https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.klarnacdn.net https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.stape.io *.moca-bike.com *.urage.com *.eoto-objects.com *.stepbystep-schulranzen.com *.coocazoo.com *.hama.com fast.fonts.net *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.stepbystep-schulranzen.com *.coocazoo.com *.hama.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.adyen.com *.google-analytics.com *.doubleclick.net *.googlesyndication.com https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://api.userlike.com ekr.zdassets.com/ *.orbitvu.cloud *.trustedshops.com *.etrusted.com https://integrations.etrusted.site aggregator.service.usercentrics.eu app.usercentrics.eu api.usercentrics.eu graphql.usercentrics.eu privacy-proxy.usercentrics.eu consent-api.service.consent.usercentrics.eu *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.stape.io connect.facebook.com connect.facebook.net www.google.com www.google.de piwik.hama.com *.trbo.com *.moca-bike.com *.urage.com *.eoto-objects.com *.stepbystep-schulranzen.com *.coocazoo.com *.hama.com t.elasticsuite.io *.hsforms.net *.hsforms.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.moca-bike.com *.urage.com *.eoto-objects.com *.stepbystep-schulranzen.com *.coocazoo.com *.hama.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src fonts.gstatic.com use.typekit.net https://cdn.checkout.com blob: data: *.fontawesome.com *.luxottica.com *.cloudfront.net *.github.io *.luxdeepblue.com *.googleapis.com *.gstatic.com https://fonts.gstatic.com maxcdn.bootstrapcdn.com *.fonts.googleapis.com *.cloudflare.com checkout.tabby.ai widgets.tabby.ai cdn.tabby.ai fonts.googleapis.com storage.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com https://js.checkout.com *.klarna.com *.addtoany.com *.checkout.com *.facebook.com *.commercepartnerhub.com blob: data: https://td.doubleclick.net/* *.paypal.com/ https://www.google.com/* www.googletagmanager.com/ www.facebook.com/ https://js.checkout.com/ *.weltpixel.com *.luxottica.com *.cloudfront.net *.github.io *.luxdeepblue.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.google.com *.addthis.com *.pinterest.com checkout.tabby.ai 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com p.typekit.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io blob: *.luxottica.com *.cloudfront.net *.github.io *.luxdeepblue.com * www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.cloudflare.com https://cdn.klarna.com https://s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.gstatic.com *.addthis.com *.pinterest.com *.cdninstagram.com www.google.com www.google.com.ua checkout.tabby.ai widgets.tabby.ai cdn.tabby.ai fonts.googleapis.com storage.googleapis.com *.tamara.co data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com unpkg.com commerce.adobedtm.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com www.googletagmanager.com https://*.checkout.com *.klarnacdn.net *.commercepartnerhub.com *.js-agent.newrelic.com blob: data: https://unpkg.com/web-vitals@3/dist/web-vitals.iife.js *.luxottica.com *.cloudfront.net *.github.io *.luxdeepblue.com *.fontawesome.com *.googleapis.com *.gstatic.com *.avada.io * *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.addthis.com *.moatads.com *.addthisedge.com *.pinterest.com checkout.tabby.ai widgets.tabby.ai cdn.segment.com www.google.com cdn.sift.com score.jcsc.online seondf.com deviceinf.com getdeviceinf.com *.tamara.co https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://cdn.checkout.com blob: data: *.fontawesome.com *.luxottica.com *.cloudfront.net *.github.io *.luxdeepblue.com *.googleapis.com *.addtoany.com maxcdn.bootstrapcdn.com unsafe-inline *.tamara.co tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.tamara.co 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com commerce.adobedtm.com commerce.adobedc.net api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io https://js.checkout.com *.klarnaevt.com *.js-agent.newrelic.com *.addtoany.com *.checkout.com connect.facebook.net *.nr-data.net blob: data: wss://ws.hotjar.com/* www.google-analytics.com/* www.sandbox.paypal.com/* www.paypal* https://dashboard.cwarmer.io/* https://get.geojs.io http://dpm.demdex.net http://www.facebook.com https://graph.instagram.com https://dashboard.cwarmer.io/api/matrix *.luxottica.com *.cloudfront.net *.github.io *.luxdeepblue.com *.avada.io www.facebook.com graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cloudflare.com *.googleapis.com *.addthis.com *.cardinalcommerce.com checkout.tabby.ai widgets.tabby.ai cdn.segment.com api.segment.com api.amplitude.com *.seondfresolver.com *.deviceinfresolver.com *.getdeviceinfresolver.com *.tamara.co https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.seondnsresolve.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://ggj3qf05xeualpl0weo7xdrg.httpschecker.net/report 2
default-src https: data: 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https: wss:; report-uri https://forlagshuset.report-uri.com/r/t/csp/reportOnly 2
font-src *.typekit.net fonts.gstatic.com use.typekit.net *.fontawesome.com *.gstatic.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.cardinalcommerce.com *.securetrading.net *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.braintreegateway.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com account.fetchify.com *.rvvuptech.com *.rvvup.com *.afterpay.com *.clearpay.co.uk *.sandbox.paypal.com cdn.eu.trustpayments.com *.trustpayments.com *.securetrading.net *.secure.checkout.visa.com *.cardinalcommerce.com pay.google.com thm.visa.com *.mastercard.com *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com *.paypal.com *.typekit.net p.typekit.net s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.apptrian.com magefan.com cm.magefan.com *.disqus.com *.afterpay.com assets.dev.rvvuptech.com assets.rvvup.com *.sandbox.paypal.com *.stats.paypal.com *.gstatic.com *.vims.visa.com *.secure.checkout.visa.com *.mastercard.com *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.typekit.net amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.disqus.com *.avada.io *.afterpay.com *.paypal.com *.sandbox.paypal.com checkout.dev.rvvuptech.com checkout.rvvup.com cdn.eu.trustpayments.com *.securetrading.net pay.google.com *.secure.checkout.visa.com *.cardinalcommerce.com *.mastercard.com https://www.googletagmanager.com tagmanager.google.com analytics.google.com *.facebook.net unpkg.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com getfirebug.com cdn.dnky.co webchat.dotdigital.com cc-cdn.com *.fontawesome.com checkout.dev.rvvuptech.com checkout.rvvup.com tagmanager.google.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.apptrian.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk *.afterpay.com *.sandbox.paypal.com *.cardinalcommerce.com google.com *.google-analytics.com analytics.google.com *.facebook.net *.yotpo.com 'self' 'unsafe-inline'; child-src *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src *.googleapis.com *.gstatic.com data: 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com fonts.googleapis.com fonts.gstatic.com *.klarnacdn.net *.development.scalapay.com *.staging.scalapay.com *.integration.scalapay.com *.scalapay.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnaevt.com *.link.com *.amazon.com *.zopim.com *.iyzipay.com sherpa.mesoestetic.com https://sandbox-static.iyzipay.com https://static.iyzipay.com www.mesoestetic.es data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.googlesyndication.com *.tiktok.com sandbox.przelewy24.pl secure.przelewy24.pl https://sandbox.payfast.co.za https://www.payfast.co.za/eng/process *.google.com www.mesoestetic.es 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com pay.google.com *.stripe.com stripe.com *.link.com *.amazon.com www.mesoestetic.es 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com *.google.com td.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com *.awin1.com *.zenaps.com www.ups.com rms.ups.com maps.googleapis.com magento-cloudflare.jetrails.com www.youtube.com *.klarna.com pay.google.com apm.przelewy24.pl *.stripe.com klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.pagantis.com *.instagram.com *.ups.com *.hotjar.com *.hotjar.io *.googletagmanager.com www.mesoestetic.es 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.roeye.com *.tiktok.com *.awin1.com *.zenaps.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com www.ups.com rms.ups.com maps.googleapis.com *.ytimg.com *.klarna.com *.klarnaevt.com *.klarnacdn.net static.przelewy24.pl www.gstatic.com gstatic.com *.development.scalapay.com *.staging.scalapay.com *.integration.scalapay.com *.scalapay.com maps.gstatic.com *.google.es *.google.nl cdn.digitalorigin.com d23yuld0pofhhw.cloudfront.net *.zopim.com *.nosto.com *.bing.com *.mesoestetic.com *.cookielaw.org lantern.roeye.com *.iyzipay.com *.clarity.ms https://sandbox-static.iyzipay.com www.mesoestetic.es data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.googlesyndication.com *.jsdelivr.net *.tiktok.com *.awin1.com www.dwin1.com *.zenaps.com https://the.sciencebehindecommerce.com chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com www.ups.com rms.ups.com maps.googleapis.com polyfill.io *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com sandbox.przelewy24.pl secure.przelewy24.pl pay.google.com apm.przelewy24.pl *.development.scalapay.com *.staging.scalapay.com *.integration.scalapay.com *.scalapay.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarnaevt.com *.amazon.com *.link.com *.instagram.com *.zdassets.com *.doofinder.com *.cookielaw.org *.pagantis.com static-eu.payments-amazon.com *.onetrust.com *.nosto.com *.zopim.com *.bing.com g990421675.co g792337340.co g990421676.co g792337342.co g9508048080.co g10300385420.co g10696554090.co g10498469755.co geotargetly-api-2.com *.microsoft.com *.moatads.com *.addthisedge.com *.cloudflare.com mc.yandex.ru *.hotjar.com *.hotjar.io *.qly.site1.sibs.pt *.iyzipay.com sherpa.mesoestetic.com lantern.roeyecdn.com cdn.jsdelivr.net *.clarity.ms player.vimeo.com https://sandbox-api.iyzipay.com https://sandbox-static.iyzipay.com www.mesoestetic.es https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.tiktok.com downloads.mailchimp.com www.ups.com rms.ups.com maps.googleapis.com *.klarnacdn.net *.development.scalapay.com *.staging.scalapay.com *.integration.scalapay.com *.scalapay.com *.stripe.network *.stripecdn.com *.amazon.com *.bing.com *.iyzipay.com *.doofinder.com https://sandbox-static.iyzipay.com www.mesoestetic.es 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com www.mesoestetic.es 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com *.google-analytics.com *.facebook.com *.facebook.net google.com *.doubleclick.net *.googlesyndication.com *.tiktok.com https://the.sciencebehindecommerce.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com ws://localhost:9109/ws wss://localhost:9109/ws wss://localhost:9109/ www.ups.com rms.ups.com maps.googleapis.com *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com sandbox.przelewy24.pl secure.przelewy24.pl wss://sandbox-ws.przelewy24.pl wss://secure-ws.przelewy24.pl apple-pay-gateway.apple.com apm.przelewy24.pl www.google.com pay.google.com *.development.scalapay.com *.staging.scalapay.com *.integration.scalapay.com *.scalapay.com *.gstatic.com *.stripe.com klarna.com *.link.com *.amazon.com wss://*.zopim.com *.zendesk.com *.zdassets.com *.doofinder.com *.cookielaw.org *.amazon.es *.amazon.de *.amazon.fr *.amazon.pt *.amazon.it *.onetrust.com *.nosto.com *.bing.com *.zopim.com mc.yandex.ru *.hotjar.com *.hotjar.io *.iyzipay.com *.sentry.io sherpa.mesoestetic.com *.mesoestetic.es bat.bing.net *.clarity.ms *.iyzico.com https://sandbox-api.iyzipay.com https://stg.iyzipay.com www.mesoestetic.es 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com www.mesoestetic.es http: https: blob: 'self' 'unsafe-inline'; default-src www.mesoestetic.es 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri /contact; report-to report-endpoint; 2
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com *.userway.org https://fonts.googleapis.com/ https://wsv3cdn.audioeye.com/ *.zohocdn.com *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.googleapis.com *.versapay.com *.paynup.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com https://www.facebook.com/ *.twitter.com *.versapay.com *.paynup.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.xtento.com https://www.facebook.com/ https://c.sproutvideo.com/ http://videos.sproutvideo.com/ https://checkout.creditkey.com/ https://td.doubleclick.net/ https://gum.criteo.com/ https://cdn.justuno.com/ https://fledge.us.criteo.com/ https://nytrng.com/ https://wsv3cdn.audioeye.com/ https://static.criteo.net/ https://www.monthlywarranty.com/ https://salesiq.zohopublic.com/ *.twitter.com *.paynup.com *.versapay.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ magefan.com cm.magefan.com *.userway.org www.xtento.com cdn.xtento.com https://img.youtube.com https://www.facebook.com/ https://maps.gstatic.com/ https://c.sproutvideo.com/ https://cdn-thumbnails.sproutvideo.com/ https://creditkey-assets.s3-us-west-2.amazonaws.com/ https://www.creditkey.com/ https://maps.googleapis.com/ https://www.google.co.in/ https://www.adelixir.com/ https://bat.bing.com/ https://cdn.ywxi.net/ https://www.monthlywarranty.com/ https://shopper.shop.pe/ https://public-prod-dspcookiematching.dmxleo.com/ https://tg.socdm.com/ https://cm.g.doubleclick.net/ https://x.bidswitch.net/ https://ib.adnxs.com/ https://rtb-csync.smartadserver.com/ https://sync-t1.taboola.com/ https://r.casalemedia.com/ https://adx.dable.io/ https://cs.adingo.jp/ https://ads.stickyadstv.com/ https://ad.360yield.com/ https://idsync.rlcdn.com/ https://contextual.media.net/ https://c.bing.com/ https://sync.outbrain.com/ https://simage2.pubmatic.com/ https://pixel.rubiconproject.com/ https://s.ad.smaato.net/ https://criteo-sync.teads.tv/ https://ade.clmbtech.com/ https://eb2.3lift.com/ https://sync-criteo.ads.yieldmo.com/ https://sync.1rx.io/ https://dis.criteo.com/ https://sync.aralego.com/ https://cdn.aralego.net/ https://d3cgm8py10hi0z.cloudfront.net/ *.criteo.net/ *.criteo.com/ *.zohopublic.com/ *.zohocdn.com *.zoho.com https://redchamps.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.versapay.com *.paynup.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.userway.org www.xtento.com cdn.xtento.com s7.addthis.com https://cdn.pagesense.io/ https://connect.facebook.net/ https://cdn.searchspring.net/ http://cdn.searchspring.net/ https://static.srcspot.com/ https://maps.googleapis.com/ https://unpkg.com/ https://cdn.noibu.com/ https://bat.bing.com/ https://static.criteo.net/ https://cdn.justuno.com/ https://www.adelixir.com/ https://www.clickcease.com/ https://ca-eu.cookie-script.com/ https://shop.pe/ https://my.justuno.com/ https://d2mjzob2nc713b.cloudfront.net/ https://aly.justuno.com/ https://sslwidget.criteo.com/  https://widget.us.criteo.com/ https://wsmcdn.audioeye.com/ https://cdn.ywxi.net/ https://wsv3cdn.audioeye.com/ https://addshoppers.s3.amazonaws.com/ https://shopper.shop.pe/ https://www.trustedsite.com/ https://www.monthlywarranty.com/ *.zohopublic.com *.zohocdn.com *.zohostatic.com *.zoho.com *.avada.io *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.versapay.com *.paynup.com *.datadoghq.com https://www.googletagmanager.com tagmanager.google.com *.maxmind.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://static.klaviyo.com *.fontawesome.com *.userway.org https://fonts.googleapis.com/ http://cdn.searchspring.net/ https://c.sproutvideo.com/ https://www.monthlywarranty.com/ https://css.zohostatic.com/ *.zohopublic.com/ *.zohocdn.com/ *.zoho.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.versapay.com *.paynup.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://static.zohocdn.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.userway.org ekr.zdassets.com/ https://cdn.pagesense.io/ https://connect.facebook.net/ https://cdn.searchspring.net/ http://cdn.searchspring.net/ http://a.klaviyo.com/ *.searchspring.io/ https://maps.googleapis.com/ https://www.facebook.com/ wss://input.noibu.com/ https://cdn.noibu.com/ https://www.google.com/ https://stats.g.doubleclick.net/ https://s3-us-west-2.amazonaws.com/ https://app.shop.pe/ https://manage.safeopt.com/ https://analytics.audioeye.com/ https://input.noibu.com/ https://measurement-api.criteo.com/ https://google.com/ https://aly.justuno.com/ https://shopper.shop.pe/ https://bat.bing.com/ *.zohopublic.com wss://vts.zohopublic.com/ https://static.zohocdn.com/ *.zoho.com https://get.geojs.io *.avada.io *.cloudflare.com *.twitter.com *.twimg.com *.versapay.com *.paynup.com *.datadoghq.com https://www.google-analytics.com *.mmapiws.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri https://static.zohocdn.com 'self' 'unsafe-inline'; report-uri https://375b72b1-83bd-4481-a822-078405d99853.sansec.watch/; report-to report-endpoint; 2
* 2
font-src fonts.gstatic.com use.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.klevu.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.ksearchnet.com https://www.gstatic.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.klevu.com 'self' data: *.punchout2go.com *.tradecentric.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com account.fetchify.com js-eu1.hsforms.net 'self' data: *.klevu.com *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com https://*.google.com *.doubleclick.net *.facebook.com account.fetchify.com *.freshchat.com *.crwdcntrl.net/ js-eu1.hsforms.net *.klevu.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com magento-cloudflare.jetrails.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.punchout2go.com *.tradecentric.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net data: https://*.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.google.co.uk *.klevu.com *.ytimg.com *.ksearchnet.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://*.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.gatorleads.co.uk *.freshchat.com *.newrelic.com *.hotjar.com *.adnxs.com js-eu1.hsforms.net *.klevu.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com js.klevu.com *.ksearchnet.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.punchout2go.com *.tradecentric.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com cc-cdn.com *.typekit.net *.freshchat.com *.klevu.com *.ksearchnet.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.punchout2go.com *.tradecentric.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com *.sentry.io *.google-analytics.com *.facebook.com *.facebook.net https://*.google.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk *.nr-data.net *.doubleclick.net *.hotjar.io js-eu1.hsforms.net *.klevu.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.ksearchnet.com https://ipinfo.io https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self';  script-src 'self' 'unsafe-inline' 'unsafe-eval' https:;  style-src 'self' 'unsafe-inline' https:;  img-src 'self' data: https:;  connect-src 'self' https:; frame-src 'self' https:; font-src 'self' https:;  form-action 'self';  frame-ancestors 'none';  object-src 'none';  base-uri 'self'; 2
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.googlesyndication.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors https://api.clerk.io https://cdn.clerk.io *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.doubleclick.net www.facebook.com *.googlesyndication.com connect.facebook.net graph.facebook.com business.facebook.com *.multisafepay.com https://pay.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.sendcloud.sc *.jsdelivr.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com 'self' data: *.google.com *.google.bg www.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.roeye.com https://cdn.clerk.io connect.facebook.net graph.facebook.com business.facebook.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.multisafepay.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.amazonaws.com *.hsforms.net *.hsforms.com ts.tradetracker.net www.magmodules.eu data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com https://maps.googleapis.com *.google.bg *.googletagmanager.com www.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com https://api.clerk.io https://cdn.clerk.io connect.facebook.net graph.facebook.com business.facebook.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.multisafepay.com https://pay.google.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.sendcloud.sc *.jsdelivr.net *.hsforms.net *.hsforms.com tm.tradetracker.net https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com https://api.clerk.io https://cdn.clerk.io downloads.mailchimp.com *.multisafepay.com assets.braintreegateway.com *.sendcloud.sc *.jsdelivr.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com https://maps.googleapis.com https://player.vimeo.com *.google-analytics.com www.facebook.com *.facebook.net *.doubleclick.net *.googlesyndication.com connect.facebook.net graph.facebook.com business.facebook.com *.multisafepay.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.sendcloud.sc *.cdn.jsdelivr.net *.mapbox.com t.elasticsuite.io *.hsforms.net *.hsforms.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com * *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors https://catalogues.retif.eu 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.hipay-tpp.com *.hipay.com *.paypal.com s3-eu-west-1.amazonaws.com *.back.ecard.pledg.co *.front.ecard.pledg.co front.ecard.pledg.co hooks.stripe.com *.salecycle.com *.criteo.com *.hotjar.com *.facebook.net track.effiliation.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com https://images.unsplash.com *.retif.eu *.hsforms.net *.hsforms.com * *.googleapis.com *.ggpht.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ jquery.sellxed.com *.hipay-tpp.com *.hipay.com mpsnare.iesnare.com *.paypal.com https://cdnjs.cloudflare.com s3-eu-west-1.amazonaws.com *.back.ecard.pledg.co *.front.ecard.pledg.co *.nr-data.net *.newrelic.com *.iadvize.com *.cookielaw.org *.bing.com *.pinimg.com *.hotjar.com *.salecycle.com *.facebook.net *.licdn.com *.criteo.com *.clarity.ms analytics.tiktok.com *.target2sell.com appstatic.quanta.io track.effiliation.com https://smex-ctp.trendmicro.com:443/wis/clicktime/v1/query *.hsforms.net *.hsforms.com *.googleapis.com *.google.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.hipay.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://cdnjs.cloudflare.com https://smex-ctp.trendmicro.com:443/wis/clicktime/v1/query * *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com data: mpsnare.iesnare.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.hipay-tpp.com *.hipay.com wss://mpsnare.iesnare.com s3-eu-west-1.amazonaws.com *.back.ecard.pledg.co *.front.ecard.pledg.co *.nr-data.net *.facebook.net *.criteo.com track.effiliation.com https://catalogues.retif.eu t.elasticsuite.io *.hsforms.net *.hsforms.com * *.google.com *.gstatic.com *.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; form-action 'self' 2
default-src 'self'; frame-ancestors 'none'; script-src 'self' 'nonce-Rwoq3wCP5RsjJArh57I8RQ==' 'nonce-Vwoq9wCP5RsjJArh57I8RQ==' 'nonce-jpZgc3ugEalR102TlYEBwg==' https://www.google-analytics.com https://kone--full.sandbox.my.site.com https://kone.tfaforms.net https://www.google.com https://www.youtube.com https://content.jwplatform.com https://www.gstatic.com https://ssl.p.jwpcdn.com https://assets.adobedtm.com https://ssl.p.jwpcdn.com https://cdn.jwplayer.com https://cdn-ukwest.onetrust.com https://s.swiftypecdn.com https://tms.kone.com https://storage.googleapis.com https://www.snapengage.com https://www.googletagmanager.com https://www.googleoptimize.com https://plugins.flockler.com https://kone--full.sandbox.my.site.com https://www.googleoptimize.com https://tools.eurolandir.com https://kone.tfaforms.net https://qa-live.kone.com https://static.hotjar.com https://fl-1.cdn.flockler.com https://code.jquery.com https://script.hotjar.com https://connect.facebook.net https://b454ab66b89347d3a00d3736b6dcb498.ent-search.westeurope.azure.elastic-cloud.com https://polyfill.io https://maps.googleapis.com  blob:; base-uri 'self'; style-src 'self' 'unsafe-inline' https://kone--full.sandbox.my.site.com https://s.swiftypecdn.com https://fonts.googleapis.com https://stackpath.bootstrapcdn.com https://kone.tfaforms.net https://fl-1.cdn.flockler.com; frame-src 'self' https://www.youtube.com https://events.kone.com https://www.google.com https://kone--full.sandbox.my.site.com https://tools.euroland.com https://konecorp.demdex.net https://player.simplecast.com https://fl-1.cdn.flockler.com https://tools.eurolandir.com; font-src 'self' https://www.kone.com https://storage.googleapis.com https://www.kone.us https://fl-1.cdn.flockler.com https://script.hotjar.com; connect-src 'self' https://ssl.p.jwpcdn.com https://script.hotjar.com https://vc.hotjar.io https://analytics.formassembly.com https://kone--full.sandbox.my.salesforce-scrt.com https://search-api.swiftype.com https://content.jwplatform.com https://geolocation.onetrust.com https://assets-jpcust.jwpsrv.com https://privacyportal-uk.onetrust.com https://videos-cloudfront-usp.jwpsrv.com https://cdn.jwplayer.com https://cdn-ukwest.onetrust.com https://s.swiftypecdn.com https://dpm.demdex.net https://www.google-analytics.com  https://plugins.flockler.com https://www.snapengage.com https://api.swiftype.com https://smetrics.kone.com https://content.hotjar.io wss://ws.hotjar.com https://metrics.hotjar.io https://surveystats.hotjar.io https://b454ab66b89347d3a00d3736b6dcb498.ent-search.westeurope.azure.elastic-cloud.com; media-src 'self' https://kone-aem.adobecqms.net https://www.snapengage.com blob:; img-src 'self' https: http: data: blob:; worker-src 'self' https://qa-live.kone.com blob:; 2
report-to webscaleCspEndpoint; report-uri https://xdymhcopnh.execute-api.us-east-1.amazonaws.com/default/cspReportingMonitor; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: 'self' blob: bat.bing.com cdn.callreports.com googleads.g.doubleclick.net js.callrail.com res.cloudinary.com s3.amazonaws.com secure.leadforensics.com www.google-analytics.com www.google.com www.googletagmanager.com googleads.g.doubleclick.net  secure.leadforensics.com www.woodlandmanufacturing.com www.googleadservices.com *.pinimg.com connect.facebook.net *.gstatic.com *.wistia.com *.olark.com *.nextopiasoftware.com *.flattr.com *.trustpilot.com g.microsoft.com *.cloudmaestro.com *.woodlandmanufacturing.com advancedsign.com *.advancedsign.com 2
font-src *.fontawesome.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.googleapis.com https://*.tawk.to/ *.fontawesome.com fonts.googleapis.com maxcdn.bootstrapcdn.com http://cdnjs.cloudflare.com/ajax/libs/ data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.twitter.com *.google.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.youtube.com/ https://platform-api.sharethis.com https://buttons-config.sharethis.com https://l.sharethis.com https://scontent-ams4-1.cdninstagram.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * api.razorpay.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://platform-api.sharethis.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.google.com *.maps.gstatic.com maps.gstatic.com maps.googleapis.com https://clauem2.arrowtheme.com https://scontent.cdninstagram.com/ https://buttons-config.sharethis.com https://l.sharethis.com https://platform-cdn.sharethis.com https://scontent-ams4-1.cdninstagram.com https://s3.ap-south-1.amazonaws.com/* https://s3.ap-south-1.amazonaws.com https://*.tawk.to flagpedia.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com cdn.razorpay.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com */walletsystem/index/applypaymentamount www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com maps.googleapis.com *.trackedlink.net *.maps.gstatic.com *.googletagmanager.com *.googleadservices.com https://connect.facebook.net https://platform-api.sharethis.com https://buttons-config.sharethis.com https://l.sharethis.com https://scontent-ams4-1.cdninstagram.com https://*.tawk.to https://adtarbo.eywamedia.com/scripts/adtarbo.min.js https://static.getbutton.io/widget-send-button/js/init.js https://adtarbo.eywamedia.com/scripts/adtarbo-core.min.js?v=66.68988515157149 player.vimeo.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com checkout.razorpay.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.google.com *.maps.gstatic.com maps.gstatic.com maps.googleapis.com *.google-analytics.com https://platform-api.sharethis.com https://buttons-config.sharethis.com https://l.sharethis.com https://*.tawk.to/ https://s3.ap-south-1.amazonaws.com/* https://s3.ap-south-1.amazonaws.com maxcdn.bootstrapcdn.com assets.braintreegateway.com unsafe-inline http://cdnjs.cloudflare.com/ajax/libs/ 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.cloudflare.com *.twitter.com *.twimg.com *.googleadservices.com *.google-analytics.com *.sandbox.paypal.com *.paypalobjects.com *.trackedlink.net *.ampproject.org *.google.co.in *.maps.gstatic.com *.maps.googleapis.com maps.googleapis.com https://platform-api.sharethis.com https://buttons-config.sharethis.com https://l.sharethis.com https://scontent-ams4-1.cdninstagram.com https://*.tawk.to/ wss://*.tawk.to https://adtarbo.eywamedia.com/ www.gstatic.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com lumberjack.razorpay.com lumberjack-metrics.razorpay.com *.gstatic.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 2
default-src https: 'unsafe-eval' 'unsafe-inline'; report-uri https://support.stnhost.com/csp/record-bad-https.php 2
font-src *.gstatic.com/ widget.trustpilot.com t4.my-probance.one *.aplazame.com *.zendesk.com *.adobedtm.com *.adobe.com *.authorize.net *.braintreegateway.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cetelem.es *.livechatinc.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.avis-verifies.com/ widget.trustpilot.com t4.my-probance.one *.aplazame.com *.zendesk.com *.adobedtm.com *.authorize.net *.braintreegateway.com sandbox.sequracdn.com live.sequracdn.com sandbox.sequrapi.com live.sequrapi.com *.livechatinc.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.cetelem.es *.google.com/ *.youtube.com/ widget.trustpilot.com t4.my-probance.one *.aplazame.com *.zendesk.com *.adobedtm.com *.authorize.net *.braintreegateway.com cdn.doofinder.com sandbox.sequracdn.com live.sequracdn.com sandbox.sequrapi.com live.sequrapi.com *.livechatinc.com *.gstatic.com *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.cetelem.es *.googletagmanager.com/ *.cdn.cookielaw.org/ *.youtube.com/ widget.trustpilot.com t4.my-probance.one *.aplazame.com *.zendesk.com *.adobedtm.com *.authorize.net *.braintreegateway.com cdn.doofinder.com sandbox.sequracdn.com live.sequracdn.com sandbox.sequrapi.com live.sequrapi.com *.livechatinc.com *.tradedoubler.com https://www.googletagmanager.com tagmanager.google.com analytics.google.com *.facebook.net unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cetelem.es *.googleapis.com/ widget.trustpilot.com t4.my-probance.one *.aplazame.com *.zendesk.com *.adobedtm.com *.authorize.net *.braintreegateway.com *.doofinder.com *.fontawesome.com *.livechatinc.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.cetelem.es *.googletagmanager.com/ *.cdn.cookielaw.org/ *.youtube.com/ widget.trustpilot.com t4.my-probance.one *.aplazame.com *.zendesk.com *.adobedtm.com *.adobe.com *.authorize.net *.braintreegateway.com *.doofinder.com wss://*.doofinder.com sandbox.sequracdn.com live.sequracdn.com sandbox.sequrapi.com live.sequrapi.com *.livechatinc.com *.google-analytics.com analytics.google.com *.facebook.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self';          script-src 'self' https: https://embed.tawk.to/ https://checkoutshopper-live.adyen.com https://pay.google.com https://www.sandbox.paypal.com https://www.paypal.com https://checkoutshopper-test.adyen.com https://www.googletagmanager.com https://fonts.gstatic.com https://api-iam.intercom.io https://www.dwin1.com https://www.clarity.ms https://checkoutshopper-test.cdn.adyen.com https://checkoutshopper-live.cdn.adyen.com https://checkoutanalytics-test.adyen.com https://checkoutanalytics.adyen.com https://pal-test.adyen.com https://3feb0eede3795623-CitySightseeingLtd-pal-live.adyenpayments.com 'unsafe-eval' 'unsafe-inline';          style-src 'self' 'unsafe-inline' https://embed.tawk.to/ https://wordpressguidebookprod.azurewebsites.net//theguidebook https://isango.com/theguidebook https://assets-guidebook.isango.com https://isango.com/theguidebook/wp-content https://assets-guidebook.isango.com/wp-content https://fonts.googleapis.com https://uathohobassets.isango.com https://register.feefo.com https://checkoutshopper-live.adyen.com https://testhohobassets.isango.com https://hohobassets.isango.com https://checkoutshopper-test.adyen.com https://checkoutshopper-test.cdn.adyen.com https://checkoutshopper-live.cdn.adyen.com http://ajax.googleapis.com https://checkoutanalytics-test.adyen.com https://checkoutanalytics.adyen.com https://pal-test.adyen.com https://3feb0eede3795623-CitySightseeingLtd-pal-live.adyenpayments.com;          img-src 'self' https: data: https://sectigo.com https://wordpressguidebookprod.azurewebsites.net//theguidebook https://www.facebook.com https://bat.bing.com https://hohobassets.isango.com https://res.cloudinary.com https://www.google.co.in https://googleads.g.doubleclick.net https://checkoutshopper-live.adyen.com https://pay.google.com https://www.paypal.com https://www.sandbox.paypal.com https://checkoutshopper-test.adyen.com http://www.google-analytics.com https://www.clarity.ms https://checkoutshopper-test.cdn.adyen.com https://checkoutshopper-live.cdn.adyen.com http://ajax.googleapis.com https://checkoutanalytics-test.adyen.com https://checkoutanalytics.adyen.com https://pal-test.adyen.com https://3feb0eede3795623-CitySightseeingLtd-pal-live.adyenpayments.com;          frame-src 'self' https://geoissuer.cardinalcommerce.com https://authentication.cardinalcommerce.com https://secure.trust-provider.com https://www.facebook.com https://testhohobassets.isango.com https://www.googletagmanager.com https://ct.pinterest.com https://google.com https://checkoutshopper-live.adyen.com https://pay.google.com https://www.paypal.com https://www.sandbox.paypal.com https://checkoutshopper-test.adyen.com https://r.clarity.ms https://www.youtube.com https://www.youtube-nocookie.com https://api-iam.intercom.io https://checkoutshopper-test.cdn.adyen.com https://checkoutshopper-live.cdn.adyen.com http://ajax.googleapis.com https://checkoutanalytics-test.adyen.com https://checkoutanalytics.adyen.com https://pal-test.adyen.com https://3feb0eede3795623-CitySightseeingLtd-pal-live.adyenpayments.com https://*.doubleclick.net;          font-src 'self' https://embed.tawk.to/ https://wordpressguidebookprod.azurewebsites.net//theguidebook https://isango.com/theguidebook https://assets-guidebook.isango.com https://uathohobassets.isango.com https://fonts.intercomcdn.com https://fonts.googleapis.com https://fonts.gstatic.com https://testhohobassets.isango.com https://hohobassets.isango.com https://checkoutanalytics-test.adyen.com https://checkoutanalytics.adyen.com;          connect-src 'self' https://dc.services.visualstudio.com/ https://va.tawk.to/ https://*.clarity.ms https://wordpressguidebookprod.azurewebsites.net//theguidebook https://j.clarity.ms https://maps.googleapis.com https://api-es-prod.isango.com https://collect.feefo.com https://h.clarity.ms https://w.clarity.ms https://p.clarity.ms https://www.facebook.com https://www.google.com https://api.feefo.com https://b.clarity.ms/collect https://k.clarity.ms https://o.clarity.ms https://google.com https://checkoutshopper-live.adyen.com https://pay.google.com https://checkoutshopper-test.adyen.com https://r.clarity.ms https://analytics.google.com https://api-iam.intercom.io https://bat.bing.com https://ct.pinterest.com https://e.clarity.ms https://fonts.googleapis.com https://stats.g.doubleclick.net https://www.google-analytics.com https://checkoutshopper-test.cdn.adyen.com https://checkoutshopper-live.cdn.adyen.com http://ajax.googleapis.com https://checkoutanalytics-test.adyen.com https://checkoutanalytics.adyen.com https://pal-test.adyen.com https://3feb0eede3795623-CitySightseeingLtd-pal-live.adyenpayments.com wss://nexus-websocket-a.intercom.io;         media-src 'self' https://js.intercomcdn.com;         worker-src 'self' blob:; 2
default-src 'self' https://cdn.wolterskluwer.io/ https://www.googletagmanager.com/ https://analytics.sleeknote.com/ https://dc.services.visualstudio.com/v2/track https://www.google-analytics.com/ https://region1.google-analytics.com/ https://vimeo.com/ https://pagead2.googlesyndication.com/ https://cmtt.nl/ https://ep1.adtrafficquality.google/ https://securepubads.g.doubleclick.net/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.userdatatrust.com/ https://securepubads.g.doubleclick.net/ https://pagead2.googlesyndication.com/ https://ep2.adtrafficquality.google/ https://www.googletagmanager.com/ https://eu2.cdn.thunderhead.com/one/rt/js/one-tag.js?siteKey=ONE-JHGTRIWT14-2067 http://sleeknotecustomerscripts.sleeknote.com/23807.js http://img.en25.com/i/elqCfg.min.js https://az416426.vo.msecnd.net/scripts/a/ai.0.js http://sleeknotestaticcontent.sleeknote.com/ https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1069938057/ https://www.google-analytics.com/analytics.js https://www.googletagservices.com/ https://connect.facebook.net/ http://cdn.feedbackify.com/ http://dev.visualwebsiteoptimizer.com/ https://certify-js.alexametrics.com/ http://ajax.googleapis.com/; style-src 'self' 'unsafe-inline' https://cdn.wolterskluwer.io/; img-src 'self' https://cdn.wolterskluwer.io/wk-logos/1.0.x/ https://s1364398973.t.eloqua.com/visitor/v200/svrGP data: https://www.google.com/ https://www.google.it/ https://www.google-analytics.com/ https://i.vimeocdn.com/ https://www.taxvisions.nl/ https://acc.taxvisions.nl/ https://ep1.adtrafficquality.google/ https://ep2.adtrafficquality.google/ https://tpc.googlesyndication.com/ https://pagead2.googlesyndication.com/ https://www.googletagmanager.com/ http://cdn.feedbackify.com/ https://dev.visualwebsiteoptimizer.com/; font-src 'self' https://cdn.wolterskluwer.io/; frame-src 'self' https://player.vimeo.com/ *.safeframe.googlesyndication.com/ https://ep2.adtrafficquality.google/; frame-ancestors 'self'; 2
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://www.googletagmanager.com *.googleapis.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.gls.com *.szybkapaczka.pl *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com 'self' data: *.tawk.to data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.facebook.net *.tawk.to 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.facebook.com *.facebook.net *.szybkapaczka.pl secure.payu.com merch-prod.snd.payu.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.tawk.to 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com cdn.doofinder.com *.facebook.com *.facebook.net https://firebasestorage.googleapis.com https://api.mapbox.com *.szybkapaczka.pl *.openstreetmap.org static.payu.com 'self' data: *.tawk.to tawk.link cdn.jsdelivr.net s3.amazonaws.com/ *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src https://assets.adobedtm.com https://*.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com https://*.vimeo.com www.vimeo.com *.vimeocdn.com https://*.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com tagmanager.google.com https://www.googletagmanager.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js cdn.doofinder.com *.facebook.com *.facebook.net *.fontawesome.com *.googleapis.com https://*.gstatic.com *.avada.io *.szybkapaczka.pl *.openstreetmap.org secure.payu.com secure.snd.payu.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.gstatic.com *.tawk.to cdn.jsdelivr.net *.googletagmanager.com https://static.cloudflareinsights.com https://script.hotjar.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://*.newrelic.com https://*.nr-data.net https://www.paypal.com https://www.sandbox.paypal.com https://www.paypalobjects.com https://*.vimeocdn.com https://cdn.jsdelivr.net https://*.tawk.to https://*.stripe.com https://*.stripe.network https://*.stripecdn.com https://*.klarna.com https://*.klarnacdn.net https://*.klarnaevt.com https://www.facebook.com https://connect.facebook.net https://*.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com *.doofinder.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.szybkapaczka.pl *.stripe.network *.stripecdn.com *.gstatic.com *.tawk.to cdn.jsdelivr.net fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.szybkapaczka.pl *.tawk.to tawk.link 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com https://www.google-analytics.com *.doofinder.com wss://*.doofinder.com *.facebook.com *.facebook.net https://get.geojs.io *.avada.io *.szybkapaczka.pl *.openstreetmap.org secure.payu.com merch-prod.snd.payu.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.google-analytics.com *.tawk.to wss://*.tawk.to *.analytics.google.com *.googletagmanager.com https://static.cloudflareinsights.com https://script.hotjar.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.paypal.com https://www.sandbox.paypal.com https://*.newrelic.com https://*.nr-data.net https://*.stripe.com https://connect.facebook.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src d.digsgogo.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
worker-src blob:; font-src *.typekit.net *.gstatic.com fonts.gstatic.com use.typekit.net *.kxcdn.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com facebook.com www.facebook.com *.kxcdn.com youtube.com www.youtube.com platform.twitter.com *.addthis.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com p.typekit.net validator.swagger.io *.cdninstagram.com *.kxcdn.com *.twitter.com *.googleapis.com *.google.com *.fbcdn.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.commerce-payment-services.com *.typekit.net google.com *.google.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.googleapis.com *.gstatic.com cdn.ampproject.org connect.facebook.net googletagmanager.com *.kxcdn.com platform.twitter.com *.addthis.com *.addthisedge.com *.moatads.com s7.addthis.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.google.com *.kxcdn.com *.gstatic.com *.fontawesome.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.adobe.io performance.typekit.net *.sentry.io https://www.paypal.com/xoplatform/logger/api/logger cdn.ampproject.org *.kxcdn.com *.instagram.com ekr.zdassets.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 2
font-src *.cloudflare.com *.onlinewebfonts.com *.fontawesome.com fonts.googleapis.com fonts.gstatic.com *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors https://api.clerk.io https://cdn.clerk.io 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com static.addtoany.com *.addthis.com *.cookiebot.com *.criteo.com *.doubleclick.net *.google.com *.facebook.com int-ecommerce.nexi.it ecommerce.nexi.it stg-ta.nexigroup.com xpay.nexigroup.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.facebook.com *.google.it *.bidswitch.net *.doubleclick.net *.adnxs.com *.media.net *.rubiconproject.com *.sharethrough.com *.smartadserver.com *.taboola.com *.teads.tv *.3lift.com *.ups.analytics.yahoo.com *.adform.net *.omnitagjs.com *.casalemedia.com id5-sync.com *.360yield.com *.ivitrack.com *.mediavine.com/ *.outbrain.com *.pubmatic.com *.tremorhub.com *.yieldlab.net *.krxd.net *.thebrighttag.com *.cookiebot.com *.roeye.com *.emxdgt.com *.yieldmo.com *.postrelease.com *.driade.com *.fontanaarte.com *.italiancreationgroup.com maps.googleapis.com maps.gstatic.com 'self' data: *.google.com *.google.bg *.facebook.net *.googletagmanager.com *.gstatic.com *.bird.eu https://cdn.clerk.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com int-ecommerce.nexi.it ecommerce.nexi.it stg-ta.nexigroup.com xpay.nexigroup.com cdn.klarna.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.googleapis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ static.addtoany.com connect.facebook.net *.addthis.com *.moatads.com *.addthisedge.com *.newrelic.com *.nr-data.net *.cookiebot.com *.criteo.com *.gestpay.net *.dwin1.com *.hotjar.com *.sella.it *.roeyecdn.com *.clerk.io maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com https://api.clerk.io https://cdn.clerk.io chimpstatic.com downloads.mailchimp.com *.list-manage.com int-ecommerce.nexi.it ecommerce.nexi.it stg-ta.nexigroup.com xpay.nexigroup.com www.google.com www.gstatic.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.googleapis.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cloudflare.com *.fontawesome.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com https://api.clerk.io https://cdn.clerk.io downloads.mailchimp.com unsafe-inline assets.braintreegateway.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.addthis.com *.googleapis.com *.nr-data.net *.doubleclick.net *.cookiebot.com *.google-analytics.com *.google.com *.criteo.com *.facebook.com *.facebook.net int-ecommerce.nexi.it ecommerce.nexi.it stg-ta.nexigroup.com xpay.nexigroup.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src *.fontawesome.com fonts.googleapis.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors *.magerocket.com *.gocuotas.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.dotdigital-pages.com *.dotdigital.com *.mercadolibre.com *.magerocket.com *.gocuotas.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.mercadolivre.com *.magerocket.com *.gocuotas.com storage.googleapis.com *.google.com *.google.com.ar imgmp.mlstatic.com *.googletagmanager.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com maps.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com https://device.clearsale.com.br https://live.decidir.com *.mlstatic.com *.mercadopago.com *.magerocket.com *.gocuotas.com *.avada.io polyfill.io go.botmaker.com storage.googleapis.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com fonts.googleapis.com storage.googleapis.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com storage.googleapis.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com https://developers.decidir.com/ https://developers-ventasonline.payway.com.ar/ *.mercadopago.com *.mercadolibre.com *.magerocket.com *.gocuotas.com https://get.geojs.io *.avada.io go.botmaker.com stats.g.doubleclick.net maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src fonts.gstatic.com use.typekit.net *.fontawesome.com *.googleapis.com *.gstatic.com https://cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.wesupply.xyz *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.googleapis.com *.gstatic.com www.apptrian.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com *.googleapis.com *.gstatic.com www.apptrian.com *.avada.io *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com https://cdnjs.cloudflare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.fontawesome.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com https://fonts.googleapis.com https://cdnjs.cloudflare.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com *.sentry.io *.googleapis.com www.apptrian.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src fonts.gstatic.com use.typekit.net www.fontawesome.com www.googleapis.com www.gstatic.com *.zdassets.com *.fontawesome.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://seo.mageplaza.com *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com www.addthis.com www.doubleclick.net www.google.com *.weltpixel.com *.mercadolibre.com *.mercadolivre.com *.mlstatic.com api.mercadopago.com events.mercadopago.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.trackedlink.net www.facebook.com www.facebook.net *.metricool.com www.google.com.ar *.zdassets.com *.uber.com *.ubereats.com *.mercadolibre.com *.mercadolivre.com *.mlstatic.com api.mercadopago.com events.mercadopago.com *.gstatic.com *.facebook.com *.reddit.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com assets.adobedtm.com commerce.adobe.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com www.aptrinsic.com *.metricool.com *.clarity.ms www.facebook.com api.yotpo.com www.facebook.net js-agent.newrelic.com recostream.com *.zdassets.com www.varsovienne.cl unpkg.com *.zendesk.com www.google.com *.mercadolibre.com *.mercadolivre.com *.mlstatic.com api.mercadopago.com events.mercadopago.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net *.redditstatic.com *.reddit.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.magento-datasolutions.com *.magento-ds.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com www.googleapis.com www.mailchimp.com *.zdassets.com *.fontawesome.com tagmanager.google.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net www.zdassets.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com *.snplow.net commerce.adobedc.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.zendesk.com *.zdassets.com k.clarity.ms api.yotpo.com www.google.com www.facebook.net connect.facebook.net www.googleapis.com unpkg.com *.mercadolibre.com *.mercadolivre.com *.mlstatic.com api.mercadopago.com events.mercadopago.com *.google-analytics.com *.facebook.net *.redditstatic.com *.reddit.com *.doubleclick.net *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net www.aptrinsic.com www.newrelic.com www.demdex.net commerce.adobedc.net www.varsovienne.cl bam.nr-data.net www.google.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com fonts.gstatic.com https://fonts.gstatic.com fonts.googleapis.com https://widgets.trustedshops.com *.afzuigkapfilterwinkel.nl *.allspares.fr *.filtre-de-hotte.fr *.flaticon.com *.fontawesome.com *.hotjar.com *.hsappstatic.net *.slant.co *.userway.org *.varify.io *.waterfilterwinkel.com data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.googlesyndication.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; frame-ancestors *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://*.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com https://*.dpdconnect.nl *.newrelic.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.multisafepay.com https://pay.google.com *.wasserfilterspezialist.de *.allspares.com *.bing.com *.cookiebot.com *.criteo.com *.criteo.net google.co.th *.googletagmanager.com *.hotjar.com *.opendns.com *.robinhq.com server-side-tagging-hgb22rqeua-uc.a.run.app *.userway.org *.varify.io 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io 'self' data: https://*.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.googlesyndication.com *.trackedlink.net https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com *.openstreetmap.org maps.googleapis.com maps.gstatic.com *.multisafepay.com https://api.mapbox.com moogento.com *.moogento.com *.hsforms.net *.hsforms.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com *.1rx.io *.3lift.com *.adnxs.com *.afzuigkapfilterwinkel.nl *.agkn.com *.allspares.de *.allspares.fr *.allspares.nl *.baidu.com *.bidswitch.net *.bing.com *.bing.net *.casalemedia.com *.cashbackxl.nl *.cookiebot.com *.criteo.com *.criteo.net *.dunstabzugshaube-filter.de *.etrusted.com *.filtre-de-hotte.fr www.google.ad www.google.ae www.google.al www.google.am www.google.as www.google.at www.google.az www.google.ba www.google.be www.google.bf www.google.bi www.google.bj www.google.bs www.google.by www.google.ca www.google.cd www.google.cg www.google.ch www.google.ci www.google.cl www.google.cm www.google.co.ao www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ma www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bh www.google.com.bn www.google.com.br www.google.com.co www.google.com.cy www.google.com.do www.google.com.ec www.google.com.eg www.google.com.et www.google.com.fj www.google.com.gh www.google.com.gi www.google.com.gt www.google.com.hk www.google.com.jm www.google.com.kh www.google.com.kw www.google.com.lb www.google.com.mt www.google.com.mx www.google.com.my www.google.com.na www.google.com.ng www.google.com.ni www.google.com.np www.google.com.om www.google.com.pa www.google.com.pe www.google.com.ph www.google.com.pk www.google.com.pr www.google.com.py www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.sl www.google.com.sv www.google.com.tj www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vn www.google.co.mz www.google.co.nz www.google.co.th www.google.co.tz www.google.co.ug www.google.co.uk www.google.co.uz www.google.co.ve www.google.co.za www.google.cv www.google.cz www.google.de www.google.dj www.google.dk www.google.dm www.google.dz www.google.ee www.google.es www.google.fi www.google.fr www.google.ga www.google.ge www.google.gl www.google.gm www.google.gr www.google.hr www.google.ht www.google.hu www.google.ie www.google.iq www.google.is www.google.it www.google.je www.google.jo www.google.kg www.google.kz www.google.li www.google.lk www.google.lt www.google.lu www.google.lv www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.mu www.google.mv www.google.mw www.google.nl www.google.no www.google.pl www.google.ps www.google.pt www.google.ro www.google.rs www.google.ru www.google.rw www.google.sc www.google.se www.google.si www.google.sk www.google.sm www.google.sn www.google.so www.google.sr www.google.tg www.google.tn www.google.tt google.com *.google.com *.hubspot.com id5-sync.com *.kelkoogroup.net *.media.net *.outbrain.com *.pubmatic.com robincontentdesktop.blob.core.windows.net *.rubiconproject.com *.smartadserver.com *.taboola.com *.teads.tv *.trackedweb.net *.tremorhub.com *.trustedshops.com *.usercentrics.eu *.userway.org *.visualwebsiteoptimizer.com *.wasserfilterspezialist.de *.waterfilterwinkel.com *.webflow.com yastatic.net data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com https://*.dpdconnect.nl https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.multisafepay.com https://pay.google.com l.moogento.com *.hsforms.net *.hsforms.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.afzuigkapfilterwinkel.nl *.allspares.com *.allspares.fr az416426.vo.msecnd.net *.beslist.nl *.bing.com *.cookiebot.com *.criteo.com *.criteo.net d5yoctgpv4cpx.cloudfront.net *.etrusted.com *.filtre-de-hotte.fr *.hotjar.com *.hs-analytics.net *.hs-banner.com *.hs-scripts.com *.hubspot.com *.jquery.com *.kk-resources.com robincontentdesktop.blob.core.windows.net *.robinhq.com *.trengo.eu *.trustedshops.com *.usercentrics.eu *.userway.org *.varify.io *.waterfilterwinkel.com *.webeyez.com yastatic.net 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com fonts.googleapis.com *.multisafepay.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.afzuigkapfilterwinkel.nl *.allspares.fr *.etrusted.com *.filtre-de-hotte.fr *.fontawesome.com *.trustedshops.com *.userway.org *.varify.io *.waterfilterwinkel.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.bing.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com *.facebook.com *.facebook.net https://*.google.com *.doubleclick.net *.googlesyndication.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com https://ipinfo.io https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com maps.googleapis.com *.multisafepay.com autocomplete2.postdirekt.de wss://ws.hotjar.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site *.afzuigkapfilterwinkel.nl *.allspares.fr *.allspares.nl *.baidu.com *.beslist.nl *.bing.com *.bing.net *.cookiebot.com *.criteo.com *.dunstabzugshaube-filter.de *.filtre-de-hotte.fr www.google.ad www.google.ae www.google.al www.google.am www.google.at www.google.ba www.google.be www.google.bg www.google.bi www.google.bj www.google.by www.google.ca www.google.cd www.google.cg www.google.ch www.google.ci www.google.cl www.google.cm www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ma www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bh www.google.com.bn www.google.com.br www.google.com.co www.google.com.cy www.google.com.do www.google.com.eg www.google.com.gi www.google.com.hk www.google.com.kw www.google.com.lb www.google.com.mt www.google.com.mx www.google.com.my www.google.com.na www.google.com.ng www.google.com.np www.google.com.om www.google.com.pa www.google.com.ph www.google.com.pk www.google.com.pr www.google.com.py www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.vn www.google.co.nz www.google.co.th www.google.co.tz www.google.co.uk www.google.co.uz www.google.co.ve www.google.co.za www.google.cv www.google.cz www.google.de www.google.dk www.google.dz www.google.ee www.google.es www.google.fi www.google.fr www.google.ga www.google.ge www.google.gr www.google.hr www.google.hu www.google.ie www.google.is www.google.it www.google.kz www.google.li www.google.lt www.google.lu www.google.lv www.google.md www.google.me www.google.mg www.google.mk www.google.mu www.google.nl www.google.no www.google.pl www.google.ps www.google.pt www.google.ro www.google.rs www.google.ru www.google.se www.google.si www.google.sk www.google.sn www.google.sr www.google.tg www.google.tn google.com *.google.com *.hotjar.com *.hotjar.io *.hubspot.com *.jquery.com *.kelkoogroup.net localhost p2iqhncxyh.execute-api.eu-central-1.amazonaws.com *.robinhq.com *.samsung.com server-side-tagging-hgb22rqeua-uc.a.run.app *.trengo.eu *.usercentrics.eu *.userway.org *.varify.io *.visualstudio.com *.visualwebsiteoptimizer.com *.waterfilterwinkel.com *.webeyez.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri *.trustedshops.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; report-uri https://c6d02f62-c45e-4c56-876c-2102faf3fd5c.sansec.watch/; report-to report-endpoint; 2
*.sooqr.com *.spotlersearch.com spotlersearchanalytics.com 2
font-src *.fontawesome.com *.bootstrapcdn.com *.cloudflare.com *.googleusercontent.com *.gstatic.com *.jsdelivr.net *.slant.co unpkg.com data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.2c2p.com *.americanexpress.com *.arcot.com *.cardinalcommerce.com *.citibank.com *.ctbcbank.com *.dnp-cdms.jp *.inicis.com *.ipay88.com.my *.unionpay.com *.uobgroup.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk *.weltpixel.com *.afterpay.com *.americanexpress.com *.arcot.com *.cardinalcommerce.com *.citibank.com *.ctbcbank.com *.dnp-cdms.jp *.google.com *.inicis.com *.unionpay.com *.uobgroup.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com https://static.afterpay.com https://site-assets.afterpay.com/ k.kakaocdn.net *.inicis.com *.afterpay.com *.doubleclick.net *.elcompanies.com *.google-analytics.com *.googleapis.com www.google.ad www.google.at www.google.co.id www.google.co.in www.google.co.jp www.google.co.kr www.google.com.au www.google.com.bd www.google.com.co www.google.com.hk www.google.com.mt www.google.com.my www.google.com.ph www.google.com.sg www.google.com.tw www.google.com.vn www.google.co.th www.google.co.uk www.google.co.za www.google.de www.google.dk www.google.es www.google.fr www.google.ie www.google.it www.google.nl www.google.se *.google.com *.googletagmanager.com *.googleusercontent.com *.gstatic.com *.hstatic.net *.naver.com *.thecompanystore.com.sg data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://api.addressfinder.io *.adyen.com https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com https://js.sandbox.afterpay.com https://js.afterpay.com maps.googleapis.com developers.kakao.com *.kakaocdn.net *.avada.io *.inicis.com *.afterpay.com *.facebook.net *.google-analytics.com *.googleapis.com *.google.com *.googletagmanager.com *.newrelic.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; style-src *.adobe.com https://api.addressfinder.io static.afterpay.com/ js.sandbox.afterpay.com js.afterpay.com *.fontawesome.com *.inicis.com *.googleapis.com *.gstatic.com *.jsdelivr.net 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://api.addressfinder.io *.adyen.com static.afterpay.com static.sandbox.afterpay.com js.sandbox.afterpay.com js.afterpay.com kauth.kakao.com https://get.geojs.io *.avada.io *.inicis.com *.afterpay.com *.doubleclick.net *.google-analytics.com *.googleapis.com www.google.ad www.google.at www.google.co.id www.google.co.in www.google.co.jp www.google.co.kr www.google.com.au www.google.com.bd www.google.com.hk www.google.com.mt www.google.com.my www.google.com.ph www.google.com.sg www.google.com.tw www.google.com.vn www.google.co.th www.google.co.za www.google.de www.google.dk www.google.es www.google.fr www.google.ie www.google.it www.google.nl *.google.com *.googletagmanager.com *.newrelic.com *.nr-data.net 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://2a739ab1-c282-4278-9304-d6969cd3e784.sansec.watch/; report-to report-endpoint; 2
object-src 'none';base-uri 'self';script-src 'nonce-UiPWwCr4Q-KhyWX9_2vrkQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-8y-lPVG9gdjZW-lSW2MznQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none'; font-src 'self' www.mozilla.org; frame-src 'self' accounts.firefox.com js.stripe.com www.google-analytics.com www.googletagmanager.com www.youtube.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' js.stripe.com s.ytimg.com tagmanager.google.com www.google-analytics.com www.googletagmanager.com www.mozilla.org www.youtube.com; media-src 'self' assets.mozilla.net videos.cdn.mozilla.net www.mozilla.org; default-src 'self' *.mozilla.org; style-src 'self' www.mozilla.org; connect-src 'self' https://accounts.firefox.com/ https://basket.mozilla.org o1069899.ingest.sentry.io o1069899.sentry.io region1.google-analytics.com www.google-analytics.com www.googletagmanager.com www.mozilla.org/submit/bedrock/; form-action 'self' https://accounts.firefox.com/ https://basket.mozilla.org; img-src 'self' blog.mozilla.org data: images.ctfassets.net www.google-analytics.com www.googletagmanager.com www.mozilla.org; frame-ancestors 'none'; base-uri 'none'; upgrade-insecure-requests 1
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' 1003891.track.convertexperiments.com app.hubspot.com cdn-3.convertexperiments.com cdn-4.convertexperiments.com cdn.pdst.fm connect.facebook.net js.hs-analytics.net js.hs-banner.com js.hsforms.net js.hsleadflows.net js.hubspotfeedback.com js.usemessages.com play.vidyard.com script.hotjar.com snap.licdn.com static.hotjar.com static.hsappstatic.net www.google-analytics.com www.googletagmanager.com www.recaptcha.net code.highcharts.com www.youtube.com js.hubspot.com www.dropbox.com widget.altrulabs.com www.google.com maps.googleapis.com wt-assets.hubteam.com cdn2.hubspot.net www.redditstatic.com cdn.veritonic.com gosniply.com d.impactradius-event.com test.test.com js.hubspot.com analytics.tiktok.com 'strict-dynamic' 'nonce-9KT9jmpCENYQROvSDTdahA=='; report-uri https://send.hsbrowserreports.com/csp/report 1
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/www_google 1
base-uri 'none'; connect-src https://c.increment.com https://c.stripe.dev https://c.stripe.global https://c.stripe.partners blob: https://b.stripecdn.com https://climate.stripe.com https://errors.stripe.com https://ext.stripe.com https://r.stripe.com https://sales-live-chat.stripe.com https://stripe-images.s3.us-west-1.amazonaws.com https://stripe.com https://y4pfttj91h-1.algolianet.com/1/indexes/mkt_partners/query https://y4pfttj91h-2.algolianet.com/1/indexes/mkt_partners/query https://y4pfttj91h-3.algolianet.com/1/indexes/mkt_partners/query https://y4pfttj91h-dsn.algolia.net/1/indexes/mkt_partners/query https://tax-connectors.stripe.com 'self'; default-src 'none'; font-src https://b.stripecdn.com 'self'; form-action https://climate.stripe.com https://stripe.com 'self'; frame-ancestors https://app.contentful.com 'self'; frame-src https://checkout.stripe.dev https://support-conversations.stripe.com https://b.stripecdn.com https://checkout.stripe.com https://crypto-js.stripe.com https://js.stripe.com https://sales-live-chat.stripe.com 'self'; img-src data: https://assets.ctfassets.net https://assets.stripeassets.com https://b.stripecdn.com https://images.ctfassets.net https://images.stripeassets.com https://q.stripe.com https://stripe-camo.global.ssl.fastly.net 'self'; media-src https://assets.ctfassets.net https://assets.stripeassets.com https://b.stripecdn.com https://videos.ctfassets.net https://videos.stripeassets.com 'self'; script-src https://b.stripecdn.com https://crypto-js.stripe.com https://js.stripe.com 'self' 'sha256-3aWvb9tRBjmz1OjR3n7mwiTm94+s4iki4mMZF82asmc=' 'sha256-5LtzXhT7UFn+GqP5pKEMGL08UNZsrzANHFEBW/mQHGw=' 'sha256-beLzNcen8LrazzSCRjAapoIMTgJI0osPWGNSX7aK6lc=' 'sha256-cCM0Z4lzGkzQnmbdVw+ouz0JRawyaKcZ4yiqzqYS7ek=' 'sha256-vTifGUJH6hJYTvstw4xJ4xfr/vE0ELkOV4GpCumyqfg=' 'sha256-KxhSaxKB5RFTQsqfRwp+zG7iLjvMrTAySqnSvWlqct0=' 'report-sample'; style-src https://b.stripecdn.com 'self' 'unsafe-inline'; report-uri https://q.stripe.com/csp-violation?q=nH38K7qjYgutykEgTeFV7X1bbmnGM1HLgl6_59MinZHR4NuS1DWh0ry3Hm1z8-A%3D 1
base-uri 'none'; connect-src 'self' https://accounts.firefox.com/ https://basket.mozilla.org o1069899.ingest.sentry.io o1069899.sentry.io region1.google-analytics.com www.google-analytics.com www.googletagmanager.com www.mozilla.org/submit/bedrock/; default-src 'self' *.mozilla.org; frame-src 'self' accounts.firefox.com js.stripe.com www.google-analytics.com www.googletagmanager.com www.youtube.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' js.stripe.com s.ytimg.com tagmanager.google.com www.google-analytics.com www.googletagmanager.com www.mozilla.org www.youtube.com; media-src 'self' assets.mozilla.net videos.cdn.mozilla.net www.mozilla.org; form-action 'self' https://accounts.firefox.com/ https://basket.mozilla.org; upgrade-insecure-requests; img-src 'self' blog.mozilla.org data: images.ctfassets.net www.google-analytics.com www.googletagmanager.com www.mozilla.org; frame-ancestors 'none'; object-src 'none'; style-src 'self' www.mozilla.org; font-src 'self' www.mozilla.org 1
object-src 'none';base-uri 'self';script-src 'nonce-pQLVcGchJ5OzThPRjLtTtg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-EH0szKMlG8gRFu7LK-SGNQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-dfFvm4t5kKGrA_scuAZYbQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src https://*.ft.com https: ; font-src https://*.ft.com https: data: ; img-src https://*.ft.com https: data: ; media-src https://*.ft.com https: data: ; script-src 'unsafe-inline' 'unsafe-eval' https://*.ft.com https: ; style-src 'unsafe-inline' https://*.ft.com https: ; worker-src blob: ; connect-src https: wss://ft.coral.coralproject.net ; frame-ancestors https://*.ft.com https://*.chromatic.com ; report-uri https://csp-report.ft.com/33C06499-DBAB-4FCB-880F-75B0467895F5 1
object-src 'none';base-uri 'self';script-src 'nonce-IY9iPUZO7GacOCrReyfMqg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
report-uri https://www.yelp.com/csp_report_only?id=953c7066c6a4ba58&page=csp_report_frame_directives%2Cfull_site_ssl_csp_report_directives&policy_hash=41d0c45536d2a082f11d1cd0e00fde7f&site=www&timestamp=1752197509; frame-ancestors 'self' https://*.yelp.com; default-src https:; img-src https: data: blob:; script-src https: data: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline' data:; font-src data: https:; child-src https: yelp-webview://* yelp://* data:; object-src 'none'; worker-src blob: https:; base-uri 'self'; form-action https: 1
object-src 'none';base-uri 'self';script-src 'nonce-yGOvzNg5CK39DBv3Gtcvlg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-HZCKr459emXbkuMMW7RzXg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com/ https://cse.google.com/ https://player.vimeo.com/ https://www.googletagmanager.com/ https://www.gstatic.com https://fonts.googleapis.com/ https://www.google-analytics.com/ https://connect.facebook.net/ cdnjs.cloudflare.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://www.google.com/ https://cse.google.com/ https://player.vimeo.com/ https://www.googletagmanager.com/ https://www.gstatic.com https://fonts.googleapis.com/ https://www.google-analytics.com/ https://connect.facebook.net/ cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://www.google.com/ https://cse.google.com/ https://player.vimeo.com/ https://www.googletagmanager.com/ https://www.gstatic.com https://fonts.googleapis.com/ https://www.google-analytics.com/ https://connect.facebook.net/ cdnjs.cloudflare.com; style-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self' https://www.google.com/ https://cse.google.com/ https://player.vimeo.com/ https://www.googletagmanager.com/ https://www.gstatic.com https://fonts.googleapis.com/ https://www.google-analytics.com/ https://connect.facebook.net/ 1
script-src 'nonce-eFZFtoyG9m7j8qroLdvUQg' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1
object-src 'none';base-uri 'self';script-src 'nonce-8CrkHn8tUUfbvuVutcPRiw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-pvmlo1-U7EkRx-pCwwVNMA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-1H4NpWp_Aeo_jBSO3kTjIA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-Yy55_Kz_6-gJnQDWAC-xzw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none' media.blueapron.com; manifest-src 'self'; media-src 'self' static.zdassets.com media.blueapron.com 1
script-src 'nonce-Z0imC-zs_gt31RJ4PLZrqQ' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1
frame-ancestors 'self'; report-uri https://www.news.com.au/csp-reports 1
connect-src 'self' basket.mozilla.org https://accounts.firefox.com/ https://basket.mozilla.org o1069899.ingest.sentry.io o1069899.ingest.us.sentry.io o1069899.sentry.io region1.google-analytics.com www.firefox.com www.google-analytics.com www.googletagmanager.com; frame-src 'self' accounts.firefox.com www.google-analytics.com www.googletagmanager.com www.youtube.com; base-uri 'none'; img-src 'self' data: www.firefox.com www.google-analytics.com www.googletagmanager.com www.mozilla.org; object-src 'none'; form-action 'self' https://accounts.firefox.com/ https://basket.mozilla.org; frame-ancestors 'none'; font-src 'self' www.firefox.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' s.ytimg.com tagmanager.google.com www.firefox.com www.google-analytics.com www.googletagmanager.com www.youtube.com; default-src 'self' www.firefox.com; style-src 'self' www.firefox.com; media-src 'self' assets.mozilla.net videos.cdn.mozilla.net www.firefox.com; upgrade-insecure-requests 1
object-src 'none';base-uri 'self';script-src 'nonce-fiE1PBM1LLfrELSIywneEw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; base-uri 'self'; font-src cdn.jsdelivr.net; frame-src 'self' cse.google.com www.google.com; img-src 'self' *.amazonaws.com  www.google.com cdn.jsdelivr.net clients1.google.com www.googleapis.com *.gstatic.com pbs.twimg.com *.hypemarks.com *.tintup.com www.google-analytics.com stats.g.doubleclick.net cdn.webcomponents.ucla.edu data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com *.googletagmanager.com www.youtube.com cse.google.com cdn.jsdelivr.net *.ytimg.com cdnjs.cloudflare.com www.google-analytics.com *.amazonaws.com cdn.webcomponents.ucla.edu *.gstatic.com data:; style-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net cdn.webcomponents.ucla.edu cdnjs.cloudflare.com www.google.com; connect-src 'self' weather.atmos.ucla.edu www.google-analytics.com stats.g.doubleclick.net; report-uri /csp-hotline.php 1
object-src 'none';base-uri 'self';script-src 'nonce-b4K5XSSEAP9yJxyzJ94m_w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
block-all-mixed-content ; report-uri /csp-report 1
default-src 'self' https://*.fantia.jp; script-src 'unsafe-eval' 'unsafe-inline' 'self' https://*.fantia.jp *.genieesspv.jp *.gsspat.jp *.gsspcln.jp *.gssprt.jp *.im-apps.net *.ad-stir.com *.i-mobile.co.jp *.amoad.com *.criteo.net *.criteo.com *.fout.jp *.goldspotmedia.com *.zucks.net j.zucks.net.zimg.jp *.zucks.co.jp ta-adquick.info nend.net *.rtbhouse.com *.ad-gate.net securepubads.g.doubleclick.net *.geniee.jp https://ec-widget.toranoana.jp nav.yumenosora.co.jp *.google-analytics.com www.googletagmanager.com www.googleoptimize.com cdnjs.cloudflare.com stackpath.bootstrapcdn.com cdn.jsdelivr.net vjs.zencdn.net *.twitter.com static.ads-twitter.com *.clarity.ms *.recaptcha.net *.gstatic.com *.fontawesome.com *.chatplus.jp *.amplitude.com https://csp-report-ij4goxpsha-an.a.run.app/api/v1/csp_report; font-src 'self' https://*.fantia.jp * data:; style-src 'self' https://*.fantia.jp 'unsafe-inline' * data:; img-src 'self' https://*.fantia.jp * blob: data: www.googletagmanager.com; child-src 'self' https://*.fantia.jp blob: *.genieesspv.jp *.gsspat.jp *.gsspcln.jp *.gssprt.jp *.im-apps.net *.ad-stir.com *.i-mobile.co.jp *.amoad.com *.criteo.net *.criteo.com *.fout.jp *.goldspotmedia.com *.zucks.net j.zucks.net.zimg.jp *.zucks.co.jp ta-adquick.info nend.net *.rtbhouse.com *.ad-gate.net securepubads.g.doubleclick.net *.geniee.jp platform.twitter.com www.googletagmanager.com www.youtube.com player.vimeo.com *.recaptcha.net *.chatplus.jp; connect-src 'self' https://*.fantia.jp *.genieesspv.jp *.gsspat.jp *.gsspcln.jp *.gssprt.jp *.im-apps.net *.ad-stir.com *.i-mobile.co.jp *.amoad.com *.criteo.net *.criteo.com *.fout.jp *.goldspotmedia.com *.zucks.net j.zucks.net.zimg.jp *.zucks.co.jp ta-adquick.info nend.net *.rtbhouse.com *.ad-gate.net securepubads.g.doubleclick.net *.geniee.jp https://fantia.s3.ap-northeast-1.amazonaws.com https://cc.fantia.jp https://c.fantia.jp https://dd.fantia.jp https://d.fantia.jp https://ec-widget.toranoana.jp www.google-analytics.com stats.g.doubleclick.net *.clarity.ms *.fontawesome.com *.agora.io:* *.agoraio.cn *.ap.sd-rtn.com *.statscollector.sd-rtn.com:* *.veritrans.co.jp *.chatplus.jp wss://*.edge.agora.io:* wss://*.edge.agoraio.cn:* wss://*.edge.sd-rtn.com *.amplitude.com https://ogp-cache-system-prod-ij4goxpsha-an.a.run.app/api/v1/ogp/info https://csp-report-ij4goxpsha-an.a.run.app/api/v1/csp_report; media-src 'self' https://*.fantia.jp *.genieesspv.jp *.gsspat.jp *.gsspcln.jp *.gssprt.jp *.im-apps.net *.ad-stir.com *.i-mobile.co.jp *.amoad.com *.criteo.net *.criteo.com *.fout.jp *.goldspotmedia.com *.zucks.net j.zucks.net.zimg.jp *.zucks.co.jp ta-adquick.info nend.net *.rtbhouse.com *.ad-gate.net securepubads.g.doubleclick.net *.geniee.jp blob: https://*.chatplus.jp; frame-ancestors 'self' https://*.fantia.jp *.toranoana.jp toranoana.jp *.yumenosora.co.jp yumenosora.co.jp *.toranoana.co.jp toranoana.co.jp; form-action 'self' https://*.fantia.jp; report-to report-server; report-uri https://csp-report-ij4goxpsha-an.a.run.app/api/v1/csp_report; 1
object-src 'none';base-uri 'self';script-src 'nonce-WKD4tt_9ERH05DFnnna5jg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-zONojaa6qD_l4MsJHzRNqw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://variety.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
object-src 'none';base-uri 'self';script-src 'nonce-MKDidFDU2PwXvZmPwx-VSg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src *; script-src * 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline'; img-src * data: blob:; font-src * data: moz-extension: chrome-extension: safari-web-extension:; connect-src * data: blob: ws: wss:; media-src * data: blob:; frame-src *; object-src *; worker-src * blob:; report-uri /csp_report_log 1
default-src 'self' *.usgs.gov 'unsafe-inline' *.amazonaws.com *.arcgis.com 'unsafe-eval'  *.arcgisonline.com *.hotjar.io *.google-analytics.com; script-src 'self' *.usgs.gov 'unsafe-inline' *.googletagmanager.com *.addtoany.com *.jsdelivr.net *.hotjar.com *.cfigroup.com *.cloud.gov *.gov *.youtube.com *.ytimg.com www.youtube.com s.ytimg.com  *.google-analytics.com *.google-analytics.com connect.facebook.net *.youtube.com/iframe_api 'unsafe-eval' *.jquery.com *.cloudflare.com *.arcgis.com *.datatables.net *.dashjs.org *.googleapis.com; object-src noop.style; style-src 'self' *.usgs.gov 'unsafe-inline'  *.fontawesome.com *.cloudflare.com *.arcgis.com *.datatables.net *.gstatic.com; img-src 'self' 'unsafe-inline' *.alaska.edu *.amazonaws.com *.arcgis.com *.arcgisonline.com *.cfigroup.com *.cloud.gov *.cloudflare.com *.fontawesome.com *.google-analytics.com *.google.com *.googleapis.com *.googletagmanager.com *.gov *.gstatic.com *.nationalmap.gov *.nationsonline.org *.opengeo.org *.openstreetmap.org *.pixelcaster.com *.staticflickr.com *.ucweb.com *.usgs.gov *.ytimg.com avo.alaska.edu cdnjs.cloudflare.com data: *.openstreetmap.org ; media-src 'self' *.usgs.gov 'unsafe-inline' *.gstatic.com *.google.pn *.amazonaws.com; frame-src 'self' 'unsafe-inline' *.addtoany.com *.googletagmanager.com *.prismaaccess.com *.saasprotection.com *.trendmicro.com *.trendmicro.jp *.usgs.gov safe.menlosecurity.com *.youtube.com www.youtube.com; font-src 'self' 'unsafe-inline' *.alicdn.com *.amazonaws.com *.arcgis.com *.fontawesome.com *.gstatic.com *.jsdelivr.net *.mustcheck.com *.simplycodes.com *.slant.co *.typekit.net *.usgs.gov cdn.goin.cloud cdn.scite.ai data:; connect-src 'self' 'unsafe-inline' *.amazonaws.com *.arcgis.com *.arcgisonline.com *.cloud.gov *.cloudfront.net *.fontawesome.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gov *.gstatic.com *.hotjar.com *.hotjar.io *.jsdelivr.net *.usgs.gov cdn.jsdelivr.net wss://ws.hotjar.com 1
script-src 'nonce-dEP4GoOxmkZf6dGjVicZB8LkWXPsjA76'  'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https:; base-uri 'self' ; object-src 'none'; require-trusted-types-for 'script'; report-uri https://csp.microsoft.com/report/OneService-Site-PROD 1
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/safety_google 1
frame-ancestors 'self' https://ss.datasconsole.com; worker-src 'self'; object-src 'none'; script-src 'self' 'unsafe-inline' blob: https://*.coinmarketcap.com https://cdn.fuseplatform.net https://cdn.cookielaw.org https://pagead2.googlesyndication.com/pagead/ https://ep2.adtrafficquality.google https://cdn4.buysellads.net https://www.youtube.com/iframe_api https://www.youtube.com/s/ https://btloader.com https://securepubads.g.doubleclick.net/tag/ https://securepubads.g.doubleclick.net/pagead/ https://script.4dex.io https://s3.tradingview.com https://organizer.bizzabo.com https://www.google.com/recaptcha/ https://telegram.org https://staticrecap.cgicgi.io https://unpkg.com/vconsole/dist/vconsole.min.js https://browser.sentry-cdn.com https://*.amazon-adsystem.com https://cdn.confiant-integrations.net https://metrics.rapidedge.io https://www.recaptcha.net/recaptcha/ https://recaptcha.net/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://static.criteo.net https://static.hotjar.com https://script.hotjar.com https://cdn.jsdelivr.net/npm/sa-sdk-javascript@1.23.1/ https://static.chartbeat.com https://www.googletagmanager.com https://connect.facebook.net https://d3e54v103j8qbb.cloudfront.net https://dka575ofm4ao0.cloudfront.net https://cdn.prod.website-files.com/673103928b37b65e7d37cd09/ https://cdn.prod.website-files.com/67d034787e0f85d807e76c72/ https://platform-api.sharethis.com/ https://buttons-config.sharethis.com https://cdn.ampproject.org https://www.google-analytics.com https://chatwidget.kodif.io https://app.sgwidget.com https://public.bnbstatic.com https://checkout.stripe.com; report-uri https://o230231.ingest.us.sentry.io/api/1773863/security/?sentry_key=f6a79779d88945e5bf5c2b7e74ee1ed8; 1
base-uri 'none'; connect-src https://c.increment.com https://c.stripe.dev https://c.stripe.global https://c.stripe.partners blob: https://b.stripecdn.com https://climate.stripe.com https://errors.stripe.com https://ext.stripe.com https://r.stripe.com https://sales-live-chat.stripe.com https://stripe-images.s3.us-west-1.amazonaws.com https://stripe.com https://y4pfttj91h-1.algolianet.com/1/indexes/mkt_partners/query https://y4pfttj91h-2.algolianet.com/1/indexes/mkt_partners/query https://y4pfttj91h-3.algolianet.com/1/indexes/mkt_partners/query https://y4pfttj91h-dsn.algolia.net/1/indexes/mkt_partners/query https://tax-connectors.stripe.com 'self'; default-src 'none'; font-src https://b.stripecdn.com 'self'; form-action https://climate.stripe.com https://stripe.com 'self'; frame-ancestors https://app.contentful.com 'self'; frame-src https://checkout.stripe.dev https://support-conversations.stripe.com https://b.stripecdn.com https://checkout.stripe.com https://crypto-js.stripe.com https://js.stripe.com https://sales-live-chat.stripe.com 'self'; img-src data: https://assets.ctfassets.net https://assets.stripeassets.com https://b.stripecdn.com https://images.ctfassets.net https://images.stripeassets.com https://q.stripe.com https://stripe-camo.global.ssl.fastly.net 'self'; media-src https://assets.ctfassets.net https://assets.stripeassets.com https://b.stripecdn.com https://videos.ctfassets.net https://videos.stripeassets.com 'self'; script-src https://b.stripecdn.com https://crypto-js.stripe.com https://js.stripe.com 'self' 'sha256-3aWvb9tRBjmz1OjR3n7mwiTm94+s4iki4mMZF82asmc=' 'sha256-5LtzXhT7UFn+GqP5pKEMGL08UNZsrzANHFEBW/mQHGw=' 'sha256-beLzNcen8LrazzSCRjAapoIMTgJI0osPWGNSX7aK6lc=' 'sha256-cCM0Z4lzGkzQnmbdVw+ouz0JRawyaKcZ4yiqzqYS7ek=' 'sha256-vTifGUJH6hJYTvstw4xJ4xfr/vE0ELkOV4GpCumyqfg=' 'sha256-KxhSaxKB5RFTQsqfRwp+zG7iLjvMrTAySqnSvWlqct0=' 'report-sample'; style-src https://b.stripecdn.com 'self' 'unsafe-inline'; report-uri https://q.stripe.com/csp-violation?q=v-vNL9rcSpaM7eYRYpSFGkFGoGhOQipI6Wi0LixnMAmyKB0_x6ZRdFtKE1aN5GE%3D 1
default-src https: 'self' data: blob:; script-src https: 'self' data: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'self' 'unsafe-inline' blob:; report-uri https://services.fandom.com/csp-logger/csp/upstream 1
object-src 'none';base-uri 'self';script-src 'nonce-10z4VLGoykeQwKRTZaH9lw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' https://cdn.ampproject.org https://snap.licdn.com https://www.youtube.com *.youtube.com *.google-analytics.com https://www.googletagmanager.com https://consent.bumble.com *.typeform.com *.doubleclick.net *.taboola.com; script-src 'self' 'unsafe-inline' 'report-sample' 'nonce-nVM4W+qBFY/qvssFyMLQAg==' https://cdn.ampproject.org https://snap.licdn.com https://www.youtube.com *.youtube.com *.google-analytics.com https://www.googletagmanager.com https://consent.bumble.com *.typeform.com *.doubleclick.net *.taboola.com; style-src 'self' 'unsafe-inline' *.typeform.com; connect-src 'self' https://cdn.ampproject.org https://consent.bumble.com https://www.googletagmanager.com *.google-analytics.com *.analytics.google.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com/pagead *.googlesyndication.com; child-src 'self'; font-src 'self' data:; manifest-src 'self'; base-uri 'self'; frame-src 'self' https://cdn.ampproject.org https://snap.licdn.com https://www.youtube.com *.youtube.com *.google-analytics.com https://www.googletagmanager.com https://consent.bumble.com *.typeform.com *.doubleclick.net *.taboola.com; img-src * data: blob: www.googletagmanager.com; media-src * data: blob:; report-uri /jss/csp_report.phtml?token=bumble_team_site&env=production; 1
default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.zijieimg.com *.helo-app.com *.toutiaopage.com *.zjurl.cn *.pstatp.com *.bytecdn.cn *.isnssdk.com *.byteoversea.com *.365yg.com *.ks-cdn.com *.ipstatp.com *.amemv.com *.ibytedtos.com *.ixigua.com *.ixiguavideo.com *.hypstarcdn.com *.tiktokcdn.com *.topbuzzcdn.com *.lemocamcdn.com *.musical.ly *.muscdn.com *.ulikecam.mobi *.faceu.mobi *.wukongwenda.com *.wukongwenda.cn *.toutiao13.com *.toutiaoribao.cn *.ribaoapi.com *.dongchediapp.com *.huoshanzhibo.com *.huoshanxiaoshipin.cn *.huoshanxiaoshipin.net *.huoshanvideo.cn *.huoshanvideo.net *.ieshuodong.cn *.ieshuodong.net *.byteoversea.com *.topbuzz.com *.hypstar.com *.tiktokv.com *.byted.org *.bytedance.net *.bytedance.com *.bytedance.cn *.toutiaocloud.com *.snssdk.com *.toutiao.com *.neihanshequ.com *.wukong.com *.huoshan.com *.douyin.com *.everphoto.cn *.jinritemai.com *.tuchong.com *.stock.tuchong.com *.luckycalendar.cn *.bcy.net *.feishu.cn *.dcdapp.com *.oceanengine.com *.chengzijianzhan.com *.byteimg.com *.google-analytics.com 1
frame-ancestors 'none'; report-uri https://dnsimple.report-uri.com/r/d/csp/wizard 1
script-src 'nonce-344fbf651b9c44eba49d928f216ad06d' 'strict-dynamic' 'wasm-unsafe-eval' 'unsafe-eval' *.bdxiguastatic.com *.bytescm.com *.bytetos.com *.toutiao.com *.ibytedapm.com bdxiguastatic.com *.bytegoofy.com;img-src blob: data: *.douyinstatic.com *.toutiaoimg.com *.bdxiguastatic.com *.bdxiguaimg.com *.bytexservice.com *.bytednsdoc.com *.douyinpic.com *.byteeffecttos.com *.byteacctimg.com *.byteimg.com *.bytecdn.cn http: *.ixigua.com *.itoutiaoimg.com *.toutiaostatic.com s.360.cn *.bytescm.com *.byted.org pos.baidu.com www.gstatic.com jonypractic.net wx.qlogo.cn;report-to slardar-endpoint;style-src blob: 'self' pwm-image.trendmicro.com www.gstatic.com cdn.jsdelivr.net plugin.newmorehot.com *.bytedance.net lib.baomitu.com *.bdxiguastatic.com 'unsafe-inline';manifest-src *.bytednsdoc.com;frame-src wo.laiwoshop.com pwm-image.trendmicro.com a.safen100.com c.safen110.com m.youtube.com code.woqrcode.com api.xiaoduis.com *.ixigua.com cdn.hunong.xyz cha.chaweather.com cx.chacizus.com v2.maoyinews.xyz *.summer5188.com tj.shshinfo.com www.mgtv.com vip.zhanyangsh.cn; 1
object-src 'none';base-uri 'self';script-src 'nonce-M4EdvTkDCmK4TOcpvh-Wzg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-_qbsThtiQ0a32R7fvwayxw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-7L2zlhTAh0TA2xg0MwS58Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-jiXyJxBW_2ExXd05uokXyw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-8X1wQ6gqJZD0GHW2T4I_qw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-smMcnQpXrVLyOZfyNTslbg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'nonce-htiuJat9lWDIaS1YQJlK2h2cDA4ZzMG7'  'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https:; base-uri 'self' ; object-src 'none'; require-trusted-types-for 'script'; report-uri https://csp.microsoft.com/report/OneService-Site-PROD 1
object-src 'none';base-uri 'self';script-src 'nonce-hrFqFG7qT6cewRfm0s3p4g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-PusK5X70BuDpqkomYD4JIA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-mofjR2eJAY0t9T-ommaIcg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-lfwiGQJOoTIXWRdXKoyvPg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-FIbA0yOHvyDaplnP7c-ZpA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-8_u0FEFPwJAEI6zlA3S6sA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
base-uri 'none'; child-src *.shipt.com *.adsrvr.org *.criteo.com *.criteo.net *.doubleclick.net *.googlesyndication.com *.kampyle.com *.medallia.com *.pinterest.com *.recruitics.com *.sprinklr.com *.use1.pure.cloud apps.rokt.com hooks.stripe.com js.stripe.com request.eprotect.vantivprelive.com request.eprotect.vantivcnp.com www.googletagmanager.com www.facebook.com tr.snapchat.com www.youtube.com csxd.shipt.com 'self' blob:; connect-src 'self' *.bing.com *.branch.io *.clarity.ms *.contentsquare.net *.criteo.com *.criteo.net *.doubleclick.net *.dynatrace.com *.google.com google.com *.google-analytics.com *.googleapis.com *.googlesyndication.com *.kampyle.com *.medallia.com *.mouseflow.com *.shipt.com *.sprinklr.com *.use1.pure.cloud *.bugsnag.com d37hm4w715hh7d.cloudfront.net adservice.google.com analytics.tiktok.com api.segment.io api.stripe.com js.stripe.com cdn.segment.com connect.facebook.net ct.pinterest.com s.yimg.com tr.snapchat.com wss://*.sprinklr.com www.facebook.com www.googletagmanager.com www.googleadservices.com zapier.com https://p2blobstore.blob.core.windows.net browser-intake-us5-datadoghq.com transcend-cdn.com *.transcend.io heapanalytics.com; font-src 'self' data: *.kampyle.com *.medallia.com *.sprinklr.com *.shipt.com heapanalytics.com; form-action *.facebook.com *.shipt.com accounts.google.com appleid.apple.com ct.pinterest.com tr.snapchat.com; frame-ancestors *.shipt.com; img-src 'self' data: blob: *; object-src 'none'; script-src 'nonce-0fac5f69acb6a1f20b5ae23e75a2148c' 'self' 'report-sample' *.bing.com *.clarity.ms *.criteo.com *.criteo.net *.dstillery.com *.doubleclick.net *.googlesyndication.com *.hlserve.com *.kampyle.com *.medallia.com *.media6degrees.com *.recruitics.com *.shipt.com *.sprinklr.com *.use1.pure.cloud *.dynatrace.com adserver.pandora.com analytics-sm.com js.adsrvr.org s.pinimg.com ct.pinterest.com sc-static.net ajax.cloudflare.com analytics.tiktok.com app.contentsquare.com apps.rokt.com dhqbrvplips7x.cloudfront.net app.link connect.facebook.net cdn.branch.io cdn.mouseflow.com cdn.segment.com js.stripe.com maps.googleapis.com p2blobstore.blob.core.windows.net request.eprotect.vantivprelive.com request.eprotect.vantivcnp.com t.contentsquare.net tr.snapchat.com snap.licdn.com web.btncdn.com www.googleadservices.com www.googletagmanager.com s.yimg.com transcend-cdn.com cdn.heapanalytics.com heapanalytics.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' *.kampyle.com *.medallia.com *.shipt.com transcend-cdn.com heapanalytics.com; worker-src 'self' blob:; default-src 'self'; media-src 'self' *.shipt.com *.use1.pure.cloud *.sprinklr.com 1
object-src 'none';base-uri 'self';script-src 'nonce-RrYnn1MYDzDVUnCU-7j7Ow' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-T4M3Np46MdadtOLuhAFTsA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; frame-src 'self' https://9628652.fls.doubleclick.net https://td.doubleclick.net https://js.driftt.com https://a8447815042.cdn-pci.optimizely.com https://ct.pinterest.com https://tealium-f.squarecdn.com; worker-src 'self' blob:; connect-src 'self' https://assets.ctfassets.net https://api.broadway.squareup.com https://campaign-hub-production-f.squarecdn.com https://api.squareup.com/v1/cdp/batch https://api.squarestagingexternal.com/v1/cdp/batch https://api.squarestagingexternal.com https://api.squareup.com https://api.squareupstaging.com *.contentsquare.net https://capi.squareup.com https://browser-intake-datadoghq.com https://stats.g.doubleclick.net https://facebook.com https://www.facebook.com https://googleads.g.doubleclick.net http://www.google-analytics.com https://www.google-analytics.com https://google.com https://www.google.com https://us-central1-sq-sgtm-prod.cloudfunctions.net https://www.googletagmanager.com http://images.ctfassets.net https://images.ctfassets.net http://424-iab-218.mktoresp.com https://424-iab-218.mktoresp.com https://xms2-marketo.beta.stage.sqprod.co https://424-iab-218.mktoutil.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://privacyportal.onetrust.com https://logx.optimizely.com https://ct.pinterest.com https://conversions-config.reddit.com https://pixel-config.reddit.com https://www.redditstatic.com *.ingest.us.sentry.io *.6sc.co https://api.sprig.com https://squareupstaging.com https://visitor-scoring-new.marketlinc.com https://api.chilipiper.com https://pw-renderer-production-c.squarecdn.com localhost:*; font-src 'self' https://cash-f.squarecdn.com https://square-fonts-production-f.squarecdn.com; img-src 'self' data: blob: https://ib.adnxs.com https://assets.ctfassets.net https://cdn.blisspointmedia.com https://campaign-hub-production-f.squarecdn.com *.contentsquare.net https://ad.doubleclick.net https://facebook.com https://www.facebook.com https://google.com https://www.google.com https://adservice.google.com https://googleads.g.doubleclick.net http://www.google-analytics.com https://www.google-analytics.com https://*.g.doubleclick.net https://www.googletagmanager.com http://images.ctfassets.net https://images.ctfassets.net https://px.ads.linkedin.com https://cdn.cookielaw.org https://pixel.pointmediatracker.com https://alb.reddit.com *.6sc.co https://api.squareup.com https://api.squareupstaging.com https://insight.adsrvr.org https://match.adsrvr.org https://pw-renderer-production-c.squarecdn.com; manifest-src 'self' https://pw-renderer-production-c.squarecdn.com; media-src 'self' https://assets.ctfassets.net https://js.driftt.com http://videos.ctfassets.net https://videos.ctfassets.net; script-src 'self' *.contentsquare.net https://www.datadoghq-browser-agent.com https://js.driftt.com https://connect.facebook.net https://www.googleadservices.com https://googleads.g.doubleclick.net http://www.google-analytics.com https://www.google-analytics.com https://www.googletagmanager.com https://campaign-hub-production-f.squarecdn.com https://lift-ai-js.marketlinc.com https://martech-development-c.squarecdn.com https://martech-production-c.squarecdn.com https://martech-staging-c.squarecdn.com http://munchkin.marketo.net https://munchkin.marketo.net https://cdn.cookielaw.org https://a8447815042.cdn-pci.optimizely.com https://s.pinimg.com https://ct.pinterest.com https://pw-renderer-production-c.squarecdn.com https://pw-renderer-staging-c.squarecdn.com https://pwt-production-c.squarecdn.com https://pwt-staging-c.squarecdn.com https://www.redditstatic.com *.6sc.co https://cdn.sprig.com https://xms-production-f.squarecdn.com https://www.youtube.com https://pw-renderer-production-c.squarecdn.com 'nonce-GD2qPgPmVuamjrJAcZstDQ=='; style-src 'self' https://square-fonts-production-f.squarecdn.com 'unsafe-inline' https://pw-renderer-production-c.squarecdn.com; frame-ancestors 'self' https://app.contentful.com; report-uri https://browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubd9af00759e65a48ba7ee3ff1dfa4260b&dd-evp-origin=content-security-policy&ddsource=csp-report; report-to browser-intake-datadoghq 1
script-src 'self' https: https://www.google-analytics.com https://cdn.amplitude.com 'unsafe-eval' 'unsafe-inline' data: 'nonce-8nguJIiEnhyVDNPAMBBVwA=='; worker-src blob: data:; report-uri https://us.sentry.io/api/4506690010480640/security/?sentry_key=aab2498373841041d6b48d721aefbdc1&sentry_environment=production&sentry_release=fd817cedc5dcb4f66369a420d77c83369b69263c 1
object-src 'none';base-uri 'self';script-src 'nonce-p_uSVT1QkheMU2UxN4oS3Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; connect-src 'self' *.onetrust.com *.googleapis.com *.google-analytics.com googletagmanager.com *.google.com; font-src 'self' *.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.googleapis.com *.jotform.com *.jotform.ms *.jotfor.ms https://www.googletagmanager.com *.onetrust.com https://unpkg.com/ *.gstatic.com *.google.com *.rsc.org public.flourish.studio https://www.youtube.com; style-src 'self' 'unsafe-inline' *.googleapis.com public.flourish.studio; img-src 'self' data: *.onetrust.com *.ytimg.com *.googletagmanager.com public.flourish.studio fonts.gstatic.com forms.rsc.org; frame-ancestors 'none'; frame-src *.youtube-nocookie.com forms.rsc.org *.youtube.com flo.uri.sh www.googletagmanager.com; report-to xbyk-csp-report 1
script-src https://www.airtable.com https://airtable-marketing.herokuapp.com https://airtable.com https://static.airtable.com/ 'unsafe-inline' 'unsafe-eval' 'report-sample' https: blob:; style-src 'unsafe-inline' https:; block-all-mixed-content; object-src //pages.airtable.com; base-uri 'none'; report-uri https://airtable.com/.csp/report 1
object-src 'none';base-uri 'self';script-src 'nonce-9FCAOAtDAEq8XqeYtkbAPg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-LkRWd8wXYcNu1_AL8YaftA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce--lbAH-QBklBYIQmGwFlmIA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-7yDyRiVRxmmYbzs0Byyuew' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' 1003891.track.convertexperiments.com app.hubspot.com cdn-3.convertexperiments.com cdn-4.convertexperiments.com cdn.pdst.fm connect.facebook.net js.hs-analytics.net js.hs-banner.com js.hsforms.net js.hsleadflows.net js.hubspotfeedback.com js.usemessages.com play.vidyard.com script.hotjar.com snap.licdn.com static.hotjar.com static.hsappstatic.net www.google-analytics.com www.googletagmanager.com www.recaptcha.net code.highcharts.com www.youtube.com js.hubspot.com www.dropbox.com widget.altrulabs.com www.google.com maps.googleapis.com wt-assets.hubteam.com cdn2.hubspot.net www.redditstatic.com cdn.veritonic.com gosniply.com d.impactradius-event.com test.test.com js.hubspot.com analytics.tiktok.com 'strict-dynamic' 'nonce-mKa0xkJwXHpWZH1q98e12g=='; report-uri https://send.hsbrowserreports.com/csp/report 1
object-src 'none';base-uri 'self';script-src 'nonce-C5KC2sXNNwzyBqsaHu8NGQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-9V4VQxtx_Mbt-AmrxdPE7Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-e3bSgmj-Ksu9ivrTNRh7HQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-jK6KQzBJ4FiqmjztO4Bc0A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-0-3X5z6Qkkm-9Le81Znctw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; base-uri 'self'; font-src 'self' fonts.gstatic.com *.atlassian.com data:; worker-src blob:; media-src 'self' api.media.atlassian.com *.atlassian.com; img-src data: blob: 'self' *.badgen.net *.youtube.com atlassian.wpengine.netdna-cdn.com global.discourse-cdn.com img.shields.io *.atlassian.net *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat www.gstatic.com *.wp.com cdn.cookielaw.org *.clicktale.net *.doubleclick.net https://googleads.g.doubleclick.net images.ctfassets.net *.public.atl-paas.net trello.com trello-backgrounds.s3.amazonaws.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.google.co.in *.google.com *.atlassian.com *.gravatar.com; frame-src 'self' *.atlassian.com *.atl-paas.net *.googletagmanager.com player.vimeo.com trello.com www.youtube.com www.figma.com; connect-src 'self' *.googletagmanager.com *.algolianet.com *.algolia.net *.clicktale.net *.launchdarkly.com *.trello.com *.doubleclick.net *.qualtrics.com *.onetrust.com *.sentry.io cdn.segment.com api.segment.io www.google-analytics.com cdn.cookielaw.org *.atlassian.com *.algolia.io *.google.com; report-uri https://web-security-reports.services.atlassian.com/csp-report/dac; object-src 'none'; style-src 'self' *.trellocdn.com *.atlassian.com 'unsafe-inline'; script-src 'nonce-wNIFXcMTIVvrw1MnMw7IcbDuS68IfA/z9ASYbn7QZ3A=' 'self' 'sha256-Nt9ereHaxV04RZ20OLtdR3uuFr1X0/Pbt5KbGls/wXg=' https://www.googleadservices.com https://player.vimeo.com/api/player.js *.segment.com *.clicktale.net mscgen.js.org *.qualtrics.com *.trellocdn.com *.atlassian.com www.googletagmanager.com www.google-analytics.com https://cdn.cookielaw.org https://cdn.jsdelivr.net/npm/search-insights@2.2.1 https://run.pstmn.io/button.js *.atl-paas.net https://srm.bf.contentsquare.net/exist 1
script-src 'unsafe-eval' blob: 'self' meta.wikimedia.org *.wikimedia.org *.wikipedia.org *.wikinews.org *.wiktionary.org *.wikibooks.org *.wikiversity.org *.wikisource.org wikisource.org *.wikiquote.org *.wikidata.org *.wikifunctions.org *.wikivoyage.org *.mediawiki.org 'unsafe-inline' auth.wikimedia.org; default-src 'self' data: blob: upload.wikimedia.org https://commons.wikimedia.org meta.wikimedia.org *.wikimedia.org *.wikipedia.org *.wikinews.org *.wiktionary.org *.wikibooks.org *.wikiversity.org *.wikisource.org wikisource.org *.wikiquote.org *.wikidata.org *.wikifunctions.org *.wikivoyage.org *.mediawiki.org wikimedia.org en.wikipedia.org en.wikibooks.org en.wikinews.org en.wikiquote.org en.wikisource.org en.wikiversity.org en.wikivoyage.org en.wiktionary.org api.wikimedia.org commons.wikimedia.org foundation.wikimedia.org incubator.wikimedia.org species.wikimedia.org wikimania.wikimedia.org www.wikidata.org www.wikifunctions.org auth.wikimedia.org; style-src 'self' data: blob: upload.wikimedia.org https://commons.wikimedia.org meta.wikimedia.org *.wikimedia.org *.wikipedia.org *.wikinews.org *.wiktionary.org *.wikibooks.org *.wikiversity.org *.wikisource.org wikisource.org *.wikiquote.org *.wikidata.org *.wikifunctions.org *.wikivoyage.org *.mediawiki.org wikimedia.org 'unsafe-inline'; object-src 'none'; report-uri /w/api.php?action=cspreport&format=json&reportonly=1 1
object-src 'none';base-uri 'self';script-src 'nonce-OJA9QBW5_lopuAZrk7GyCA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-wNwmbKIxccvKEMbjAw6rqg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-9XzOUsYMhqkGwG1TWNR1VA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-uKxS3JjrEisnnnX0T3JUfA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-Eldu-YRksv7XB07YJqAKpw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://*.posthog.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://*.posthog.com https://res.cloudinary.com https://www.gravatar.com; font-src 'self' data: https://d27nj4tzr3d5tm.cloudfront.net https://res.cloudinary.com; connect-src 'self' https://*.posthog.com https://api.github.com https://lottie.host https://better-animal-d658c56969.strapiapp.com https://forms.default.com; media-src 'self' https://d1hovhsvet4m1p.cloudfront.net; frame-src 'self' https://www.youtube-nocookie.com; worker-src 'self' blob:; child-src 'self' blob:; object-src 'none'; frame-ancestors 'none'; report-uri https://us.i.posthog.com/report/?token=sTMFPsFhdP1Ssg&sample_rate=0.1&v=1; report-to posthog 1
object-src 'none';base-uri 'self';script-src 'nonce-iPfAbqu6WXncVSyy-zG59A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-bw8OB_mkLW9xp6LnrUaDhg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-H_o3EtdjzqYiimODPVbvpg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' app.hubspot.com cdn-3.convertexperiments.com cdnjs.cloudflare.com connect.facebook.net cta-service-cms2.hubspot.com js.hsforms.net js.hs-analytics.net js.hs-banner.com js.hsleadflows.net js.hubspotfeedback.com js.usemessages.com platform.twitter.com play.vidyard.com run.pstmn.io script.crazyegg.com script.hotjar.com static.hotjar.com static.hsappstatic.net use.typekit.net www.googletagmanager.com www.google-analytics.com www.hubspot.com 'strict-dynamic' 'nonce-s7KU+rxvQWWj/cotgXGWgw=='; report-uri https://send.hsbrowserreports.com/csp/report 1
script-src 'nonce-zzpPg68f14vsShvRZl3XKKhO3gg2Tu4N' 'strict-dynamic'; object-src 'self'; base-uri 'self'; frame-ancestors metrika.yandex.ru metrika.yandex.by metrica.yandex.com.tr; worker-src 'self'; report-uri https://csp.yandex.net/csp?from=orbit&project=orbit 1
object-src 'none'; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://*.kolesa.kz https://kolesa.kz wss://*.kolesa.kz https://sentry-common.kolesa.team yastatic.net *.adfox.ru *.yandex.ru *.yandex.net *.yandex.kz *.yandex.com yandex.ru yandex.kz yandex.com yandexadexchange.net *.ftd.agency *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com *.google.kz *.google.co.uz *.googlesyndication.com *.googleadservices.com *.gstatic.com *.ampproject.org *.segmentstream.com *.facebook.net *.facebook.com *.tiktok.com *.youtube.com; report-to csp-endpoint 1
object-src 'none';base-uri 'self';script-src 'nonce-brEZzlCyDAJX-O_6VdTmJg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-jvZKjOWAjwjKI64R6V7UxA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'nonce-8126793dc501098baffa47c1f9e7d0e5' 'strict-dynamic' 'unsafe-hashes' 'sha256-xrJuOSR6jDaT+bukIUJugsa11m/X5XIE5PpG43kF7Dk=' 'sha256-4NCNDWo1wUYyhR6cZ81TMIh6wd1q9zLwU2XIKzJg5iA='; script-src-attr 'unsafe-hashes' 'sha256-xrJuOSR6jDaT+bukIUJugsa11m/X5XIE5PpG43kF7Dk=' 'sha256-4NCNDWo1wUYyhR6cZ81TMIh6wd1q9zLwU2XIKzJg5iA='; report-to csp-endpoint 1
object-src 'none';base-uri 'self';script-src 'nonce-LLSyGYPLyXzLVzWFGUKCgA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-U5xtdXHpo_9_yHXxgMSlng' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-NQX85IsfRv4GRBbE6QuKnQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self';; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://maps.googleapis.com *.crazyegg.com *.googletagmanager.com *.browsealoud.com  *.piksel.tech https://dap.digitalgov.gov https://www.youtube.com https://s.ytimg.com;; object-src 'none';; style-src 'self' 'unsafe-inline' fonts.googleapis.com;; style-src-elem 'self' 'unsafe-inline' data:; img-src 'self' data: blob: https:;; frame-src 'self' https://www.youtube.com *.googletagmanager.com *.piksel.tech;; worker-src 'self' blob:; font-src 'self' data: https://fonts.gstatic.com;; connect-src 'self' https://dap.digitalgov.gov https://maps.googleapis.com *.crazyegg.com *.googletagmanager.com *.browsealoud.com  *.piksel.tech *.google-analytics.com https://translate.googleapis.com https://www.uscourts.gov;; report-uri /report-csp-violation 1
script-src 'report-sample' 'nonce-YzlhNGU2ZjMtZTM4Zi00YWYzLWI5MDctZTkwM2I5ZDhjNWNh' 'sha256-csrVWp8CMHoRM1BNkwrZ4oBNVfUGJISZyfZ1clrdEjY=' 'sha256-h5LVzK0ijAigetqSxWVza5zUamL4ovsgDFoUjQnl9Oo=' 'sha256-KZ5aOlccpgH2A5kDzmoM6CtWgVDwxped5zBvrmTP3sU=' 'sha256-rZCMKkBIutDugPHWhQk7o6TCRCo4O577/TWutRjSwVg=' 'sha256-DywUU9xjLyCO4tzNLPijzuVQs028sGTOW3aU9NizW+E=' 'sha256-+Jx0BAXcVQjxwcOOSVwwUBKi509Ydrjig+H8pCn1cOY=' 'sha256-kiMAdJCDJrcN5E+xF+tflCbd5hjeVXH0NoZ+09uqW40=' 'strict-dynamic' 'unsafe-inline' http: https:; object-src 'none'; base-uri 'none' 1
object-src 'none';base-uri 'self';script-src 'nonce-ngGvNB7COrpAmqTARZ-wsA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-C6Fzx2lOZNCv_mFYEZeBAg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-HZZTSBxrOH9LZt0dmWoY3A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-7F79Ac9tbbEtq8CsrFkhaw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-HEZ5YsE16CF6r-RXMQdaaw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-WFQ6s6g9XUhyz0VcxNuWmg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-3QZfftv3kzym6j6iPWIg2w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/chrome 1
object-src 'none';base-uri 'self';script-src 'nonce-GDvI-44FPaty1SNdHDUuHw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-6zzSTCqFZw4E2dwbS_zTRg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
frame-ancestors 'self' ; report-uri https://www.pdffiller.com/api_v3/security_report/cspViolationsReport?appKey=rs3dwgboso31.apps.marketing_pages 1
object-src 'none';base-uri 'self';script-src 'nonce-TrDjIhAOYCu8Sj5IjO3TgQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-o_jnA0JYUulz5CrBtnSmPA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-_rufCI4OgH7taK8KnfxbpQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-aGhvFdYMTPhPXFT7MHAbrA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-vnt4yhI_hwtj7B2-YqZihg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce--2hrzO1u9DJSNUNJV7K3ng' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-5b3Yw2o4__CCPrzLQxjPwg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src * 'unsafe-eval' 'unsafe-inline' blob: data:;frame-src 'self' sinaweibo: weibo.com *.weibo.com weibo.cn *.weibo.cn sina.com.cn *.sina.com.cn sina.cn *.sina.cn *.sinaimg.cn sinanews: sinanewslite: intent: se5bed38c567feb2a: sb5750862870e1cc2: sdc77698a60e45368: sb2623a3919ed77d3: s3d4cfbed31875e1c: sc876cbd9ae34e814: sdf08f19582289581: sc640c3792845ba3e: se8525a4dbfaa192b: sb5261983836bde16: sinablog: sinanewapmwebview: sinanewsdirect: sinafinance:; script-src 'self' 'unsafe-inline' 'unsafe-eval' weibo.com *.weibo.com weibo.cn *.weibo.cn sina.com.cn *.sina.com.cn sina.cn *.sina.cn *.sinaimg.cn *.qchannel03.cn *.qihucdn.com *.qhres.com *.sinajs.cn *.leju.com *.qq.com qzonestyle.gtimg.cn; report-uri https://logger.sina.cn/report; 1
object-src 'none';base-uri 'self';script-src 'nonce-mPtKg6gS-wiuOScfjQjDHg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-g-51pRtt8pnKHNzxDcRUnw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-nxZBEul1p6l2LaiRik4aOw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
base-uri 'self'; connect-src https: wss: blob:; font-src 'self' data: https://d11k51v32u8ru4.cloudfront.net https://fonts.gstatic.com https://*.ctfassets.net https://uc-frontend-assets.compass.com; frame-src https: blob:; img-src https: data: blob:; manifest-src 'self'; media-src https: data: blob:; object-src 'none'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://api.compass.com https://app-glide.compass.com https://cdn.heapanalytics.com https://heapanalytics.com https://cdn.segment.com https://connect.facebook.net https://edge.fullstory.com/s/ https://maps.googleapis.com/maps/api/js/ https://static.zdassets.com/ekr/snippet.js https://static.filestackapi.com https://web-sdk.aptrinsic.com/api/aptrinsic.js https://www.datadoghq-browser-agent.com https://www.google-analytics.com https://www.googleadservices.com https://www.google.com/recaptcha/ https://maps.googleapis.com https://apis.google.com https://www.gstatic.com https://www.googletagmanager.com https://js.stripe.com https://stats.pusher.com https://widget.intercom.io https://js.intercomcdn.com https://boards.greenhouse.io https://siteintercept.qualtrics.com https://zn0feyon15oqdwcu1-compass.siteintercept.qualtrics.com https://www.youtube.com https://googleads.g.doubleclick.net https://snap.licdn.com https://js.hubspot.com https://js.hs-analytics.net https://js.hs-scripts.com https://js.hsadspixel.net https://js.hs-banner.com https://api.compass.com https://ajax.googleapis.com https://cdnjs.cloudflare.com https://unpkg.com https://cdn.jsdelivr.net https://code.jquery.com; style-src 'report-sample' 'self' 'unsafe-inline' https://uc-frontend-assets.compass.com https://app-glide.compass.com https://www.google-analytics.com https://www.googletagmanager.com https://fonts.googleapis.com https://static.filestackapi.com https://web-sdk.aptrinsic.com https://www.gstatic.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://unpkg.com blob:; worker-src blob:; report-uri /csp-report/?key=new 1
object-src 'none';base-uri 'self';script-src 'nonce-V7QuDeUzVfAEFuVuhUfInA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-3xk636i2TqVhoFEugmcTpA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-3rDLA9K5zpm3RQ1tV9KlQg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-vrWtm3nzQR71kRWML_3cMg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-x9B3W09cmyi5maDTBkgJlw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-2vd2cgwtCXlyMvBxcQCs-w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-SfSZX6jnmtv0igU1PHnENQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-zUlVO0RZJZ96iWSdRCtFrA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-lKqIqsuNqU_zc1oaM95cpw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-Q4AOPcReI8X8soQv_txhdg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-L6swSo9qUQ_XCBNb99VbhQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
base-uri 'none'; default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' https://cdn.heapanalytics.com https://distillery.wistia.com/x https://matillion.ddev.site:3000/ wss://matillion.ddev.site:3000 https://fast.wistia.com https://www.googletagmanager.com https://cdn.heapanalytics.com/js/heap-1873293713.js https://cdn.iubenda.com/cs/iubenda_cs.js https://connect.facebook.net/en_US/fbevents.js https://content.cdntwrk.com/components/website-widget/v1/118604/widget.js https://fast.wistia.com/assets/external/E-v1.js https://googleads.g.doubleclick.net/pagead/viewthroughconversion/848565924/ https://in.ml314.com/ud.ashx https://js.driftt.com/include/1688577300000/vh948h8ntehg.js https://js.intercomcdn.com/vendor-modern.255c4d36.js https://lift-ai-js.marketlinc.com/www.matillion.com/deployment.js https://ml314.com/tag.aspx https://munchkin.marketo.net/munchkin.js https://okt.to/ping https://pages.matillion.com/js/forms2/js/forms2.min.js https://script.hotjar.com/modules.832d10fb416834285523.js https://snap.licdn.com/li.lms-analytics/insight.beta.min.js https://static.ads-twitter.com/uwt.js https://static.hotjar.com/c/hotjar-2386626.js https://static.oktopost.com/oktrk.js https://tag.demandbase.com/00a4b81bfa345e5b.min.js https://tracking.g2crowd.com/attribution_tracking/conversions/5351.js https://widget.intercom.io/widget/rjk6vrpn https://www.google-analytics.com/analytics.js https://www.googleadservices.com/pagead/conversion/848565924/ https://www.googletagmanager.com/gtag/js https://www.iubenda.com/cookie-solution/confs/js/48216078.js https://www.redditstatic.com/ads/pixel.js; style-src 'self' 'unsafe-inline' https://p.typekit.net https://pages.matillion.com https://use.typekit.net; img-src 'self' data: 'self' data: https://alb.reddit.com https://analytics.twitter.com https://embed-ssl.wistia.com https://fast.wistia.com https://googleads.g.doubleclick.net https://heapanalytics.com https://id.rlcdn.com https://insight.adsrvr.org https://pubads.g.doubleclick.net https://px.ads.linkedin.com https://t.co https://www.facebook.com https://www.google-analytics.com https://www.google.com; connect-src 'self' https://992-uiw-731.mktoresp.com https://analytics.google.com https://api-iam.intercom.io https://api.company-target.com https://content.hotjar.io https://distillery.wistia.com https://fast.wistia.com https://fg8vvsvnieiv3ej16jby.litix.io https://google.com https://hits-i.iubenda.com https://in.hotjar.com https://metrics.hotjar.io https://stats.g.doubleclick.net https://tag-logger.demandbase.com https://v2.api.uberflip.com https://visitor-scoring-c.marketlinc.com https://www.google-analytics.com https://www.google.com wss://nexus-websocket-a.intercom.io wss://ws.hotjar.com; font-src 'self' 'self' data: https://fast.wistia.com https://use.typekit.net; media-src 'self' blob:; frame-src 'self' 'self' https://12420912.fls.doubleclick.net https://js.driftt.com https://pages.matillion.com https://s.company-target.com https://www.facebook.com; 1
object-src 'none';base-uri 'self';script-src 'nonce-UE8sJZmonoFh0HH9lxxkdg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-6Xrsf9Uw1q16Li1zeT0O-w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-1MB_rAF40CjH-2dUH4YvBA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-yqcRbRjmkr-DZ8HXcuJGSA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-4sdTWr0E_TARBMlS_xJcpg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-RaTbyETjsgeGFX9_RfzwjQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-QXGm5yo9NbY-WXNF6yxULw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-mUakUDkS3xMA5kWFIneCYQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-dAT02Iq98lnSxOH-knCp4Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-IFE4RP2GoC8T46MYAuhWVg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; worker-src 'self' blob:; script-src 'unsafe-inline' 'unsafe-eval' 'self' static.prdg.io/  ucontent.prdg.io *.mogl.com swagbucks.7eer.net/js/799/1700/irv2.js *.abtasty.com *.adsafeprotected.com *.amplitude.com appleid.cdn-apple.com cdn.auryc.com js.authorize.net completr-v2.appspot.com sugg.search.yahoo.net/sg/ bat.bing.com www.clarity.ms tags.clickagy.com t.contentsquare.net app.contentsquare.com cdn.cookielaw.org swagbucks.disqus.com/embed.js swagbucks-qa.disqus.com/embed.js googleads.g.doubleclick.net *.doubleverify.com www.dwin1.com pf.entertainow.com load.exelator.com connect.facebook.net gwiqcdn.globalwebindex.net accounts.google.com/gsi/client apis.google.com/js/ translate.google.com www.google.com/jsapi www.google.com/pagead/ www.google.com/recaptcha/ *.google-analytics.com www.googleadservices.com maps.googleapis.com storage.googleapis.com/pollfish_production/ tpc.googlesyndication.com www.googletagmanager.com www.googletagservices.com www.gstatic.com/recaptcha/ *.equalweb.com cdn.us.heap-api.com cdn.heapanalytics.com heapanalytics.com cdn.hellosign.com hideout.tv script.hotjar.com static.hotjar.com mpsnare.iesnare.com d.impactradius-event.com cso2.imperium.com secure-gl.imrworldwide.com secure.insightexpressai.com surveys.insightexpressai.com media-cdn.ipredictive.com app.lifesight.io/personica.js global.localizecdn.com api.maruusurv-serving.com img.macromill.com privacyportal-cdn.onetrust.com www.paypalobjects.com aalert.peanutlabs.com pix.pub api.prsrvy.com rules.quantcount.com secure.quantserve.com idsync.reson8.com publishers.revenueuniverse.com wsdk.rokt.com cn.rtclx.com *.scorecardresearch.com classic.slingo.com js.stripe.com jsd.supersonicads.com js.swagbucks.com cdn.taboola.com analytics.tiktok.com widget.trustpilot.com platform.twitter.com web-sdk.urbanairship.com *.voicefive.com *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com useruploads.vwo.io cdn.wootric.com static.zdassets.com assets.zendesk.com www.p.zjptg.com/tag/ cdnjs.cloudflare.com/ajax/libs/crypto-js/ cdnjs.cloudflare.com/ajax/libs/intl-tel-input/ cdnjs.cloudflare.com/ajax/libs/inputmask/4.0.8/inputmask/inputmask.min.js cdnjs.cloudflare.com/polyfill/ d33wwcok8lortz.cloudfront.net/js/799/ d3op16id4dloxg.cloudfront.net/CSOWrapperAjax3.js d3op16id4dloxg.cloudfront.net/RelevantID4.js *.verisoul.ai; script-src-elem 'unsafe-inline' 'unsafe-eval' 'self' static.prdg.io/  ucontent.prdg.io *.mogl.com swagbucks.7eer.net/js/799/1700/irv2.js *.abtasty.com *.adsafeprotected.com *.amplitude.com appleid.cdn-apple.com cdn.auryc.com js.authorize.net completr-v2.appspot.com sugg.search.yahoo.net/sg/ bat.bing.com www.clarity.ms tags.clickagy.com t.contentsquare.net app.contentsquare.com cdn.cookielaw.org swagbucks.disqus.com/embed.js swagbucks-qa.disqus.com/embed.js googleads.g.doubleclick.net *.doubleverify.com www.dwin1.com pf.entertainow.com load.exelator.com connect.facebook.net gwiqcdn.globalwebindex.net accounts.google.com/gsi/client apis.google.com/js/ translate.google.com www.google.com/jsapi www.google.com/pagead/ www.google.com/recaptcha/ *.google-analytics.com www.googleadservices.com maps.googleapis.com storage.googleapis.com/pollfish_production/ tpc.googlesyndication.com www.googletagmanager.com www.googletagservices.com www.gstatic.com/recaptcha/ *.equalweb.com cdn.us.heap-api.com cdn.heapanalytics.com heapanalytics.com cdn.hellosign.com hideout.tv script.hotjar.com static.hotjar.com mpsnare.iesnare.com d.impactradius-event.com cso2.imperium.com secure-gl.imrworldwide.com secure.insightexpressai.com surveys.insightexpressai.com media-cdn.ipredictive.com app.lifesight.io/personica.js global.localizecdn.com api.maruusurv-serving.com img.macromill.com privacyportal-cdn.onetrust.com www.paypalobjects.com aalert.peanutlabs.com pix.pub api.prsrvy.com rules.quantcount.com secure.quantserve.com idsync.reson8.com publishers.revenueuniverse.com wsdk.rokt.com cn.rtclx.com *.scorecardresearch.com classic.slingo.com js.stripe.com jsd.supersonicads.com js.swagbucks.com cdn.taboola.com analytics.tiktok.com widget.trustpilot.com platform.twitter.com web-sdk.urbanairship.com *.voicefive.com *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com useruploads.vwo.io cdn.wootric.com static.zdassets.com assets.zendesk.com www.p.zjptg.com/tag/ cdnjs.cloudflare.com/ajax/libs/crypto-js/ cdnjs.cloudflare.com/ajax/libs/intl-tel-input/ cdnjs.cloudflare.com/ajax/libs/inputmask/4.0.8/inputmask/inputmask.min.js cdnjs.cloudflare.com/polyfill/ d33wwcok8lortz.cloudfront.net/js/799/ d3op16id4dloxg.cloudfront.net/CSOWrapperAjax3.js d3op16id4dloxg.cloudfront.net/RelevantID4.js *.verisoul.ai; report-uri https://csp.prodege.workers.dev/report 1
script-src 'self' cdn.jsdelivr.net cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdn.knightlab.com https://cdnjs.cloudflare.com https://dap.digitalgov.gov; script-src-attr 'self'; style-src 'self' cdn.jsdelivr.net cdnjs.cloudflare.com https://cdn.knightlab.com https://cdnjs.cloudflare.com https://edit.cbp.gov https://stackpath.bootstrapcdn.com; style-src-attr 'self'; frame-ancestors 'self' 1
object-src 'none';base-uri 'self';script-src 'nonce-4Hm2q8F38zjpi8QbPDMaWQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' data: https: blob:; img-src 'self' data: https: http: blob:; script-src 'self' 'nonce-F0C8417A2AE2033F17DE7D09D4E91D2196B964DC8E040BB6736D156E0117573B' *.enable-now.cloud.sap *.salesforceliveagent.com *.siteintercept.qualtrics.com *.walkme.com *.liveperson.net *.ssl.ak.dynamic.tiles.virtualearth.net *.concursolutions.com *.sapdas-staging.cloud.sap *.sapdas.cloud.sap code.jquery.com consent.trustarc.com dev.virtualearth.net storage.glancecdn.net www.glancecdn.net www.google-analytics.com assets.adobedtm.com bam.nr-data.net maps.googleapis.com www.google-analytics.com www.googletagmanager.com siteintercept.qualtrics.com ajax.googleapis.com static.contextall.com *.bing.com www.vfmii.com blob:; style-src 'self' 'unsafe-inline' https: blob:; connect-src wss://*.glance.net 'self' https:; report-uri https://concursolutions.report-uri.com/r/t/csp/reportOnly; report-to report-only; 1
object-src 'none';base-uri 'self';script-src 'nonce-Av3GuxyK3ItpcOo9EP17SA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-z7xPizbkcZhgb2Kj56e6ug' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-VxcgpNsIIwBZD2K9ZD5xvg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
base-uri 'none'; connect-src https://c.increment.com https://c.stripe.dev https://c.stripe.global https://c.stripe.partners blob: https://b.stripecdn.com https://climate.stripe.com https://errors.stripe.com https://ext.stripe.com https://r.stripe.com https://sales-live-chat.stripe.com https://stripe-images.s3.us-west-1.amazonaws.com https://stripe.com https://y4pfttj91h-1.algolianet.com/1/indexes/mkt_partners/query https://y4pfttj91h-2.algolianet.com/1/indexes/mkt_partners/query https://y4pfttj91h-3.algolianet.com/1/indexes/mkt_partners/query https://y4pfttj91h-dsn.algolia.net/1/indexes/mkt_partners/query https://tax-connectors.stripe.com 'self'; default-src 'none'; font-src https://b.stripecdn.com 'self'; form-action https://climate.stripe.com https://stripe.com 'self'; frame-ancestors https://app.contentful.com 'self'; frame-src https://checkout.stripe.dev https://support-conversations.stripe.com https://b.stripecdn.com https://checkout.stripe.com https://crypto-js.stripe.com https://js.stripe.com https://sales-live-chat.stripe.com 'self'; img-src data: https://assets.ctfassets.net https://assets.stripeassets.com https://b.stripecdn.com https://images.ctfassets.net https://images.stripeassets.com https://q.stripe.com https://stripe-camo.global.ssl.fastly.net 'self'; media-src https://assets.ctfassets.net https://assets.stripeassets.com https://b.stripecdn.com https://videos.ctfassets.net https://videos.stripeassets.com 'self'; script-src https://b.stripecdn.com https://crypto-js.stripe.com https://js.stripe.com 'self' 'sha256-3aWvb9tRBjmz1OjR3n7mwiTm94+s4iki4mMZF82asmc=' 'sha256-5LtzXhT7UFn+GqP5pKEMGL08UNZsrzANHFEBW/mQHGw=' 'sha256-beLzNcen8LrazzSCRjAapoIMTgJI0osPWGNSX7aK6lc=' 'sha256-cCM0Z4lzGkzQnmbdVw+ouz0JRawyaKcZ4yiqzqYS7ek=' 'sha256-vTifGUJH6hJYTvstw4xJ4xfr/vE0ELkOV4GpCumyqfg=' 'sha256-KxhSaxKB5RFTQsqfRwp+zG7iLjvMrTAySqnSvWlqct0=' 'report-sample'; style-src https://b.stripecdn.com 'self' 'unsafe-inline'; report-uri https://q.stripe.com/csp-violation?q=QtH7CY2jjirnAZfuO3fcgQuLfqO7q-AJj_MpkTf79mTjaY6nkbJuPNvOm1-0Ujo%3D 1
default-src 'self' 'unsafe-inline' *.epfl.ch; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.epfl.ch https://*.cast.switch.ch https://ajax.googleapis.com https://cdnjs.cloudflare.com https://connect.facebook.net https://platform.twitter.com https://player.vimeo.com https://www.google-analytics.com https://www.googletagmanager.com https://www.instagram.com https://www.youtube.com; object-src 'none'; connect-src 'self' *.epfl.ch https://*.cast.switch.ch https://*.cloudfront.net https://*.google-analytics.com https://api.cdnjs.com https://stats.g.doubleclick.net https://www.google-analytics.com; frame-src 'self' *.epfl.ch https://api.cast.switch.ch https://datawrapper.dwcdn.net https://platform.twitter.com https://player.vimeo.com https://www.instagram.com https://www.youtube.com; style-src-elem 'self' 'unsafe-inline' *.epfl.ch https://fonts.googleapis.com; font-src 'self' data: *.epfl.ch https://fonts.gstatic.com; media-src 'self' data: *.epfl.ch https://*.cloudfront.net; img-src * data: https://s.w.org https://syndication.twitter.com https://www.google-analytics.com; worker-src 'none' blob:; report-uri https://report-uri.epfl.ch/csp-report; 1
object-src 'none';base-uri 'self';script-src 'nonce-IutVv_sldyFUlj9aJWsOvg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-G4UstwYWghzXD8O_B5Y6Ew' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.indiewire.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
object-src 'none'; script-src 'self' 'report-sample' addtocalendar.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdn.knightlab.com https://cdnjs.cloudflare.com https://science-catalog.fws.gov https://touchpoints.app.cloud.gov https://unpkg.com https://www.google.com maps.google.com unpkg.com; style-src 'self' 'report-sample' addtocalendar.com cdnjs.cloudflare.com fonts.googleapis.com https://cdn.jsdelivr.net https://cdn.knightlab.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://science-catalog.fws.gov https://unpkg.com unpkg.com; webrtc 'block'; worker-src 'self'; base-uri 'self'; form-action 'self'; frame-ancestors 'self' 1
object-src 'none';base-uri 'self';script-src 'nonce-vkRoGF4HS-9yKw9n41phUQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-OMWEcCAaiEl3csZBGQYafg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'none'; style-src 'self'; connect-src 'self'; img-src 'self'; script-src 'self' https://www.google.com/jsapi https://www.googletagmanager.com https://s3.amazonaws.com/downloads.mailchimp.com/js/ https://www.gstatic.com/charts/loader.js https://www.google-analytics.com/analytics.js; font-src 'self'; base-uri 'self'; form-action 'self'; 1
default-src https: wss: data: blob: 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self'; report-uri /_/csp-reports 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.sheknows.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
object-src 'none';base-uri 'self';script-src 'nonce--P7uUN3XIaXJLfXVVvKBgg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/chromebook 1
object-src 'none';base-uri 'self';script-src 'nonce-9kULP9j_VaH6n6JbB0H0hw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-4zgC91Gjrke4VuyX_RclIw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-A7dZrCnffw2aLNxVaP-wEg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-jynyqTANiCE-n9iQwXHiJA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-kzAW2HLm_Icx7DZgxUnRig' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-DZu5CXt9wYXsQrUbkSlXIg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-X6n2pQ-LHPPICjCfPK3h7w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-ZhPHp2vA5GKDvRdb6rgaKQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-SpHsf3pF6aJuqlFSMcRnIw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-B77tExxbfFTG7V35_qGt8Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-EkDK9alSBVRwGbKQ9c2zkQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-6uzfYDzk2yc1WIseccDOoQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-pHY6_tlz5_CQ2P7CkPM3jg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-dKv982CKXjsFMRNNPLAwuA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-92gXqsqNlRn5UIv3jd55oA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-g9IWnbcN9-bI2CPTplGEyA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-bCegtfaXdwJk9vX26dGbWQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-3Okm9jDPx2E6fEBXhXwOkA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-Hztzsx26njREGWCK1skxZQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-22daq7AN_DlJXDPFq2sm4A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
report-to slardar-endpoint; upgrade-insecure-requests ; frame-ancestors 'self' *.toutiao.com *.douyin.com *.bytedance.com *.bytedance.net tcs.jiyunhudong.com aup.jijixiangshangabc.com; report-uri https://mon.zijieapi.com/monitor_browser/collect/batch/security/?bid=flow_web; 1
object-src 'none';base-uri 'self';script-src 'nonce-RVzFSv0fECQNmA68JS_NOw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-QuPJUSy0WfGSf1rajINj3w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-Supk3zggNzt67LwhrysIPQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-3iodRHr2UxrlEhfTOXMZzA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-LNO4bUUdfDRxBVfzCOpQfQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-Aww4nYF1DaBPPbD-nJuVJw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-uUH-6tn1Onr50mhwpkpkFw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-U64XAr2cHg-BrGMtjBV6zQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-8W7n_sYNHHaTu09q_HpaQw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-_wIpgC9fFbS_Vf-ZN0SeYA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-SIuTa0K6UD6o-H218P1JMg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-a_ylxEmX2OgRHtLwxhhwdQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-P1ygdfurhRZPjj9y6qRiMQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-EWDPOcLZfvoTYnjldazWCw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-5gKE_h5fZ5Z3Jy0-nnnGWA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.dedeman.ro data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com maps.google.com *.recaptcha.net *.dedeman.ro *.gigya.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.dedeman.ro maps.gstatic.com *.google-analytics.com *.googletagmanager.com server.arcgisonline.com a.tile.openstreetmap.org b.tile.openstreetmap.org c.tile.openstreetmap.org ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.gigya.com 'self' data: 'unsafe-inline' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.nr-ext.net *.nr-assets.net *.dedeman.ro *.googleapis.com *.google-analytics.com *.google.com *.recaptcha.net *.facebook.com *.plugins.emarsys.net *.scarabresearch.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.gigya.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.dedeman.ro downloads.mailchimp.com 'unsafe-inline' data: 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src *.dedeman.ro 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com *.dedeman.ro maps.googleapis.com *.google-analytics.com cdns.eu1.gigya.com *.scarabresearch.com *.eservice.emarsys.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.dedeman.ro maps.googleapis.com *.google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-rffH3kzbeoeGw3jtOyY_tg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-lfWWP5esQI_9ujKCb8tz3w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-PPE9aVTgRp0CIIr3YY8nzg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-McAq5MxWC9AGaytpHQCtaQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-fac5uCR3DYBGXh88iE7ieg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-d6VYY0MTjnzHkM5ArzH1aA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-uNTaCWMw9v3xT39NPvTICw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-HJmo7BDVxBgGtDGUbx65Tg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-PAsKgGRfDZPHkyU1iqXi8w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-6GLVj6ow8cu4QP77WPpHPg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-sXEGwSMT1eMMHjaPGwZ8dQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-_rfO4AVV3lx4e16CdNssww' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-0Ac19huXlHtTPVjT_v8joA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-G3tHLuuOkIgSdCRdiYMbug' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-CvYY7W90RkFoVcrq_a-kAA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-85u5n0Ul9Xai70upBNycLQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-Aumpo6wFHrE9PzzlqNCEAA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-bzHkjXJ1odGYppMuOJ3lLA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-ihIWu_gJums6y8ZJ4yfX6g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-DFP_BnPwGV9Nvbm6GZTDQQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-jOXVKKoqBCUNEUl_psKr4A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-6YKZ9J_3DCbVyxEG1ObBxw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-f5x5vt0Fhra2w24-rwGfGA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-L3wVLk_RmfSeUXJHzSmCaQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-WJ6Zy74WuNbolwyhA4fO9g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
block-all-mixed-content; report-uri https://www.warau.jp/mixedcontentreport.php 1
object-src 'none';base-uri 'self';script-src 'nonce-Us7KPIz52otJo4siSCKLPQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' *.algolia.com *.algolia.io *.algolia.net *.algolianet.com algolia.com algolia.io algolia.net algolianet.com blob: data: *.3lift.com *.adroll.com *.affilae.com *.arcade.software *.bidr.io *.casalemedia.com *.clarity.ms *.clearbit.com *.company-target.com *.datadoghq.com *.doubleclick.net *.js.driftt.com *.facebook.com *.getbeamer.com *.googleoptimize.com *.googletagmanager.com *.hotjar.com *.licdn.com *.linkedin.com *.marketo.com *.mktoresp.com *.mutinycdn.com *.onetrust.com *.outbrain.com *.pendo.io *.pingdom.net *.pubmatic.com *.reddit.com *.rlcdn.com *.rubiconproject.com *.sitespect.com *.taboola.com *.twitter.com ajax.googleapis.com amplify.outbrain.com api.amplitude.com api.madkudu.com api.segment.io attr.ml-api.io bat.bing.com browser.sentry-cdn.com cdn.amplitude.com cdn.bizible.com cdn.cookielaw.org cdn.jsdelivr.net cdn.madkudu.com cdn.segment.com cdn.segment.io cdnjs.cloudflare.com client-registry.mutinycdn.com client.mutinycdn.com connect.facebook.net fonts.googleapis.com fonts.gstatic.com getbeamer.com js.driftt.com js.sentry-cdn.com js.stripe.com maxcdn.bootstrapcdn.com munchkin.marketo.net res.cloudinary.com s.ml-attr.com secure.adnxs.com secure.gravatar.com snap.licdn.com static.ads-twitter.com stats.g.doubleclick.net t.co tag.clearbitscripts.com tag.demandbase.com tr.outbrain.com tracking.g2crowd.com user-data.mutinycdn.com www.datadoghq-browser-agent.com www.google-analytics.com www.google.com www.googletagmanager.com www.gstatic.com www.redditstatic.com www.welcometothejungle.com x.clearbitjs.com m.servedby-buysellads.com paapi9371.d41.co api.c99.ai analytics.funnelfuel.io v2.d41.co ; img-src * data: *.mutinycdn.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com ; font-src 'self' data: fonts.gstatic.com github.com images.mutinycdn.com maxcdn.bootstrapcdn.com use.typekit.net use.fontawesome.com ; connect-src 'self' *.algolia.com *.algolia.io *.algolia.net *.algolianet.com algolia.com algolia.io algolia.net algolianet.com data: *.clarity.ms *.datadoghq.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.hotjar.com *.hotjar.io *.linkedin.com *.mktoresp.com *.mktoutil.com *.mutinyhq.io *.onetrust.com *.pingdom.net *.segment.com *.segment.io *.sentry.io *.mutinyhq.com *.mutinyhq.io *.mutinycdn.com adservice.google.com api.amplitude.com api.company-target.com api.madkudu.com api.segment.io app.clearbit.com app.getsentry.com backend.getbeamer.com cdn.cookielaw.org d.adroll.com in.hotjar.com maps.googleapis.com prod-algolia-blog-subscription.herokuapp.com raw.githubusercontent.com stats.g.doubleclick.net us-central1-documentation-feedback.cloudfunctions.net user-data.mutinycdn.com vitals.vercel-insights.com wss://*.hotjar.com www.google-analytics.com www.google.com analytics.funnelfuel.io tag-logger.demandbase.com api.c99.ai ; worker-src 'self' blob: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.algolia.com *.algolia.io *.algolia.net *.algolianet.com algolia.com algolia.io algolia.net algolianet.com blob: data: *.3lift.com *.adroll.com *.affilae.com *.arcade.software *.bidr.io *.casalemedia.com *.clarity.ms *.clearbit.com *.company-target.com *.datadoghq.com *.doubleclick.net *.js.driftt.com *.facebook.com *.getbeamer.com *.googleoptimize.com *.googletagmanager.com *.hotjar.com *.licdn.com *.linkedin.com *.marketo.com *.mktoresp.com *.mutinycdn.com *.onetrust.com *.outbrain.com *.pendo.io *.pingdom.net *.pubmatic.com *.reddit.com *.rlcdn.com *.rubiconproject.com *.sitespect.com *.taboola.com *.twitter.com ajax.googleapis.com amplify.outbrain.com api.amplitude.com api.madkudu.com api.segment.io attr.ml-api.io bat.bing.com browser.sentry-cdn.com cdn.amplitude.com cdn.bizible.com cdn.cookielaw.org cdn.jsdelivr.net cdn.madkudu.com cdn.segment.com cdn.segment.io cdnjs.cloudflare.com client-registry.mutinycdn.com client.mutinycdn.com connect.facebook.net fonts.googleapis.com fonts.gstatic.com getbeamer.com js.driftt.com js.sentry-cdn.com js.stripe.com maxcdn.bootstrapcdn.com munchkin.marketo.net res.cloudinary.com s.ml-attr.com secure.adnxs.com secure.gravatar.com snap.licdn.com static.ads-twitter.com stats.g.doubleclick.net t.co tag.clearbitscripts.com tag.demandbase.com tr.outbrain.com tracking.g2crowd.com user-data.mutinycdn.com www.datadoghq-browser-agent.com www.google-analytics.com www.google.com www.googletagmanager.com www.gstatic.com www.redditstatic.com www.welcometothejungle.com x.clearbitjs.com m.servedby-buysellads.com paapi9371.d41.co api.c99.ai analytics.funnelfuel.io v2.d41.co ; report-uri https://algolia.report-uri.com/r/t/csp/wizard 1
object-src 'none';base-uri 'self';script-src 'nonce-sUSt3LXwTcYvwxYyEQhoNA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/googleorg 1
object-src 'none';base-uri 'self';script-src 'nonce-TdcCyxsJWL-zk4lN5I_B0Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-QFjDzU4tpPeLHFgk7fvw6Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
base-uri 'self';connect-src https://*.go-mpulse.net https://*.akstat.io 'self' https: *.sentry.io *.amplitude.com *.care.com *.carezen.net *.signalfx.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net font.google.com analytics.google.com tagmanager.google.com www.google.com https://*.hotjar.com https://vc.hotjar.io https://content.hotjar.io https://events.hotjar.io https://surveystats.hotjar.io wss://*.hotjar.com https://geolocation.onetrust.com jsv3.recruitics.com;default-src 'self' wss://*.care.com *.care.com *.careapis.com *.carezen.net *.cdn-care.com care.com cdn-care.com www.gstatic.com www.google.com *.googlesyndication.com tags.tiqcdn.com tags-eu.tiqcdn.com tk.getwork.com tr.snapchat.com shareasale.com *.doubleclick.net apps.rokt.com bid.g.doubleclick.net tags.w55c.net *.linkedin.com www.pinterest.com carecom.sjv.io staging-pt.ispot.tv ct.pinterest.com;font-src 'self' data: https://www.care.com https://www.dev.carezen.net https://www.stg.carezen.net fonts.gstatic.com https://script.hotjar.com;frame-ancestors 'self';img-src data: blob: *;object-src 'none';script-src https://*.go-mpulse.net 'nonce-90af2e0fa75f84bade80d6d3ced4773c' 'self' *.akamaihd.net *.care.com *.careapis.com *.carezen.net *.cdn-care.com *.cloudfront.net *.googlesyndication.com *.sift.com *.monetate.net acsbapp.com analytics.tiktok.com apps.rokt.com bat.bing.com care.com cdn-care.com cdn.pdst.fm connect.facebook.net d.impactradius-event.com googleads.g.doubleclick.net securepubads.g.doubleclick.net maps.googleapis.com s.pinimg.com ssl.google-analytics.com tags-eu.tiqcdn.com tags.tiqcdn.com wss://*.care.com www.emjcd.com www.google-analytics.com www.google.com www.googleadservices.com *.googletagmanager.com www.gstatic.com tr.outbrain.com tags.w55c.net clarity.ms staging-pt.ispot.tv tracker.mnixdata.com *.mountain.com tagmanager.google.com s.go-mpulse.net collector-12308.tvsquared.com js.adsrvr.org https://static.hotjar.com https://script.hotjar.com https://cdn.cookielaw.org https://dev.visualwebsiteoptimizer.com assets.calendly.com jsv3.recruitics.com 'nonce-a53e894367e0da32dc8c1633ad6e8890' 'strict-dynamic';frame-src 'self' alchemy.veriff.com www.google.com recaptcha.google.com bid.g.doubleclick.net 12355078.fls.doubleclick.net s.go-mpulse.net carecom.sjv.io apps.rokt.com tr.snapchat.com 3239339.fls.doubleclick.net https://vars.hotjar.com insight.adsrvr.org https://www.youtube.com/ https://ots2-qa.learningcaregroup.com/ScheduleATour/ https://ots2.learningcaregroup.com/ScheduleATour/ td.doubleclick.net https://calendly.com securepubads.g.doubleclick.net *.googlesyndication.com ep2.adtrafficquality.google;style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.google.com https://static.hotjar.com https://script.hotjar.com https://cdn.cookielaw.org 'nonce-a53e894367e0da32dc8c1633ad6e8890';style-src-attr 'self' 'unsafe-inline' tags.tiqcdn.com tags-eu.tiqcdn.com bat.bing.com;upgrade-insecure-requests;report-uri https://o466311.ingest.sentry.io/api/6004104/security/?sentry_key=2c284ff228ac4d0e8b8ad9ea17497eee&sentry_release=vhp-mfe%402.142.0&sentry_environment=prod 1
default-src 'unsafe-eval' 'unsafe-inline' 'self' http: https: data: wss: blob: chrome-extension ; report-uri /cgi-bin/csp-reports.cgi 1
object-src 'none';base-uri 'self';script-src 'nonce-e3vyX6XRXAN7TcKnCwGxvw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self';base-uri 'none';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' https: data: https://cdn.remitly.com https://*.doubleclick.net/ https://www.facebook.com https://*.google.com https://*.google-analytics.com https://www.googletagmanager.com https://*.gstatic.com/ https://getrockerbox.com/ https://media.remitly.io https://impressions.onelink.me;object-src 'none';script-src https: 'nonce-46ddadd101442b218d38f895222ae68c3f0e5b0d86a453d20a80afce958e6072' 'strict-dynamic';script-src-attr 'nonce-46ddadd101442b218d38f895222ae68c3f0e5b0d86a453d20a80afce958e6072';style-src https://cdn.remitly.com https://media.remitly.io https://cdn.fonts.net 'unsafe-inline';upgrade-insecure-requests;manifest-src data:;style-src-elem https://*.gstatic.com/ https://media.remitly.io https://cdn.fonts.net https://dqyag3aekzepn.cloudfront.net https://fonts.googleapis.com 'unsafe-inline';connect-src 'self' https://api2.branch.io/ https://cdn.remitly.com https://*.doubleclick.net/ https://www.googletagmanager.com https://sessions.bugsnag.com https://notify.bugsnag.com https://bam.nr-data.net https://uel.remitly.io https://locations.remitly.io https://translate.googleapis.com/ https://*.clarity.ms https://www.facebook.com https://connect.facebook.net https://cdn.siftscience.com https://cdn.fonts.net https://*.google.com https://www.googleadservices.com https://*.google-analytics.com https://api.remitly.io https://parasol.remitly.io https://*.amplitude.com/ https://wa.appsflyer.com https://wa.onelink.me/v1/onelink https://analytics.tiktok.com https://analytics-ipv6.tiktokw.us https://media.remitly.io https://*.snapchat.com https://sc-static.net https://bat.bing.com https://bat.bing.net https://px.ads.linkedin.com https://pixel-config.reddit.com https://www.redditstatic.com https://conversions-config.reddit.com https://websdk.appsflyer.com https://*.amazon-adsystem.com https://ara.paa-reporting-advertising.amazon;frame-src https://*.amazon-adsystem.com https://*.doubleclick.net/ https://www.recaptcha.net/recaptcha/ https://remitly-3pjs.com https://www.googletagmanager.com https://www.facebook.com https://www.youtube.com https://*.amplitude.com/ https://*.snapchat.com https://sc-static.net https://widget.trustpilot.com/;report-uri https://www.remitly.com/csp_report_preauth 1
object-src 'none';base-uri 'self';script-src 'nonce-vzLc5g4-0mrxG5OPC13jYw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-0-lF3vxQYIefJoi2BcvqRw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-JaU0THcaWNYQ0jOf5wgbNA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com 'unsafe-eval' 'nonce-5519bf2e55c258d8076cae1061c279bc' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com https://www.google.com/ccm/collect https://cdn.builder.io;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self' https://builder.io;img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=report&canonical_page_id=/company/home/ 1
object-src 'none';base-uri 'self';script-src 'nonce-MtKm6jUByDEBR8Evh02Pgg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.pie.org/ https://www.google.com/recaptcha/ https://accounts.google.com/ https://www.gstatic.com/ https://adblockforyoutube.com/ https://www.adblockforyoutube.com/; style-src 'self' 'unsafe-inline'; img-src 'self' blob: data: *; object-src 'none'; font-src 'self' https://fonts.gstatic.com; media-src 'self' https://cdn.pie.org; connect-src 'self' https://*.pie.org https://cdn.segment.com https://cdn.lottielab.com https://browser-intake-us5-datadoghq.com https://www.google.com/recaptcha/ https://adblockforyoutube.com https://www.adblockforyoutube.com; frame-src 'self' https://accounts.google.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/ https://recaptcha.google.com/ https://adblockforyoutube.com/ https://www.adblockforyoutube.com/; base-uri 'self'; frame-ancestors 'none'; upgrade-insecure-requests 1
object-src 'none';base-uri 'self';script-src 'nonce-PeGAOe9vzm_94E2RSPdQcg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-mbwzwffeg5nkt_sswL-Pdg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' 1003891.track.convertexperiments.com app.hubspot.com cdn-3.convertexperiments.com cdn-4.convertexperiments.com cdn.pdst.fm connect.facebook.net js.hs-analytics.net js.hs-banner.com js.hsforms.net js.hsleadflows.net js.hubspotfeedback.com js.usemessages.com play.vidyard.com script.hotjar.com snap.licdn.com static.hotjar.com static.hsappstatic.net www.google-analytics.com www.googletagmanager.com www.recaptcha.net code.highcharts.com www.youtube.com js.hubspot.com www.dropbox.com widget.altrulabs.com www.google.com maps.googleapis.com wt-assets.hubteam.com cdn2.hubspot.net www.redditstatic.com cdn.veritonic.com gosniply.com d.impactradius-event.com test.test.com js.hubspot.com analytics.tiktok.com 'strict-dynamic' 'nonce-2gCkqKCuDTd8AtA/viRyyQ=='; report-uri https://send.hsbrowserreports.com/csp/report 1
script-src 'strict-dynamic' 'self' https: 'nonce-2bd334c0455662ab57deb55f1c91c37029886aca'; script-src-elem 'self' 'nonce-2bd334c0455662ab57deb55f1c91c37029886aca'; object-src 'none'; base-uri 'none'; report-to csp-report; frame-ancestors 'self' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' 1003891.track.convertexperiments.com app.hubspot.com cdn-3.convertexperiments.com cdn-4.convertexperiments.com cdn.pdst.fm connect.facebook.net js.hs-analytics.net js.hs-banner.com js.hsforms.net js.hsleadflows.net js.hubspotfeedback.com js.usemessages.com play.vidyard.com script.hotjar.com snap.licdn.com static.hotjar.com static.hsappstatic.net www.google-analytics.com www.googletagmanager.com www.recaptcha.net code.highcharts.com www.youtube.com js.hubspot.com www.dropbox.com widget.altrulabs.com www.google.com maps.googleapis.com wt-assets.hubteam.com cdn2.hubspot.net www.redditstatic.com cdn.veritonic.com gosniply.com d.impactradius-event.com test.test.com js.hubspot.com analytics.tiktok.com 'strict-dynamic' 'nonce-aatg/3HXVhg/p8ZdiWi8bw=='; report-uri https://send.hsbrowserreports.com/csp/report 1
object-src 'none';base-uri 'self';script-src 'nonce-dkyDkZZtn4kCapmyJzYcUA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' 'unsafe-inline' data: *.fca.org.uk alb.grammar-checker.fca.zedcloud.co.uk; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com *.googletagmanager.com *.google.com *.gstatic.com *.facebook.net www.googleadservices.com siteimproveanalytics.com *.siteimproveanalytics.io *.twitter.com *.jquery.com *.nr-data.net *.newrelic.com static.ads-twitter.com js.adsrvr.org *.doubleclick.net *.fca.org.uk fca.funnelback.co.uk *.salesforceliveagent.com *.twentythree.net snap.licdn.com analytics.tiktok.com sc-static.net *.snapchat.com static.cloudflareinsights.com cdn.jsdelivr.net cdn.ckeditor.com alb.grammar-checker.fca.zedcloud.co.uk api1-eu.webpurify.com *.siteimprove.net; img-src 'self' 'unsafe-inline' data: *.facebook.com *.google-analytics.com *.siteimproveanalytics.io *.google.com t.co *.doubleclick.net *.fca.org.uk *.google.ie *.videomarketingplatform.co www.google.co.uk *.nr-data.net *.googletagmanager.com *.fca.org.uk *.gstatic.com www.glassdoor.co.uk *.fca.org.uk linkedin.com www.facebook.com t.co *.linkedin.com *.google.ch *.google.de *.google.nl *.google.com.eg *.google.es *.google.ee *.google.co.in *.google.co.uz *.adsymptotic.com *.tableau.com *.google.ge *.google.se *.google.com.bh *.google.sk *.twitter.com alb.grammar-checker.fca.zedcloud.co.uk; frame-src 'self' 'unsafe-inline' *.buto.tv *.videomarketingplatform.co *.view-it.co.uk *.fcaconnect.force.com prezi.com wearebigrock.com *.fca.org.uk player.vimeo.com www.thinglink.com *.google.com *.doubleclick.net insight.adsrvr.org *.fca.org.uk *.googletagmanager.com *.youtube.com match.adsrvr.org *.twentythree.net gateway.zscaler.net *.tableau.com *.snapchat.com *.siteimprove.com; frame-ancestors 'self' *.fca.org.uk; child-src 'self' 'unsafe-inline' *.buto.tv *.videomarketingplatform.co *.view-it.co.uk *.fcaconnect.force.com prezi.com wearebigrock.com *.fca.org.uk player.vimeo.com www.thinglink.com *.google.com *.fca.org.uk; font-src 'self' data: fonts.gstatic.com *.fca.org.uk at.alicdn.com alb.grammar-checker.fca.zedcloud.co.uk; connect-src 'self' www.google-analytics.com *.googletagmanager.com *.google.com *.gstatic.com *.facebook.net www.googleadservices.com siteimproveanalytics.com *.siteimproveanalytics.io *.twitter.com *.jquery.com *.nr-data.net *.newrelic.com static.ads-twitter.com js.adsrvr.org *.doubleclick.net *.fca.org.uk fca.funnelback.co.uk *.googleapis.com analytics.tiktok.com *.snapchat.com *.google-analytics.com *.linkedin.com alb.grammar-checker.fca.zedcloud.co.uk *.siteimprove.com; report-uri https://o105440.ingest.sentry.io/api/234655/security/?sentry_key=78e86bb79e1f44d0b24b22ab1e9dc5d0; upgrade-insecure-requests 1
object-src 'none';base-uri 'self';script-src 'nonce-hXk-YMtLpxFWl12yEdMA3g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net maxcdn.bootstrapcdn.com *.fontawesome.com fonts.googleapis.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com http2.mlstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.magerocket.com *.gocuotas.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.mercadolibre.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com mldp.mercadopago.com www.mercadolibre.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.magerocket.com *.gocuotas.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net imgmp.mlstatic.com *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.mercadolivre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br www.mercadolibre.com www.mercadolibre.com.mx www.mercadolibre.com.ar www.mercadolibre.com.br a248.e.akamai.net mercadolivre.com.br www.mercadolivre.com.br www.mercadolivre.com.mx www.mercadolivre.com.ar www.mercadopago.com secure.mlstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.magerocket.com *.gocuotas.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.google.com *.online-metrix.net *.groovinads.com *.g.doubleclick.net *.clarity.ms *.bing.com *.google.com.ar data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.braindw.com *.mlstatic.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br http2.mlstatic.com secure.mlstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.magerocket.com *.gocuotas.com *.googleapis.com *.google.com *.gstatic.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://live.decidir.com i.k-analytix.com rum-static.pingdom.net live.decidir.com *.newrelic.com bam-cell.nr-data.net https://api.wcx.cloud https://static-s.braindw.com https://f.wcentrix.com https://ads01.groovinads.com https://static.hotjar.com https://script.hotjar.com https://connect.facebook.net https://googleads.g.doubleclick.net *.groovinads.com *.online-metrix.net *.bing.com *.clarity.ms *.cloudfront.net *.force.com *.la1-core1.sfdc-lywfpd.salesforceliveagent.com *.varify.io *.collect.igodigital.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com maxcdn.bootstrapcdn.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com unsafe-inline assets.braintreegateway.com http2.mlstatic.com *.force.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io *.braindw.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com api.mercadopago.com events.mercadopago.com www.mercadolibre.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.magerocket.com *.gocuotas.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://developers.decidir.com/ *.google-analytics.com i.konduto.com rum-collector-2.pingdom.net *.mercadolibre.com.ar *.decidir.com bam-cell.nr-data.net https://stats.g.doubleclick.net https://s.braindw.com https://a.braindw.com https://api.wcx.cloud https://f.wcentrix.com *.g.doubleclick.net *.nr-data.net *.clarity.ms *.online-metrix.net *.varify.io *.bing.com *.amazonaws.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src maxcdn.bootstrapcdn.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src https: data: blob: wss: android-webview-video-poster: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-to default; report-uri https://sentry.io/api/256178/csp-report/?sentry_key=c2fb05422b2242faaec1d6d8a2a000fc&sentry_environment=production&sentry_release=1.1.340 1
connect-src https: wss:; font-src data: https:; frame-src https:; img-src blob: data: https:; media-src blob: data: https:; object-src 'self' https://*.app-eu.wrike.com https://*.app-eu.wrike-cn.com https://*.wrike.com https://*.wrike-cn.com https://*.www.wrike.com https://*.www.wrike-cn.com https://youtube.com https://d3tvpxjako9ywy.cloudfront.net https://d1c5qktmphn2d.cloudfront.net; manifest-src 'self' https://cdn.wrike.com https://cdn.wrike-cn.com; script-src 'unsafe-eval' 'unsafe-inline' data: https://*.wrike.com https://*.wrike-cn.com https://*.www.wrike.com https://*.www.wrike-cn.com https://*.app-eu.wrike.com https://*.app-eu.wrike-cn.com https://*.google-analytics.com https://*.usercentrics.eu https://*.marketo.com https://*.marketo.net https://apis.google.com https://bat.bing.com https://cdn.ravenjs.com https://connect.facebook.net https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1056104813/ https://snap.licdn.com https://static.ads-twitter.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://googleads.g.doubleclick.net/pagead/viewthroughconversion/962492627/ https://pagead2.googlesyndication.com/pagead/conversion/962492627/ https://s.yimg.jp/images/listing/tool/cv/ytag.js https://js.driftt.com/ https://tag.demandbase.com/63365c817f510bbb.min.js https://api.tomi.ai/029/loader.js https://tags.srv.stackadapt.com/events.js https://s.yimg.jp/images/listing/tool/cv/conversion.js https://cdn.metadata.io https://js.partnerstack.com/v1/ https://www.clarity.ms/ https://tracking.intentsify.io/ https://b97.yahoo.co.jp/pagead/conversion_async.js https://ad.doubleclick.net/ddm/adj/N1344363.197812NSO.CODESRV/ https://*.d41.co https://d3tvpxjako9ywy.cloudfront.net https://d1c5qktmphn2d.cloudfront.net https://static.cloudflareinsights.com https://fast.wistia.com; style-src 'unsafe-inline' data: https:; default-src 'self'; report-uri https://csp-global.wrike.com/csp-report?website 1
base-uri 'self';default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: chrome: eval: https: http:;report-uri https://stderr.consumeraffairs.com/api/40/security/?sentry_key=7cf6b3564e4343f68a310b937a3d823e; 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com www.googletagmanager.com *.optimizely.com *.onetrust.com *.optimonk.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com;font-src 'self' data: fonts.gstatic.com;img-src data: *;frame-src 'self' youtube.com www.youtube.com *.optimizely.com *.doubleclick.net;media-src 'self' youtube.com www.youtube.com;connect-src 'self' youtube.com www.youtube.com *.optimizely.com *.optimonk.com *.onetrust.com *.analytics.google.com *.google-analytics.com *.doubleclick.net;frame-ancestors 'self';upgrade-insecure-requests; 1
frame-ancestors https://*.workable.com/; report-uri https://browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubcbe8d2ef0966e8645a91099cfac490bb&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=%40http.headers.cfray%3A95d4da6e3a33155d 1
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/admob_google_com 1
object-src 'none';base-uri 'self';script-src 'nonce-8J1Nj3EO_auOUu0H1aKXAQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'nonce-f82ea12f853009d1a3b130dde82c5519' 'strict-dynamic' 'unsafe-hashes' 'sha256-xrJuOSR6jDaT+bukIUJugsa11m/X5XIE5PpG43kF7Dk=' 'sha256-4NCNDWo1wUYyhR6cZ81TMIh6wd1q9zLwU2XIKzJg5iA='; script-src-attr 'unsafe-hashes' 'sha256-xrJuOSR6jDaT+bukIUJugsa11m/X5XIE5PpG43kF7Dk=' 'sha256-4NCNDWo1wUYyhR6cZ81TMIh6wd1q9zLwU2XIKzJg5iA='; report-to csp-endpoint 1
default-src 'self' https://app505-dayforce-csp-func.azurewebsites.net/api/DFCspReportFunction mydayforce.com *.mydayforce.com *.dayforce.com *.dayforcehcm.com https://col.eum-appdynamics.com https://pdx-col.eum-appdynamics.com  https://cdn.appdynamics.com *.google-analytics.com https://analytics.google.com *.cookielaw.org https://cdn.cookielaw.org https://ceridian-privacy.my.onetrust.com https://geolocation.onetrust.com *.launchdarkly.com https://connect.facebook.net/ https://app.powerbi.com *.docebosaas.com *.dcbstatic.com *.duosecurity.com *.dayforcenextgen.ca *.dayforcenow.us https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ *.dayforcehcm.kaufland *.sys.schwarz https://platform.linkedin.com/xdoor/scripts/in.js https://www.linkedin.com/recruiter/widget/ATSIntegration https://www.linkedin.com/li/track *.Fluidtopics.net flimp.me https://translate.googleapis.com/ https://fontmetrics.net/ *.eloomi.io https://www.ssa.gov/accessibility/andi/; script-src 'self' 'nonce-vDEssaEg2yDR6XAGmD6O4j9L/0Wef9nQ' app.pendo.io pendo-io-static.storage.googleapis.com cdn.pendo.io pendo-static-4980713668542464.storage.googleapis.com data.pendo.io https://app505-dayforce-csp-func.azurewebsites.net/api/DFCspReportFunction mydayforce.com *.mydayforce.com *.dayforce.com *.dayforcehcm.com https://col.eum-appdynamics.com https://pdx-col.eum-appdynamics.com  https://cdn.appdynamics.com *.google-analytics.com https://analytics.google.com *.cookielaw.org https://cdn.cookielaw.org https://ceridian-privacy.my.onetrust.com https://geolocation.onetrust.com *.launchdarkly.com https://connect.facebook.net/ https://app.powerbi.com *.docebosaas.com *.dcbstatic.com *.duosecurity.com *.dayforcenextgen.ca *.dayforcenow.us https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ *.dayforcehcm.kaufland *.sys.schwarz https://platform.linkedin.com/xdoor/scripts/in.js https://www.linkedin.com/recruiter/widget/ATSIntegration https://www.linkedin.com/li/track *.Fluidtopics.net flimp.me https://translate.googleapis.com/ https://fontmetrics.net/ *.eloomi.io https://www.ssa.gov/accessibility/andi/ 'report-sample'; script-src-elem 'self' 'nonce-vDEssaEg2yDR6XAGmD6O4j9L/0Wef9nQ' app.pendo.io pendo-io-static.storage.googleapis.com cdn.pendo.io pendo-static-4980713668542464.storage.googleapis.com data.pendo.io https://app505-dayforce-csp-func.azurewebsites.net/api/DFCspReportFunction mydayforce.com *.mydayforce.com *.dayforce.com *.dayforcehcm.com https://col.eum-appdynamics.com https://pdx-col.eum-appdynamics.com  https://cdn.appdynamics.com *.google-analytics.com https://analytics.google.com *.cookielaw.org https://cdn.cookielaw.org https://ceridian-privacy.my.onetrust.com https://geolocation.onetrust.com *.launchdarkly.com https://connect.facebook.net/ https://app.powerbi.com *.docebosaas.com *.dcbstatic.com *.duosecurity.com *.dayforcenextgen.ca *.dayforcenow.us https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ *.dayforcehcm.kaufland *.sys.schwarz https://platform.linkedin.com/xdoor/scripts/in.js https://www.linkedin.com/recruiter/widget/ATSIntegration https://www.linkedin.com/li/track *.Fluidtopics.net flimp.me https://translate.googleapis.com/ https://fontmetrics.net/ *.eloomi.io https://www.ssa.gov/accessibility/andi/ 'report-sample'; object-src 'none'; style-src 'self' 'nonce-vDEssaEg2yDR6XAGmD6O4j9L/0Wef9nQ' app.pendo.io cdn.pendo.io pendo-static-4980713668542464.storage.googleapis.com fonts.googleapis.com mydayforce.com *.mydayforce.com *.dayforce.com *.dayforcehcm.com https://col.eum-appdynamics.com https://pdx-col.eum-appdynamics.com  https://cdn.appdynamics.com *.google-analytics.com https://analytics.google.com *.cookielaw.org https://cdn.cookielaw.org https://ceridian-privacy.my.onetrust.com https://geolocation.onetrust.com *.launchdarkly.com https://connect.facebook.net/ https://app.powerbi.com *.docebosaas.com *.dcbstatic.com *.duosecurity.com *.dayforcenextgen.ca *.dayforcenow.us https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ *.dayforcehcm.kaufland *.sys.schwarz https://platform.linkedin.com/xdoor/scripts/in.js https://www.linkedin.com/recruiter/widget/ATSIntegration https://www.linkedin.com/li/track *.Fluidtopics.net flimp.me https://translate.googleapis.com/ https://fontmetrics.net/ *.eloomi.io https://www.ssa.gov/accessibility/andi/; img-src * blob: data:; connect-src * blob: data:; media-src * blob: data:; frame-ancestors 'self'; font-src * blob: data:; base-uri 'self'; child-src 'self' blob: https://app505-dayforce-csp-func.azurewebsites.net/api/DFCspReportFunction mydayforce.com *.mydayforce.com *.dayforce.com *.dayforcehcm.com https://col.eum-appdynamics.com https://pdx-col.eum-appdynamics.com  https://cdn.appdynamics.com *.google-analytics.com https://analytics.google.com *.cookielaw.org https://cdn.cookielaw.org https://ceridian-privacy.my.onetrust.com https://geolocation.onetrust.com *.launchdarkly.com https://connect.facebook.net/ https://app.powerbi.com *.docebosaas.com *.dcbstatic.com *.duosecurity.com *.dayforcenextgen.ca *.dayforcenow.us https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ *.dayforcehcm.kaufland *.sys.schwarz https://platform.linkedin.com/xdoor/scripts/in.js https://www.linkedin.com/recruiter/widget/ATSIntegration https://www.linkedin.com/li/track *.Fluidtopics.net flimp.me https://translate.googleapis.com/ https://fontmetrics.net/ *.eloomi.io https://www.ssa.gov/accessibility/andi/; manifest-src * blob: data:; form-actions 'self'; upgrade-insecure-requests; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://unpkg.com https://acsbapp.com https://snap.licdn.com https://sc-static.net https://tr.snapchat.com https://maps.googleapis.com https://static.ads-twitter.com https://analytics.twitter.com https://connect.facebook.net https://cdn.cookielaw.org https://www.youtube.com https://static.addtoany.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://js-agent.newrelic.com https://geolocation.onetrust.com https://bam-cell.nr-data.net https://cdnsecakmi.kaltura.com https://cdnapisec.kaltura.com http://cdnapi.kaltura.com https://cfvod.kaltura.com https://www.google-analytics.com https://cdn.jsdelivr.net https://script.crazyegg.com https://static.cloudflareinsights.com https://www.google.com https://www.gstatic.com https://bam.nr-data.net https://hm.baidu.com/hm.js https://www.clarity.ms https://www.googleadservices.com blob: https://vjs.zencdn.net/5.0/video.min.js; object-src 'self' 'unsafe-inline' 'unsafe-eval' https: data; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.cookielaw.org https://acsbapp.com https://sc-static.net https://tr.snapchat.com https://maps.googleapis.com  https://fonts.googleapis.com https://www.youtube.com https://static.addtoany.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://js-agent.newrelic.com https://geolocation.onetrust.com https://bam-cell.nr-data.net https://script.crazyegg.com https://static.cloudflareinsights.com https://cdnapisec.kaltura.com https://cfvod.kaltura.com https://vjs.zencdn.net/5.0/video-js.min.css; frame-ancestors 'self'; report-uri /report-csp-violation 1
object-src 'none';base-uri 'self';script-src 'nonce-oEajJucgZsn6mgJVOHtdxQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; script-src 'self' 'wasm-unsafe-eval' https://vercel.com https://vercel.live/; style-src 'self' 'unsafe-inline'; img-src * data: blob:; connect-src * data: blob:; worker-src 'self' blob:; frame-src 'self' *; report-to https://uniswaplabs.report-uri.com/r/t/csp/reportOnly; form-action none; 1
object-src 'none';base-uri 'self';script-src 'nonce-Q8ZbyWV4_SvhXKpQu_A0Xg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
frame-ancestors 'self' http://localhost:4002; 1
default-src 'self' blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: *.addthis.com *.akamai.net *.convertexperiments.com *.flickr.com *.hotjar.com *.google.com *.sierraclub.org *.twitter.com cdn.ampproject.org cdn.hypemarks.com cdn.jsdelivr.net cdn.optimizely.com connect.facebook.net google-analytics.com google.com googletagmanager.com instagram.com js.maxmind.com maps.googleapis.com partner.googleadservices.com pixel.sitescout.com public.tableau.com reddit.com scribd.com snap.licdn.com unpkg.com v1.addthisedge.com widgets.pinterest.com z.moatads.com; object-src 'self'; style-src 'self' 'unsafe-inline' https: *.sierraclub.org cdn.honey.io cdn.jsdelivr.net cdn.knightlab.com cdnjs.cloudflare.com cloud.typography.com *.hotjar.com fonts.googleapis.com google.com pro.fontawesome.com; img-src * 'unsafe-inline' blob: data: https:; media-src 'self' data:; frame-src 'self' https: *.addthis.com *.doubleclick.net *.fls.doubleclick.net *.ggusd.us *.google.com *.hotjar.com *.optimizely.com *.s3.amazonaws.com *.sierraclub.org *.stpsb.org *.twitter.com block.opendns.com blocked.goguardian.com calendar.google.com cdn.bannersnack.com ckreport.lisd.net clubvolunteer.org facebook.com funnyordie.com gateway.zscalertwo.net global.acs.prismaaccess.com googletagmanager.com instagram.com m.facebook.com maphub.net meetup.com mozbar.moz.com player.vimeo.com public.tableau.com quorum.us rcm-na.amazon-adsystem.com s7.addthis.com spur.maps.arcgis.com static.contextall.com trustpoint-lax.northcentraltrust.com vpn.myips.org web.facebook.com youtube-nocookie.com youtube.com driveelectricweek.org; frame-ancestors 'self' https: blob: sierraclub.org driveelectricweek.org; child-src 'self' https: blob: sierraclub.org driveelectricweek.org; font-src 'self' data: https: *.sierraclub.org at.alicdn.com cdn.honey.io cdn.jsdelivr.net *.hotjar.com fonts.gstatic.com pro.fontawesome.com slant.co; connect-src 'self' https: *.doubleclick.net *.google-analytics.com *.google.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.optimizely.com *.sierraclub.org cdn.linkedin.oribi.io csp.withgoogle.com facebook.com geoip-js.com google-analytics.com googletagmanager.com logx.optimizely.com maps.googleapis.com sharethis.com secure.geonames.org stats.g.doubleclick.net *.osano.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
base-uri 'self'; media-src 'none'; object-src 'self'; manifest-src 'self'; style-src 'self' 'unsafe-inline' https://*.content.powerapps.com https://*.static.powerapps.com https://*.cdn.office.net https://vsa.services.microsoft.com https://mfpembedcdnmsit.azureedge.net; script-src 'self' blob: https://wcpstatic.microsoft.com https://shell.cdn.office.net https://res.cdn.office.net https://r4.res.office365.com https://amcdn.msftauth.net https://js.monitor.azure.com https://vsa.services.microsoft.com https://api.flow.microsoft.com https://content.powerapps.com 'sha256-CnzmUY9XDWPjkAgzDPEHLlm4gygKztleRupzQDsr608=' 'sha256-JEwSVBrCE741EV9rbuu3EqBV+pc2dpFhRHIV6+9J0mY=' 'sha256-+2jm5SNRB4WubmMQDChnXjseeCIhj34lMFWKhVn1qBE=' 'sha256-y7y27Uq4p88K6EhwSUfbhCk9VakghnU/hORgjhopExY=' 'sha256-yt+SNVxRkIi6H6yb7ndFuZM1esMX9esg3UpRHaTsyVk=' 'sha256-RTfkQZmZ0tBUVHaDPpG2FAsWDfTFw8/A45ThkJeIpoM=' 'sha256-JEwSVBrCE741EV9rbuu3EqBV+pc2dpFhRHIV6+9J0mY=' 'sha256-2plq4GM03FJKXTXN8cyI6ihEm4mywLsJl0EGKsvSsm4=' 'sha256-wODu+VfY8ND+vPVOUkzkfC/1jpkO6aSN5rGEBoSdnys='; font-src 'self' data: https://*.content.powerapps.com https://*.static.powerapps.com https://static2.sharepointonline.com https://*.cdn.office.net https://appsforoffice.microsoft.com https://spoprod-a.akamaihd.net; form-action 'self'; report-uri https://csp.microsoft.com/report/PowerAutomate-MakerPortal; 1
object-src 'none';base-uri 'self';script-src 'nonce-2tttAfN4bRLxEqra7ZiKsg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'report-sample' 'self' 'unsafe-eval' 'nonce-YTFhMzYyOGUtN2FkOC00YjMzLWIzOTYtMTgwNmQxMTY1NzQy' 'strict-dynamic'; report-uri https://browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubd174a6feeb1bbd01bb8483f54eb9a18e&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=service%3Avivid-web-athena%2Cenv%3Aproduction 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: data:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; frame-ancestors 'self'; report-uri https://leafgroup.report-uri.com/r/d/csp/wizard 1
default-src 'self' lesta.ru *.lesta.ru tanki.su *.tanki.su *.edgevideo.ru https://www.youtube.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' tanki.su *.tanki.su lesta.ru *.lesta.ru *.tvsquared.com *.soloway.ru *.cookielaw.org *.onetrust.com *.outbrain.com *.snapchat.com *.edgevideo.ru https://image.sendsay.ru https://top-fwz1.mail.ru https://privacy-cs.mail.ru https://vk.com https://sc-static.net https://ob.cheqzone.com https://analytics.google.com https://www.google.com https://*.adform.net https://www.googleoptimize.com https://www.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://www.googleadservices.com https://*.yandex.ru https://*.yandex.net https://*.yandex.ua https://*.yandex.by https://*.yandex.kz https://*.yandex.com.tr http://*.yandex.ru http://*.yandex.net http://*.yandex.ua http://*.yandex.by http://*.yandex.kz http://*.yandex.com.tr https://*.yandex.st https://*.yandex.com https://*.yandex.fr https://yandex.st https://u360.d-bi.fr https://bat.bing.com https://connect.ok.ru https://*.vk.com https://googleads.g.doubleclick.net https://*.adroll.com https://*.addthis.com https://*.addthisedge.com https://tag.marinsm.com https://pixel-geo.prfct.co https://static.criteo.net https://stackadapt.com https://*.creative-serving.com https://*.criteo.com https://*.vihub.ru https://*.cloudfront.net https://js.gleam.io https://a1.adform.net https://ajax.googleapis.com https://www.youtube.com https://animate.adobe.com https://inv-dmp.admixer.net ; style-src 'self' 'unsafe-inline' lesta.ru *.lesta.ru tanki.su *.tanki.su https://fonts.googleapis.com ; img-src 'self' data: android-webview-video-poster: * ; connect-src 'self' lesta.ru *.lesta.ru tanki.su *.tanki.su *.edgevideo.ru *.cookielaw.org *.onetrust.com *.outbrain.com *.snapchat.com https://privacy-cs.mail.ru https://sendsay.ru https://sc-static.net https://ob.cheqzone.com https://analytics.google.com https://www.google.com wss://lesta.ru wss://tanki.su https://stats.g.doubleclick.net https://*.yandex.ru https://*.yandex.net https://*.yandex.ua https://*.yandex.by https://*.yandex.kz https://*.yandex.com.tr http://*.yandex.ru http://*.yandex.net http://*.yandex.ua http://*.yandex.by http://*.yandex.kz http://*.yandex.com.tr https://*.yandex.st https://*.yandex.com https://*.yandex.fr https://*.addthis.com https://*.google-analytics.com https://*.analytics.google.com https://ymetrica1.com https://*.cloudfront.net https://google.com https://google.ru https://google.com.ua https://google.by https://www.googleoptimize.com https://google.pl https://*.doubleclick.net https://*.googleapis.com ; font-src 'self' lesta.ru *.lesta.ru *.tanki.su https://fonts.gstatic.com ; media-src 'self' lesta.ru *.lesta.ru tanki.su *.tanki.su *.edgevideo.ru ; frame-src 'self' lesta.ru *.lesta.ru tanki.su *.tanki.su *.edgevideo.ru https://*.yandex.ru https://webwisor.com https://metrika.yandex.ru https://metrika.yandex.by https://metrica.yandex.com https://metrica.yandex.com.tr https://tr.snapchat.com https://creativecdn.com https://*.adform.net https://ad3.adfarm1.adition.com https://www.youtube.com https://bid.g.doubleclick.net https://*.criteo.com https://yastatic.net https://*.addthis.com https://gleam.io https://aax-eu.amazon-adsystem.com ; frame-ancestors 'self' https://webwisor.com https://metrika.yandex.ru https://metrika.yandex.by https://metrica.yandex.com https://metrica.yandex.com.tr ; object-src 'self' lesta.ru *.lesta.ru tanki.su *.tanki.su *.edgevideo.ru https://www.youtube.com ; report-uri https://cspreport.lesta.ru/cspreport 1
object-src 'none';base-uri 'self';script-src 'nonce-Znj_E4vfRUJUqXvT7zdS0A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net maxcdn.bootstrapcdn.com 'unsafe-inline' data: *.fontawesome.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.googleapis.com *.google.com https://www.youtube.com https://c.paypal.com/ *.trustpilot.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.gstatic.com https://b.stats.paypal.com/ https://slc.stats.paypal.com/ https://c.paypal.com/ https://cdn.sparkfun.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com *.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com assets.shipperhq.com *.googleapis.com *.fontawesome.com *.google-analytics.com https://bam.nr-data.net https://bam-cell.nr-data.net https://c.paypal.com *.trustpilot.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.magento-datasolutions.com *.magento-ds.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com ovs.shipperhq.com *.googleapis.com *.google-analytics.com https://bam.nr-data.net https://bam-cell.nr-data.net https://payments.sandbox.braintree-api.com/ https://origin-analytics-sand.sandbox.braintree-api.com/ 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://sparkfun.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 1
report-uri https://www.uts.edu.au/api/reporting/;  report-to csp-endpoint; 1
default-src 'self'; script-src 'self' 'nonce-nonce-d0aff9369fe5e02d2279d472da273067'; img-src 'self' data: https:; font-src 'self' https:; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'; block-all-mixed-content 1
object-src 'none';base-uri 'self';script-src 'nonce-YzQvAZmnTTCBypjo4AInkw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-ZMZkIz3QpneNJvwKp416HA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
frame-ancestors 'self'; report-uri https://www.heraldsun.com.au/csp-reports 1
default-src 'self' *.openjdk.java.net feedburner.google.com; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' feeds.feedburner.com *.statcounter.com statcounter.com; img-src 'self' data: *.statcounter.com *.openjdk.java.net feedburner.google.com; frame-ancestors 'none'; report-uri https://openjdk.report-uri.io/r/default/csp/reportOnly 1
default-src data: https: 'unsafe-inline' 'unsafe-eval'; report-uri https://track.buyma.com/csp/report.json 1
media-src blob: https:; worker-src blob: https:; font-src chrome-extension: data: https:; img-src data: blob: about: https: http://track.adform.net; default-src https: blob: data: ms-appx-web: wss: 'unsafe-inline' 'unsafe-eval'; report-uri https://wiwo.report-uri.com/r/d/csp/reportOnly 1
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/about_appsheet_com 1
object-src 'none';base-uri 'self';script-src 'nonce-vEvG2uXKf8Pwp6X8XfuNuA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/panoramio 1
script-src 'unsafe-inline' 'unsafe-eval' blob: https:; object-src 'none'; base-uri 'none'; 1
default-src data: blob: 'unsafe-eval' 'unsafe-inline' px-client.net px-cdn.net pxchk.net perimeterx.net px-cloud.net https: 'self'; script-src 7299633.collect.igodigital.com ajax.cloudflare.com *.bazaarvoice.com bs.serving-sys.com cdn.evgnet.com/beacon/liderdomicilio/pruebas/scripts/evergage.min.js connect.facebook.net deploy.mopinion.com googleads.g.doubleclick.net *.lider.cl media.richrelevance.com recs.richrelevance.com s3.amazonaws.com/mapcity-assets/leaflet-0.7.3/leaflet.js secure-ds.serving-sys.com services.mapcity.com static.cloudflareinsights.com www.google-analytics.com www.google.com www.googletagmanager.com *.googleapis.com static.hotjar.com script.hotjar.com https://cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/slick.min.js *.googleadservices.com *.gstatic.com cdn-widgets.chattigo.com media.flixfacts.com media.flixcar.com 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'none'; report-uri https://csp.walmart.com/c/r/liders 1
script-src 'unsafe-inline' 'self' 'unsafe-eval' https://cdn.jsdelivr.net https://*.ads.linkedin.com https://*.actonservice.com https://promo.skf.com https://*.promo.skf.com https://*.consentmanager.net https://westeurope.livediagnostics.monitor.azure.com https://*.applicationinsights.azure.com https://www.google.com https://*.googleapis.com https://www.googleadservices.com https://connect.facebook.net https://script.hotjar.com https://snap.licdn.com https://static.hotjar.com https://*.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.youtube.com https://service.giosg.com https://bookeo.com https://*.bookeo.com https://hcaptcha.com https://*.hcaptcha.com https://*.qualtrics.com https://recaptcha.net https://*.go-mpulse.net https://*.giosg.com https://googleads.g.doubleclick.net https://www.gstatic.com ;style-src 'unsafe-inline' 'self' https://*.actonservice.com https://hcaptcha.com https://*.hcaptcha.com https://recaptcha.net https://use.fontawesome.com https://service.giosg.com https://fonts.googleapis.com ;media-src blob: https://staging.prod.skf.com https://www.skf.com https://*.skfmediahub.skf.com https://*.consentmanager.net https://promo.skf.com https://*.promo.skf.com https://*.actonservice.com https://www.youtube.com https://hiresmedia.skf.com ;connect-src 'unsafe-inline' https://cs-api.skf.com https://www.googleadservices.com https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://staging.prod.skf.com https://www.skf.com https://maintenanceapps.skf.com https://www.google.com https://product-assist.skf.com https://traceparts-cache.s3.eu-west-1.amazonaws.com https://api.skfbearingselect.com https://www.skfptp.com https://*.actonsoftware.com https://skfsso.skf.com https://*.applicationinsights.azure.com https://*.linkedin.oribi.io https://*.skfmediahub.skf.com https://*.consentmanager.net https://promo.skf.com https://*.promo.skf.com https://*.actonservice.com https://hcaptcha.com https://*.hcaptcha.com https://*.qualtrics.com https://recaptcha.net https://*.googleapis.com https://www.facebook.com wss://*.hotjar.com https://*.hotjar.com https://*.googlevideo.com https://*.doubleclick.net https://webapi.partcommunity.com https://search.skf.com https://webassistants.partcommunity.com https://*.google-analytics.com https://*.analytics.google.com https://*.giosg.com https://bookeo.com https://*.bookeo.com https://*.hotjar.io wss://messagerouter.giosg.com https://*.akstat.io https://*.go-mpulse.net https://*.giosgusercontent.com https://px.ads.linkedin.com ;font-src 'unsafe-inline' 'self' https://*.consentmanager.net https://promo.skf.com https://*.promo.skf.com https://*.actonservice.com https://hcaptcha.com https://fonts.skf.com https://*.hcaptcha.com https://recaptcha.net https://use.typekit.net https://fonts.gstatic.com https://script.hotjar.com https://use.fontawesome.com https://*.giosgusercontent.com data: ;frame-src 'unsafe-inline' 'self' https://www.facebook.com https://skfsso.skf.com https://www.googletagmanager.com https://*.consentmanager.net https://promo.skf.com https://*.promo.skf.com https://*.actonservice.com https://hcaptcha.com https://*.hcaptcha.com https://recaptcha.net https://staging.prod.skf.com https://www.skf.com https://webapi.partcommunity.com https://www.youtube.com/ https://vars.hotjar.com https://www.google.com https://bookeo.com https://*.bookeo.com https://*.clients.giosgusercontent.com https://service.giosg.com https://www.traceparts.com ;img-src 'unsafe-inline' 'self' https://www.google.co.in https://translate.google.com https://fonts.gstatic.com https://www.google.it https://www.google.co.id https://*.doubleclick.net https://api.skfbearingselect.com https://mb.cision.com https://*.skfmediahub.skf.com https://*.consentmanager.net https://promo.skf.com https://*.promo.skf.com https://*.actonservice.com https://hcaptcha.com https://*.hcaptcha.com https://*.qualtrics.com https://recaptcha.net https://*.googleapis.com https://www.google.com https://*.ggpht.com https://www.gstatic.com https://vehicleaftermarket.skf.com https://px.ads.linkedin.com https://p.adsymptotic.com https://*.ads.linkedin.com https://search.skf.com https://yt3.ggpht.com https://*.ytimg.com https://img.youtube.com https://*.promo.skf.com https://*.googleapis.com https://maps.gstatic.com https://promo.skf.com https://www.linkedin.com https://www.facebook.com https://*.google-analytics.com https://*.analytics.google.com https://www.google.com https://cdn.giosgusercontent.com https://static.giosg.com https://www.googletagmanager.com https://script.hotjar.com https://*.akstat.io data: ;object-src 'none'; report-uri https://prod-31.westeurope.logic.azure.com:443/workflows/2f0a4f0089f24f6d9d7b415d6f07fd8d/triggers/manual/paths/invoke?api-version=2016-10-01&sp=%2Ftriggers%2Fmanual%2Frun&sv=1.0&sig=C1rydVOKnq_lklW-AUrwxvZx6LasYM9JWkQL_KvJHkU; report-to endpoint_name 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://tvline.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
default-src 'self'; connect-src https:; font-src 'self' data: cms.zdv.uni-mainz.de cms-cdn.zdv.uni-mainz.de; img-src blob: data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' cms.zdv.uni-mainz.de cms-cdn.zdv.uni-mainz.de; style-src 'self' 'unsafe-inline' cms.zdv.uni-mainz.de cms-cdn.zdv.uni-mainz.de; worker-src 'self' blob:; 1
default-src 'self';    script-src 'report-sample' 'self' https://fw-cdn.com/12317790/4765386.js https://smartfren-789789167165151337-af5e510390d476917346769.freshchat.com/js/widget.js https://snippets.freshchat.com/js/fc-pre-chat-form-v2.js https://www.googletagmanager.com/gtag/js;    style-src 'report-sample' 'self' https://smartfren-789789167165151337-af5e510390d476917346769.freshchat.com https://snippets.freshchat.com;    object-src 'none';    base-uri 'self';    connect-src 'self';    font-src 'self';    frame-src 'self' https://smartfren-789789167165151337-af5e510390d476917346769.freshchat.com;    img-src 'self' https://ucms-api-stg.smartfren.com https://ucms-api.smartfren.com https://www.smartfren.com;    manifest-src 'self';    media-src 'self';    worker-src 'none'; 1
object-src 'none';base-uri 'self';script-src 'nonce-UiBOGT5Q8RDXWdaiVRhY_A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-UergqbhTECCncgGgu6PqFw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-o0RV_3ZQXTqRqWrdBCdgHg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://www.googleadservices.com/pagead/conversion/ https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/destination https://www.google.com/js/bg/ https://www.gstatic.com/external_hosted/highlightjs/highlight.pack.js https://www.gstatic.com/monaco_editor/ https://fonts.gstatic.com/s/e/notoemoji/search/wrapper.js https://www.youtube.com/iframe_api https://translate.google.com/translate_a/element.js https://www-onepick-opensocial.googleusercontent.com/gadgets/js/rpc.js https://www.gstatic.com/_/mss/boq-one-google/_/ https://www.gstatic.com/og/_/js/ https://apis.google.com/js/api.js https://apis.google.com/js/client.js https://www.google.com/tools/feedback/chat_load.js https://www.google.com/tools/feedback/help_api.js https://www.google.com/tools/feedback/load.js https://www.google.com/tools/feedback/open.js https://www.google.com/tools/feedback/open_to_help_guide_lazy.js https://www.gstatic.com/feedback/js/ https://www.gstatic.com/feedback/js/help/prod/service/lazy.min.js https://www.gstatic.com/inproduct_help/api/main.min.js https://www.gstatic.com/inproduct_help/chatsupport/chatsupport_button_v2.js https://www.gstatic.com/inproduct_help/service/lazy.min.js https://www.gstatic.com/uservoice/feedback/client/web/live/ https://www.gstatic.com/uservoice/surveys/resources/prod/js/survey/ https://maps.googleapis.com/maps/api/js https://www.gstatic.com/_/mss/boq-bard-web/_/js/k=boq-bard-web.BardChatUi.en_US.TL-kepwOGBo.2018.O/ https://apis.google.com/_/scs/abc-static/_/js/ https://maps.googleapis.com/maps-api-v3/api/js/ https://maps.googleapis.com/maps/vt https://maps.googleapis.com/maps/api/js/ https://maps.googleapis.com/maps/api/place/js/ https://www.youtube.com/s/player/ https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/BardChatUi/cspreport/fine-allowlist 1
object-src 'none';base-uri 'self';script-src 'nonce-gXW9izjISZDPDlw0uSLAYQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src https: data: blob: wss: 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https://pp.ephapay.net/ https://pp.eshapay.net/ https://scripts.agilone.com/ https://widget.trustpilot.com/ https://edigitalsurvey.com/ https://static.addtoany.com/ https://c.paypal.com/ https://www.paypal.com https://www.paypalobjects.com/ https://www.sandbox.paypal.com/ https://www.zenaps.com/ https://www.youtube.com/ https://*.doubleclick.net/ https://gum.criteo.com/ https://www.facebook.com/ https://*.hotjar.com/ https://s.salecycle.com https://www.googletagmanager.com/ https://www.google.com https://*.customizer.cadesignform.dk/ https://static.criteo.net/ https://www.youtube-nocookie.com/ https://d16fk4ms6rqz1v.cloudfront.net/ https://*.arcot.com/ https://www.securesuite.co.uk/ https://www.clicksafe.lloydstsb.com/ https://secure.barclaycard.co.uk https://*.photorank.me/; report-uri https://csp-violations.external.wickes.co.uk 1
default-src * data: blob: wss: 'unsafe-eval' 'unsafe-inline'; connect-src * wss:; script-src * 'unsafe-inline' 'unsafe-eval'; script-src-elem * 'unsafe-inline'; style-src * 'unsafe-inline'; img-src * data: blob:; object-src * data:; media-src * data:; frame-src *; font-src * data:; manifest-src *; worker-src * blob:; frame-ancestors 'self' *.speechify.com speechify.com; report-uri https://speechify.com/api/csp-reports; report-to speechify 1
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self';report-uri /csp.php 1
img-src data: 15203573.global.siteimproveanalytics.io fonts.gstatic.com www.google.com www.gstatic.com www.seattle.gov 'self' www.googletagmanager.com bugherd-attachments.s3.amazonaws.com cartodb-basemaps-a.global.ssl.fastly.net cartodb-basemaps-b.global.ssl.fastly.net cartodb-basemaps-c.global.ssl.fastly.net cartodb.s3.amazonaws.com cms.seattle.gov content.govdelivery.com d2iiunr5ws5ch1.cloudfront.net education.seattle.gov harrell.seattle.gov live.staticflickr.com powerlines.seattle.gov public.tableau.com sdotblog.seattle.gov sidebar.bugherd.com spdblotter.seattle.gov syndication.twitter.com translate.google.com translate.googleapis.com www.flickr.com www.trumba.com wwwqa.seattle.gov a.gusc.cartocdn.com blob: courts.seattle.gov www.seattlechannel.org; connect-src rum-collector-2.pingdom.net translate.googleapis.com www.google-analytics.com 'self' api.flickr.com cdnjs.cloudflare.com cityenergy-seattle.carto.com data: embedr.flickr.com notify.bugsnag.com region1.google-analytics.com sessions.bugsnag.com sidebar.bugherd.com sockjs.pusher.com translate-pa.googleapis.com wss://ws-mt1.pusher.com www.trumba.com ekr.zdassets.com sdci.zendesk.com api-cdn.usw2.pure.cloud services.arcgis.com; font-src fonts.gstatic.com 'self' data: themes.googleusercontent.com; frame-src platform.twitter.com 'self' data-seattlecitygis.opendata.arcgis.com data.seattle.gov player.vimeo.com public.tableau.com scl.datacapable.com seattlecitygis.maps.arcgis.com spddashboards.seattle.gov syndication.twitter.com ws.petango.com www.facebook.com www.google.com www.instagram.com www.youtube.com sidebar.bugherd.com apps.usw2.pure.cloud gateway.zscalertwo.net maps.seattle.gov; script-src-attr 'unsafe-inline'; script-src-elem 'unsafe-inline' cdn.jwplayer.com cdnjs.cloudflare.com code.jquery.com platform.twitter.com rum-static.pingdom.net siteimproveanalytics.com translate-pa.googleapis.com translate.google.com translate.googleapis.com www.google.com www.googletagmanager.com www.gstatic.com www.seattle.gov www.trumba.com 'self' a.gusc.cartocdn.com ajax.googleapis.com cartodb-libs.global.ssl.fastly.net connect.facebook.net content.govdelivery.com embedr.flickr.com player.vimeo.com public.tableau.com sidebar.bugherd.com spddashboards.seattle.gov ssl.p.jwpcdn.com widgets.flickr.com www.bugherd.com www.flickr.com www.google-analytics.com www.instagram.com static.zdassets.com apps.usw2.pure.cloud www.seattlechannel.org; script-src 'unsafe-eval' connect.facebook.net www.bugherd.com; style-src-attr 'unsafe-inline'; style-src-elem 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com www.gstatic.com 'self' cartodb-libs.global.ssl.fastly.net content.govdelivery.com www.flickr.com www.seattle.gov; report-uri https://seattle.report-uri.com/r/d/csp/wizard 1
default-src 'self' mitel.io *.mitel.io mitel.com *.mitel.com; require-trusted-types-for 'script'; object-src 'self' mitel.io *.mitel.io mitel.com *.mitel.com; 1
default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src *; img-src * data:; style-src * 'unsafe-inline'; font-src * data:; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=W1l7KEBWik3pbgaP_nhO490KMlNGQoTO7LuZCxoRhv8-1752204092-1.0.1.1-MluRFHSZJfx4fu6xYEfdSPR1deuGN7TwuAltVyzgetyipj1ln3IvK0lAbUU6i2zs2VpywjU.nMHu7lCvkem5Jy1ya9KU6ZxUFNZdZOjyk2l5KS5xzlij5ldRRgzycBGnH1U.eHLXB2wShOEI8xqZ9Nhm_m.ciX6hi7WWIqoLNlWAgmg0.xe0RW0BumNlWFXyo23I1NyzEznoZQfLQ8nttg; report-to cf-mtgulbrmsjeoggev 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://cmp.inmobi.com https://cdn.intergient.com https://*.doubleclick.net https://cdn.intergi.com http://cdn.intergient.com https://btloader.com https://c.amazon-adsystem.com https://*.googlesyndication.com https://mowgoats.com; connect-src 'self' https://*.analytics.google.com https://*.google-analytics.com https://jamie-oliver-2.commercelayer.io https://*.googlesyndication.com https://*.doubleclick.net https://*.sentry.io https://*.playwire.com https://*.amazon-adsystem.com https://api.btloader.com https://*.algolia.net https://*.algolianet.com https://auth.commercelayer.io https://*.auth0.com https://csi.gstatic.com https://simple-save.jamieoliver.workers.dev https://s5g.jamieoliver.workers.dev; img-src 'self' https://asset.jamieoliver.com https://www.google.co.uk https://www.google-analytics.com https://px.moatads.com https://ad-delivery.net https://ad.doubleclick.net https://www.googletagmanager.com https://img.youtube.com https://i.ytimg.com https://s.gravatar.com https://*.auth0.com https://*.googlesyndication.com https://csi.gstatic.com https://cdn.sanity.io https://*.wp.com data:; media-src 'self' data:; frame-src 'self' https://td.doubleclick.net https://www.googletagmanager.com https://cdn.intergient.com https://www.youtube.com https://www.youtube-nocookie.com; worker-src 'self' blob:; object-src 'none'; style-src 'self' 'unsafe-inline' https://config.playwire.com; frame-ancestors 'none'; 1
default-src 'self' *.website-files.com scribehow.com cursive.io twitter.com ads-twitter.com *.finsweet.com *.intellimize.co *.intellimizeio.com g.tenor.com *.cursive.io *.doubleclick.net stats.g.doubleclick.net; script-src 'self' 'unsafe-inline' blob: *.website-files.com *.bing.com *.finsweet.com *.intellimize.co *.intellimizeio.com cdnjs.cloudflare.com scribe.involve.me/ *.ubembed.com/ *.google.com *.launchnotes.io/  *.sentry-cdn.com *.outbrain.com embed.typeform.com js.stripe.com *.profitwell.com profitwell.com *.scribehow.com scribehow.com assets.customer.io *.clickagy.com connect.facebook.net assets.calendly.com *.google-analytics.com *.googletagmanager.com snap.licdn.com *.googleanalytics.com *.ads-twitter.com *.twitter.com *.googleadservices.com *.flagsmith.com cdn.rollbar.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net analytics.tiktok.com *.googleoptimize.com ws.zoominfo.com/ r.wdfl.co/rw.js *.googletagmanager.com/gtag/ connect.facebook.net/signals/ bat.bing.com/ ajax.googleapis.com/ *.website-files.com cdn.jsdelivr.net/npm/ *.mxpnl.com connect.facebook.net/en_US/fbevents.js *.cloudfront.net/js/ js.intercomcdn.com/ widget.intercom.io/widget/ *.googleoptimize.com/optimize.js *.googletagmanager.com/gtm.js maps.googleapis.com challenges.cloudflare.com boards.greenhouse.io; style-src 'self' 'unsafe-inline' *.google.com *.website-files.com embed.typeform.com assets.calendly.com fonts.googleapis.com cdn.jsdelivr.net; object-src 'none'; base-uri 'self'; connect-src 'self' *.website-files.com *.pangle-ads.com app.launchnotes.io/ *.finsweet.com *.intellimize.co *.intellimizeio.com *.ads.linkedin.com *.ubembed.com/ *.cloudimg.io *.profitwell.com profitwell.com *.scribehow-dev.com *.scribehow-stage.com *.scribehow-prod.com scribe-api-okta.scribehow-okta.com *.cursive.io *.scribehow.com *.google-analytics.com *.customer.io api-js.mixpanel.com/ *.calendly.com facebook.com/tr *.s3-accelerate.amazonaws.com colony-labs-public.s3.us-east-2.amazonaws.com *.google.com o385127.ingest.sentry.io *.flagsmith.com api.rollbar.com/ bam.nr-data.net bam-cell.nr-data.net *.clickagy.com g.tenor.com ws.zoominfo.com *.analytics.google.com *.googletagmanager.com *.facebook.com/ analytics.tiktok.com api-iam.intercom.io api-js.mixpanel.com bat.bing.com wss://nexus-websocket-a.intercom.io stats.g.doubleclick.net challenges.cloudflare.com *.s3.amazonaws.com; font-src 'self' data: *.google.com assets.launchnotes.io/fonts/ *.webflow.com fonts.gstatic.com *.website-files.com; frame-src 'self' *.google.com *.ubembed.com/ *.finsweet.com *.intellimize.co *.intellimizeio.com cdn.embedly.com *.launchnotes.io/ player.vimeo.com platform.twitter.com/ embed.typeform.com form.typeform.com scribe.involve.me/ calendly.com *.clickagy.com js.stripe.com/ scribehow.com *.scribehow.com app.gong.io *.app.gong.io *.loom.com *.facebook.com *.youtube.com td.doubleclick.net challenges.cloudflare.com boards.greenhouse.io googletagmanager.com; frame-ancestors 'self' *.scribehow.com scribehow.com; img-src 'self' data: media.tenor.com blob: content: *.website-files.com t.co *.scribehow.com *.google.com/ *.profitwell.com *.finsweet.com *.intellimize.co *.intellimizeio.com *.bing.com tr.outbrain.com/ *.s3.amazonaws.com track.customer.io scribehow.com *.s3-accelerate.amazonaws.com *.s3.us-east-2.amazonaws.com *.googleusercontent.com *.google-analytics.com *.googletagmanager.com *.google.by assets.calendly.com *.clickagy.com d3m1fwcc59lqhy.cloudfront.net *.facebook.com id.rlcdn.com *.ads.linkedin.com p.adsymptotic.com api.faviconkit.com *.gstatic.com twemoji.maxcdn.com *.googletagmanager.com gravatar.com image-service.scribehow.com image.scribehow-okta.com *.googletagmanager.com/ pixel-sync.sitescout.com/connectors/clickagy/ sync.crwdcntrl.net/map/ stags.bluekai.com/site/ *.agkn.com/ dpm.demdex.net/ us-u.openx.net/w/ idsync.rlcdn.com/ id.rlcdn.com/ analytics.twitter.com bat.bing.com *.google.rs dna8twue3dlxq.cloudfront.net *.linkedin.com; manifest-src 'self'; media-src 'self' *.website-files.com *.s3.us-east-2.amazonaws.com; worker-src 'self' blob:; child-src blob:; 1
default-src 'self' data: https:;base-uri 'self';font-src 'self' https: data:;form-action 'self' https://*.dotmetrics.net;frame-ancestors https://cue.wanews.com.au 'self';img-src 'self' data: https:;object-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https:;style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests;report-to csp-violations;report-uri https://7news.com.au/csp-report;connect-src 'self' https: data: wss:;frame-src 'self' https:;media-src 'self' data: blob: https:;worker-src 'self' https: data: blob: 1
connect-src 'self' https: 'unsafe-eval' https://*.zoom.us wss://zpns.zoom.us wss://widget-mediator.zopim.com; default-src 'self' https:; font-src 'self' https: data: data: source.zoom.us; img-src 'self' https: data: blob: *.zoom.us https://v2assets.zopim.io https://static.zdassets.com; media-src 'self' https: *.zoom.us; object-src 'none'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob: http://zoom.us *.zoom.us; style-src 'self' https: 'unsafe-inline'; worker-src 'self' https: blob:; report-uri /csp-report 1
object-src 'none';base-uri 'self';script-src 'nonce-RpgpDPfZ2hlNSisXj3sgkQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.google.com *.youtube.com maps.googleapis.com scontent.cdninstagram.com cdn.lightwidget.com lightwidget.com use.fontawesome.com maxcdn.bootstrapcdn.com fonts.gstatic.com cdn.stylevana.com sv9-cdn.stylevana.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.twitter.com *.google.com *.youtube.com maps.googleapis.com scontent.cdninstagram.com cdn.lightwidget.com lightwidget.com yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.twitter.com *.google.com maps.googleapis.com scontent.cdninstagram.com cdn.lightwidget.com lightwidget.com yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.google.com *.youtube.com maps.googleapis.com scontent.cdninstagram.com cdn.lightwidget.com lightwidget.com yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com cdn.stylevana.com gallery.stylevana.com sv9-cdn.stylevana.com *.google.com.hk data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.google.com *.youtube.com maps.googleapis.com scontent.cdninstagram.com cdn.lightwidget.com lightwidget.com yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com cdn.stylevana.com sv9-cdn.stylevana.com *.helpscout.net *.g.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.google.com *.youtube.com maps.googleapis.com scontent.cdninstagram.com cdn.lightwidget.com lightwidget.com yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com fonts.googleapis.com maxcdn.bootstrapcdn.com unsafe-inline cdn.stylevana.com sv9-cdn.stylevana.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.google.com *.youtube.com maps.googleapis.com scontent.cdninstagram.com cdn.lightwidget.com lightwidget.com yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com cdn.stylevana.com sv9-cdn.stylevana.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hallmark.com *.cybersource.com google.com *.google.com *.googleadservices.com *.googleservices.com *.googletagmanager.com *.gstatic.com *.smartystreets.com browser-intake-datadoghq.com edge.adobedc.net *.adobedtm.com *.onetrust.com *.adsrvr.org *.akamaihd.net *.akstat.io *.amazon-adsystem.com *.bing.com *.browser-intake-datadoghq.com *.brsrvr.com *.contentsquare.net *.cookielaw.org *.cquotient.com *.datadoghq-browser-agent.com *.demdex.net *.doubleclick.net *.dxpapi.com *.facebook.com *.facebook.net *.go-mpulse.net *.igodigital.com *.ipredictive.com *.kampyle.com *.medallia.com *.mppglobal.com *.my.salesforce-scrt.com *.my.site.com *.nmgassets.com *.omtrdc.net *.online-metrix.net *.paa-reporting-advertising.amazon *.paypal.com *.paypalobjects.com *.pinimg.com *.pinterest.com *.salesforceliveagent.com *.sc-static.net *.sitelabweb.com *.snapchat.com *.tiktok.com *.tiktokw.us *.videoamp.com *.wandzapi.com *.yahoo.com *.yimg.com bat.bing.net sc-static.net service.force.com static.ads-twitter.com; connect-src 'self' *.hallmark.com *.cybersource.com google.com *.google.com *.googleadservices.com *.googleservices.com *.googletagmanager.com *.gstatic.com *.smartystreets.com browser-intake-datadoghq.com edge.adobedc.net *.adobedtm.com *.onetrust.com *.adsrvr.org *.akamaihd.net *.akstat.io *.amazon-adsystem.com *.bing.com *.browser-intake-datadoghq.com *.brsrvr.com *.contentsquare.net *.cookielaw.org *.cquotient.com *.datadoghq-browser-agent.com *.demdex.net *.doubleclick.net *.dxpapi.com *.facebook.com *.facebook.net *.go-mpulse.net *.igodigital.com *.ipredictive.com *.kampyle.com *.medallia.com *.mppglobal.com *.my.salesforce-scrt.com *.my.site.com *.nmgassets.com *.omtrdc.net *.online-metrix.net *.paa-reporting-advertising.amazon *.paypal.com *.paypalobjects.com *.pinimg.com *.pinterest.com *.salesforceliveagent.com *.sc-static.net *.sitelabweb.com *.snapchat.com *.tiktok.com *.tiktokw.us *.videoamp.com *.wandzapi.com *.yahoo.com *.yimg.com bat.bing.net sc-static.net service.force.com static.ads-twitter.com hmklabs-dotcom-prod-us-west-2-templates.s3.us-west-2.amazonaws.com s3.us-west-2.amazonaws.com *.amazon-adsystem.com render-output-lambda-access-point-011746944759.s3-object-lambda.us-west-2.amazonaws.com; img-src 'self' data: *; style-src * 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self'; form-action 'self' *.cybersource.com *.facebook.com; font-src * 'unsafe-inline'; manifest-src 'self'; frame-src 'self' *.hallmark.com *.cybersource.com sitelabweb.com *.my.site.com *.vimeo.com *.online-metrix.net service.force.com *.snapchat.com *.adsrvr.org *.demdex.net *.doubleclick.net *.google.com *.googletagmanager.com *.ipredictive.com *.kampyle.com *.paypal.com *.pinterest.com *.facebook.com s.amazon-adsystem.com; media-src 'self' *.hallmark.com vimeocdn.com *.vimeocdn.com vimeo.com *.vimeo.com captions.cloud.vimeo.com; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=Ga1W1P9mQwJt0MOywyiM1MdFRGaw8cvZKy5kDAfGHA8-1752196449-1.0.1.1-sZns4fFNNP8GxIpFX2ViEC_gPH7FKuMo.LGCnI4sZTwaaI0A9rWVopwwoE8cv3ox7N0AVATgb61h0bksA.OKY15M_gPqoJWdYiJY3uNxIiUHlQA4LFsU.2Xk6gtzOOnWojHV8z6b7Eh3e5ypRdtW.yw.zV7XEd2G_lo1zbERZSoJEdYmE.ly5WnfaGECV90Lr4TQYgEfKs5c7BcVsX9wFg; report-to cf-umcyeymupcseqlpc 1
default-src 'self' https:; object-src 'none'; img-src 'self' https: blob: data:; font-src 'self' https: data:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https: wss:; report-uri https://buildkite.uriports.com/reports/report 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://hollywoodlife.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
base-uri 'none'; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http: 'nonce-YXRGNwqdJ+YIZL7VP/SIag==' 1
object-src 'none';base-uri 'self';script-src 'nonce-fIFqWnAlYzCXMzM2llGAtA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' *.iheartmedia.com data: blob:; img-src 'self' data: https:; font-src https: data:; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.onetrust.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: *.iheart.com *.qualified.com *.onetrust.com *.google-analytics.com www.googletagmanager.com translate.google.com www.google.com www.gstatic.com assets.adobedtm.com player.vimeo.com img.en25.com cdn.cookielaw.org ftlaunchpad.ai unpkg.com app.livemarketshoppers.com sb.scorecardresearch.com; frame-src 'self' data: *.iheart.com *.iheartmedia.com *.qualified.com player.vimeo.com www.google.com s2138753380.t.eloqua.com; child-src https://*.qualified.com; media-src https://*.qualified.com; object-src 'none'; connect-src 'self' *.iheart.com *.google-analytics.com *.doubleclick.net *.onetrust.com *.demdex.net www.google.com wss://ws.qualified.com *.qualified.com cdn.cookielaw.org; report-uri https://csp.qw.iheartmedia.com/api/report 1
font-src 'self' data:; script-src-attr 'self'; script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ cdnjs.cloudflare.com https://cdn.datatables.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://www.google.com stackpath.bootstrapcdn.com unpkg.com; style-src 'self' cdn.jsdelivr.net cdnjs.cloudflare.com https://cdn.datatables.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://www.instinet.com stackpath.bootstrapcdn.com; style-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self' 1
report-uri https://www.feedingamerica.org/report-uri/reportOnly 1
font-src fonts.gstatic.com use.typekit.net self data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com pay.google.com payments-eu.amazon.com *.amazon.de https://store.plumrocket.com pal-test.adyen.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.adyen.com pay.google.com *.paypal.com self *.doubleclick.net *.criteo.com *.easydmp.net *.snapchat.com https://store.plumrocket.com https://accounts.google.com checkoutshopper-test.adyen.com pal-test.adyen.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.adyen.com pay.google.com *.payments-amazon.com *.media-amazon.com *.paypalobjects.com self *.bing.com *.paypal.com *.google.fr *.electrodepot.fr *.electrodepot.be *.electrodepot.es *.cookielaw.org *.snapchat.com checkoutshopper-test.adyen.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com self sc-static.net *.abtasty.com *.jsdelivr.net *.gstatic.com *.facebook.net *.tiktok.com *.googleapis.com *.easydmp.net *.vzbl.eu *.aticdn.net *.m1by1.com *.woosmap.com *.doubleclick.net *.cookielaw.org *.snapchat.com *.valiuz.com *.mediarithmics.com *.prediggo.services https://accounts.google.com checkoutshopper-test.adyen.com 'self' 'unsafe-eval' 'nonce-OGFtMWFtdHR6Z2FnZDAyaWd0djJmeG9pd3dxbGh5MWI=' 'sha256-W5akSSK6LD5BjIlNICMcXaUObQSRAaj6bs7JHADURBA=' 'sha256-3qVqeAdyxxTdPkkRzqapjGkAUYLahxSrB7Mdup+GPQ0=' 'sha256-2rvfFrggTCtyF5WOiTri1gDS8Boibj4Njn0e+VCBmDI=' 'sha256-p8MCfMHqrovsjRYU9z0bU17dd0z81k/fVbGrtBBiM9g=' 'sha256-0pk2s4oXwBELlC6IBVb3nNaM2PjfjwI2N6OGIX5lx8Y=' 'sha256-nkEZknO0IxNxY/CkTMBhjNhwPvglpYumjx31B4fjkY8='; style-src *.adobe.com fonts.googleapis.com self *.gstatic.com *.electrodepot.fr *.electrodepot.be *.electrodepot.es *.snapchat.com https://accounts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.adyen.com *.google.com google.com payments-eu.amazon.com *.paypal.com self *.snapchat.com *.cookielaw.org *.abtasty.com *.googleapis.com *.vzbl.eu *.criteo.com *.easydmp.net *.xiti.com *.valiuz.com *.doubleclick.net *.mediarithmics.com https://accounts.google.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.electrodepot.fr *.electrodepot.be *.electrodepot.es *.bing.com *.criteo.net *.snapchat.com *.netvigie.com *.xiti.com *.valiuz.com *.googletagmanager.com *.google.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src data: blob:; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*.vtbbo.ru; style-src data: blob: 'unsafe-inline' https://*; img-src data: blob: https://*; connect-src blob: 'self' https://*.vtbbo.ru wss://*.vtbbo.ru https://*.vtbbo.ru wss://chat7.vtb.ru https://chat7.vtb.ru; object-src blob: 'self' https://*; font-src data: blob: 'self' https://*; worker-src blob: 'self' https://*.vtbbo.ru; media-src data: blob: filesystem: 'self' https://*; manifest-src 'self' 1
default-src 'none' ;script-src 'unsafe-eval' 'unsafe-inline' *.starbucks.co.jp *.google.com *.google-analytics.com www.googleadservices.com/pagead/ *.googletagmanager.com *.g.doubleclick.net cdn.optimizely.com/js/ *.facebook.net b92.yahoo.co.jp *.twitter.com d.adlpo.com *.treasuredata.com hm.mieru-ca.com d2fzkgg97cd93o.cloudfront.net platform.sumally.com p.jwpcdn.com jwpsrv.com apis.google.com starbucks-faq.pbcv.sitesearch.jp starbucks-faq.sitesearch.jp rum.optimizely.com s.yimg.jp b97.yahoo.co.jp ci-mpsnare.iovation.com dqpw8dh9f7d3f.cloudfront.net d3vgbguy0yofad.cloudfront.net ajax.googleapis.com auth1.freespot.com collect.ptengine.jp d-cache.microad.jp js.ptengine.jp js.fout.jp cdnjs.cloudflare.com in.treasuredata.com ssl.p.jwpcdn.com ;style-src 'unsafe-inline' *.starbucks.co.jp fonts.googleapis.com starbucks-faq.pbcv.sitesearch.jp starbucks-faq.sitesearch.jp ;img-src data: *.starbucks.co.jp *.google.com *.google.co.jp *.google-analytics.com www.googleadservices.com/pagead/ *.googletagmanager.com *.g.doubleclick.net *.twitter.com d2fzkgg97cd93o.cloudfront.net sumally.com jwpltx.com b97.yahoo.co.jp dqpw8dh9f7d3f.cloudfront.net d3vgbguy0yofad.cloudfront.net collect.ptengine.jp d-track.send.microad.jp target.fout.jp huaban.com map.chizumaru.com s3-ap-northeast-1.amazonaws.com www.google.co.id www.google.co.kr www.google.com.hk www.google.com.sg www.google.com.tw www.google.de www.gstatic.com ;font-src *.starbucks.co.jp fonts.gstatic.com ;media-src d2fzkgg97cd93o.cloudfront.net ;object-src *.starbucks.co.jp ;frame-src *.google.com *.g.doubleclick.net *.facebook.com *.twitter.com sumally.com www.youtube.com js.fout.jp dsp.fout.jp ;connect-src *.starbucks.co.jp *.g.doubleclick.net dwjw4x8nnai5d.cloudfront.net rum.optimizely.com uc.gre d11abxzrrvbz6o.cloudfront.net track.uc.cn ws://ntjp.mieru-ca.com ;report-uri https://sbjcsp2.report-uri.com/r/d/csp/reportOnly; 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn-web.zinio.com https://js-agent.newrelic.com https://*.nr-data.net https://www.googleadservices.com https://www.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.paypal.com https://www.paypalobjects.com https://*.braintreegateway.com https://*.cardinalcommerce.com https://www.googletagmanager.com https://www.google-analytics.com https://zinio-sjc.gravityrd-services.com https://*.zopim.com https://static.zdassets.com https://d1fc8wv8zag5ca.cloudfront.net/2.10.2/sp.js https://cdn.jsdelivr.net https://recaptcha.net https://www.gstatic.com https://connect.facebook.net https://www.facebook.com https://sleeknotecustomerscripts.sleeknote.com https://sleeknotestaticcontent.sleeknote.com https://app.vwo.com;style-src 'self' 'unsafe-inline' https://*.audiencemedia.com data: https://app.vwo.com;img-src 'self' data: blob: https://*.ziniopro.com https://*.audiencemedia.com https://googleads.g.doubleclick.net https://www.google.com https://*.paypal.com https://*.braintreegateway.com https://v2assets.zopim.io https://discover.zinio.com https://sleeknotestaticcontent.sleeknote.com https://analytics.sleeknote.com https://www.google-analytics.com https://www.facebook.com https://www.googletagmanager.com https://dev.visualwebsiteoptimizer.com;media-src 'self' https://static.zdassets.com;connect-src 'self' https://*.audiencemedia.com https://*.ziniopro.com https://*.nr-data.net https://googleads.g.doubleclick.net https://adservice.google.com https://cdn.jsdelivr.net https://*.braintree-api.com https://*.braintreegateway.com https://*.cardinalcommerce.com https://www.paypal.com https://ekr.zdassets.com https://zinio.zendesk.com wss://widget-mediator.zopim.com wss://zinio.zendesk.com https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://collector.datacloud.zinio.com https://www.facebook.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://images.sleeknote.com https://sleeknotestaticcontent.sleeknote.com https://sleeknotecustomerscripts.sleeknote.com https://dev.visualwebsiteoptimizer.com;font-src 'self' https://*.audiencemedia.com https://fonts.gstatic.com https://sleeknotestaticcontent.sleeknote.com;frame-src 'self' https://td.doubleclick.net https://*.paypal.com https://*.braintreegateway.com https://recaptcha.net https://www.facebook.com https://web.facebook.com https://*.sleeknote.com https://app.vwo.com;frame-ancestors none 1
default-src 'self'; script-src 'nonce-GtITLqtywPysWg4/Hgsg5w==' 'strict-dynamic' https: 'unsafe-inline'; style-src 'self' 'unsafe-inline' blob: https://app.getbeamer.com https://assets.openlearning.com https://*.ssl.cf4.rackcdn.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://*.openlearning.com https://oluploadslive.blob.core.windows.net https://front-us-rest.ably.io https://api.amplitude.com https://api.hubapi.com https://api.hubspot.com https://api.ipify.org https://backend.getbeamer.com https://chat.frontapp.com https://www.facebook.com https://find.userpilot.io https://forms.hubspot.com https://iframe.ly https://in.hotjar.com https://learningtime.servicebus.windows.net https://pythonutilityfunctions.azurewebsites.net https://sentry.io https://stats.g.doubleclick.net https://us-west-1-chat-server.frontapp.com https://vc.hotjar.io https://www.google-analytics.com https://pagead2.googlesyndication.com https://static.userguiding.com https://metrics.userguiding.com wss://analytex.userpilot.io wss://front-us-realtime.ably.io wss://*.openlearning.com; font-src 'self' data: https://*.ssl.cf4.rackcdn.com https://assets.openlearning.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; frame-src 'self' https:; img-src 'self' data: blob: https:; manifest-src 'self' https://*.ssl.cf4.rackcdn.com; media-src 'self' https://dev-uploads.openlearning.com https://uploads.openlearning.com https://qencode.blob.core.windows.net; worker-src 'none'; child-src blob:; 1
default-src 'self'; connect-src *; img-src * data:; script-src 'self'; style-src 'self' 'unsafe-inline' https://404-tpa-276.mktoweb.com/; font-src 'self' kit.fontawesome.com ka-p.fontawesome.com https://fast.wistia.net/ data:; form-action 'self'; object-src 'none'; media-src 'self' blob:; frame-src https://www.googletagmanager.com https://td.doubleclick.net/ https://gtm.mycase.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://404-tpa-276.mktoweb.com/; frame-ancestors demo.affinipay.com; upgrade-insecure-requests; block-all-mixed-content 1
report-uri https://www.yelp.com/csp_report_only?id=340645102c1bfdb5&page=csp_report_frame_directives%2Cfull_site_ssl_csp_report_directives&policy_hash=41d0c45536d2a082f11d1cd0e00fde7f&site=www&timestamp=1752198631; frame-ancestors 'self' https://*.yelp.com; default-src https:; img-src https: data: blob:; script-src https: data: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline' data:; font-src data: https:; child-src https: yelp-webview://* yelp://* data:; object-src 'none'; worker-src blob: https:; base-uri 'self'; form-action https: 1
base-uri 'none'; connect-src https://c.increment.com https://c.stripe.dev https://c.stripe.global https://c.stripe.partners blob: https://b.stripecdn.com https://climate.stripe.com https://errors.stripe.com https://ext.stripe.com https://r.stripe.com https://sales-live-chat.stripe.com https://stripe-images.s3.us-west-1.amazonaws.com https://stripe.com https://y4pfttj91h-1.algolianet.com/1/indexes/mkt_partners/query https://y4pfttj91h-2.algolianet.com/1/indexes/mkt_partners/query https://y4pfttj91h-3.algolianet.com/1/indexes/mkt_partners/query https://y4pfttj91h-dsn.algolia.net/1/indexes/mkt_partners/query https://tax-connectors.stripe.com 'self'; default-src 'none'; font-src https://b.stripecdn.com 'self'; form-action https://climate.stripe.com https://stripe.com 'self'; frame-ancestors https://app.contentful.com 'self'; frame-src https://checkout.stripe.dev https://support-conversations.stripe.com https://b.stripecdn.com https://checkout.stripe.com https://crypto-js.stripe.com https://js.stripe.com https://sales-live-chat.stripe.com 'self'; img-src data: https://assets.ctfassets.net https://assets.stripeassets.com https://b.stripecdn.com https://images.ctfassets.net https://images.stripeassets.com https://q.stripe.com https://stripe-camo.global.ssl.fastly.net 'self'; media-src https://assets.ctfassets.net https://assets.stripeassets.com https://b.stripecdn.com https://videos.ctfassets.net https://videos.stripeassets.com 'self'; script-src https://b.stripecdn.com https://crypto-js.stripe.com https://js.stripe.com 'self' 'sha256-3aWvb9tRBjmz1OjR3n7mwiTm94+s4iki4mMZF82asmc=' 'sha256-5LtzXhT7UFn+GqP5pKEMGL08UNZsrzANHFEBW/mQHGw=' 'sha256-beLzNcen8LrazzSCRjAapoIMTgJI0osPWGNSX7aK6lc=' 'sha256-cCM0Z4lzGkzQnmbdVw+ouz0JRawyaKcZ4yiqzqYS7ek=' 'sha256-vTifGUJH6hJYTvstw4xJ4xfr/vE0ELkOV4GpCumyqfg=' 'sha256-KxhSaxKB5RFTQsqfRwp+zG7iLjvMrTAySqnSvWlqct0=' 'report-sample'; style-src https://b.stripecdn.com 'self' 'unsafe-inline'; report-uri https://q.stripe.com/csp-violation?q=Pcz-ATRJDtyl8klqbFSyynFtP4fFhv2HGWFdk6gVUE0J5GY1FU5dIHBr1ar4I3U%3D 1
frame-ancestors 'self'; object-src 'self' 'unsafe-inline'; media-src *.salesforce-sites.com *.lightning.force.com *.storyblok.com *.zdassets.com *.doofinder.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; form-action https://www.facebook.com https://druni.my.salesforce-sites.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://store.plumrocket.com www.paycomet.com api.paycomet.com 'self' 'unsafe-inline'; frame-src http://fast.amc.demdex.net https://www.youtube.com https://www.facebook.com https://app3.salesmanago.pl https://10138016.fls.doubleclick.net https://insight.adsrvr.org https://td.doubleclick.net https://druni.my.salesforce-sites.com https://www.googletagmanager.com https://pay.google.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ https://js.checkout.com *.klarna.com https://store.plumrocket.com www.paycomet.com api.paycomet.com instantcredit.net test.instantcredit.net https://sandbox.sequracdn.com https://live.sequracdn.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.salesforce-sites.com *.lightning.force.com *.hotjar.com *.oct8ne.com *.pinterest.com *.doofinder.com *.empathybroker.com *.empathy.co *.criteo.com 'self' 'unsafe-inline'; connect-src https://dpm.demdex.net http://dpm.demdex.net https://www.paypal.com https://eu1-search.doofinder.com https://shops-si.trustedshops.com https://api.trustedshops.com https://trustbadge.api.etrusted.com https://storytech.io https://analytics.tiktok.com https://region1.analytics.google.com https://vc-service.saleago.com https://api.swogo.net https://content.syndigo.com https://tracking.swogo.net https://www.google.com https://bat.bing.com https://druni.my.salesforce-sites.com https://pay.google.com www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com https://js.checkout.com *.klarnaevt.com *.doofinder.com wss://*.doofinder.com instantcredit.net *.instantcredit.net https://sandbox.sequracdn.com https://live.sequracdn.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.salesforce-sites.com *.lightning.force.com *.oct8ne.com *.zendesk.com *.zopim.com *.doubleclick.net *.hotjar.com *.hotjar.io *.clarity.ms *.smartsuppcdn.com *.googleapis.com *.gstatic.com *.google-analytics.com *.google.es *.connectif.cloud *.klaviyo.com *.photoslurp.com *.zdassets.com *.pinterest.com *.nosto.com *.empathybroker.com *.empathy.co *.target2sell.com 'self' 'unsafe-inline'; img-src data: http://cm.everesttech.net http://amcglobal.sc.omtrdc.net https://asistentecosmeticatest1.herokuapp.com https://ad.doubleclick.net https://p1.zemanta.com https://www.storytech.io https://cdnstory.com https://insight.adsrvr.org https://www.druni.es https://event.syndigo.cloud https://ui.swogo.net https://googleads.g.doubleclick.net https://tau.collect.igodigital.com widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com cdn.doofinder.com instantcredit.net test.instantcredit.net https://sandbox.sequracdn.com https://live.sequracdn.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://images.unsplash.com *.salesforce-sites.com *.lightning.force.com *.google.com *.google.es widgets.trustedshops.com *.twitter.com t.co *.azureedge.net *.pinterest.com *.doofinder.com *.bing.com 'self' data: data: 'self' 'unsafe-inline'; font-src http://widgets.trustedshops.com http://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://asistentecosmeticatest1.herokuapp.com https://cdn.checkout.com instantcredit.net test.instantcredit.net maxcdn.bootstrapcdn.com *.salesforce-sites.com *.lightning.force.com fonts.gstatic.com *.azureedge.net *.doofinder.com *.typekit.net *.googleapis.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; style-src http://fonts.googleapis.com http://maxcdn.bootstrapcdn.com https://asistentecosmeticatest1.herokuapp.com https://storytech.io https://druni.my.salesforce-sites.com https://cdn.checkout.com *.doofinder.com instantcredit.net test.instantcredit.net maxcdn.bootstrapcdn.com *.salesforce-sites.com *.lightning.force.com *.photoslurp.com *.nosto.com *.klaviyo.com *.typekit.net *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; script-src http://widgets.trustedshops.com http://www.gstatic.com http://www.google.com https://www.googletagmanager.com https://www.dwin1.com https://eu1-search.doofinder.com https://cdn.doofinder.com https://asistentecosmeticatest1.herokuapp.com https://cdnjs.cloudflare.com/ https://ui.swogo.net https://analytics.tiktok.com https://storytech.io https://bucket.cdnwebcloud.com https://js.adsrvr.org https://js-tag.zemanta.com https://content.syndigo.com https://ct.pinterest.com https://fonts.googleapis.com https://druni.my.salesforce-sites.com https://536005834.collect.igodigital.com www.googleadservices.com www.google-analytics.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.salesmanago.pl *.salesmanago.es *.salesmanago.com https://*.checkout.com *.klarnacdn.net cdn.doofinder.com www.paycomet.com api.paycomet.com instantcredit.net test.instantcredit.net code.jquery.com https://sandbox.sequracdn.com https://live.sequracdn.com *.facebook.net connect.facebook.net graph.facebook.com business.facebook.com *.salesforce-sites.com *.lightning.force.com www.googletagmanager.com *.googleoptimize.com widgets.trustedshops.com static-eu.oct8ne.com static.zdassets.com *.tradedoubler.com *.doubleclick.net *.hotjar.com *.ads-twitter.com smct.co *.bsmartdata.com *.retargeted.co *.bing.com *.clarity.ms *.smartsuppcdn.com *.smartsuppchat.com *.smartsupp.com *.connectif.cloud *.klaviyo.com *.photoslurp.com *.pinimg.com *.nosto.com *.doofinder.com *.empathybroker.com *.unpkg.com *.google.com *.gstatic.com *.target2sell.com 'self' 'unsafe-inline' 'unsafe-eval'; 1
connect-src https://insights.algolia.io https://*.aritzia.com https://browser-intake-us5-datadoghq.com https://cdn.cookielaw.org https://*.cloudfront.net https://*.dynamicyield.com https://webchannel-content.eservice.emarsys.net https://*.forter.com https://*.google-analytics.com https://*.google.com https://*.klarna.com https://x.klarnacdn.net https://*.klarnaevt.com https://*.onetrust.com https://*.quantummetric.com https://recommender.scarabresearch.com https://aritzia.sjv.io https://*.sspinc.io https://*.tiktok.com wss://*.twilio.com https://*.googleapis.com https://*.doubleclick.net https://*.collectivevoice.com https://google.com https://analytics-ipv6.tiktokw.us; default-src https://*.googletagmanager.com https://*.cookielaw.org https://browser-intake-us5-datadoghq.com https://x.klarnacdn.net https://*.klarna.com https://s7d9.scene7.com/ https://*.gstatic.com/ https://sutro-prod01.narvar.com/ https://*.tiktok.com https://*.googleapis.com https://www.ojrq.net/ https://*.collectivevoice.com/ https://*.doubleclick.net https://www.google.ca/ https://*.aritzia.com https://*.google.com https://*.onetrust.com data: blob: 'unsafe-inline' 'self'; frame-ancestors 'self'; object-src 'none'; script-src https://*.aritzia.com https://*.cloudflare.com https://*.cookielaw.org https://*.cquotient.com https://www.datadoghq-browser-agent.com https://dlthst9q2beh8.cloudfront.net https://*.dynamicyield.com https://connect.facebook.net https://*.google.com https://*.googleadservices.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.gstatic.com https://utt.impactcdn.com https://*.klarna.com https://x.klarnacdn.net https://*.googleapis.com https://js.narvar.com https://cdn.quantummetric.com https://*.scarabresearch.com https://static.shopmy.us https://*.sspinc.io https://*.tiktok.com https://*.forter.com https://*.collectivevoice.com https://*.doubleclick.net blob: 'self' 'unsafe-inline' 'unsafe-eval'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=0JpUYRCND.WjZZNOXGjh6nK5i3kd.iHuAgTlVR4D8xM-1752200998-1.0.1.1-N3QGQpKpG6FWHIfi2.HwOqI3uDGBm_Vn2nQ5xjk3XbPalKI4Mh1UilOXd9uTi9a_0ElECNLs.31uK_ZLdtnJ5eOBErYT6ZVZ3FXNA_E1Zovyjotti3GZLz7vvIZ0kbB2_FNjDcVJB3AlhXwgfY3uQUUfojSNGLyWzUuPM_3gr5FmnV7mA4CwX2SnzuJapo5X0iol8ThdxAUpHUkQP._9jA; report-to cf-ccisajyycelawwjr 1
frame-ancestors 'self'; report-uri /scapi/danskespil/security/csp/testreport; 1
object-src 'none';base-uri 'self';script-src 'nonce-1rrS8N2Zh88x3qcn3D1N' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http: 'report-sample';report-uri https://csp.withgoogle.com/csp/scfe 1
default-src https: data: 'unsafe-eval' 'unsafe-inline'; report-uri /csp_reports 1
script-src 'nonce-22e5f7b02c1f4c9ba9c70d3e37adfae3' 'strict-dynamic' 'unsafe-hashes' 'sha256-xrJuOSR6jDaT+bukIUJugsa11m/X5XIE5PpG43kF7Dk=' 'sha256-4NCNDWo1wUYyhR6cZ81TMIh6wd1q9zLwU2XIKzJg5iA='; script-src-attr 'unsafe-hashes' 'sha256-xrJuOSR6jDaT+bukIUJugsa11m/X5XIE5PpG43kF7Dk=' 'sha256-4NCNDWo1wUYyhR6cZ81TMIh6wd1q9zLwU2XIKzJg5iA='; report-to csp-endpoint 1
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://api.github.com/ https://cdnjs.cloudflare.com/ https://cdnjs.cloudflare.com/ajax/libs/ace/1.1.3/ace.js https://connect.facebook.net/en_US/fbevents.js  https://connect.facebook.net/signals/config/ https://js.intercomcdn.com https://js.intercomcdn.com/vendor-modern.7a9ca9be.js https://prod.hackster-cdn.online/ https://snap.licdn.com/li.lms-analytics/insight.min.js https://js.intercomcdn.com/ https://widget.intercom.io/widget/l4h7orei https://www.google-analytics.com/analytics.js https://www.google.com/recaptcha/api.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtm.js  https://www.googletagmanager.com/gtm.js https://www.gstatic.com/recaptcha/; style-src 'report-sample' 'self' 'unsafe-inline' https://prod.hackster-cdn.online https://cdnjs.cloudflare.com/; object-src 'none'; base-uri 'self'; connect-src 'self' blob: https://www.hackster.io/ https://hacksterio.s3.amazonaws.com/ https://7yqjt9bhux-dsn.algolia.net https://analytics.google.com https://api-iam.intercom.io https://api.hackster.io https://o4506440451424256.ingest.sentry.io https://ohm-dot-hackster-io.appspot.com https://prod.hackster-cdn.online https://px.ads.linkedin.com https://px4.ads.linkedin.com https://stats.g.doubleclick.net https://www.google-analytics.com wss://nexus-websocket-a.intercom.io; font-src 'self' data: application/font-woff https://prod.hackster-cdn.online; frame-src 'self' https://lookerstudio.google.com/ https://datastudio.google.com https://www.facebook.com/ https://www.google.com https://www.youtube.com; img-src 'self' data: blob: https://lh6.googleusercontent.com https://lh5.googleusercontent.com https://content.arduino.cc https://avatars.githubusercontent.com https://avatars2.githubusercontent.com/ https://platform-lookaside.fbsbx.com https://www.hackster.io/ https://graph.facebook.com https://gravatar.com https://hackster.imgix.net https://i.ytimg.com https://lh3.googleusercontent.com https://prod.hackster-cdn.online https://px.ads.linkedin.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.newark.com https://px4.ads.linkedin.com; manifest-src 'self' https://prod.hackster-cdn.online; media-src 'self' https://hackster.imgix.net; report-uri https://6620045c077c1adc81b63f22.endpoint.csper.io/?v=2; worker-src blob:; 1
script-src 'self' 'unsafe-eval' 'sha256-Tzu6+wuu1SjTdVaXJEV6PivtY9mRqZb0xhhm2BLRAOA=' 'sha256-7IyttL+tUqfo+WQfAWL3v6YMknUKo9ajmbpNtuTjMN0=' 'sha256-3hfUlZv/u0yM7A3uB3JvxOvBYAe8qn24uA4O2An1VRY=' 'sha256-MV1RuepqvbyT5NhbRPeSj1juoiQBimzZ/wO2CMs3kus=' 'sha256-ABZr65Zok8xacqLFUeZR+42Msgxys7C+6WB+vtacJb8=' 'sha256-bHVKPlpu6EceFvLitpQwu5mjjCOghOO0EQqqS41Qn6Q=' 'sha256-wxehmTJycT+YLBVHLN3bWj/zTcxemiqmfRQzTQW8ir4=' 'sha256-xCJKn7hMM9SELWl17uBsfarS81wpzMEJEmq9eKBxtzs=' 'sha256-+2rXXU3laxTDtQNsImGyQ1X64rn4ISQLNShnWzx821g=' 'sha256-/J1Ywi0oxHQHCpzRvtKWWe4P+hIt7HcIaSwR9c4c5Rs=' 'sha256-39X4GDwTjoEuiHC/2kJYF7mNFjiDloAgzPDJAZFmXUA=' 'sha256-4H8OjgRPgGcbXIWnunILQFptlaDulDAprEkdWAmd5rs=' 'sha256-6ncdpKw08Cc1EFsSeeLsVjAIaYvgm1rBcI4cNp12+Qw=' 'sha256-7PIxQkJpqFtF3ibD6pIWa3xB9NioZz/ynQRYzL0/GQk=' 'sha256-7gtkfRfWNDeobU0B/hfsPp2BIWvoaQl9Qnyy5LiRnxs=' 'sha256-FCJSELYJJqB55vIG3t/ph5fM8YdnNvdK1wyBgKoLBv8=' 'sha256-FTGWq2sxofS5L8Yq87ilEpDqn9l5NkLK0cc3sd7OvnM=' 'sha256-IHOzCHp//Jl1lFsowvMxAPGD+T7zlnWM2mFk53CcUCQ=' 'sha256-Lbd7CfEvDCWYMyHY0+sXbfaSIJoSyADQN1msRc5GDNI=' 'sha256-UIJOLWy/Osv+QGQ4imdRlRujM6eUI1MSyU7o0yUPUZY=' 'sha256-ZdDTEfl8xrGn7iZ/2mMDizDIe6JRmep2vz9STHJi4Zs=' 'sha256-av+IGVQJsQwpqceEC0sQFA8e9C8QabH8uLcfyhwM7SQ=' 'sha256-eVK40NIq3UGWc8qEju5kUvLu1HgsUzj88BW49m/q4j0=' 'sha256-ggRYfkK/3LVUNlNZMQmNN9BFxap4CrJfPbtZ6v2xbjo=' 'sha256-grcTsfRWbkeUhSuDjdKCkH5D8wGl/7m/mQ40fxHu0mw=' 'sha256-jFtAwO73SFINACr8TD6icHqaE8VW008cFmXWwD0f9fM=' 'sha256-r217nY7GmxmFONoUAdkKv3HkplOIco6U4dEWu4mrSIs=' 'sha256-u24cgm8XlTjNvJyJKe51ekUDI8IYMtxoJZ/6Obf/+y0=' 'sha256-xGfPUma/ZEUO/hLpxJqIvAXja0IQ6z6bdVSim0NgRs0=' 'report-sample' https://*.doubleclick.net https://*.cdn4.forter.com https://*.google.com https://*.googleadservices.com https://*.googlesyndication.com https://*.googletagservices.com https://*.nr-data.net https://*.yahoo.com https://api.bounceexchange.com https://assets.bounceexchange.com https://at1.listrakbi.com https://bat.bing.com https://bam.nr-data.net https://cdn.attn.tv https://cdn.browsiprod.com https://connect.facebook.net https://code.jquery.com https://cdn.jsdelivr.net https://content.linkedin.com https://cdn.listrakbi.com https://connect.nosto.com https://cdn.roirevolution.com https://f.clarity.ms https://googleads.g.doubleclick.net https://graph.facebook.com https://geoipwebservice.com https://google-analytics.com https://googletagmanager.com https://guarantee-cdn.com https://js.facebook.com https://js-agent.newrelic.com https://platform.linkedin.com https://query.yahooapis.com https://r.bing.com https://r.webeyez.com https://static.cloudflareinsights.com https://ssl.google-analytics.com https://snap.licdn.com https://static-exp1.licdn.com https://services.listrak.com https://s1.listrakbi.com https://s.pinimg.com https://sec.webeyez.com https://s.yimg.com https://tag.bounceexchange.com https://tagmanager.google.com https://www.clarity.ms https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://sdk.helloextend.com/extend-sdk-client/v1/extend-sdk-client.min.js https://cdn1.affirm.com/js/v2/affirm.js https://*.clarity.ms/s/0.6.34/clarity.js;frame-ancestors 'self' *.yahoo.com s.yimg.com;frame-src https://www.affirm.com/ https://creatives.attn.tv/ https://r.webeyez.com/ https://assets.bounceexchange.com/;block-all-mixed-content;style-src 'self' 'report-sample' 'unsafe-inline' *.licdn.com *.google.com *.bing.com code.jquery.com cdn.jsdelivr.net cdn.listrakbi.com www.googletagmanager.com;object-src *.googlesyndication.com;child-src 'self' blob: *.googlesyndication.com *.google.com *.facebook.com *.doubleclick.net connect.facebook.net www.googletagmanager.com;base-uri 'self' *.yahoo.com;form-action 'self' *.google.com *.facebook.com connect.facebook.net;worker-src 'self' blob: www.google.com; report-to default 1
img-src 'self' blog.mozilla.org data: images.ctfassets.net www.google-analytics.com www.googletagmanager.com www.mozilla.org; form-action 'self' https://accounts.firefox.com/ https://basket.mozilla.org; upgrade-insecure-requests; default-src 'self' *.mozilla.org; object-src 'none'; frame-src 'self' accounts.firefox.com js.stripe.com www.google-analytics.com www.googletagmanager.com www.youtube.com; base-uri 'none'; frame-ancestors 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' js.stripe.com s.ytimg.com tagmanager.google.com www.google-analytics.com www.googletagmanager.com www.mozilla.org www.youtube.com; style-src 'self' www.mozilla.org; media-src 'self' assets.mozilla.net videos.cdn.mozilla.net www.mozilla.org; connect-src 'self' https://accounts.firefox.com/ https://basket.mozilla.org o1069899.ingest.sentry.io o1069899.sentry.io region1.google-analytics.com www.google-analytics.com www.googletagmanager.com www.mozilla.org/submit/bedrock/; font-src 'self' www.mozilla.org 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.vibe.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
default-src https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.paa-reporting-advertising.amazon https://*.twitch.tv https://*.amazongames.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://chat.amazon.eu https://chat.amazon.co.jp https://sentry.amazongames.com https://d13pe3bn1jpqwf.cloudfront.net; script-src 'nonce-35b3f84024204de9bdff910b69aa7f76'  https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.paa-reporting-advertising.amazon https://*.twitch.tv https://*.amazongames.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://chat.amazon.eu https://chat.amazon.co.jp https://sentry.amazongames.com https://d13pe3bn1jpqwf.cloudfront.net; style-src 'self' 'nonce-35b3f84024204de9bdff910b69aa7f76'  https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.paa-reporting-advertising.amazon https://*.twitch.tv https://*.amazongames.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://chat.amazon.eu https://chat.amazon.co.jp https://sentry.amazongames.com https://d13pe3bn1jpqwf.cloudfront.net; img-src 'self' data:  https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.paa-reporting-advertising.amazon https://*.twitch.tv https://*.amazongames.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://chat.amazon.eu https://chat.amazon.co.jp https://sentry.amazongames.com https://d13pe3bn1jpqwf.cloudfront.net https://*.twimg.com https://player.twitch.tv/ https://*.ytimg.com; media-src 'self' data:  https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.paa-reporting-advertising.amazon https://*.twitch.tv https://*.amazongames.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://chat.amazon.eu https://chat.amazon.co.jp https://sentry.amazongames.com https://d13pe3bn1jpqwf.cloudfront.net https://*.twimg.com https://player.twitch.tv/ https://www.youtube.com https://youtube.com https://*.googlevideo.com; frame-src https://www.youtube.com https://youtube.com https://*.googlevideo.com https://*.twimg.com https://player.twitch.tv/  https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.paa-reporting-advertising.amazon https://*.twitch.tv https://*.amazongames.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://chat.amazon.eu https://chat.amazon.co.jp https://sentry.amazongames.com https://d13pe3bn1jpqwf.cloudfront.net; report-uri https://www.amazon.com/1/batch/2/OE/mid=ATVPDKIKX0DER:sid=136-3309206-7514257:rid=594202B5D09247619D8E:sn=www.amazongames.com 1
default-src 'self' https://*.sugarondemand.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.avery.com https://*.osano.com https://analytics.tiktok.com https://www.google-analytics.com https://s.pinimg.com https://*.bazaarvoice.com https://*.dynamicyield.com https://js.squarecdn.com https://*.usablenet.com https://www.googletagmanager.com https://*.livechatinc.com https://unpkg.com/web-vitals/dist/web-vitals.iife.js https://*.google.com https://*.debugbear.com https://cdnjs.cloudflare.com/ajax/libs/picturefill/3.0.3/picturefill.min.js https://cdn.jsdelivr.net/npm/jquery@3.5.1/dist/jquery.slim.min.js https://cdn.jsdelivr.net/npm/bootstrap@4.1.3/dist/js/bootstrap.min.js https://cdnjs.cloudflare.com/ajax/libs/tether/1.4.0/js/tether.min.js https://*.salesloft.com https://*.bc0a.com https://*.attn.tv https://*.lrkt-in.com https://connect.facebook.net https://www.gstatic.com https://ct.pinterest.com https://*.curalate.com https://www.redditstatic.com https://*.doubleclick.net https://*.bing.com https://cdn.dashhudson.com/web/js/board-carousel-embed.js https://cdn.jsdelivr.net/npm/swiper@11/ https://*.cloudinary.com https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js https://cdn.jsdelivr.net/npm/popper.js@1.16.1/dist/umd/popper.min.js https://cdnjs.cloudflare.com/ajax/libs/lightbox2/2.11.5/js/lightbox-plus-jquery.min.js 'wasm-unsafe-eval' https://*.glance.net https://*.glancecdn.net; style-src 'self' 'unsafe-inline' https://*.avery.com https://fonts.googleapis.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css https://*.typekit.net https://cdn.jsdelivr.net/npm/swiper@11/swiper-bundle.min.css https://cdnjs.cloudflare.com/ajax/libs/lightbox2/2.11.5/css/lightbox.min.css https://*.glance.net https://*.glancecdn.net; img-src 'self' data: https://*.avery.com https://www.google-analytics.com https://www.googletagmanager.com https://*.afterpay.com https://*.bazaarvoice.com https://*.doubleclick.net https://*.usablenet.com https://www.facebook.com https://*.dynamicyield.com https://*.livechatinc.com https://s3.amazonaws.com https://*.gstatic.com https://*.sugarondemand.com https://i.ytimg.com https://*.reddit.com https://*.bing.com https://*.cloudfront.net https://likeshop.me https://images.dashsocial.com https://images.dashhudson.com https://*.google.com https://*.glance.net https://*.glancecdn.net; font-src 'self' data: https://*.avery.com https://fonts.gstatic.com https://cdnjs.cloudflare.com https://*.squarecdn.com https://*.bazaarvoice.com https://*.typekit.net https://likeshop.me https://*.glance.net https://*.glancecdn.net; connect-src 'self' https://*.avery.com https://*.dynamicyield.com https://*.doubleclick.net https://dy-api.com https://www.google-analytics.com https://*.osano.com https://ct.pinterest.com https://analytics.tiktok.com https://*.bazaarvoice.com https://*.salesloft.com https://*.lrkt-in.com https://*.bc0a.com https://events.attentivemobile.com https://*.attn.tv https://*.afterpay.com https://server-side-tagging-ykzfrilmoq-uc.a.run.app https://*.amplitude.com https://*.google.com https://*.salsify.com https://salsify-ecdn.com https://*.curalate.com https://ls.chatid.com/events https://*.reddit.com https://www.redditstatic.com https://*.debugbear.com https://*.bing.com https://www.googleadservices.com https://api.likeshop.me/gallery-more https://www.facebook.com *.livechatinc.com wss://*.glance.net https://*.glance.net https://*.glancecdn.net https://direct-collect.dy-api.com; frame-src 'self' https://*.avery.com https://ct.pinterest.com https://*.google.com https://*.doubleclick.net https://*.livechatinc.com https://*.afterpay.com https://*.attn.tv https://www.facebook.com https://salsify-ecdn.com https://www.youtube.com https://server-side-tagging-ykzfrilmoq-uc.a.run.app https://www.googletagmanager.com https://s.amazon-adsystem.com https://*.cloudinary.com https://*.sugarondemand.com https://*.glance.net; frame-ancestors 'self' https://*.avery.com https://*.google.com; worker-src 'self' blob:; object-src 'none'; report-uri /next-api/csp-report; report-to csp-endpoint; 1
script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' www.google.com www.gstatic.com www.viewsonic.com ara.paa-reporting-advertising.amazon analytics.google.com c.amazon-adsystem.com px.ads.linkedin.com mpsnare.iesnare.com info.viewsonic.com td.doubleclick.net maxcdn.bootstrapcdn.com ajax.googleapis.com googletagmanager.com www.googletagmanager.com cdn-cookieyes.com www.google-analytics.com snap.licdn.com connect.facebook.net js.adsrvr.org snippet.maze.co snippet.maze.com googleads.g.doubleclick.net partner.viewsonic.com p.yotpo.com b.6sc.co js.zi-scripts.com cdn.jsdelivr.net cdn.lrkt-in.com www.mczbf.com cdn-widgetsrepository.yotpo.com resources.xg4ken.com esources.xg4ken.com blob: static.ads-twitter.com dynamic.criteo.com sslwidget.criteo.com widget.us.criteo.com d18eg7dreypte5.cloudfront.net pi.pardot.com ws-assets.zoominfo.com tags.clickagy.com; report-uri /.webscale/csp-report 1
report-uri https://opensociety.report-uri.com/r/d/csp/reportOnly;base-uri 'self';connect-src 'self' https://log.cookieyes.com https://*.cookieyes.com https://translate.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.ingest.sentry.io https://cdn.matomo.cloud https://theideasletter.matomo.cloud https://cdn.plyr.io https://cdn-cookieyes.com;default-src 'self';form-action 'self';img-src 'self' data: https: https://www.gstatic.com https://*.googletagmanager.com https://theideasletter.matomo.cloud https://*.google-analytics.com https://opensocietyfoundations.imgix.net https://i.ytimg.com;object-src 'self' https://video.ted.com;script-src 'self' 'unsafe-eval' https://translate.googleapis.com https://cdn.plyr.io/3.4.4/plyr.polyfilled.js https://cdnjs.cloudflare.com/ajax/libs/picturefill/3.0.2/picturefill.min.js https://*.google-analytics.com https://*.googletagmanager.com https://www.googletagmanager.com https://www.youtube.com https://www2.osfound.org/shorten https://*.ingest.sentry.io https://cdn.matomo.cloud https://theideasletter.matomo.cloud https://cdncache-a.akamaihd.net https://connect.facebook.net https://public.flourish.studio https://cdn-cookieyes.com 'sha256-6cF9Ywiz6qk2WZRDoFzd0YpRXdxiyGW2ZWo3RNSjlY4=' 'sha256-hcXMpFtYkVL5u4KUMnE+k7z2UwPrc91qeu7d6BAD2wg=' 'sha256-6vmNTbfgubexXPiaZdcqfKCk+vKBe9cfsKsAciXQtMg=' 'sha256-r1aYSsDn5Btub+zo7XZr6P3ZhmNyYTvHf/yjmzIpxT8=' 'sha256-aqdvQaQU9tkorRhtgHldablGaB5SI/SwbLemAOKE7Yo=' 'sha256-Vxv+qm8gMYYzbp7hSMakF5Q81e7GDj/Z5HZYT4ekhho=' 'sha256-uBpmtDakUPHISUCFtaVC869LxTI53EPQREvqhqlxGVU=' 'sha256-h8bC9y2R69GO3nntfTAfOohrJdzeOS7slDdbOSULEJo=' 'sha256-isqZ0Q9pUWxBIyLN3u9Y3hy3MuWSJMoiNKT/nB5AbP8=' 'sha256-E+9KuTkZkFIuiN69g5Y/rS1KDaDR2Wsfoq7Eetly00k=' 'sha256-4A71+eBTUzk+eqeYnEVcDQgmfqADEcilqeQIAiwyPj8=' 'sha256-IQuu99eybyUVQl8tdKPujuMVZMAtiHk2XPu15i9EH4A=' 'sha256-Ft85708B4GnIXzdTu8nxvQbyFHRn0yYy/8Sa3eDtv38=' 'sha256-Rr2cOcZ0xb7Hj5zQ+dbiMS1utknUKamWG8MpHMGpkM8=' 'sha256-FhudaH+D1DhcOfC3dGgEcvkNWiujsnNBXvpOnYT+asw' 'sha256-DqrJErZI/7pog0A9GesbTSM9ARg5dFwEiTotQt+PXns=' 'nonce-7iUuaGHhFVpXhK5Fwn3jAA5wgtVR0KCx';style-src 'self' 'unsafe-inline' https:;frame-src 'self' https://www.youtube.com https://w.soundcloud.com https://www.facebook.com https://player.vimeo.com https://flo.uri.sh;font-src 'self' https: data:;media-src 'self' https:;manifest-src 'self';worker-src 'none' 1
default-src 'self'; script-src * 'unsafe-inline' 'self' https://ajax.googleapis.com/ https://cdn.aliadosporlasalud.com/MX/Salud-Digna/Home/js/owl.carousel.min.js https://cdn.conekta.io/js/latest/conekta.js https://cdn.jsdelivr.net/npm/js-cookie@3.0.1/dist/js.cookie.min.js https://cdn.mouseflow.com/projects/d34f0da7-da31-42cb-a2ea-cdd7b5b7ad16.js https://cdn.socket.io/4.5.0/socket.io.min.js https://cdnjs.cloudflare.com/ajax/libs/Swiper/8.4.4/swiper-bundle.min.js https://connect.facebook.net/signals/config/260859287639784 https://d3fxnri0mz3rya.cloudfront.net/antifraud/key_fNdPxbPkqAt1xF1sYMgQF5w.js https://googleads.g.doubleclick.net/pagead/viewthroughconversion/927312241/ https://maxcdn.bootstrapcdn.com/bootstrap/3.4.1/js/bootstrap.min.js https://script.hotjar.com/modules.f7c079ad889f2e18ab73.js https://sdk.coppelpay.com/coppelpaysdk/CoppelPay.js https://static.hotjar.com/c/hotjar-3464179.js https://stats.g.doubleclick.net/dc.js https://www.clarity.ms/tag/e22cdzfezw https://www.google-analytics.com/analytics.js https://www.google.com/recaptcha/api.js https://www.googleadservices.com/pagead/conversion/927312241/ https://www.googletagmanager.com/gtag/js https://www.gstatic.com/recaptcha/releases/QUpyTKFkX5CIV6EF8TFSWEif/recaptcha__es.js https://www.salud-digna.com/resources/header/js/jquery-ui.min.js; style-src 'report-sample' 'unsafe-inline' 'self' https://ajax.googleapis.com https://cdn.aliadosporlasalud.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://code.jquery.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com; object-src 'none'; base-uri 'self'; connect-src * 'self' https://analytics.google.com https://api.emarketingsd.org https://bitacora-web.salud-digna.site https://cdn.aliadosporlasalud.com https://devolucion-api.salud-digna.site https://r.clarity.ms https://stats.g.doubleclick.net https://www.google-analytics.com https://www.google.com.mx wss://burbuja.sdmkt.org; font-src 'self' data: https://cdn.aliadosporlasalud.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; frame-src * 'self' https://ssl.kaptcha.com https://td.doubleclick.net https://www.google.com https://www.googletagmanager.com; img-src * 'unsafe-inline' 'self' https://beta.salud-digna.site https://cdn.aliadosporlasalud.com https://cdn.comunidadsd.org https://googleads.g.doubleclick.net https://salud-digna.com https://salud-digna.online https://sfo2.digitaloceanspaces.com https://sfo3.digitaloceanspaces.com https://ssl.kaptcha.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.google.com.mx https://www.googletagmanager.com https://www.salud-digna.com; manifest-src 'self'; media-src 'self' https://sd-storage.sfo2.digitaloceanspaces.com; report-uri https://65b7f1e1086f86bedad7bb2c.endpoint.csper.io/?v=0; worker-src 'none'; 1
report-uri https://mon16-normal-useast5.tiktokv.us/monitor_browser/collect/batch/security/?bid=tiktok_pns&ev_type=csp&p=9HTUa1ny1faTqfJKWeeFp&v=4; report-to csp-endpoint; script-src 'report-sample' 'unsafe-eval' *.tiktokcdn-us.com connect.facebook.net ct.pinterest.com; worker-src www.lemon8-app.com/sw.js 1
report-to slardar-endpoint; script-src 'unsafe-eval' 'report-sample' 'nonce-fb3f3db8f1cde33c9cdebaafb23a600e-argus' 'strict-dynamic'; 1
report-uri https://mon.tiktokv.com/monitor_browser/collect/batch/security/?bid=tiktok_pns&ev_type=csp&p=5YUIpA22iPBYqAoxQC38q&v=6; report-to csp-endpoint; script-src 'report-sample' 'self' 'unsafe-eval' blob: 3001.scriptcdn.net analytics.tiktok.com cdn-tos-va.byteintl.net connect.facebook.net decision.etc4.com ext.dianxiaobao.net extensionscontrol.com infird.com js-c.etc4.com l-sou.com lf16-cdn-tos.tiktokcdn-us.com lf16-tiktok-web.tiktokcdn-us.com lf26-cdn-tos.bytecdntp.com ritrag.com secured-pixel.com sf16-short-va.bytedapm.com sf16-website-login.neutral.ttwstatic.com sf16-website.neutral.ttwstatic.com utq.vvipquan.com www.6ppn.com www.googletagmanager.com; worker-src 'self' blob: 1
default-src https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com; script-src https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com 'unsafe-inline' 'unsafe-eval'; style-src https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com 'unsafe-inline'; report-uri /1/batch/2/OE/mid=AF2M0KC94RCEA:sid=144-4856944-4437219:rid=J4SG74NT7PC5390X2H7X:sn=www.acx.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.wellhub.com https://js.appboycdn.com/web-sdk/4.0/braze.no-amd.min.js https://widget-mediator.zopim.com https://js-na1.hs-scripts.com https://static.zdassets.com https://sdk.inbenta.io https://chatbot.backoffice.gympass-staging.com/chatbot-site-gympass-com.js https://cdn.optimizely.com https://maps.googleapis.com https://x.clearbitjs.com https://js.hscollectedforms.net https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com cdn.cookielaw.org/ cdn.segment.com bat.bing.com/bat.js cdn.jsdelivr.net/npm/jquery-validation@1.19.5/dist/jquery.validate.min.js cdn.optimizely.com/js/ cdn.segment.com/analytics.js/ cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.16/jquery.mask.min.js code.jquery.com/jquery-3.6.0.min.js connect.facebook.net/en_US/fbevents.js googleads.g.doubleclick.net/pagead/viewthroughconversion/ j.6sc.co/6si.min.js js.driftt.com/include/ js.hs-analytics.net/analytics/ js.hs-banner.com/ js.hs-scripts.com/ js.hsadspixel.net/fb.js js.hsforms.net/forms/v2.js js.hsleadflows.net/leadflows.js js.usemessages.com/conversations-embed.js rum-static.pingdom.net/ s.yimg.com/wi/ytc.js script.hotjar.com/ snap.licdn.com/li.lms-analytics/ static.hotjar.com/c/ static.hsappstatic.net/MeetingsEmbed/ex/MeetingsEmbedCode.js tag.clearbitscripts.com/v1/ tpc.googlesyndication.com/ unpkg.com/blip-chat-widget clarity.ms/tag/uet/ *.clarity.ms/tag/uet/ https://www.googleadservices.com/pagead/ x.clearbitjs.com/v2/ https://s3.amazonaws.com/raichu-beta/ https://static.play.ht/playht-pageplayer-plugin.js https://bat.bing.com/p/action/ https://connect.facebook.net/signals/config/ https://js.hubspot.com/web-interactives-embed.js https://analytics.tiktok.com/ https://www.clarity.ms/s/ https://static.xingcdn.com/xingtrk/index.js; style-src 'self' 'unsafe-inline' https://sdk.inbenta.io fonts.googleapis.com https://www.googletagmanager.com/ https://s3.amazonaws.com/raichu-beta/ https://static.play.ht/playht-pageplayer-plugin.css; object-src 'none'; base-uri 'self'; connect-src 'self' *.wellhub.com https://unleash-edge-mep.gympass.com https://unleash-edge-mep.gympass.com/api/frontend/ https://traces.observability.prd.us.gympass.cloud/collect https://sdk.iad-03.braze.com/api/v3/data cdn.cookielaw.org/ *.onetrust.com inbenta.io *.inbenta.io https://api.inbenta.io wss://widget-mediator.zopim.com https://zendesk-eu.my.sentry.io *.zendesk.com zendesk.com https://static.zdassets.com https://ekr.zdassets.com https://maps.googleapis.com https://unlogged.users.gympass-staging.com https://www.google-analytics.com analytics.google.com adservice.google.com adservice.google.com/pagead adservice.google.com/pagead/ https://adservice.google.com/pagead https://adservice.google.com/pagead/ https://www.google.com/ https://www.google.com.br/ *.google.com google.com.br api.hubapi.com hubspot.com *.hubspot.com api.segment.io app.clearbit.com bat.bing.com cdn.segment.com epsilon.6sense.com *.optimizely.com optimizely.com *.googleadservices.com googleadservices.com forms.hsforms.com in.hotjar.com ipv6.6sc.co js.hs-banner.com *.clarity.ms rum-collector-2.pingdom.net s.yimg.com stats.g.doubleclick.net unlogged.users.gympass.com https://play.ht/api/v2/ https://places.geo.us-east-1.amazonaws.com https://*.cloudfront.net https://px.ads.linkedin.com https://analytics.tiktok.com/ api.reclameaqui.com.br https://browser-intake-datadoghq.com/api/v2/ https://rum.browser-intake-datadoghq.com/api/v2/ https://www.facebook.com/ https://region1.analytics.google.com/ wss://*.hotjar.com/ https://*.hotjar.io/ https://o4504963224764416.ingest.us.sentry.io/api/ https://www.xing.com/xas/api/tracking_pixel_verification; font-src 'self' data: https://cdn.inbenta.io fonts.gstatic.com https://assets-cdn.gympass.com https://assets-cdn.wellhub.com https://script.hotjar.com/ https://s3.amazonaws.com/play-plugin/build/font; frame-src 'self' https://gympass.chat.blip.ai optimizely.com *.cdn.optimizely.com googleadservices.com bid.g.doubleclick.net forms.hsforms.com js.driftt.com meetings.hubspot.com tpc.googlesyndication.com vars.hotjar.com facebook.com https://www.facebook.com/ www.googletagmanager.com/ https://td.doubleclick.net; img-src 'self' data: https://s3.amazonaws.com/raichu-beta/ https://assets-cdn.gympass-staging.com https://assets-cdn.gympass.com https://assets-cdn.wellhub.com https://images.partners.gympass.com/ https://p.adsymptotic.com https://www.googletagmanager.com cdn.cookielaw.org/ *.inbenta.com inbenta.com https://gympass-staging-images-us.s3.amazonaws.com https://maps.googleapis.com https://maps.gstatic.com *.clarity.ms/ cloudfront.net *.cloudfront.net https://www.google.com/ads/ga-audiences https://www.google.com.br/ads/ga-audiences https://www.google.com/pagead/1p-user-list/ b.6sc.co bat.bing.com https://c.bing.com/ forms-na1.hsforms.com forms.hsforms.com googleads.g.doubleclick.net https://googleads.g.doubleclick.net/ px.ads.linkedin.com sp.analytics.yahoo.com track.hubspot.com facebook.com https://www.google-analytics.com google.com google.com.br www.google.com.br https://www.google.co.uk/ https://www.google.com.ar/ https://www.google.com.mx/ https://www.google.de/ https://www.google.es/ https://www.google.cl/ https://www.google.it/ https://www.facebook.com/ https://fonts.gstatic.com/ https://px4.ads.linkedin.com/collect https://www.linkedin.com/px/ https://ads01.groovinads.com/ https://perf-na1.hsforms.com/embed/v3/counters.gif; manifest-src 'self'; media-src 'self' https://static.zdassets.com; worker-src 'self' *.gympass-staging.com blob:; 1
object-src 'none';base-uri 'self';script-src 'nonce-iODrLe2EbeffQSSghM8OVw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
report-to cf-csp-endpoint 1
object-src 'none';base-uri 'self';script-src 'nonce-FEdONBoDKRYgffZWHbX7cQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self';connect-src 'self' https://analytics.majestic.com https://analytics.majesticseo.com https://*.google-analytics.com https://*.g.doubleclick.net https://*.analytics.google.com https://*.googletagmanager.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.majesticseo.com https://analytics.majestic.com https://info.majestic.com https://*.googletagmanager.com www.google-analytics.com https://www.googleadservices.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://platform.twitter.com/;style-src 'self' 'unsafe-inline';img-src 'self' data: https:;font-src 'none';object-src 'none';media-src 'none';frame-src www.openstreetmap.org www.youtube.com https://www.youtube-nocookie.com/ https://player.vimeo.com/ https://www.google.com/recaptcha/ https://platform.twitter.com/ https://player.captivate.fm/ https://syndication.twitter.com/;child-src www.openstreetmap.org www.youtube.com https://www.google.com/recaptcha/ https://platform.twitter.com/ https://syndication.twitter.com/;frame-ancestors https://docs.google.com https://*.googleusercontent.com;report-uri /csp/report;report-to report-endpoint 1
default-src 'self' https:; base-uri https://www.elysee.fr; block-all-mixed-content; child-src *; font-src 'self' data: https://fonts.gstatic.com https://www.elysee.fr https://admin.elysee.fr https://www.elysee.fr; form-action 'self'; frame-ancestors 'none'; img-src https://stats.g.doubleclick.net data: https://www.elysee.fr https://admin.elysee.fr https://www.elysee.fr https://captcha.liveidentity.com; plugin-types video/*; script-src 'unsafe-inline' https://www.elysee.fr https://isho.elysee.fr https://admin.elysee.fr https://www.elysee.fr https://captcha.liveidentity.com https://platform.twitter.com; style-src https://fonts.googleapis.com 'unsafe-inline' https://www.elysee.fr https://admin.elysee.fr https://www.elysee.fr 1
object-src 'none';base-uri 'self';script-src 'nonce-9dA5r5Fgi9yuVc54AkLoWA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
frame-ancestors 'self'; report-uri https://www.adelaidenow.com.au/csp-reports 1
connect-src 'self' data: *.amazonaws.com *.analytics.google.com *.google-analytics.com *.doubleclick.net *.facebook.com *.googleapis.com *.gstatic.com *.masonline.id *.nr-data.net *.stockbit.com *.stockbit.io *.tiktok.com *.youtube.com wss://*.crisp.chat wss://*.stockbit.com analytics.google.com analytics-ipv6.tiktokw.us api.trongrid.io cdnma.cdnservice.space client.crisp.chat www.google.co.id www.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.stockbit.com analytics.tiktok.com apis.google.com app.midtrans.com bam.nr-data.net client.crisp.chat connect.facebook.net d2r1yp2w7bby2u.cloudfront.net js-agent.newrelic.com midtrans.com nr-data.net sg1.wzrkt.com sg1.clevertap-prod.com www.google-analytics.com www.google.com/recaptcha/api.js www.googletagmanager.com www.gstatic.com/firebasejs/ www.gstatic.com/recaptcha/ www.youtube.com/iframe_api www.youtube.com/s/player/ ssl.google-analytics.com; worker-src blob:; style-src 'self' 'unsafe-inline' *.stockbit.com *.cloudfront.net assets-nextjs.stockbit.com client.crisp.chat translate.googleapis.com; object-src 'none'; media-src 'self' assets-nextjs.stockbit.com; report-uri https://browser-intake-us5-datadoghq.com/api/v2/logs?dd-api-key=pub521231ea4d284aa9bbf819c83a438ad4&dd-evp-origin=content-security-policy&ddsource=csp-report; 1
default-src 'self'; script-src 'self' addevent.com cdn.jsdelivr.net https://cdnjs.cloudflare.com https://polyfill-fastly.io static.addtoany.com; style-src 'self' addtocalendar.com cdn.jsdelivr.net fonts.googleapis.com https://cdnjs.cloudflare.com 1
default-src 'self'; script-src  'self' 'unsafe-inline' 'unsafe-eval' https://cdn.galvia.ai https://helper.portsmouth.galvia.ai www-embed-player.js *.cookiebot.com *.cookiefirst.com *.google-analytics.com www.instagram.com *.facebook.net *.tiktok.com *.ads-twitter.com *.twitter.com lf16-tiktok-web.ttwstatic.com cdn.unibuddy.co *.googletagmanager.com bat.bing.com w.soundcloud.com s.yimg.com sc-static.net snap.licdn.com www.googleadservices.com *.doubleclick.net siteimproveanalytics.com www.youtube.com *.hotjar.com *.linkedin.com service.force.com *.salesforceliveagent.com universityofportsmouth.my.salesforce.com *.formstack.com *.googleapis.com cdn.jsdelivr.net www.google.ie sfapi.formstack.io az416426.vo.msecnd.net discoveruni.gov.uk *.discoveruni.gov.uk *.matterport.com webteamuop.github.io *.port.ac.uk *.secure.force.com portsmouthuni.h5p.com *.go-mpulse.net js-agent.newrelic.com *.algolia.net *.jquery.com bot.ivy.ai bam.nr-data.net *.force.com *.clarity.ms dev.visualwebsiteoptimizer.com artsthread.com tr.snapchat.com tags.srv.stackadapt.com https://rv-vepple-embed.web.app https://builder.lift.acquia.com universityofportsmouth.my.salesforce-sites.com vimeo.com https://player.vimeo.com universityofportsmouth--chatbotdv2.sandbox.my.salesforce.com universityofportsmouth--chatbotdv2.sandbox.my.salesforce-sites.com universityofportsmouth--chatbotdv2.sandbox.lightning.force.com universityofportsmouth.tfaforms.net; object-src 'none'; style-src 'self' 'unsafe-inline'  https://helper.portsmouth.galvia.ai modernizr.min.js *.googleapis.com platform.twitter.com lf16-tiktok-web.ttwstatic.com  *.force.com static.formstack.com formsprod.azureedge.net sfapi.formstack.io port.formstack.com *.cookiefirst.com webteamuop.github.io *.port.ac.uk *.googletagmanager.com artsthread.com tags.srv.stackadapt.com *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com s3.amazonaws.com universityofportsmouth.my.salesforce-sites.com embed.tawk.to *.tawk.to cdn.jsdelivr.net builder.lift.acquia.com *.formstack.io universityofportsmouth--chatbotdv2.sandbox.my.salesforce-sites.com; img-src  'self' data: *.google-analytics.com i.vimeocdn.com i.ytimg.com *.googletagmanager.com jadserve.postrelease.com bat.bing.com sp.analytics.yahoo.com *.siteimproveanalytics.io *.facebook.com *.facebook.net *.twitter.com t.co *.doubleclick.net googleads.g.doubleclick.net *.linkedin.com uks-prd-xp2-cd.azurewebsites.net ormsprod.azureedge.net port.formstack.com maps.gstatic.com *.googleapis.com lh3.ggpht.com www.google.ie *.cookiefirst.com formsprod.azureedge.net discoveruni.gov.uk *.force.com *.universityofportsmouth.my.salesforce.com *.salesforce.com *.port.ac.uk bot.ivy.ai *.clarity.ms *.bing.com dev.visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com cdn.pushcrew.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google eat2mpk5ajg.exactdn.com *.eat2mpk5ajg.exactdn.com blob: https://egopbtuk8gz.exactdn.com *.egopbtuk8gz.exactdn.com *.frontdoorcdn.formstack.io https://frontdoorcdn.formstack.io images.artsthread.com *.google.co.uk https://cdn.galvia.ai/portsmouth/nellie-helper.js https://helper.portsmouth.galvia.ai ; media-src 'self'; frame-src 'self'  https://www.googletagmanager.com https://helper.portsmouth.galvia.ai player.vimeo.com www.youtube.com *.linkedin.com portsmouthuni.h5p.com w.soundcloud.com viewer.joomag.com *.cookiebot.com www.instagram.com *.facebook.com *.tiktok.com *.twitter.com embed.acast.com unibuddy.co popcard.unibuddy.co tr.snapchat.com *.doubleclick.net view.genial.ly service.force.com *.hotjar.com *.matterport.com webteamuop.github.io universityofportsmouth.force.com *.port.ac.uk *.secure.force.com open.spotify.com *.google.com port.cloud.panopto.eu bot.ivy.ai app.nearpod.com *.visualwebsiteoptimizer.com universityofportsmouth.my.salesforce-sites.com *.tawk.to https://cdn.galvia.ai/portsmouth/nellie-helper.js; frame-ancestors 'self' portsmouthuni.h5p.com; child-src 'self' blob:; font-src 'self' data: fonts.gstatic.com use.typekit.net *.modernizr.min.js  static.formstack.com fonts.googleapis.com bot.ivy.ai cdn.scite.ai embed.tawk.to *.tawk.to; connect-src  'self' *.google-analytics.com www.googletagmanager.com marketing.port.ac.uk sentry10.bynder.cloud www.ucas.com *.tiktok.com tr.snapchat.com *.doubleclick.net s.yimg.com *.linkedin.com *.secure.force.com sfapi.formstack.io *.googleapis.com *.algolia.net *.cookiefirst.com ohpuem12fk-3.algolianet.com *.facebook.com vc.hotjar.io dc.services.visualstudio.com prod-discoveruni.azure-api.net cdn.linkedin.oribi.io webteamuop.github.io *.algolianet.com *.go-mpulse.net bam.nr-data.net *.akstat.io *.akamaihd.net *.hotjar.com plugin.ucads.ucweb.com *.clarity.ms tags.srv.stackadapt.com *.visualwebsiteoptimizer.com app.vwo.com *.port.ac.uk vimeo.com universityofportsmouth.my.salesforce-sites.com artsthread.com eu.perz-api.cloudservices.acquia.io *.google.com va.tawk.to embed.tawk.to *.tawk.to wss://*.tawk.to insights.algolia.io virtual.port.ac.uk *.virtual.port.ac.uk *.analytics.pangle-ads.com https://api.portsmouth.rvhosted.com eat2mpk5ajg.exactdn.com *.eat2mpk5ajg.exactdn.com https://google.com blob: https://analytics.pangle-ads.com https://egopbtuk8gz.exactdn.com *.egopbtuk8gz.exactdn.com universityofportsmouth--chatbotdv2.sandbox.my.salesforce-sites.com 1
report-uri /report-violation; form-action 'self' https://*.formlabs.com https://*.marketo.com https://www.facebook.com/tr/; base-uri 'self'; object-src https://formlabs.com https://*.formlabs.com http://localhost:3001; frame-ancestors https://partneruniversity-formlabs.talentlms.com https://university-formlabs.talentlms.com https://internal-formlabs.talentlms.com https://formlabs.com https://*.formlabs.com https://dental.formlabs.com https://careers.formlabs.com http://localhost:3000; upgrade-insecure-requests 1
default-src 'self' image.spreadshirtmedia.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *.go-mpulse.net apis.google.com assets.adobedtm.com *.cloudfront.net nxtck.com ssl.gstatic.com ws.sessioncam.com *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com adtm.spreadshirts.net *.spreadshirt.com ; img-src 'self' data: https: image.spreadshirtmedia.net image.spreadshirtmedia.net *.gstatic.com rtb-csync.smartadserver.com pixel.rubiconproject.com pixel.advertising.com dsum-sec.casalemedia.com cotads.adscale.de www.google-analytics.com eu-u.openx.net ih.adscale.de *.akstat.io www.facebook.com dsum-sec.casalemedia.com ad.yieldlab.net secure.adnxs.com mapping.nxtck.com stats.g.doubleclick.net www.google.com www.google.de cm.g.doubleclick.net ads.yahoo.com sync.ligadx.com eb2.3lift.com s.sspqns.com x.bidswitch.net image2.pubmatic.com sync.outbrain.com nxtck.com *.google-analytics.com *.analytics.google.com *.zdassets.com sanalytics.spreadshirt.com *.spreadshirt.com ; connect-src 'self' https: *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com *.go-mpulse.net *.akstat.io/ *.google-analytics.com *.analytics.google.com wss://*.zendesk.com *.spreadshirt.com ; font-src 'self' https: data: *.spreadshirt.com ; style-src 'self' data: 'unsafe-inline' https: *.spreadshirt.com ; object-src 'none' ; media-src image.spreadshirtmedia.com ; frame-src 'self' https: www.google.com accounts.google.com *.spreadshirt.com ; report-uri https://csp.spreadshirts.net/csp/reportOnly ; 1
default-src 'self';media-src 'self' images-na.ssl-images-amazon.com/images/ m.media-amazon.com samples.audible.co.uk;base-uri 'none';font-src m.media-amazon.com;connect-src 'self' adservice.google.com/pagead/regclk audible.sc.omtrdc.net audible.tt.omtrdc.net ct.pinterest.com dpm.demdex.net fls-na.amazon.com m.media-amazon.com pagead2.googlesyndication.com pixel.quantcount.com sonic.frontier.a2z.com tr.snapchat.com unagi-na.amazon.com unagi.amazon.com us-central1-adaptive-growth.cloudfunctions.net www.facebook.com/tr/ www.google.com/pagead/landing;frame-ancestors 'self';style-src 'self' 'unsafe-inline' images-na.ssl-images-amazon.com;frame-src 'self' 12184389.fls.doubleclick.net 8127728.fls.doubleclick.net audible.demdex.net ct.pinterest.com insight.adsrvr.org match.adsrvr.org td.doubleclick.net tr.snapchat.com www.facebook.com;object-src 'none';img-src 'self' ad.doubleclick.net analytics.twitter.com bat.bing.com ct.pinterest.com fls-na.amazon.com googleads.g.doubleclick.net/pagead/viewthroughconversion/ images-eu.ssl-images-amazon.com images-na.ssl-images-amazon.com lantern.roeye.com m.media-amazon.com pixel.mediaiqdigital.com pixel.quantserve.com secure.adnxs.com t.co www.awin1.com/sread.php www.facebook.com www.google.ca/pagead/1p-user-list/ www.googletagmanager.com;script-src 'self' 'unsafe-inline' apps.rokt.com audible.sc.omtrdc.net bat.bing.com cdn.pdst.fm connect.facebook.net d1g3myji5lplsh.cloudfront.net d2nttevkh1mtzs.cloudfront.net googleads.g.doubleclick.net images-na.ssl-images-amazon.com js.adsrvr.org lantern.roeyecdn.com rules.quantcount.com s.pinimg.com sc-static.net secure.quantserve.com static.ads-twitter.com tr.snapchat.com www.dwin1.com www.googleadservices.com www.googletagmanager.com 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.sportico.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
object-src 'none';base-uri 'self';script-src 'nonce-NYkJ6dI-tiC5QGpOzkkRjg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' app.contentsquare.com t.contentsquare.net *.heapanalytics.com *.2mdn.net *.33across.com *.acexchange.co.kr *.ad-generation.jp *.adagio.io *.addthis.com *.addthisedge.com *.adform.com *.adiiix.com *.adingo.jp *.admanmedia.com *.admixer.com *.admixer.net *.adtech.com *.adtiming.com *.advangelists.com *.advertising.com *.adyoulike.com *.amazon-adsystem.com *.amazon.com *.ampproject.org *.amxrtb.com *.aniview.com *.aol.com *.appnexus.com *.aps.amazon.com *.aralego.com *.avantisvideo.com *.axonix.com *.beachfront.com *.behave.com *.betweendigital.com *.bidmachine.io *.bidstreammedia.com *.bidtellect.com *.bing.com *.blis.com *.braintreegateway.com *.brid.tv *.brightcove.com *.brightcove.net *.chocolateplatform.com *.clarity.ms *.cloudflare.com *.cloudfront.net *.consumable.com *.contextweb.com *.conversantmedia.com *.crazyegg.com *.criteo.com *.criteo.net *.districtm.io *.doubleclick.net *.doubleverify.com *.e-planning.net *.e-volution.ai *.emxdgt.com *.engagebdr.com *.eskimi.com *.exponential.com *.facebook.com *.facebook.net *.fastclick.net *.freewheel.tv *.google-analytics.com *.google.ad *.google.ae *.google.al *.google.am *.google.as *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cat *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com *.google.com.af *.google.com.ag *.google.com.ai *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gr *.google.gy *.google.hn *.google.hr *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kg *.google.ki *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.ms *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.pn *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vg *.google.vu *.google.ws *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.gstatic.com *.gumgum.com *.id5-sync.com *.improvedigital.com *.indexexchange.com *.infolinks.com *.inmobi.com *.inskinmedia.com *.instagram.com *.insticator.com *.jquery.com *.kargo.com *.launchdarkly.com *.lemmatechnologies.com *.lijit.com *.lkqd.com *.lkqd.net *.logan.ai *.loopme.com *.marketo.net *.media.net *.mediago.io *.mediatradecraft.com *.moatads.com *.mobfox.com *.mobileadtrading.com *.my.com *.my6sense.com *.narrativ.com *.nativo.com *.newrelic.com *.nr-data.net *.ogury.com *.onetag.com *.openexchangerates.org *.openx.com *.outbrain.com *.playbuzz.com *.pokkt.com *.prodooh.com *.proper.io *.pubmatic.com *.pubnative.net *.px-cdn.net *.quantcount.com *.quantserve.com *.realself.com *.revcontent.com *.rhythmone.com *.richaudience.com *.risecodes.com *.rlcdn.com *.rsdev.co *.rubiconproject.com *.s-onetag.com *.sharethrough.com *.smaato.com *.smartadserver.com *.smartclip.net *.smartyads.com *.snapengage.com *.somoaudience.com *.sonobi.com *.sovrn.com *.speedcurve.com *.spotx.tv *.spotxchange.com *.springserve.com *.ssp.e-volution.ai *.ssp.logan.ai *.stackadapt.com *.synacor.com *.target.my.com *.teads.tv *.telaria.com *.themediagrid.com *.tremorhub.com *.tribalfusion.com *.triplelift.com *.typekit.net *.ucfunnel.com *.undertone.com *.unrulymedia.com *.vdopia.com *.velismedia.com *.verve.com *.video.unrulymedia.com *.vidoomy.com *.yahoo.com *.yieldmo.com *.zencdn.net btloader.com openexchangerates.org ep2.adtrafficquality.google blob:; worker-src 'self' blob:; frame-ancestors *; form-action *; report-uri https://api.realself.com/v1/rs-csp-sc/csp-info; report-to security-report 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; worker-src blob:; report-uri https://search.ch/api/mixedcontent.json 1
object-src 'none';base-uri 'self';script-src 'nonce-1i7V2Yt8J1DJ01tjtHoayA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://aebdgd.com https://polyfill.io https://api.mindbox.ru https://sso-forms-prod.t-static.ru https://browser.sentry-cdn.com https://captcha-api.yandex.ru https://sdk.kokocads.com https://yandex.ru https://yandex.ru/ads/adfox/ https://get4click.ru https://top-fwz1.mail.ru https://cdn.retailrocket.ru https://www.googletagmanager.com https://yastatic.net https://cdn.diginetica.net https://lcab.talk-me.ru https://x.cnt.my https://gdeslon.ru https://mc.yandex.ru https://vk.com https://cdn.rutarget.ru https://citydsp.com https://retagro.com https://widget.me-talk.ru https://mod.calltouch.ru https://www.google-analytics.com https://clicks.gdeslon.ru https://privacy-cs.mail.ru https://api-maps.yandex.ru https://www.b2b-center.ru/js/public/ https://personalization-web-stable.mindbox.ru https://web-static.mindbox.ru https://s4fmvl.com/ https://sso-forms-prod.s3-msk.tinkoff.ru/tid/ https://aebdgd.ru; report-to csp-violation-endpoint; report-uri https://sentry.adv.ru/api/27/security/?sentry_key=b61ff971011b47378e5c5097a24bf21a 1
object-src 'none';base-uri 'self';script-src 'nonce-JTVOegVs93NomMJxrlZZpw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-Db0FNrhUGpJddXhjUsKRow' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-UDYZ_hkdL1UuzhbjgLbDEw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'self' 'unsafe-eval' 'wasm-unsafe-eval' *.bytescm.com *.bytetos.com *.ibytedapm.com *.zijieapi.com *.snssdk.com *.bytedance.com *.bytedance.net *.pstatp.com *.bytednsdoc.com *.bytegoofy.com *.byted-static.com *.yhgfb-cn-static.com data: blob: 'report-sample' 'nonce-9c95ab8172f8ea9c21d900762660c33b-argus' 'strict-dynamic'; connect-src 'self' *.idouyinvod.com:* *.volcsiriusbd.com:* *.volcsirius.com:* *.tt.x.bsgslb.cn:* *.dy.zzcdnx.com:* *.qc.bsccdn.net:* *.smtcdns.com:* *.ugslb.com:* *.livehwc3.cn:* *.smtcdns.net:* *.bytefcdnrd.com:* *.ksyungslb.com:* *.ksyungslb2.com:* *.ourdvsss.com:* *.tbcache.com:* *.jomodns.com:* *.douyincdn.com:* *.ixigua.com:* *.bdxigualive.com:* *.pstatp.com:* *.douyinliving.com:* *.picovr.com:* *.huoshanlive.com:* *.ihuoshanlive.com:* *.volccdn.com:* *.bestv.com.cn:* *.bytefcdn.com:* *.douyinvod.com:* *.qnqcdn.net:* *.weilayun.com:* *.saxysec.com:* *.saxyit.com:* *.saxydc.com:* *.sjxysec.com:* *.sjxydc.com:* *.hiecheimaetu.com:* *.ppio.cloud:* *.vegslb.com:* *.xsj.wasu.tv:* *.zebracdn.com:* *.volctranscdn.com:* *.hizhecheng.com:* *.sealaly.net:* *.souajki.net:* *.souajki.com:* *.souajki.cn:* *.siomxity.cn:* *.siomxity.com:* *.siomxity.net:* *.uochly.cn:* *.smogfly.cloud:* *.smogfly.club:* *.iquaveizeeru.com:* *.ietheivaicai.com:* *.bytescm.com *.bytetos.com *.ibytedapm.com *.zijieapi.com *.snssdk.com *.bytedance.com *.bytedance.net *.pstatp.com *.bytednsdoc.com *.bytegoofy.com *.byted-static.com *.yhgfb-cn-static.com; frame-ancestors 'self'; upgrade-insecure-requests ; 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.blogher.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
object-src 'none';base-uri 'self';script-src 'nonce-jfzCY8ec9TjCP2tesGWEMg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' 'unsafe-inline' 'unsafe-eval';    font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com data:;     style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com;     script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://a.usbrowserspeed.com https://pg.feroot.com https://static.hsappstatic.net https://js.hs-scripts.com https://js.hubspot.com https://js-na1.hs-scripts.com https://js.hs-banner.com https://js.hs-analytics.net https://js.usemessages.com https://unpkg.com https://cdn.cookielaw.org https://js.hsforms.net https://tag.trovo-tag.com https://www.clarity.ms https://cdn.cookielaw.org https://www.googletagmanager.com https://www.statcounter.com https://s3-us-west-2.amazonaws.com https://r2.leadsy.ai https://api.hubspot.com;     img-src 'self' 'unsafe-inline' data: https://www.googletagmanager.com https://c.clarity.ms https://track.hubspot.com https://cdn.cookielaw.org https://perf-na1.hsforms.com https://forms-na1.hsforms.com;     connect-src 'self' https://pro.ip-api.com https://geolocation.onetrust.com https://pageguard.feroot.com https://api.hubspot.com https://cta-service-cms2.hubspot.com wss://statcounter.io https://s.clarity.ms https://n.clarity.ms https://cdn.cookielaw.org https://forms.hsforms.com https://c.statcounter.com https://www.google-analytics.com https://stats.g.doubleclick.net;     worker-src blob:;     frame-src https://meetings.hubspot.com https://app.hubspot.com https://www.facebook.com;     report-uri https://csp.ferootstage.com/18b81144-3bd3-4865-a794-a12c61fe5488/277c4f84-de2d-44c9-9079-40f8187028cb/collect; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' static.yanan.uxuy.bipal.space uxuyfe-962121777955.asia-southeast1.run.app website-static.uxuy.one  static.uxuy.me  chain-cdn.uxuy.com  www.googletagmanager.com; worker-src blob: 'self' uxuyfe-962121777955.asia-southeast1.run.app *.uxuy.one uxuy.com static.uxuy.me static.yanan.uxuy.bipal.space  www.uxuy.com; object-src 'none'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.google.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://www.magezon.com s3-ap-southeast-1.amazonaws.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.google.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com s3-ap-southeast-1.amazonaws.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'none'; connect-src 'self' data: *; font-src 'self' https://fonts.gstatic.com; img-src 'self' * data: blob: 'unsafe-inline'; media-src 'self' * data: blob: 'unsafe-inline'; script-src 'strict-dynamic' 'unsafe-eval' 'nonce-qMe5mVBxNohBFWOqSTNw3o5b'; style-src 'self' 'unsafe-inline' *; report-uri /marketplace/api/csp-report; frame-src 'self' https://embedded.passkeys.foundation/ https://embedded-wallet.thirdweb.com/ https://www.googletagmanager.com/ https://td.doubleclick.net/ https://privy.abs.xyz/ 1
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/abc_xyz 1
connect-src https://api-iam.intercom.io https://app.launchdarkly.com https://app.napkin.ai https://e.clarity.ms https://events.launchdarkly.com https://identitytoolkit.googleapis.com https://info.napkin.ai https://nlp-california-api.napkin.ai https://o4507804332654592.ingest.de.sentry.io https://openreplay.napkin.ai https://ping.napkin.ai https://region1.analytics.google.com https://stats.g.doubleclick.net https://assets.napkin.ai wss://app.napkin.ai wss://echo.websocket.org wss://nexus-websocket-a.intercom.io;   default-src https://app.launchdarkly.com https://app.napkin.ai https://sentry.io https://events.launchdarkly.com https://info.napkin.ai https://openreplay.napkin.ai https://stats.g.doubleclick.net;   font-src https://assets.napkin.ai https://fonts.gstatic.com https://fonts.napkin.ai https://storage.googleapis.com https://fonts.intercomcdn.com;   frame-src https://app.napkin.ai https://challenges.cloudflare.com;   img-src https://analytics.napkin.ai https://app.napkin.ai https://assets.napkin.ai https://www.google.fr https://storage.googleapis.com https://www.googletagmanager.com data:;   script-src 'unsafe-eval' https://app.napkin.ai https://ctm-app.napkin.ai https://js.intercomcdn.com https://static.cloudflareinsights.com https://widget.intercom.io https://www.clarity.ms https://www.googletagmanager.com https://challenges.cloudflare.com;   script-src-elem 'unsafe-inline' https://app.napkin.ai https://ctm-app.napkin.ai https://js.intercomcdn.com https://static.cloudflareinsights.com https://widget.intercom.io https://www.clarity.ms https://www.googletagmanager.com https://challenges.cloudflare.com;   style-src 'unsafe-inline' https://app.napkin.ai https://assets.napkin.ai https://fonts.googleapis.com https://openreplay.napkin.ai https://storage.googleapis.com;   style-src-elem 'unsafe-inline' https://app.napkin.ai https://assets.napkin.ai https://fonts.googleapis.com https://openreplay.napkin.ai https://storage.googleapis.com;   worker-src 'self' blob:;   report-uri https://o4507804332654592.ingest.de.sentry.io/api/4509394000412752/security/?sentry_key=0621002d682f181bcb62c7a3f77ea20a; 1
default-src 'self' www.youtube.com *.stripe.com *.addthis.com; script-src 'self' assets.sutori.com *.twitter.com *.twimg.com 'unsafe-inline' *.stripe.com apis.google.com 'unsafe-eval' maps.googleapis.com *.crisp.chat *.crisp.im www.youtube.com *.ytimg.com *.addthis.com *.addthisedge.com data: z.moatads.com *.pinterest.com *.iubenda.com cdn.thinglink.me http://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js https://www.thinglink.com *.instagram.com connect.facebook.net *.imgur.com *.flickr.com blob: cdn.headwayapp.co risk.clearbit.com teams.microsoft.com https://cdnjs.cloudflare.com/ajax/libs/lamejs/1.2.0/lame.min.js; script-src-elem assets.sutori.com *.twitter.com *.twimg.com 'unsafe-inline' *.googletagmanager.com *.stripe.com https://apis.google.com/ accounts.google.com 'unsafe-eval' maps.googleapis.com *.crisp.chat *.crisp.im www.youtube.com *.ytimg.com *.addthis.com *.addthisedge.com data: z.moatads.com *.pinterest.com *.iubenda.com cdn.thinglink.me http://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js https://www.thinglink.com *.instagram.com connect.facebook.net *.imgur.com *.flickr.com blob: cdn.headwayapp.co risk.clearbit.com teams.microsoft.com play.vidyard.com challenges.cloudflare.com; worker-src blob: data:; font-src 'self' data: assets.sutori.com fonts.gstatic.com https://client.crisp.chat; connect-src 'self' https://www.googleapis.com wss://www.sutori.com assets.sutori.com s3.amazonaws.com/assets.sutori.com *.google-analytics.com *.stripe.com accounts.google.com maps.googleapis.com api.amplitude.com wss://*.crisp.chat https://*.crisp.chat *.addthis.com https://syndication.twitter.com/settings https://*.wikipedia.org geo.query.yahoo.com *.flickr.com risk.clearbit.com login.microsoftonline.com blob:; img-src 'self' data: * maps.googleapis.com https://maps.gstatic.com/mapfiles/api-3/images/ https://csi.gstatic.com/ https://i.ytimg.com *.addthis.com *.pinterest.com *.iubenda.com; style-src 'self' assets.sutori.com platform.twitter.com 'unsafe-inline' accounts.google.com *.googleapis.com https://client.crisp.chat *.iubenda.com cdn.thinglink.me https://ton.twimg.com cdn.headwayapp.co; media-src 'self' assets.sutori.com https://client.crisp.chat blob:; child-src 'self' * https://www.sutori.com *.stripe.com https://www.google.com/ https://www.youtube-nocookie.com/embed/ https://www.youtube.com/embed/ *.addthis.com *.pinterest.com blob:; manifest-src assets.sutori.com; 1
default-src 'self' bard.edu www.bard.edu inside.bard.edu tools.bard.edu maps.bard.edu opensocietyuniversitynetwork.org; 	form-action 'self' bard.edu www.bard.edu tools.bard.edu connect.bard.edu opensocietyuniversitynetwork.org; 	base-uri 'self' bard.edu www.bard.edu tools.bard.edu opensocietyuniversitynetwork.org; 	font-src 'self' data: www.bard.edu opensocietyuniversitynetwork.org fonts.gstatic.com *.fontawesome.com cdnjs.cloudflare.com; 	style-src 'self' 'unsafe-inline' www.bard.edu tools.bard.edu opensocietyuniversitynetwork.org fonts.googleapis.com *.fontawesome.com tagmanager.google.com *.technolutions.net static.ctctcdn.com cdnjs.cloudflare.com *.curator.io; 	script-src 'self' 'unsafe-inline' 'report-sample' www.bard.edu tools.bard.edu connect.bard.edu explore.bard.edu opensocietyuniversitynetwork.org code.jquery.com player.vimeo.com *.fontawesome.com www.google-analytics.com ssl.google-analytics.com *.googletagmanager.com tagmanager.google.com googleads.g.doubleclick.net connect.facebook.net consent.cookiebot.com cdn.unibuddy.co www.youvisit.com *.technolutions.net analytics.tiktok.com *.curator.io; 	img-src 'self' data: bard.edu www.bard.edu inside.bard.edu tools.bard.edu opensocietyuniversitynetwork.org www.facebook.com trck.youvisit.com ssl.gstatic.com www.gstatic.com www.google.com *.google-analytics.com *.googletagmanager.com curator-assets.b-cdn.net; 	connect-src 'self' www.bard.edu tools.bard.edu opensocietyuniversitynetwork.org *.google-analytics.com *.analytics.google.com analytics.google.com www.google.com *.googletagmanager.com *.doubleclick.net *.technolutions.net analytics.tiktok.com *.curator.io; 	media-src 'self' www.bard.edu tools.bard.edu opensocietyuniversitynetwork.org player.vimeo.com *.vimeocdn.com www.buzzsprout.com curator-assets.b-cdn.net; 	object-src 'self' www.bard.edu tools.bard.edu maps.bard.edu opensocietyuniversitynetwork.org; 	child-src 'self' www.bard.edu tools.bard.edu maps.bard.edu opensocietyuniversitynetwork.org www.youtube.com www.youtube-nocookie.com player.vimeo.com unibuddy.co popcard.unibuddy.co cdn.youvisit.com e.issuu.com; 	frame-src 'self' www.bard.edu tools.bard.edu maps.bard.edu opensocietyuniversitynetwork.org www.youtube.com www.youtube-nocookie.com player.vimeo.com *.googletagmanager.com *.doubleclick.net unibuddy.co popcard.unibuddy.co cdn.youvisit.com e.issuu.com; 	frame-ancestors 'self' www.bard.edu tools.bard.edu opensocietyuniversitynetwork.org; 1
object-src 'none';base-uri 'self';script-src 'nonce-FiCk38JrV_UtqNGs-50f3A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-eyvlWxHFhhnRJOtuH2hSgQ' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All 1
object-src 'none';base-uri 'self';script-src 'nonce-ZrdKeZKgbBdvCTvABCAecQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' js.stripe.com s.ytimg.com tagmanager.google.com www.google-analytics.com www.googletagmanager.com www.mozilla.org www.youtube.com; font-src 'self' www.mozilla.org; connect-src 'self' https://accounts.firefox.com/ https://basket.mozilla.org o1069899.ingest.sentry.io o1069899.sentry.io region1.google-analytics.com www.google-analytics.com www.googletagmanager.com www.mozilla.org/submit/bedrock/; default-src 'self' *.mozilla.org; frame-ancestors 'none'; media-src 'self' assets.mozilla.net videos.cdn.mozilla.net www.mozilla.org; img-src 'self' blog.mozilla.org data: images.ctfassets.net www.google-analytics.com www.googletagmanager.com www.mozilla.org; upgrade-insecure-requests; object-src 'none'; frame-src 'self' accounts.firefox.com js.stripe.com www.google-analytics.com www.googletagmanager.com www.youtube.com; base-uri 'none'; form-action 'self' https://accounts.firefox.com/ https://basket.mozilla.org; style-src 'self' www.mozilla.org 1
default-src 'none'; connect-src 'self' data: https://*.savvycal.com/ https://*.frontapp.com/ https://*.fontawesome.com/ https://*.typekit.net/ https://*.honeybadger.io https://*.convertkit.com/ https://*.convertexperiments.com/ https://*.profitwell.com https://*.usefathom.com/ https://*.wistia.com/ https://fg8vvsvnieiv3ej16jby.litix.io https://pipedream.wistia.com/mput https://embedwistia-a.akamaihd.net/ https://cdnjs.cloudflare.com; font-src 'self' data: https://use.typekit.net https://cdnjs.cloudflare.com https://*.fontawesome.com; frame-src https://savvycal.com/ https://player.vimeo.com https://platform.twitter.com https://syndication.twitter.com https://fast.wistia.com; img-src 'self' data: https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.savvycal.com/ https://*.frontapp.com/ https://*.fontawesome.com/ https://*.typekit.net/ https://*.profitwell.com https://*.usefathom.com/ https://*.honeybadger.io/ https://*.convertkit.com/ https://*.convertexperiments.com/ https://gist.github.com https://*.wistia.com https://cdn.syndication.twimg.com https://platform.twitter.com https://fast.wistia.com/ https://identity.netlify.com/v1/netlify-identity-widget.js https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' blob: https://*.fontawesome.com https://*.typekit.net https://github.githubassets.com/ https://platform.twitter.com https://ton.twimg.com https://cdnjs.cloudflare.com; media-src 'self' data: https://embedwistia-a.akamaihd.net https://*.wistia.com; report-uri https://api.honeybadger.io/v1/browser/csp?api_key=c2f13350&report_only=true&env=production 1
default-src 'self' *.fabfitfun.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.fabfitfun.com *.recurly.com *.amazonaws.com *.ada.support www.dwin1.com *.google-analytics.com *.doubleclick.net www.googleadservices.com www.googletagmanager.com *.hcaptcha.com hcaptcha.com *.exitintel.com *.facebook.net *.facebook.com *.tiktok.com *.cookielaw.org *.segment.com *.tvsquared.com *.onetrust.com *.adsrvr.org sc-static.net *.zdassets.com *.crrnt.app *.pixlee.com *.roeyecdn.com *.amplitude.com *.bing.com *.googleapis.com *.exitintel.com *.jsdelivr.net *.datadoghq-browser-agent.com *.gladly.com *.braintreegateway.com *.paypal.com *.cloudflare.com *.hotjar.com *.clarity.ms accessibilityserver.org *.userway.org *.tryamped.com *.pinimg.com *.ads-twitter.com *.amped.io *.visualwebsiteoptimizer.com *.amazon-adsystem.com blob:; style-src * 'unsafe-inline' data: blob:; connect-src *; frame-src *; img-src * 'unsafe-inline' data: blob:; font-src * 'unsafe-inline' data: blob:; media-src * blob:; object-src 'none'; 1
default-src data: blob: https: gap: gap-iab: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://dailyvoice.report-uri.com/r/d/csp/reportOnly 1
default-src 'self' 'unsafe-inline' 'unsafe-eval';   font-src 'self' data:;  script-src 'self' 'unsafe-inline' 'unsafe-eval';   frame-src 'self' https://cdn.cohesionapps.com/ https://www.googletagmanager.com/;   connect-src 'self' https://cdn.cookielaw.org/ https://www.google-analytics.com/ https://yg3l958nut-dsn.algolia.net https://www.google.com/ https://geolocation.onetrust.com/ https://bam.nr-data.net https://beam.bestcolleges.com https://api.mobius.highereducation.com https://www.googletagmanager.com/ https://cdn.cohesionapps.com/;   img-src 'self' https://res.cloudinary.com https://navi.cohesionapps.com https://cms.bestcolleges.com/ https://simple-storage-server.highereducation.com/ https://beam.bestcolleges.com data:;   script-src-elem 'self' 'unsafe-inline' https://beam.bestcolleges.com/ https://js-agent.newrelic.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://sb.scorecardresearch.com 1
font-src 'self' *.booztcdn.com fonts.gstatic.com *.booztlet.com *.booztx.com chat.kindlycdn.com fonts.googleapis.com data: ; connect-src 'self' *.visualwebsiteoptimizer.com *.datadoghq.eu *.kronor.io wss://*.kronor.io *.google-analytics.com www.googleadservices.com www.googleoptimize.com api.mkmediaworks.com www.googletagmanager.com *.contentsquare.net kronor.io api.liveshopper.net analytics.tiktok.com cdn.avo.app wss://kronor.io input.noibu.com *.hotjar.com www.google.com www.googleadservices.com stats.g.doubleclick.net www.facebook.com geolocation.onetrust.com *.datadog.eu cdn.cookielaw.org *.hotjar.io *.hotjar.com browser-intake-datadoghq.eu wss://input.noibu.com pagead2.googlesyndication.com *.booztlet.com *.sleeknote.com *.klarnacdn.net *.trustpilot.com *.g.doubleclick.net www.snapengage.com ws.hotjar.com chat.kindlycdn.com *.booztcdn.com www.datadoghq-browser-agent.com *.booztlet.com *.browser-intake-datadoghq.eu dev.visualwebsiteoptimizer.com; child-src 'self' www.googletagmanager.com *.freshchat.com fpt.booztlet.com *.google-analytics.com *.criteo.net www.facebook.com *.trustpilot.com data: blob: ; script-src 'self' data: blob: t.contentsquare.net geolocation.onetrust.com *.datadoghq.eu *.g.doubleclick.net cdn.cookielaw.org www.googletagmanager.com *.sleeknote.com www.google.com *.hotjar.com www.snapengage.com 7276579.collect.igodigital.com *.trustpilot.com static.cloudflareinsights.com *.liveshopper.net sleeknotestaticcontent.sleeknote.com cdn.avo.app *.criteo.com *.klarnacdn.net *.criteo.net connect.facebook.net maps.googleapis.com *.hotjar.io cdn.noibu.com www.googleoptimize.com *.datadog.eu *.booztcdn.com *.kronor.io www.datadoghq-browser-agent.com *.google-analytics.com www.googleadservices.com dev.visualwebsiteoptimizer.com svht.tradedoubler.com analytics.tiktok.com sleeknotecustomerscripts.sleeknote.com 'unsafe-eval' 'unsafe-inline'; style-src 'self' *.sleeknote.com *.booztlet.com *.booztcdn.com *.kronor.io chat.kindlycdn.com data: 'unsafe-inline'; media-src *.booztcdn.com *.booztlet.com storage.googleapis.com; img-src optimize.google.com https: data: blob: 'unsafe-inline'; manifest-src 'self' *.booztlet.com; default-src 'self' *.booztlet.com; frame-ancestors 'self'; report-uri /csp-report/; report-to csp-reports 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.drmartens.com *.adyen.com *.google.com *.onetrust.com *.monetate.net js-agent.newrelic.com *.cloudflare.com static.cloudflareinsights.com *.paypal.com *.klaviyo.com js.afterpay.com cdn.attraqt.io *.forter.com dlthst9q2beh8.cloudfront.net d2nww8zpyj5pk0.cloudfront.net d2w2nqfk3z9hdt.cloudfront.net *.global-e.com www.googletagmanager.com www.google-analytics.com x.klarnacdn.net js.klarna.com assets.ntcacdn.net cdn-widgetsrepository.yotpo.com staticw2.yotpo.com www.recaptcha.net maps.googleapis.com www.googleadservices.com googleads.g.doubleclick.net pagead2.googlesyndication.com ad.doubleclick.net www.gstatic.com connect.facebook.net connect.facebook.net static.srcspot.com analytics.tiktok.com cdn.userway.org bat.bing.com *.attn.tv c.amazon-adsystem.com photorankstatics-a.akamaihd.net widgets.olapic-cdn.com s.pinimg.com ct.pinterest.com *.contentsquare.net tr.snapchat.com sc-static.net *.upsellit.com tag.rmp.rakuten.com www.redditstatic.com api.myunidays.com cdn.unidays.world rum-static.pingdom.net; worker-src 'self'; report-uri /cdn-cgi/script_monitor/report?m=lpo3kbu9_PjTdVHCQ1c9pSrvuidMR8id6fviIVnt0VQ-1752197996-1.0.1.1-x.SsgOC9xyErv2MDdWmX6TwlF5VFlcTlNw24RoOwyFotHcQuVDIVvIIsU1SyaZBvPbBYmXPja0HGucaM7Yee7QSAHB37539Rb0FKrRrr2_s2C4TBT3r4yBCfpuvCSTJ15VVAomBeLoaHpebfK1uLps8WOgJBY_l66q1HwQX.ERiPZ.jEkR4pPZ9WzlNL3Wra8Gi1csqbKL6AhI5kaSuJOw; report-to cf-bllsxkvespexoqov 1
img-src https: data:; connect-src https:; report-uri https://csp-reports.yesware.com/new 1
default-src * 'self' data: 'unsafe-inline' blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.adsrvr.org *.afterpay.com *.amazon-adsystem.com *.braintreegateway.com *.confirmit.com *.datadome.co *.g.doubleclick.net *.liveperson.net *.lpsnmedia.net *.paypal.com *.paypalobjects.com *.px-cloud.net *.quantcount.com *.quantserve.com *.quantummetric.com *.rakuten.com *.sundaysky.com *.taboola.com *.visualwebsiteoptimizer.com *.yottaa.com analytics.tiktok.com apis.google.com applepay.cdn-apple.com assets.adobedtm.com bat.bing.com blob: boards.greenhouse.io cdn-fsly.yottaa.net cdn.jsdelivr.net client.px-cdn.net colrep.sitelabweb.com connect.facebook.net ct.pinterest.com gs.nmgassets.com js.narvar.com maps.googleapis.com pixel.admedia.com s.pinimg.com s3-us-west-2.amazonaws.com sc-static.net tr.snapchat.com trc.taboola.com wasm-eval www.google.com www.googleadservices.com www.googletagmanager.com www.redditstatic.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com www.gstatic.com *.paypalobjects.com; connect-src 'self' *.tiktokw.us www.googleadservices.com *.800svc.net *.800svctest.net www.facebook.com google.com *.1800contacts.com *.1800contactstest.com *.adsrvr.org *.afterpay.com *.amazon-adsystem.com *.analytics.google.com *.braintree-api.com *.braintreegateway.com *.confirmit.com *.datadome.co *.demdex.net *.g.doubleclick.net *.google-analytics.com *.ispot.tv *.liveperson.net *.paypal.com *.buttercms.com *.px-cdn.net *.px-client.net *.px-cloud.net *.pxchk.net *.quantcount.com *.quantserve.com *.quantummetric.com *.quick-renew.com *.reddit.com *.snapchat.com *.sundaysky.com *.taboola.com *.visualwebsiteoptimizer.com *.yottaa.net analytics.google.com analytics.tiktok.com ara.paa-reporting-advertising.amazon assets.adobedtm.com bat.bing.net collector-a.perimeterx.net colrep.sitelabweb.com ct.pinterest.com d.agkn.com gs.nmgassets.com js.narvar.com maps.googleapis.com pips.taboola.com psb.taboola.com s.pinimg.com session.sitelabweb.com ws: www.google.com www.redditstatic.com; report-uri https://1800contacts.report-uri.com/r/t/csp/reportOnly 1
object-src 'none';base-uri 'self';script-src 'nonce-_Y2f770XwdXNxgo0vG_4pg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.fontawesome.com *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.google.com *.youtube.com maps.googleapis.com *.seeedstudio.com static-cdn.seeedstudio.com media-cdn.seeedstudio.com relstatic-cdn.seeedstudio.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com *.twitter.com *.google.com *.youtube.com maps.googleapis.com googleads.g.doubleclick.net *.seeedstudio.com stats.g.doubleclick.net *.facebook.com disqus.com *.disqus.com *.taboola.com seeedstudio.us11.list-manage.com static-cdn.seeedstudio.com relstatic-cdn.seeedstudio.com *.sandbox.braintree-api.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.meetanshi.com googleads.g.doubleclick.net *.seeedstudio.com stats.g.doubleclick.net *.facebook.com disqus.com *.disqus.com *.taboola.com https://bid.g.doubleclick.net seeedstudio.us11.list-manage.com *.sandbox.braintree-api.com *.paypal.com *.certcapture.com; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com *.google.com/ *.meetanshi.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.twitter.com *.google.com maps.googleapis.com *.facebook.com disqus.com *.disqus.com https://bid.g.doubleclick.net googleads.g.doubleclick.net stats.g.doubleclick.net *.taboola.com seeedstudio.us11.list-manage.com *.seeedstudio.com static-cdn.seeedstudio.com relstatic-cdn.seeedstudio.com *.sandbox.braintree-api.com *.weltpixel.com *.certcapture.com *.oscato.com; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://www.magezon.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.meetanshi.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.seeedstudio.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.google.com maps.googleapis.com *.google.com.tw bat.bing.com *.facebook.com *.linkedin.com disqus.com *.disqus.com *.amazonaws.com *.taboola.com *.scorecardresearch.com *.viglink.com p.adsymptotic.com static-cdn.seeedstudio.com media-cdn.seeedstudio.com relstatic-cdn.seeedstudio.com static.cloudflareinsights.com *.gstatic.com *.certcapture.com https://hnd.stats.paypal.com *.oscato.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ chimpstatic.com downloads.mailchimp.com *.list-manage.com *.avada.io *.google.com/ *.meetanshi.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.google.com maps.googleapis.com bazaar-upgrade.seeed.local bat.bing.com connect.facebook.net snap.licdn.com stats.g.doubleclick.net disqus.com *.disqus.com *.disquscdn.com seeedsite.disqus.com *.taboola.com *.scorecardresearch.com *.seeedstudio.com static-cdn.seeedstudio.com media-cdn.seeedstudio.com relstatic-cdn.seeedstudio.com retcode.alicdn.com *.sandbox.braintree-api.com static.cloudflareinsights.com https://www.googletagmanager.com tagmanager.google.com *.certcapture.com https://assets.optile.net *.oscato.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com *.fontawesome.com unsafe-inline *.seeedstudio.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.google.com *.youtube.com maps.googleapis.com static-cdn.seeedstudio.com media-cdn.seeedstudio.com relstatic-cdn.seeedstudio.com nwzimg.wezhan.net *.sandbox.braintree-api.com *.paypal.com tagmanager.google.com *.certcapture.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://get.geojs.io *.avada.io *.meetanshi.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.seeedstudio.com *.twitter.com *.twimg.com *.google.com *.youtube.com maps.googleapis.com googleads.g.doubleclick.net stats.g.doubleclick.net *.facebook.com disqus.com *.disqus.com https://bid.g.doubleclick.net *.taboola.com static-cdn.seeedstudio.com media-cdn.seeedstudio.com relstatic-cdn.seeedstudio.com retcode.alicdn.com arms-retcode.aliyuncs.com/ *.sandbox.braintree-api.com static.cloudflareinsights.com mc.yandex.ru https://www.google-analytics.com *.certcapture.com *.oscato.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com *.certcapture.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self';img-src 'self' data: https://flickr.com https://*.flickr.com https://s.gravatar.com https://s.gravatar.com/avatar https://secure.gravatar.com/avatar https://i1.wp.com/cdn.auth0.com/avatars https://cdn.auth0.com/avatars https://g.stripe.com/ https://ssl.google-analytics.com https://pagead2.googlesyndication.com https://pbs.twimg.com/profile_images/ https://farm66.static.flickr.com https://www.google-analytics.com https://tpc.googlesyndication.com https://pbs.twimg.com https://securepubads.g.doubleclick.net https://*.amazon-adsystem.com https://fundingchoicesmessages.google.com https://*.3lift.com https://ams-pageview-public.s3.amazonaws.com https://www.google.com https://syndication.twitter.com https://image8.pubmatic.com https://googleads.g.doubleclick.net https://*.googleusercontent.com;base-uri 'self';font-src 'self' https: data:;frame-ancestors 'self';frame-src https://js.stripe.com https://platform.twitter.com/ https://syndication.twitter.com/ https://tpc.googlesyndication.com/ https://*.safeframe.googlesyndication.com/ https://www.google.com/ https://googleads.g.doubleclick.net/;connect-src 'self' https: https://securepubads.g.doubleclick.net/pagead/ppub_config https://bam.nr-data.net/events/1/cb925c8058;object-src none;script-src 'self' 'unsafe-inline' report-sample https://js.stripe.com/v3/ https://code.jquery.com/jquery-1.12.4.min.js https://code.jquery.com/jquery-3.4.1.slim.min.js https://code.jquery.com/jquery-migrate-1.4.1.min.js https://cdn.jsdelivr.net/npm/popper.js@1.16.0/dist/umd/popper.min.js https://stackpath.bootstrapcdn.com/bootstrap/4.4.1/js/bootstrap.min.js https://cdnjs.cloudflare.com/ajax/libs/validate.js/0.13.1/validate.min.js https://cdnjs.cloudflare.com/ajax/libs/underscore.js/1.8.3/underscore-min.js https://cdnjs.cloudflare.com/ajax/libs/list.js/1.5.0/list.min.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/ https://ssl.google-analytics.com/ga.js https://js-agent.newrelic.com/nr-spa-1184.min.js https://fundingchoicesmessages.google.com https://bam.nr-data.net https://securepubads.g.doubleclick.net https://www.googletagservices.com https://adservice.google.com https://cdnjs.cloudflare.com/ajax/libs/tether/1.4.0/js/tether.min.js https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js https://cdn.jsdelivr.net/npm/clipboard@2.0.8/dist/clipboard.min.js https://platform.twitter.com/widgets.js https://cdnjs.cloudflare.com/ajax/libs/howler/2.1.1/howler.min.js https://cdnjs.cloudflare.com/ajax/libs/validator/10.9.0/validator.min.js https://*.safeframe.googlesyndication.com/ https://*.googlesyndication.com/ https://platform.twitter.com/js/ https://cdn.ampproject.org http://www.google-analytics.com https://adservice.google.be https://adservice.google.ca https://adservice.google.co.id https://adservice.google.co.mz https://adservice.google.co.th https://adservice.google.co.uk https://adservice.google.co.za https://adservice.google.com.au https://adservice.google.com.ec https://adservice.google.com.hk https://adservice.google.com.ng https://adservice.google.com.np https://adservice.google.com.ph https://adservice.google.com.sa https://adservice.google.de https://adservice.google.es https://adservice.google.fi https://adservice.google.fr https://adservice.google.ie https://adservice.google.it https://adservice.google.lk https://adservice.google.lt https://adservice.google.nl https://adservice.google.no https://adservice.google.rs https://googleads.g.doubleclick.net;script-src-attr none;style-src 'self' https: 'unsafe-inline' report-sample;report-uri https://5f9d927665d1a16209ba908c.endpoint.csper.io 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com static.hsappstatic.net cdn2.hubspot.net no-cache.hubspot.com js.hscollectedforms.net js.hscta.net api.hubapi.com js.hs-analytics.net js.hsleadflows.net js.hsadspixel.net js.hubspotfeedback.com feedback.hubapi.com js.hs-banner.com www.googletagmanager.com www.google.com app.hubspot.com www.google-analytics.com snap.licdn.com js.hs-scripts.com tribl.io j.6sc.co static.oktopost.com ssl.google-analytics.com trk.techtarget.com www.clarity.ms js.qualified.com js.zi-scripts.com okt.to googleads.g.doubleclick.net w.clarity.ms tracking.g2crowd.com js.hsforms.com js.hsforms.net www.gstatic.com 516015.fs1.hubspotusercontent-na1.net 19820949.fs1.hubspotusercontent-na1.net play.hubspotvideo.com play.vidyard.com platform.twitter.com connect.facebook.net platform.linkedin.com s3-us-west-2.amazonaws.com js.driftt.com edge.marker.io www.brighttalk.com www.recaptcha.net www.gstatic.cn embed.typeform.com www.googleadservices.com code.jquery.com; report-uri  https://5ccc-110-235-228-46.ngrok-free.app/csp-report; 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.artforum.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
default-src 'none'; form-action 'none'; frame-ancestors 'none'; report-uri https://arcgames.report-uri.com/r/d/csp/wizard 1
object-src 'none';base-uri 'self';script-src 'nonce-OHsyecvjUdYsBQwExIBXGg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com *.narvar.com *.narvar.qa *.yotpo.com *.googleapis.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.adyen.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.google.com flexreceipts.go2cloud.org 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.adyen.com *.sharethis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.affirm.com *.affirm.ca accounts.google.com *.trustpilot.com *.yotpo.com https://oc-cdn-ocprod.azureedge.net/livechatwidget/ https://community.511tactical.com/ https://locator.511tactical.com/ assets.bounceexchange.com *.doubleclick.net flexreceipts.go2cloud.org *.liadm.com *.pinterest.com https://tally.so/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.adyen.com *.sharethis.com *.tiktok.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.affirm.com *.affirm.ca https://s3.amazonaws.com/idme/ https://www.unifaunonline.se https://*.tile.openstreetmap.org/ *.narvar.com *.narvar.qa *.yotpo.com dhv2ziothpgrr.cloudfront.net *.dynamicyield.com *.riskified.com https://oc-cdn-ocprod.azureedge.net/livechatwidget/ *.511tactical.com *.usablenet.com *.cartfulsolutions.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.adyen.com *.sharethis.com *.tiktok.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.affirm.com *.affirm.ca accounts.google.com https://api.unifaun.com *.trustpilot.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net *.dynamicyield.com *.riskified.com https://oc-cdn-ocprod.azureedge.net/livechatwidget/ *.googleapis.com js-agent.newrelic.com bam.nr-data.net *.usablenet.com https://unpkg.com *.cartfulsolutions.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.sharethis.com *.fontawesome.com accounts.google.com *.trustpilot.com *.yotpo.com *.googleapis.com dhv2ziothpgrr.cloudfront.net https://oc-cdn-ocprod.azureedge.net/livechatwidget/ *.typekit.net *.googletagmanager.com https://tagmanager.google.com *.cartfulsolutions.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.narvar.com *.narvar.qa 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.adyen.com *.sharethis.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io *.tiktok.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.affirm.com *.affirm.ca accounts.google.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com *.dynamicyield.com *.riskified.com *.trustpilot.com *.googleapis.com bam.nr-data.net *.cartfulsolutions.com 'self' 'unsafe-inline'; child-src flexreceipts.go2cloud.org http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://a4f7e632-ca01-49b1-9c8a-cdf130c36284.sansec.watch/; report-to report-endpoint; 1
object-src 'none';base-uri 'self';script-src 'nonce-P1ZKUhjA2fyPgCh0PsKRMQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
report-uri https://o38422.ingest.sentry.io/api/1381643/security/?sentry_key=035194ae1605493c99dd66c2a7b2ca98; default-src 'self' https://*.outschool.com data: blob: wss: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https://*.outschool.com https://*.filepicker.io https://*.filestackcontent.com https://*.filestackapi.com https://process.filepicker.io https://outschool-static.s3.amazonaws.com https://image.mux.com https://i.ytimg.com https://images.ctfassets.net/ blob: data: https://google-analytics.com https://googleads.g.doubleclick.net https://www.google.com https://facebook.com https://www.facebook.com https://bat.bing.com https://t.co https://analytics.twitter.com https://lantern.roeye.com; font-src 'self' https://fonts.gstatic.com https://static.outschool.com data: https://fonts.intercomcdn.com http; frame-src 'self' https://outschool.zoom.us https://challenges.cloudflare.com https://accounts.google.com https://js.stripe.com; frame-ancestors 'self'; media-src 'self' https://*.filestackcontent.com https://cdn.outschool.com https://*.filepicker.io https://*.mux.com https://outschool-class-recordings.s3.amazonaws.com/ https://outschool-class-recordings.s3.us-east-1.amazonaws.com/ blob:; connect-src 'self' https://outschool-filestack-general.s3.amazonaws.com https://outschool-filestack-stage-general.s3.amazonaws.com https://outschool-filestack-migration.s3.amazonaws.com https://experiments.outschool.com https://*.outschool.com https://*.sentry.io https://*.filestackapi.com https://filestack-uploads-persist-production.s3.amazonaws.com https://*.tokbox.com wss://*.tokbox.com https://*.opentok.com https://*.mux.com https://*.litix.io https://accounts.google.com https://analytics.google.com https://www.google.com https://stats.g.doubleclick.net https://notifications.app.outschool.com https://*.segment.io https://*.segment.com https://*.intercom.io wss://nexus-websocket-a.intercom.io https://google-analytics.com https://www.facebook.com https://ct.pinterest.com https://sentry.io https://analytics.tiktok.com https://wcs.naver.com https://bat.bing.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.outschool.com https://*.outschool.com https://*.sentry-cdn.com https://*.filestackapi.com https://challenges.cloudflare.com https://accounts.google.com https://appleid.cdn-apple.com https://js.stripe.com https://*.intercom.io https://cdn.segment.com https://js.intercomcdn.com https://googleads.g.doubleclick.net https://bat.bing.com https://www.googleadservices.com https://www.google-analytics.com https://www.googletagmanager.com https://ssl.pstatic.net https://cdn.amplitude.com https://ct.pinterest.com https://static.ads-twitter.com https://connect.facebook.net https://wcs.naver.net https://analytics.tiktok.com https://dwin1.com https://s.pinimg.com https://t1.daumcdn.net https://challenges.cloudflare.com lantern.roeyecdn.com; style-src 'self' 'unsafe-inline' https://*.outschool.com https://*.filestackapi.com https://fonts.googleapis.com https://accounts.google.com; worker-src blob: 1
script-src 'none'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=16JZdlqIl7a213jdIZH2oCPXE17vQKppDedPeUaFj7E-1752206019-1.0.1.1-IxM0SjLSWr94HEyuN.8rj5t4n9qGwaHFJjENILVXdhj8tml6Obu36PTVv.OeFp0iQIYmAG5ghLJsHYhJWR1kENP.xAfWJYLvcN3qjx4njjQqG3xJfgSQq9L1F1akqzqxSaiQe7DDDh63qj.AgMoAKRegLe0zDUloD4RDmLeK4Zw; report-to cf-csp-endpoint 1
connect-src 'self' www.google-analytics.com analytics.google.com stats.g.doubleclick.net www.facebook.com http://127.0.0.1:1714 ig.instant-tokens.com graph.instagram.com vimeo.com www.sandbox.paypal.com www.paypal.com sidefx.bamboohr.com https://hcaptcha.com https://*.hcaptcha.com; img-src 'self' data: cdn.sidefx.com static.sidefx.com media.sidefx.com d2wvmrjymyrujw.cloudfront.net *.cdninstagram.com *.gravatar.com www.facebook.com static.lulu.com www.gstatic.com ssl.gstatic.com www.googleapis.com i.ytimg.com *.vimeocdn.com www.paypal.com t.paypal.com www.paypalobjects.com placekitten.com http://dummyimage.com resources.bamboohr.com *.google.com www.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' data: static.sidefx.com media.sidefx.com www.google.com connect.facebook.net www.facebook.net www.facebook.com docs.google.com maps.google.com www.youtube.com lists.sidefx.com *.vimeo.com *.vimeocdn.com www.sandbox.paypal.com www.paypal.com https://hcaptcha.com https://*.hcaptcha.com; style-src 'self' 'unsafe-inline' cdn.sidefx.com static.sidefx.com d2wvmrjymyrujw.cloudfront.net media.sidefx.com fonts.googleapis.com www.google.com tagmanager.google.com *.vimeocdn.com www.gstatic.com https://hcaptcha.com https://*.hcaptcha.com; script-src 'self' 'unsafe-eval' cdn.sidefx.com static.sidefx.com media.sidefx.com d2wvmrjymyrujw.cloudfront.net *.googleapis.com www.gstatic.com www.google.com cse.google.com *.facebook.net api.instagram.com cdnjs.cloudflare.com unpkg.com cdn.jsdelivr.net *.googletagmanager.com tagmanager.google.com www.google-analytics.com stats.g.doubleclick.net analytics.google.com vimeo.com *.vimeo.com *.vimeocdn.com *.newrelic.com *.nr-data.net www.youtube.com www.paypal.com www.sandbox.paypal.com sidefx.bamboohr.com https://hcaptcha.com https://*.hcaptcha.com 'nonce-yRtpFSNMXJtTWxIFttbDFw=='; font-src 'self' data: cdn.sidefx.com static.sidefx.com media.sidefx.com fonts.gstatic.com; default-src 'self'; media-src cdn.sidefx.com static.sidefx.com media.sidefx.com d2wvmrjymyrujw.cloudfront.net; report-uri https://www.sidefx.com/csp_reports/ 1
default-src *.kuajingmaihuo.com *.cdnfe.com wss://seller.kuajingmaihuo.com *.jumio.ai blob: data: 'unsafe-eval' 'unsafe-inline'; report-uri /api/sec-csp/110000010/report 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hotjar.com *.amplitude.com *.ads-twitter.com use.typekit.net *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.segment.com *.doubleclick.net sc-static.net *.google.com *.gstatic.com *.googlesyndication.com connect.facebook.net js.stripe.com cdn.seon.io www.redditstatic.com analytics.tiktok.com bat.bing.com *.checkout.com; font-src 'self' data: fonts.gstatic.com use.typekit.net frontend-assets.sorare.tech frontend-assets.sorare.com frontend-assets.sorare.dev; media-src 'self' *.ctfassets.net frontend-assets.sorare.com frontend-assets.sorare.tech frontend-assets.sorare.dev assets.sorare.com assets.sorare.tech assets.sorare.dev; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.jsdelivr.net use.typekit.net use.fontawesome.com blob:; connect-src *; img-src * data:; frame-src *; manifest-src 'self' https://sorare.cloudflareaccess.com; object-src 'none'; worker-src blob:; 1
script-src 'self' *.edpuzzle.com *.edpuzzle.dev *.edpuzzle.net 'unsafe-inline' 'unsafe-eval' latex.codecogs.com legacy.codecogs.com https://service.mtcaptcha.com https://service2.mtcaptcha.com *.google.com *.googleapis.com *.google-analytics.com lh3.googleusercontent.com accounts.google.com/gsi/style https://*.googletagmanager.com https://*.youtube.com *.ytimg.com *.soundcloud.com *.mxpnl.com *.newrelic.com *.nr-data.net d1htrclywvryi1.cloudfront.net js.stripe.com *.twitter.com https://*.awswaf.com *.appcues.com *.appcues.net login.microsoftonline.com *.codecogs.com;script-src-elem 'self' *.edpuzzle.com *.edpuzzle.dev *.edpuzzle.net 'unsafe-inline' 'unsafe-eval' latex.codecogs.com legacy.codecogs.com https://service.mtcaptcha.com https://service2.mtcaptcha.com *.google.com *.googleapis.com *.google-analytics.com lh3.googleusercontent.com accounts.google.com/gsi/style https://*.googletagmanager.com https://*.youtube.com *.ytimg.com *.soundcloud.com *.mxpnl.com *.newrelic.com *.nr-data.net d1htrclywvryi1.cloudfront.net js.stripe.com *.twitter.com https://*.awswaf.com *.appcues.com *.appcues.net login.microsoftonline.com *.codecogs.com;script-src-attr 'self' *.edpuzzle.com *.edpuzzle.dev *.edpuzzle.net 'unsafe-inline' 'unsafe-eval' latex.codecogs.com legacy.codecogs.com https://service.mtcaptcha.com https://service2.mtcaptcha.com *.google.com *.googleapis.com *.google-analytics.com lh3.googleusercontent.com accounts.google.com/gsi/style https://*.googletagmanager.com https://*.youtube.com *.ytimg.com *.soundcloud.com *.mxpnl.com *.newrelic.com *.nr-data.net d1htrclywvryi1.cloudfront.net js.stripe.com *.twitter.com https://*.awswaf.com *.appcues.com *.appcues.net login.microsoftonline.com *.codecogs.com;connect-src 'self' *.edpuzzle.com *.edpuzzle.dev *.edpuzzle.net edpuzzle.imgix.net https://*.awswaf.com *.nr-data.net *.mxpnl.com *.mixpanel.com https://service.mtcaptcha.com https://service2.mtcaptcha.com *.google-analytics.com *.googleapis.com *.googleusercontent.com accounts.google.com login.microsoftonline.com wss://5uj9b5geqb.execute-api.us-east-1.amazonaws.com wss://5k3vufy1vh.execute-api.us-east-1.amazonaws.com wss://api.appcues.com wss://api.appcues.net *.appcues.com *.appcues.net audio-uploads-us-standard.s3.amazonaws.com audio-uploads-us-standard.s3.us-east-1.amazonaws.com test-audio-uploads-us-standard.s3.amazonaws.com test-audio-uploads-us-standard.s3.us-east-1.amazonaws.com uploaded-profile-images-us-standard.s3.amazonaws.com test-uploaded-profile-images.s3.amazonaws.com edpuzzle-dev-student-images-cdk.s3.amazonaws.com edpuzzle-dev-student-images-cdk.s3.us-east-1.amazonaws.com edpuzzle-prod-student-images-cdk.s3.amazonaws.com edpuzzle-prod-student-images-cdk.s3.us-east-1.amazonaws.com edpuzzle-dev-teacher-images-cdk.s3.amazonaws.com edpuzzle-dev-teacher-images-cdk.s3.us-east-1.amazonaws.com edpuzzle-prod-teacher-images-cdk.s3.amazonaws.com edpuzzle-prod-teacher-images-cdk.s3.us-east-1.amazonaws.com res.cdn.office.net video-uploads-us-standard.s3.amazonaws.com test-video-uploads-us-standard.s3.amazonaws.com uploaded-images-us-standard.s3.amazonaws.com test-uploaded-images-dev-us-standard.s3.amazonaws.com test-thumbnails-delivery-us-standard.s3.amazonaws.com thumbnails-delivery-us-standard.s3.amazonaws.com vimeo.com *.browser-intake-datadoghq.com browser-intake-datadoghq.com https://*.googletagmanager.com;frame-ancestors 'self';frame-src *;img-src * 'self' data: blob:;style-src * 'unsafe-inline' 'self';media-src * 'self' blob:;report-uri https://browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubf89cdec407bbb96fdd48a9726f00e7be&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=service%3Aedpuzzle-server%2Cenv%3Aproduction%2Cversion%3A7.43.2;default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action * 'self';object-src 'none';worker-src 'self' blob:;upgrade-insecure-requests 1
object-src 'none';base-uri 'self';script-src 'nonce-caxFnzUcHEcrwxhcY8-rSA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-n8urc4sLY3lg2yqZ7zH18g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
style-src 'self' 'unsafe-inline' https://*.google.com; require-trusted-types-for 'script'; trusted-types sanitizer unsafe dompurify scriptHelper 1
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: 'unsafe-inline' 'unsafe-eval' data: ; report-uri https://booklog.report-uri.io/r/default/csp/reportOnly 1
default-src 'self' *.wargaming.net *.wgprod.net https://*.wgcdn.co https://*.gcdn.co https://www.youtube.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.wargaming.net *.wgprod.net *.tvsquared.com *.cookielaw.org *.onetrust.com *.outbrain.com *.snapchat.com *.redditstatic.com https://sc-static.net https://ob.cheqzone.com https://analytics.google.com https://www.google.com https://www.google.com.cy https://*.adform.net https://partner.worldoftanks.com https://*.wgcdn.co https://*.gcdn.co https://www.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://www.googleadservices.com https://www.googleoptimize.com https://u360.d-bi.fr https://bat.bing.com https://connect.facebook.net https://googleads.g.doubleclick.net https://*.adroll.com https://*.addthis.com https://*.addthisedge.com https://tag.marinsm.com https://pixel-geo.prfct.co https://static.criteo.net https://stackadapt.com https://*.creative-serving.com https://*.criteo.com https://*.cloudfront.net https://js.gleam.io https://a1.adform.net https://ajax.googleapis.com https://www.youtube.com https://animate.adobe.com https://*.stackadapt.com https://pagead2.googlesyndication.com https://secure.quantserve.com https://rules.quantcount.com https://*.clarity.ms cdn.taboola.com ; style-src 'self' 'unsafe-inline' *.wargaming.net *.wgprod.net https://fonts.googleapis.com https://tags.srv.stackadapt.com https://*.wgcdn.co https://*.gcdn.co ; img-src 'self' data: android-webview-video-poster: * ; connect-src 'self' *.wargaming.net *.wgprod.net *.cookielaw.org *.onetrust.com *.outbrain.com *.snapchat.com https://*.worldoftanks.com https://*.worldoftanks.eu https://*.worldoftanks.asia https://*.wgcdn.co https://sc-static.net https://ob.cheqzone.com https://analytics.google.com https://www.google.com https://www.googleoptimize.com wss://worldoftanks.eu wss://worldoftanks.asia wss://worldoftanks.com https://*.stackadapt.com https://*.facebook.com https://*.addthis.com https://*.google-analytics.com https://*.analytics.google.com https://ymetrica1.com https://*.cloudfront.net https://google.com https://google.com.ua https://google.pl https://*.doubleclick.net https://*.googleapis.com https://pagead2.googlesyndication.com https://*.clarity.ms https://collect.worldoftanks.com https://content-wg.gcdn.co https://api.worldoftanks.com https://bat.bing.com ; font-src 'self' *.wargaming.net *.wgprod.net https://fonts.gstatic.com https://*.wgcdn.co https://*.gcdn.co ; media-src 'self' *.wargaming.net *.wgprod.net https://*.wgcdn.co https://*.gcdn.co ; frame-src 'self' *.wargaming.net *.wgprod.net https://tr.snapchat.com https://creativecdn.com https://*.adform.net https://*.facebook.com https://ad3.adfarm1.adition.com https://connect.facebook.net https://www.youtube.com https://bid.g.doubleclick.net https://*.criteo.com https://*.addthis.com https://gleam.io https://*.gcdn.co https://*.wgcdn.co https://aax-eu.amazon-adsystem.com ; object-src 'self' *.wargaming.net *.wgprod.net https://*.gcdn.co https://www.youtube.com ; report-uri https://cspreport.wargaming.net/cspreport 1
default-src 'self' https://*.firstcitizens.com;                 script-src 'self' https://*.firstcitizens.com https://cdn.cookielaw.org https://assets.adobedtm.com https://cds-sdkcfg.onlineaccess1.com https://www.googletagmanager.com https://s.go-mpulse.net https://connect.facebook.net https://bat.bing.com https://snap.licdn.com https://js-cdn.dynatrace.com https://googleads.g.doubleclick.net https://td.doubleclick.net https://www.googleadservices.com https://px.ads.linkedin.com https://edge.adobedc.net https://www.facebook.com https://px4.ads.linkedin.com https://siteimproveanalytics.com https://www.clarity.ms https://www.google.com https://google.com https://2884.global.siteimproveanalytics.io https://c.go-mpulse.net https://zndhwk2nlgcbvdel3-firstcitizensbank.siteintercept.qualtrics.com https://t.contentsquare.net https://munchkin.marketo.net https://siteintercept.qualtrics.com https://296-cpx-295.mktoresp.com https://894-itd-344.mktoresp.com https://284-lbb-572.mktoresp.com https://151-fhs-046.mktoresp.com https://412-tmw-562.mktoresp.com https://u.clarity.ms https://c.contentsquare.net https://173bf10e.akstat.io https://k-aus1.contentsquare.net https://trial-eum-clientnsv4-s.akamaihd.net https://eyaqbbekafz5ajqacqnryaaabbtmzouy-p2jke9-59ac193c4-clienttons-s.akamaihd.net https://daaisiixzsmj6zwmxkma-p2jke9-1aa48d9c7-clientnsv4-s.akamaihd.net https://assets.sitescdn.net https://answers.yext-pixel.com https://analytics.google.com https://embed-ssl.wistia.com https://pipedream.wistia.com https://js.sentry-cdn.com https://distillery.wistia.com https://embed-cloudfront.wistia.com https://srm.bf.contentsquare.net https://www.gstatic.com https://app.fintelconnect.com https://browser.sentry-cdn.com https://*.cit.com https://answers-embed.firstcitizens.com.pagescdn.com https://info.onewestbank.com https://rum.hlx.page https://script.crazyegg.com https://js.adsrvr.org;                 connect-src 'self' https://*.firstcitizens.com https://cdn.cookielaw.org https://analytics.google.com https://answers.yext-pixel.com https://stats.g.doubleclick.net https://adobedc.demdex.net https://www.google.com https://www.google-analytics.com https://dpm.demdex.net https://edge.adobedc.net https://px.ads.linkedin.com https://siteintercept.qualtrics.com https://cds-sdkcfg.onlineaccess1.com https://prod-cdn.us.yextapis.com https://ipapi.co https://api.openweathermap.org https://296-cpx-295.mktoutil.com https://script.crazyegg.com https://tracking.crazyegg.com https://pagestates-tracking.crazyegg.com https://assets-tracking.crazyegg.com https://insight.adsrvr.org;                 worker-src 'self';                 style-src 'self' https://*.firstcitizens.com https://fonts.googleapis.com https://assets.sitescdn.net;                 style-src-elem 'self' https://*.firstcitizens.com https://assets.sitescdn.net https://*.cit.com https://info.onewestbank.com https://fonts.googleapis.com https://www.googletagmanager.com;                 img-src 'self' https://*.firstcitizens.com https://cdn.cookielaw.org https://2884.global.siteimproveanalytics.io px.ads.linkedin.com https://px4.ads.linkedin.com https://cm.everesttech.net https://dpm.demdex.net https://www.linkedin.com https://www.googletagmanager.com https://www.facebook.com https://googleads.g.doubleclick.net https://*.cit.com https://www.google.com https://google.com https://info.onewestbank.com https://siteintercept.qualtrics.com https://fonts.gstatic.com https://ad.doubleclick.net;                 frame-src 'self' https://*.firstcitizens.com https://td.doubleclick.net https://firstcitizens.demdex.net https://www.google.com https://www.citrail.com https://answers-embed.firstcitizens.com.pagescdn.com https://*.cit.com https://info.onewestbank.com https://www.googletagmanager.com https://insight.adsrvr.org https://privacyportaluat.onetrust.com https://privacyportal.onetrust.com https://match.adsrvr.org https://fintactix.com;                 frame-ancestors 'self' https://www.google.com https://9808-sbx.btbanking.com https://*.firstcitizens.com;                 media-src 'self';                 font-src 'self'; 1
default-src 'self'; script-src 'unsafe-eval' 'self' 'unsafe-inline' https://*.crumbl.com https://firebase.googleapis.com https://maps.googleapis.com https://google.com https://www.googletagmanager.com https://www.google.com https://analytics.google.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.googleadservices.com https://firebaseremoteconfig.googleapis.com https://api2.branch.io https://firebaseinstallations.googleapis.com https://api.mapbox.com https://events.mapbox.com https://cdn.jsdelivr.net https://stats.g.doubleclick.net https://pixel-config.reddit.com https://www.redditstatic.com https://conversions-config.reddit.com https://snapcapi.crumblcookies.com https://sdk.iad-07.braze.com https://wa.appsflyer.com https://*.amazon-adsystem.com https://ara.paa-reporting-advertising.amazon https://ct.pinterest.com https://www.pinterest.com https://tags.srv.stackadapt.com https://tr.snapchat.com https://tr6.snapchat.com https://insight.adsrvr.org https://pincapi.crumbl.com https://wa.onelink.me https://unpkg.com https://api.lever.co https://analytics.tiktok.com https://websdk.appsflyer.com https://s.adroll.com https://d.adroll.com https://js.appboycdn.com https://js.adsrvr.org https://static.klaviyo.com https://qvdt3feo.com https://googleads.g.doubleclick.net https://app.link https://s.pinimg.com https://sc-static.net https://connect.facebook.net https://static.ads-twitter.com https://static-tracking.klaviyo.com https://widget.intercom.io https://js.intercomcdn.com https://prod8-live-chat.sprinklr.com https://live-chat-gcp.sprinklr.com wss://*.sprinklr.com https://js.stripe.com https://klear.com https://www.gstatic.com https://andreasmb.github.io https://s3.us-west-2.amazonaws.com https://www.facebook.com https://vitals.vercel-insights.com https://analytics-ipv6.tiktokw.us https://pixel.byspotify.com https://pixels.spotify.com; connect-src 'self' data: https://*.crumbl.com https://firebase.googleapis.com https://maps.googleapis.com https://google.com https://www.googletagmanager.com https://www.google.com https://analytics.google.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.googleadservices.com https://firebaseremoteconfig.googleapis.com https://api2.branch.io https://firebaseinstallations.googleapis.com https://api.mapbox.com https://events.mapbox.com https://cdn.jsdelivr.net https://stats.g.doubleclick.net https://pixel-config.reddit.com https://www.redditstatic.com https://conversions-config.reddit.com https://snapcapi.crumblcookies.com https://sdk.iad-07.braze.com https://wa.appsflyer.com https://*.amazon-adsystem.com https://ara.paa-reporting-advertising.amazon https://ct.pinterest.com https://www.pinterest.com https://tags.srv.stackadapt.com https://tr.snapchat.com https://tr6.snapchat.com https://insight.adsrvr.org https://pincapi.crumbl.com https://wa.onelink.me https://unpkg.com https://api.lever.co https://analytics.tiktok.com https://websdk.appsflyer.com https://s.adroll.com https://d.adroll.com https://js.appboycdn.com https://js.adsrvr.org https://static.klaviyo.com https://qvdt3feo.com https://googleads.g.doubleclick.net https://app.link https://s.pinimg.com https://sc-static.net https://connect.facebook.net https://static.ads-twitter.com https://static-tracking.klaviyo.com https://widget.intercom.io https://js.intercomcdn.com https://prod8-live-chat.sprinklr.com https://live-chat-gcp.sprinklr.com wss://*.sprinklr.com https://js.stripe.com https://klear.com https://www.gstatic.com https://andreasmb.github.io https://s3.us-west-2.amazonaws.com https://www.facebook.com https://vitals.vercel-insights.com https://analytics-ipv6.tiktokw.us https://pixel.byspotify.com https://pixels.spotify.com; style-src 'self' 'unsafe-inline' https://api.mapbox.com/mapbox-gl-js/v2.1.1/mapbox-gl.css https://www.googletagmanager.com https://fonts.googleapis.com https://use.fontawesome.com https://tags.srv.stackadapt.com https://www.gstatic.com; img-src 'self' blob: data: https://*.google-analytics.com https://*.googletagmanager.com https://*.googleapis.com https://crumbl.video https://www.googletagmanager.com https://cdn.jsdelivr.net https://fonts.gstatic.com https://alb.reddit.com https://s.adroll.com https://d.adroll.com https://arttrk.com https://t.co https://analytics.twitter.com https://www.facebook.com https://www.google.com https://www.googleadservices.com https://pixel.tapad.com https://ml314.com https://match.adsrvr.org https://secure.adnxs.com https://insight.adsrvr.org https://googleads.g.doubleclick.net https://dpm.demdex.net https://*.sprinklr.com https://snapcapi.crumblcookies.com https://trk.osdrtb.net https://tags.srv.stackadapt.com https://px.xfer123.com https://cmbl.co https://media-cldnry.s-nbcnews.com https://images2.minutemediacdn.com https://i0.wp.com https://media.nbcphiladelphia.com https://img.nbc.com https://media-cldnry.s-nbcnews.com https://s3.us-west-2.amazonaws.com; media-src 'self' blob: data: https://*.google-analytics.com https://*.googletagmanager.com https://*.googleapis.com https://crumbl.video https://www.googletagmanager.com https://cdn.jsdelivr.net https://fonts.gstatic.com https://alb.reddit.com https://s.adroll.com https://d.adroll.com https://arttrk.com https://t.co https://analytics.twitter.com https://www.facebook.com https://www.google.com https://www.googleadservices.com https://pixel.tapad.com https://ml314.com https://match.adsrvr.org https://secure.adnxs.com https://insight.adsrvr.org https://googleads.g.doubleclick.net https://dpm.demdex.net https://*.sprinklr.com https://snapcapi.crumblcookies.com https://trk.osdrtb.net https://tags.srv.stackadapt.com https://px.xfer123.com https://cmbl.co https://media-cldnry.s-nbcnews.com https://images2.minutemediacdn.com https://i0.wp.com https://media.nbcphiladelphia.com https://img.nbc.com https://media-cldnry.s-nbcnews.com https://s3.us-west-2.amazonaws.com; worker-src 'self' blob: data:; frame-src 'self' https://td.doubleclick.net https://www.googletagmanager.com https://insight.adsrvr.org https://ct.pinterest.com https://js.stripe.com https://klear.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com https://use.fontawesome.com https://storage.googleapis.com; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'; report-to https://browser-intake-us3-datadoghq.com/api/v2/logs?dd-api-key=pub944648938dcc0632754a2cb883a676de&dd-evp-origin=content-security-policy&ddsource=csp-report; 1
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors *.unionesarda.it s.clickiocdn.com *.ampproject.org *.google.com; report-uri /csp-report 1
object-src 'none';base-uri 'self';script-src 'nonce-tOOJ1GeO5IMZhx6TNe39KA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.googleadservices.com *.googleapis.com *.fontawesome.com *.gstatic.com *.toasttab.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.googleadservices.com *.google.com *.google.com.ca *.google.com.co *.googleapis.com *.gstatic.com *.vimeo.com *.cdn-apple.com *.cookielaw.org *.usablenet.com *.doubleclick.net *.contentsquare.net *.nothingbundtcakes.com *.pmg.com *.pinimg.com *.adroll.com *.facebook.net *.bing.com *.redditstatic.com *.amazonaws.com *.cognitivlabs.com *.reddit.com *.facebook.com *.adnxs.com *.magentosite.cloud *.monetate.net *.rfihub.com *.everesttech.net *.eyeota.net *.rezync.com *.attn.tv *.yimg.com *.boomtrain.com *.linkedin.com *.yahoo.com *.demdex.net *.pubmatic.com *.openx.net *.media.net *.rtactivate.com *.casalemedia.com *.rlcdn.com *.addthis.com *.tremorhub.com *.bidswitch.net *.adsrvr.org *.prf.hn prf.hn *.taggrs.io taggrs.io *.ml314.com ml314.com *.tapad.com tapad.com *.toasttab.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.gstatic.com https://www.google.com/recaptcha/ *.attn.tv events.attentivemobile.com *.googleadservices.com *.googleapis.com *.cdn-apple.com *.cookielaw.org *.usablenet.com *.contentsquare.net *.nothingbundtcakes.com *.pmg.com *.pinimg.com *.adroll.com *.facebook.net *.bing.com *.redditstatic.com *.tiktok.com *.bttrack.com *.adsrvr.org *.pinterest.com *.facebook.com *.magentosite.cloud *.monetate.net *.appboycdn.com *.rfihub.com *.everesttech.net *.eyeota.net *.rezync.com *.yimg.com *.boomtrain.com *.yahoo.com *.kargo.com *.licdn.com *.inpwrd.net bttrack.com *.adnxs.com *.rfihub.net cdn.bttrack.com *.toasttab.com *.sentry.io https://gateway.moneris.com https://gatewayt.moneris.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleadservices.com *.googleapis.com *.fontawesome.com *.usablenet.com *.toasttab.com https://gateway.moneris.com https://gatewayt.moneris.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.attn.tv events.attentivemobile.com *.googleadservices.com *.googleapis.com *.vimeo.com *.cdn-apple.com *.cookielaw.org *.onetrust.com *.usablenet.com *.contentsquare.net *.doubleclick.net *.nothingbundtcakes.com *.pmg.com *.pinimg.com *.adroll.com *.facebook.net *.bing.com *.redditstatic.com *.tiktok.com *.bttrack.com *.adsrvr.org *.amazonaws.com *.cognitivlabs.com *.reddit.com *.pinterest.com *.facebook.com *.adnxs.com *.gstatic.com *.rlcdn.com *.magentosite.cloud *.monetate.net *.everesttech.net *.eyeota.net *.rezync.com *.yimg.com *.boomtrain.com *.yahoo.com *.kargo.com *.linkedin.com *.toasttab.com *.sentry.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src data: blob: 'unsafe-eval' 'wasm-unsafe-eval' 'report-sample' 'self' 'nonce-45cb9601aa362a65f980873d63795c90-argus' 'strict-dynamic' *.pstatp.com *.douyinstatic.com *.huoshanstatic.com *.bytetos.com *.bytecdn.cn *.snssdk.com *.qq.com *.ulikecam.com *.jsdelivr.net *.bytedance.net *.bytednsdoc.com *.bytescm.com *.bytegoofy.com *.yhgfb-cn-static.com *.ibytedapm.com *.zijieapi.com *.bytedance.com *.byted-static.com safe.usergrowth.com.cn *.idouyinvod.com:* *.volcsiriusbd.com:* *.volcsirius.com:* *.tt.x.bsgslb.cn:* *.dy.zzcdnx.com:* *.qc.bsccdn.net:* *.smtcdns.com:* *.ugslb.com:* *.livehwc3.cn:* *.smtcdns.net:* *.bytefcdnrd.com:* *.ksyungslb.com:* *.ksyungslb2.com:* *.ourdvsss.com:* *.tbcache.com:* *.jomodns.com:* *.douyincdn.com:* *.ixigua.com:* *.bdxigualive.com:* *.pstatp.com:* *.douyinliving.com:* *.picovr.com:* *.huoshanlive.com:* *.ihuoshanlive.com:* *.volccdn.com:* *.bestv.com.cn:* *.bytefcdn.com:* *.douyinvod.com:* *.qnqcdn.net:* *.weilayun.com:* *.saxysec.com:* *.saxyit.com:* *.saxydc.com:* *.sjxysec.com:* *.sjxydc.com:* *.hiecheimaetu.com:* *.ppio.cloud:* *.vegslb.com:* *.xsj.wasu.tv:* *.zebracdn.com:* *.volctranscdn.com:* *.hizhecheng.com:* placeholder1; frame-ancestors *.ulikecam.com 'self'; connect-src 'self' *.snssdk.com *.bytedance.net *.ulikecam.com *.pstatp.com *.douyinstatic.com *.huoshanstatic.com *.bytetos.com *.bytedance.com safe.usergrowth.com.cn *.zijieapi.com *.idouyinvod.com:* *.volcsiriusbd.com:* *.volcsirius.com:* *.tt.x.bsgslb.cn:* *.dy.zzcdnx.com:* *.qc.bsccdn.net:* *.smtcdns.com:* *.ugslb.com:* *.livehwc3.cn:* *.smtcdns.net:* *.bytefcdnrd.com:* *.ksyungslb.com:* *.ksyungslb2.com:* *.ourdvsss.com:* *.tbcache.com:* *.jomodns.com:* *.douyincdn.com:* *.ixigua.com:* *.bdxigualive.com:* *.pstatp.com:* *.douyinliving.com:* *.picovr.com:* *.huoshanlive.com:* *.ihuoshanlive.com:* *.volccdn.com:* *.bestv.com.cn:* *.bytefcdn.com:* *.douyinvod.com:* *.qnqcdn.net:* *.weilayun.com:* *.saxysec.com:* *.saxyit.com:* *.saxydc.com:* *.sjxysec.com:* *.sjxydc.com:* *.hiecheimaetu.com:* *.ppio.cloud:* *.vegslb.com:* *.xsj.wasu.tv:* *.zebracdn.com:* *.volctranscdn.com:* *.hizhecheng.com:* *.bytescm.com *.ibytedapm.com *.bytednsdoc.com *.bytegoofy.com *.byted-static.com *.yhgfb-cn-static.com data: blob: *.google-analytics.com *.baidu.com *.capcut.cn *.bytedanceapi.com wss: *.byteoversea.com *.byteacctimg.com *.vlabstatic.com; report-to slardar-endpoint; upgrade-insecure-requests ; report-uri https://mon.zijieapi.com/monitor_browser/collect/batch/security/?bid=lv_web_home; object-src 'none'; base-uri 'self'; frame-src 'self'; 1
default-src 'none'; report-uri /api/sec-csp/110000764/report 1
frame-ancestors 'self'; block-all-mixed-content; default-src 'self'; script-src 'self' 'sha256-5s1UCPQTqKWc18lk0CbkMG0IYokX1utP9ZMQQYiuwXk=' 'sha256-G5NvPksjkp09uU+DikUdTcBXp0UV/362J6blwWczw5I=' 'sha256-HLwLpFPvuHKI0X/UFMhOHQNt1eedIdJGTPML3b+GfWo=' 'sha256-MM3CG7szGAeVIKY58JGR+X+7xTDccDemqcIY0lQLrX8=' 'sha256-OifdWXgFw+IPMAs6Nnr1te5UDPoRIbkDLB1lXZmmRP8=' 'sha256-oh6ZTSefRfIBPlcye8dBjlQBkC0A32V1QIb2htJq7ao=' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://*.containers.piwik.pro https://*.wistia.com https://*.wistia.net https://maps.google.com https://maps.googleapis.com https://src.litix.io https://use.typekit.net;  script-src-elem 'self' 'report-sample' https: *.containers.piwik.pro *.wistia.com *.wistia.net maps.google.com maps.googleapis.com src.litix.io use.typekit.net 'unsafe-inline'; style-src 'self' 'report-sample' 'unsafe-inline' blob: *.typekit.net fonts.googleapis.com fast.wistia.com; object-src embedwistia-a.akamaihd.net; frame-src 'self' https: blob: *.wistia.net *.wistia.com maps.google.com maps.googleapis.com uwhealth.formstack.com; child-src 'self' blob:; img-src 'self' data: blob: *.wistia.net *.wistia.com *.typekit.net *.gstatic.com *.ggpht.com *.googleapis.com embedwistia-a.akamaihd.net images.ctfassets.net maps.google.com maps.googleapis.com res.cloudinary.com swedishamericanmychart.org i.ytimg.com; font-src 'self' data: *.wistia.net *.wistia.com fonts.googleapis.com fonts.gstatic.com res.cloudinary.com use.typekit.net; connect-src 'self' microservices.uwhealth.dev microservices.uwhealth.org *.wistia.com *.typekit.net *.litix.io *.cloud.coveo.com embedwistia-a.akamaihd.net fonts.googleapis.com fonts.gstatic.com fast.wistia.net images.ctfassets.net maps.google.com maps.googleapis.com noembed.com res.cloudinary.com uwhealth.piwik.pro pnapi.invoca.net; manifest-src 'self'; base-uri 'self'; form-action 'self'; media-src 'self' data: blob: *.wistia.net *.wistia.com embedwistia-a.akamaihd.net res.cloudinary.com; prefetch-src 'self'; worker-src 'self' blob:; report-to testing 1
default-src 'self' dev-5847984.okta.com sso.app.elationemr.com *.oktacdn.com; connect-src 'self' dev-5847984.okta.com dev-5847984-admin.okta.com sso.app.elationemr.com *.oktacdn.com *.mixpanel.com *.mapbox.com dev-5847984.kerberos.okta.com https://oinmanager.okta.com data: *.ingest.sentry.io; script-src 'unsafe-inline' 'unsafe-eval' 'self' 'report-sample' dev-5847984.okta.com sso.app.elationemr.com *.oktacdn.com; style-src 'unsafe-inline' 'self' 'report-sample' dev-5847984.okta.com sso.app.elationemr.com *.oktacdn.com; frame-src 'self' dev-5847984.okta.com dev-5847984-admin.okta.com sso.app.elationemr.com login.okta.com *.vidyard.com; img-src 'self' dev-5847984.okta.com sso.app.elationemr.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com *.vidyard.com data: blob:; font-src 'self' dev-5847984.okta.com sso.app.elationemr.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self' https://elationemr.com 1
default-src 'self' media1.jpc.de www.jpc.de; frame-ancestors 'none'; object-src 'none'; base-uri 'self'; script-src 'self' media1.jpc.de www.jpc.de 'nonce-qHNWy+aMBGinvSSx8eWACklsBh6YN5xmlsIjtDZ6l11X4Vqor9KLMklCsHFhRSth87iemTA4Wsr7+r+FNOumLA==' 'report-sample'; style-src 'self' media1.jpc.de www.jpc.de 'report-sample' 'unsafe-inline'; font-src 'self' media1.jpc.de www.jpc.de; img-src 'self' media1.jpc.de www.jpc.de data:; connect-src 'self' media1.jpc.de www.jpc.de https://use.jpc.de; report-uri /csp/; report-to csp-endpoint 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.google.com https://static.hotjar.com https://script.hotjar.com https://js.adsrvr.org https://connect.facebook.net https://siteimproveanalytics.com https://static.ads-twitter.com https://cdn.taboola.com https://trc.taboola.com https://psb.taboola.com https://snap.licdn.com https://munchkin.marketo.net https://widget.tagembed.com https://cdn.tagembed.com https://cdn.theaccessplatform.com https://code.jquery.com https://platform.twitter.com https://www.youtube.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://p.typekit.net https://use.typekit.net https://cdn.tagembed.com https://widget.tagembed.com;object-src 'none';base-uri 'self';connect-src 'self' https://delivery-cqucontenthub.stylelabs.cloud https://fb.cqu.edu.au https://www-search.cqu.edu.au https://dxp-au-search.funnelback.squiz.cloud https://www.google-analytics.com https://analytics.google.com https://www.google.com.au https://google.com https://www.googletagmanager.com https://www.google.com https://adservice.google.com https://stats.g.doubleclick.net https://px.ads.linkedin.com https://pips.taboola.com https://cds.taboola.com https://622-hhc-246.mktoresp.com https://622-hhc-246.mktoutil.com https://www.facebook.com https://trc-events.taboola.com https://s3.us-west-1.wasabisys.com wss://ws.hotjar.com https://content.hotjar.io https://vc.hotjar.io https://psb.taboola.com https://api.theaccessplatform.com https://munchkin.marketo.net https://api.intentiq.com https://cdn.taboola.com https://region1.analytics.google.com https://widget.tagembed.com https://metrics.hotjar.io https://web.tagembed.com;font-src 'self' data https://fonts.gstatic.com https://use.typekit.net https://cdn.theaccessplatform.com https://cdn.tagembed.com;frame-src 'self' https://www.googletagmanager.com https://insight.adsrvr.org https://9389440.fls.doubleclick.net https://www.youtube.com https://td.doubleclick.net https://www.facebook.com https://platform.twitter.com https://match.adsrvr.org https://tsdtocl.com;img-src 'self' https://staff-profiles.cqu.edu.au https://delivery-cqucontenthub.stylelabs.cloud https://www.google-analytics.com https://www.google.com.au https://www.google.com https://www.googletagmanager.com https://www.google.com.co https://www.google.com.pe https://www.google.com.bd https://www.google.co.in https://www.google.com.ng https://www.google.com.np https://www.google.lk https://www.google.co.uk https://googleads.g.doubleclick.net https://www.googleadservices.com https://analytics.twitter.com https://px.ads.linkedin.com https://www.facebook.com https://78858.global.siteimproveanalytics.io https://t.co https://www.linkedin.com https://i.ytimg.com https://aumejtoqen.cloudimg.io https://ui-avatars.com https://fs.theambassadorplatform.com https://sync.intentiq.com https://cdn.taboola.com https://media.tagembed.com https://au-gmtdmp.mookie1.com https://secure.adnxs.com;manifest-src 'self';media-src 'self' https://delivery-cqucontenthub.stylelabs.cloud;worker-src 'none';report-uri https://wwwcqu.report-uri.com/r/d/csp/reportOnly; 1
object-src 'none';base-uri 'self';script-src 'nonce-vUs-c1uaJnkMcwK3ZFhvPg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
frame-ancestors 'self'; frame-src https://*.youtube-nocookie.com; default-src 'self'; img-src 'self' data: https://*.openstreetmap.org https://*.ytimg.com; style-src 'self' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; report-uri /cspreport.dw; 1
object-src 'none';base-uri 'self';script-src 'nonce-up_eKjTtFCR2D82GoNaVwg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
frame-ancestors 'self'; upgrade-insecure-requests; report-uri https://5b99b19026a35ad04db5bcf778a03938.report-uri.com/r/d/csp/reportOnly 1
default-src https: wss: 1
report-uri https://endpoint2.collection.us2.sumologic.com/receiver/v1/http/ZaVnC4dhaV3VOE24ov0vchYgO3uoxKHdePxnKoFiICkeq1Vt2reRBEg4zYmpS2XL1UJS-0Ova9gUiV2PUH3EvuXcIOdrBPvAUgkIP-ZRbRMryNUY6YGqAQ== ; block-all-mixed-content ; default-src 'report-sample' 'self' https://*.videoask.com https://*.videoask.live ; script-src 'report-sample' 'self' 'unsafe-eval' https://*.videoask.com https://*.videoask.live 'unsafe-inline' https://js.stripe.com https://www.dropbox.com https://*.calendly.com https://*.oncehub.com https://cdn.amplitude.com https://cdn.cookielaw.org https://cdn.rollbar.com https://cdn.segment.com https://connect.facebook.net https://fast.wistia.com https://script.crazyegg.com https://snap.licdn.com https://snippet.growsumo.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://cdn.optimizely.com https://js.partnerstack.com https://edge.fullstory.com https://a.quora.com https://static.ads-twitter.com https://analytics.tiktok.com https://tags.srv.stackadapt.com ; base-uri 'report-sample' 'self' ; img-src 'report-sample' 'self' data: blob: android-webview-video-poster: https: ; media-src 'report-sample' 'self' blob: data: https: ; connect-src 'report-sample' 'self' blob: https://*.videoask.com https://*.videoask.live wss://*.videoask.live wss://*.videoask.com https://videoask-media-dev.s3-accelerate.amazonaws.com https://videoask-media-prod.s3-accelerate.amazonaws.com https://videoask-uploads-dev.s3-accelerate.amazonaws.com https://videoask-uploads-prod.s3-accelerate.amazonaws.com https://videoask-uploads-dev.s3.amazonaws.com https://videoask-uploads-prod.s3.amazonaws.com https://videoask.eu.auth0.com https://dev-videoask.eu.auth0.com https://*.launchdarkly.com https://*.pexels.com https://*.wistia.com https://embedwistia-a.akamaihd.net https://api.rollbar.com https://api.segment.io https://api.amplitude.com https://*.g.doubleclick.net https://www.google-analytics.com https://*.crazyegg.com https://p.adsymptotic.com https://www.facebook.com https://track.segmetrics.io https://*.google.com https://rs.fullstory.com https://cdn.segment.com https://edge.fullstory.com https://js.partnerstack.com https://grsm.io https://cdn.cookielaw.org https://*.onetrust.com https://*.contentful.com https://videoask.zendesk.com https://*.optimizely.com https://region1.google-analytics.com https://analytics.tiktok.com https://partnerlinks.io ; style-src 'report-sample' 'self' https://font.typeform.com 'unsafe-inline' https://fonts.googleapis.com https://tagmanager.google.com https://cdn.cookielaw.org https://cdn.quilljs.com ; font-src 'report-sample' 'self' data: https://font.typeform.com https://fonts.gstatic.com ; frame-src 'report-sample' 'self' https://*.videoask.com https://*.videoask.live https://calendly.com https://app.acuityscheduling.com https://*.oncehub.com https://js.stripe.com https://videoask.eu.auth0.com https://dev-videoask.eu.auth0.com https://*.wistia.com https://www.facebook.com https://*.doubleclick.net https://6g4qf7txd07m.statuspage.io https://*.optimizely.com ; frame-ancestors * ; object-src 'none' ; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleadservices.com; connect-src 'self' *.eb486214a2754798a93597746cfc416f.apm.us-east-1.aws.cloud.es.io; style-src 'self' 'unsafe-inline'; frame-ancestors 'self'; report-uri http://prod-public-elastic-agent-lb-1115903262.us-east-1.elb.amazonaws.com 1
script-src 'unsafe-eval' 'unsafe-inline' https: 'nonce-a205d73f395b11c6f7be1fd7' 'strict-dynamic' 'report-sample'  https://*.criteo.com https://static.criteo.net  https://*.facebook.com https://connect.facebook.net  https://*.hotjar.com js.braintreegateway.com assets.braintreegateway.com www.paypalobjects.com *.paypal.com songbird.cardinalcommerce.com *.googletagmanager.com ; worker-src 'self'; object-src 'none'; base-uri 'none'; frame-ancestors 'none'; report-uri https://csp.tourradar.com 1
object-src 'none';base-uri 'self';script-src 'nonce-o8p_SQwQxzwx_adCVSe7eQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; connect-src 'self' *.hotjar.com *.hotjar.io c.amazon-adsystem.com *.wistia.net *.wistia.com js.monitor.azure.com snap.licdn.com www.googletagmanager.com www.google.com *.doubleclick.net analytics.google.com *.givchariot.com d.adroll.com dc.services.visualstudio.com insight.adsrvr.org *.linkedin.com s.amazon-adsystem.com doublethedonation.com js.monitor.azure.com; font-src 'self' data: cdn.givechariot.com fast.wistia.net doublethedonation.com; frame-src 'self' *.adsrvr.org *.adroll.com www.googletagmanager.com www.gstatic.com *.doubleclick.net *.wistia.net *.ceros.com wwp.mysalesforce-sites.com www.careerarc.com www.google.com www.youtube.com wwp.my.salesforce-sites.com; img-src 'self' data: *.adroll.com *.doubleclick.net *.lightboxcdn.com *.wistia.com *.wistia.net ad.ipredictive.com analytics.twitter.com bat.bing.com cdn.givechariot.com cdn.jsdelivr.net doublethedonation.com fast.wistia.net *.adsrvr.org media.sabio.us *.collect.igodigital.com p1.parsely.com px.adentifi.com *.linkedin.com t.co um.simpli.fi woundedwarriorprojectsite.secure.force.com wwp.my.salesforce-sites.com www.facebook.com *.google.com www.googleadservices.com www.googletagmanager.com x.bidswitch.net media.sabio.us aa.agkn.com ads.stickyadstv.com analytics.twitter.com attrk.com bat.bing.com bcp.crwdcntrl.net ce.lijit.com cs.admanmedia.com dsum-sec.casalemedia.com eb2.3lift.com fei.pro-market.net ib.adnxs.com idsync.rlcdn.com image2.pubmatic.com loadm.exelator.com ml314.com *.igodigital.com pippio.com pixel.locker2.com pixel.rubiconproject.com pixel.tapad.com ps.eyeota.net px.adentifi.com s.ad.smaato.net simplifi.partners.tremorhub.com sync.1rx.io sync.bfmio.com sync.intentiq.com sync.outbrain.com sync.taboola.com trkn.us ups.analytics.yahoo.com us-u.openx.net arttrk.com media.sabio.us um.simpli.fi; script-src 'self' *.hotjar.com bat.bing.com *.salesforceliveagent.com cdn.givechariot.com connect.facebook.net *.wistia.com *.wistia.net *.adroll.com tag.simpli.fi www.google.com www.googleadservices.com *.googletagmanager.com *.google-analytics.com *.lightboxcdn.com  www.youtube.com *.collect.igodigital.com aa.trkn.us browser.sentry-cdn.com cdn.c212.net cdn.parsely.com doublethedonation.com *.doubleclick.net js.adsrvr.org js.monitor.azure.com script.crazyegg.com snap.licdn.com tags.wdsvc.net *.ceros.com www.gstatic.com www.youtube.com; style-src 'self' cdn.givechariot.com *.wistia.com *.wistia.net js.adsrvr.org s.adroll.com www.googletagmanager.com www.lightboxcdn.com doublethedonation.com; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com fonts.googleapis.com *.hotjar.com *.zopim.com *.fontawesome.com data: *.olaelectric.com cdn.olaelectric.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.paypal.com *.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.olaelectric.com *.olacabs.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com cdn.dnky.co *.hotjar.com *.facebook.com *.trustpilot.com *.criteo.com cdn.moengage.com www.paypal.com www.sandbox.paypal.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.book.olaelectric.com *.cloudinary.com *.magezon.com *.cdn.olaelectric.com *.olaelectric.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.google.com *.google.nl connect.onlinesucces.nl px.ads.linkedin.com stats.g.doubleclick.net *.googleapis.com *.linkedin.com *.googletagmanager.com gallery.mailchimp.com *.trustedshops.com *.facebook.com *.zopim.com cdn.jsdelivr.net *.jmango360.com *.datatrics.com *.smaato.net https://www.magezon.com *.google.co.in *.twitter.com d34kmefuuy0be0.cloudfront.net evprodcdn.blob.core.windows.net *.olaelectric.com www.paypal.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com 'self' *.cloudfront.net *.olacabs.com *.azureedge.net *.stg.corp.olacabs.com *.corp.olacabs.com *.blob.core.windows.net *.ev-discovery-80.stg.corp.olacabs.com cdn.olaelectric.com *.cloudinary.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.paypal.com *.gstatic.com *.googletagmanager.com *.googleapis.com *.googleadservices.com cdn.dnky.co api.comapi.com *.trackedlink.net snap.licdn.com chimpstatic.com checkout.buckaroo.nl *.adyen.com *.zopim.com *.hotjar.com *.zdassets.com *.sendcloud.sc *.mailchimp.com *.trustedshops.com *.fontawesome.com *.facebook.net *.feedbackcompany.com *.google-analytics.com *.trustpilot.com cdn.jsdelivr.net *.googleoptimize.com *.clarity.ms *.datatrics.com *.criteo.net *.criteo.com cdn.mouseflow.com cdn.moengage.com *.licdn.com *.ads-twitter.com unpkg.com *.olaelectric.com *.blob.core.windows.net *.unpkg.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com *.highcharts.com cdn.olaelectric.com *.cloudinary.com *.ev.corp.olaelectric.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com cdn.dnky.co checkout.buckaroo.nl *.fontawesome.com *.mailchimp.com *.trustpilot.com cdn.jsdelivr.net *.google.com unpkg.com *.olaelectric.com assets.braintreegateway.com *.cloudinary.com *.cdn.olaelectric.com *.ev.corp.olaelectric.com 'self' 'unsafe-inline'; object-src *.cloudinary.com *.cdn.olaelectric.com 'self' 'unsafe-inline'; media-src *.adobe.com *.zopim.com *.cloudfront.net 'self' *.azureedge.net *.olacabs.com *.stg.corp.olacabs.com *.corp.olacabs.com *.blob.core.windows.net *.ev-discovery-80.stg.corp.olacabs.com *.olaelectric.com cdn.olaelectric.com *.cloudinary.com *.magezon.com 'self' 'unsafe-inline'; manifest-src *.cloudinary.com *.magezon.com *.cdn.olaelectric.com *.olaelectric.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com commerce.adobedc.net api.comapi.com stats.g.doubleclick.net *.zdassets.com *.hotjar.com *.hotjar.io *.zopim.com wss://*.zopim.com *.feedbackcompany.com *.zendesk.com *.clarity.ms *.facebook.com *.datatrics.com sdk-02.moengage.com *.linkedin.oribi.io *.doubleclick.net demotiles.maplibre.org api.geospoc.io *.olaelectric.com www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.magezon.com *.cdn.olaelectric.com *.corp.olacabs.com *.olacabs.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com *.cloudinary.com *.cdn.olaelectric.com *.olaelectric.com http: https: blob: 'self' 'unsafe-inline'; default-src *.cloudinary.com *.magezon.com *.cdn.olaelectric.com *.olaelectric.com *.corp.olacabs.com *.olacabs.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.goldderby.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; 1
object-src 'none';base-uri 'self';script-src 'nonce-fpp-gHmvLbmaWLRRonGGew' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://api.braintreegateway.com https://apis.google.com http://www.googleadservices.com https://www.googletagmanager.com https://www.googlecommerce.com https://googleads.g.doubleclick.net https://js.finix.com https://applepay.cdn-apple.com https://cdn.sift.com https://www.paypalobjects.com https://assets.pinterest.com https://widgets.pinterest.com https://challenges.cloudflare.com https://bat.bing.com https://www.google.com https://www.gstatic.com https://static1.jetpens.com; report-uri /ContentSecurityPolicy; 1
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: 'self' data:; font-src https: 'self' data:; 1
font-src *.hotjar.com *.klevu.com *.typekit.net *.cdn-rs.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.fontawesome.com maxcdn.bootstrapcdn.com *.gstatic.com *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com *.hotjar.com *.audio-technica.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com bytedance: sslocal: www.xtento.com *.google.com *.hotjar.com *.addthis.com *.audio-technica.com *.dotdigital-pages.com *.dotdigital.com account.fetchify.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.trustpilot.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com www.xtento.com cdn.xtento.com *.klevu.com *.doubleclick.net *.google.co.uk *.gstatic.com maps.googleapis.com *.google.com *.cloudfront.net *.postcodeanywhere.co.uk *.bing.com *.clarity.ms *.audio-technica.com *.powerreviews.com *.hsforms.com *.hubspot.com *.cookiebot.com https://images.unsplash.com *.trackedlink.net *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.klarna.com *.klarnaevt.com *.klarnacdn.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com www.xtento.com cdn.xtento.com *.google.com *.gstatic.com *.googletagmanager.com *.hotjar.com *.zdassets.com *.trackedlink.net *.addthis.com *.klevu.com *.trustpilot.com *.moatads.com *.addthisedge.com *.googleapis.com *.clarity.ms *.tiktok.com *.powerreviews.com *.hs-scripts.com *.audio-technica.com *.forter.com *.postcodeanywhere.co.uk *.bing.com *.algolia.net *.algolianet.com *.hubspotfeedback.com *.hubapi.com *.hubspot.com *.hs-analytics.net *.hscollectedforms.net *.hs-banner.com *.cloudfront.net *.googleoptimize.com https://cdnjs.cloudflare.com/ajax/libs/dropzone/5.9.2/min/dropzone.min.js *.cardinalcommerce.com *.google-analytics.com *.paypal.com *.facebook.com *.stripe.com *.klarna.com *.braintreegateway.com *.cloudflare.com *.pcapredict.com *.dotdigial-pages.com *.cookiebot.com https://cc-cdn.com/utils/transl/v1.6.2/transliteration.min.js *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal *.googleadservices.com klarna.com *.klarnacdn.net *.klarnaevt.com *.klarnaservices.com *.avada.io cdn.jsdelivr.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.myfonts.net *.klevu.com *.typekit.net *.googleapis.com *.google.co.uk *.powerreviews.com *.google.com *.cdn-rs.com *.fonts.net *.postcodeanywhere.co.uk aud-media.cdn-rs.com https://cdnjs.cloudflare.com/ajax/libs/dropzone/5.9.2/dropzone.min.css *.adobedtm.com  cc-cdn.com *.klarnacdn.net *.fontawesome.com cdn.jsdelivr.net maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com *.trustpilot.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com *.hotjar.com *.hotjar.io *.zdassets.com *.zopim.com *.doubleclick.net *.google-analytics.com *.googleapis.com *.clarity.ms *.tiktok.com *.trustpilot.com *.audio-technica.com *.forter.com *.cloudfront.net *.postcodeanywhere.co.uk *.powerreviews.com *.hubspot.com *.cdn.forter.com *.googleoptimize.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.klarnaservices.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.audio-technica.com/; report-to report-endpoint; 1
connect-src 'self' ws:; default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report 1
object-src 'none';base-uri 'self';script-src 'nonce-kIb2gQWm5QCxCt01ZtXYnw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.paddle.com connect.facebook.net mc.yandex.com mc.yandex.ru quantcast.mgr.consensu.org rules.quantcount.com secure.quantserve.com ssl.google-analytics.com translate.google.com translate.googleapis.com translate-pa.googleapis.com www.google-analytics.com www.googletagmanager.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.paddle.com use.fontawesome.com www.iubenda.com translate.googleapis.com; img-src 'self' data: cms.quantserve.com mc.webvisor.org mc.yandex.by mc.yandex.com mc.yandex.com.tr mc.yandex.fr mc.yandex.kz mc.yandex.ru mc.yandex.ua mc.yandex.uz pixel.quantcount.com pixel.quantserve.com ssl.google-analytics.com ssl.gstatic.com translate.google.com translate.googleapis.com www.facebook.com www.google.ae www.google.al www.google.am www.google.at www.google.az www.google.ba www.google.be www.google.bf www.google.bg www.google.bj www.google.bs www.google.by www.google.ca www.google.cd www.google.ch www.google.ci www.google.cl www.google.cm www.google.cn www.google.co.ao www.google.co.bw www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ls www.google.co.ma www.google.co.nz www.google.co.th www.google.co.tz www.google.co.ug www.google.co.uk www.google.co.uz www.google.co.ve www.google.co.za www.google.co.zm www.google.co.zw www.google.com www.google.com.af www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bh www.google.com.bn www.google.com.bo www.google.com.br www.google.com.bz www.google.com.co www.google.com.cu www.google.com.cy www.google.com.do www.google.com.ec www.google.com.eg www.google.com.et www.google.com.gh www.google.com.gt www.google.com.hk www.google.com.jm www.google.com.kh www.google.com.kw www.google.com.lb www.google.com.ly www.google.com.mm www.google.com.mt www.google.com.mx www.google.com.my www.google.com.na www.google.com.ng www.google.com.ni www.google.com.np www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.com.pr www.google.com.py www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.sv www.google.com.tj www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vc www.google.com.vn www.google.cv www.google.cz www.google.de www.google.dk www.google.dz www.google.ee www.google.es www.google.fi www.google.fr www.google.ge www.google.gr www.google.gy www.google.hn www.google.hr www.google.ht www.google.hu www.google.ie www.google.im www.google.iq www.google.is www.google.it www.google.jo www.google.kg www.google.kz www.google.la www.google.lk www.google.lt www.google.lu www.google.lv www.google.md www.google.me www.google.mg www.google.mk www.google.mn www.google.mu www.google.mv www.google.mw www.google.ne www.google.nl www.google.no www.google.pl www.google.ps www.google.pt www.google.ro www.google.rs www.google.ru www.google.se www.google.si www.google.sk www.google.sm www.google.sn www.google.sr www.google.tn www.google.tt www.google.td www.google.je www.google.ws www.google.rw www.google.co.mz www.google.sc www.google.tm www.google.ga www.google.tg www.google.com.ag www.google.co.in www.google.ad www.google.ml www.google.cg www.google-analytics.com www.googletagmanager.com www.gstatic.com yastatic.net; connect-src 'self' audit-tcfv2.quantcast.mgr.consensu.org code.jquery.com mc.yandex.by mc.yandex.com mc.yandex.com.tr mc.yandex.fr mc.yandex.kz mc.yandex.md mc.yandex.ru mc.yandex.ua mc.yandex.uz quantcast.mgr.consensu.org translate.googleapis.com www.google-analytics.com stats.g.doubleclick.net est.quantcast.mgr.consensu.org; font-src 'self' fonts.gstatic.com use.fontawesome.com; object-src 'self'; media-src 'self'; form-action 'self'; frame-src 'self' m.youtube.com mc.yandex.com web.facebook.com www.facebook.com www.google.com www.googletagmanager.com www.youtube.com youtube.com; child-src 'self' www.facebook.com; worker-src 'self'; manifest-src 'self'; report-uri /secure-headers/report/r/d/csp/enforce; block-all-mixed-content; upgrade-insecure-requests 1
default-src 'self'; script-src 'self' 'nonce-49271511de2e0dcb03ad2bf0796e45fc55870229678dce8bf26a16f5de3a25d5' https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com https://*.googletagmanager.com https://*.clearbitjs.com https://*.licdn.com http://*.facebook.net https://*.adroll.com https://*.crazyegg.com https://www.clarity.ms http://*.bing.com https://*.bing.com http://*.hs-scripts.com https://*.hs-scripts.com https://*.hs-banner.com https://*.hs-analytics.net https://*.hsadspixel.net https://*.sa-as.com https://*.cloudfront.net https://www.redditstatic.com https://*.linkgraph.com https://*.intellimize.co https://*.intellimizeio.com https://*.chilipiper.com; script-src-elem 'self' 'nonce-49271511de2e0dcb03ad2bf0796e45fc55870229678dce8bf26a16f5de3a25d5' http://static.ads-twitter.com https://sc.lfeeder.com https://www.google-analytics.com https://www.google.com/recaptcha/ https://tagmanager.google.com https://www.googletagmanager.com https://*.clearbitjs.com https://*.licdn.com http://*.facebook.net https://*.adroll.com https://*.crazyegg.com https://www.clarity.ms http://*.bing.com https://*.bing.com http://*.hs-scripts.com https://*.hs-scripts.com https://*.hs-banner.com https://*.hs-analytics.net https://*.hsadspixel.net https://*.sa-as.com https://*.cloudfront.net https://www.redditstatic.com https://*.linkgraph.com https://*.intellimize.co https://*.intellimizeio.com; img-src 'self' 'nonce-49271511de2e0dcb03ad2bf0796e45fc55870229678dce8bf26a16f5de3a25d5' https://www.google-analytics.com https://*.g.doubleclick.net https://*.analytics.google.com https://*.google-analytics.com https://*.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com www.googletagmanager.com https://googleads.g.doubleclick.net https://www.google.com https://*.google.com https://*.clearbitjs.com https://*.hsforms.net https://*.adsymptotic.com https://*.linkedin.com https://*.lfeeder.com https://*.cloudfront.net https://track.hubspot.com https://q.quora.com https://*.sa-as.com https://*.reddit.com https://*.bing.com; connect-src 'self' 'nonce-49271511de2e0dcb03ad2bf0796e45fc55870229678dce8bf26a16f5de3a25d5' https://cs.lf-discover.com wss://visitors.live wss://in.visitors.live https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.google-analytics.com https://*.doubleclick.net https://*.leadinfo.net https://d.adroll.com https://*.clarity.ms https://*.crazyegg.com https://*.luckyorange.net https://*.hubapi.com https://*.hubspot.com https://*.hsforms.com https://minio.ghost.io https://*.searchatlas.com https://*.chilipiper.com; style-src 'self' 'nonce-49271511de2e0dcb03ad2bf0796e45fc55870229678dce8bf26a16f5de3a25d5' https://*.cloudfront.net http://bat.bing.com https://bat.bing.com https://tagmanager.google.com https://fonts.googleapis.com https://*.intellimize.co https://*.intellimizeio.com; font-src 'self' 'nonce-49271511de2e0dcb03ad2bf0796e45fc55870229678dce8bf26a16f5de3a25d5' https://fonts.gstatic.com; object-src 'none'; media-src 'self' 'nonce-49271511de2e0dcb03ad2bf0796e45fc55870229678dce8bf26a16f5de3a25d5' https://*.cloudfront.net; frame-src 'self' 'nonce-49271511de2e0dcb03ad2bf0796e45fc55870229678dce8bf26a16f5de3a25d5' https://bid.g.doubleclick.net https://www.google.com/ https://*.hubspot.com http://minio.lookbookhq.com https://minio.lookbookhq.com http://minio.pathfactory.com https://minio.pathfactory.com http://resources.min.io https://resources.min.io https://*.chilipiper.com; frame-ancestors 'self' https://*.hubspot.com http://minio.lookbookhq.com https://minio.lookbookhq.com http://minio.pathfactory.com https://minio.pathfactory.com http://resources.min.io https://resources.min.io; 1
object-src 'none';base-uri 'self';script-src 'nonce-4LFGNYdefo74FDQaCp-d5Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
connect-src 'self' 'unsafe-inline' *.alida.com *.contentsquare.net *.sunbeltrentals.com *.linkedin.com *.clarity.ms *.doubleclick.net *.googleadservices.com *.callrail.com *.coveo.com *.google-analytics.com *.sentry.io *.omtrdc.net *.google.com *.mktoresp.com *.livechatinc.com *.ipapi.co *.cloudflare.com *.facebook.com *.bing.com *.adobedc.net *.enzymic.co *.uxtweak.com *.oktapreview.com *.dynatrace.com https://maps.googleapis.com *.googleapis.com https://ipapi.co *.sunbeltrentalspayments.com *.oktacdn.com *.adsrvr.org *.okta.com *.bing.net https://api.livechatinc.com *.virtualearth.net *.adobedtm.com *.gstatic.com *.facebook.net *.googletagmanager.com; default-src 'self' *.adobedc.net *.adobedtm.com *.adsrvr.org *.alida.com *.bing.com *.callrail.com *.clarity.ms *.cloudflare.com *.contentsquare.net *.coveo.com *.doubleclick.net *.dynatrace.com *.enzymic.co *.facebook.net *.google-analytics.com *.google.com *.googleadservices.com *.gstatic.com *.kampyle.com *.licdn.com *.linkedin.com *.livechatinc.com https://maps.googleapis.com *.marketo.net *.mktoresp.com *.oktacdn.com *.omtrdc.net *.ravenjs.com *.sentry.io *.sitescdn.net *.sunbeltrentals.com *.virtualearth.net *.facebook.com *.ipapi.co *.googletagmanager.com https://api.livechatinc.com; font-src 'self' *.googleapis.com *.googletagmanager.com *.sunbeltrentals.com *.gstatic.com data: *.oktacdn.com https://fonts.googleapis.com https://use.fontawesome.com; frame-src 'self' https://www.youtube.com *.doubleclick.net *.livechatinc.com *.adsrvr.org *.sunbeltrentals.com *.sunbeltrentalspayments.com *.cloudflare.com https://player.vimeo.com *.googletagmanager.com *.alida.com *.facebook.com; frame-ancestors 'self' *.punchout2go.com *.gep.com *.ariba.com *.hubwoo.com *.sciquest.com *.tradecentric.com; img-src 'self' *.facebook.com *.sunbeltrentals.com *.googletagmanager.com *.contentsquare.net *.linkedin.com *.doubleclick.net *.clarity.ms *.maps.googleapis.com *.bing.com *.maps.gstatic.com data: https: *.adsrvr.org *.gstatic.com *.googleapis.com *.oktacdn.com https://www.cloudflare.com *.cloudflare.com; script-src 'self' 'unsafe-inline' *.adobedtm.com *.alida.com *.bing.com *.cloudflare.com *.coveo.com *.doubleclick.net *.livechatinc.com *.googleapis.com *.marketo.net *.oktacdn.com *.sunbeltrentals.com 'unsafe-eval' *.adsrvr.org *.google-analytics.com *.kampyle.com *.callrail.com *.clarity.ms *.contentsquare.net *.facebook.net *.googletagmanager.com *.gstatic.com *.sitescdn.net *.licdn.com *.dynatrace.com *.storage.googleapis.com *.enzymic.co *.ravenjs.com *.uxtweak.com *.virtualearth.net https://api.livechatinc.com *.sentry.io; style-src 'self' 'unsafe-inline' *.googleapis.com *.sunbeltrentals.com *.oktacdn.com *.bing.com https://maps.googleapis.com https://fonts.googleapis.com https://use.fontawesome.com *.sunbeltrentalspayments.com https://iframesbrdevweb.sunbeltrentalspayments.com *.cloudflare.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' *.sunbeltrentals.com blob: *.googleapis.com *.maps.googleapis.com; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=N67T.r1S3y6sCkUpSs.lDXCD1FSMuG8.WEXsz3nGzJ0-1752205453-1.0.1.1-MwWoxOU9Atyktg7TRH5LCUpVy755Oykd8bFq7W3lMrlJuDIab685Pb7qVXKy5O2QOrNN4NooHkSruQe5SPr6UJpvmBnVRGqZXVkhsAkiZmuxX6KiEJpF7l09xrRX0QKsB9kH1ngg5gPO7QWuKrlhLGTqM.y9bdg93oyoz6JTqCSAuyEEzfk0cXID0MIk_0ytyjrwyvRqm17tXZI3ATWwLA; report-to cf-faztlibacelumqrw 1
connect-src *.affirm.com https://tracker.affirm.com https://assets.braintreegateway.com *.braintreegateway.com *.braintree-api.com *.braze.com https://sdk.iad-05.braze.com/api/v3/data/ *.datadoghq.com *.browser-intake-us5-datadoghq.com https://browser-intake-us5-datadoghq.com https://session-replay.browser-intake-us5-datadoghq.com/api/v2/replay https://www.facebook.com https://connect.facebook.net https://www.facebook.com/tr/ *.forter.com wss://cdn0.forter.com https://d2o5idwacg3gyw.cloudfront.net https://dz8rit8v72mig.cloudfront.net https://db7q4jg5rkhk8.cloudfront.net https://1.1.1.1 https://d94qwxh6czci4.cloudfront.net https://dr6vcclmzwk74.cloudfront.net https://d6rak4b14t5gp.cloudfront.net https://d3k4bt74u9esq1.cloudfront.net https://d1ezzflfzltk6e.cloudfront.net https://d3nocrch4qti4v.cloudfront.net https://duuytoqss3gu4.cloudfront.net https://df45ay5pw60dy.cloudfront.net *.google.com https://www.google.com https://www.google-analytics.com https://www.google-analytics.com/j/collect https://www.gstatic.com https://www.google.com.mx https://www.googletagmanager.com https://google.com/pay https://adservice.google.com https://pay.google.com https://pay.google.com/about/redirect/ https://analytics.google.com https://fonts.gstatic.com https://www.googleadservices.com https://www.googletagmanager.com https://maps.googleapis.com https://googleads.g.doubleclick.net/ *.gr4vy.app https://paypal.com https://www.paypal.com/sdk/js https://checkout.paypal.com https://www.paypalobjects.com *.paypal.com https://ipv4.podscribe.com/ https://d34r8q7sht0t9k.cloudfront.net *.pusher.com https://sockjs-mt1.pusher.com wss://ws-mt1.pusher.com https://sandbox.affirm.com https://sandbox.affirm.com/fonts https://www.sandbox.paypal.com/ *.sentry.io *.ingest.sentry.io *.ingest.us.sentry.io api.statsig.com api.statsigcdn.com assetsconfigcdn.org beyondwickedmapping.org cdn.console.statsig.com cloudflare-dns.com console.statsig.com console.statsigcdn.com events.statsigapi.net featureassets.org featuregates.org idliststorage.blob.core.windows.net prodregistryv2.org statsigapi.net https://*.tiktok.com https://*.tiktokw.us *.amazonaws.com https://api.buttercms.com https://pixels.spotify.com bat.bing.com *.cloudfront.net *.doubleclick.net https://gametime.hnyj8s.net *.gametime.co/ https://boards-api.greenhouse.io/v1/boards/gametimeunited/departments https://global.ketchcdn.com *.mparticle.com *.riskified.com 'self';default-src 'self';font-src 'self' data: https://sandbox.affirm.com https://sandbox.affirm.com/fonts https://www.sandbox.paypal.com/ *.google.com https://www.google.com https://www.google-analytics.com https://www.google-analytics.com/j/collect https://www.gstatic.com https://www.google.com.mx https://www.googletagmanager.com https://google.com/pay https://adservice.google.com https://pay.google.com https://pay.google.com/about/redirect/ https://analytics.google.com https://fonts.gstatic.com https://www.googleadservices.com https://www.googletagmanager.com https://maps.googleapis.com https://googleads.g.doubleclick.net/ https://fp.affirm-stage.com https://use.fontawesome.com;form-action 'self' https://www.facebook.com https://connect.facebook.net https://www.facebook.com/tr/;frame-src https://assets.braintreegateway.com *.braintreegateway.com *.braintree-api.com https://www.facebook.com https://connect.facebook.net https://www.facebook.com/tr/ *.google.com https://www.google.com https://www.google-analytics.com https://www.google-analytics.com/j/collect https://www.gstatic.com https://www.google.com.mx https://www.googletagmanager.com https://google.com/pay https://adservice.google.com https://pay.google.com https://pay.google.com/about/redirect/ https://analytics.google.com https://fonts.gstatic.com https://www.googleadservices.com https://www.googletagmanager.com https://maps.googleapis.com https://googleads.g.doubleclick.net/ *.gr4vy.app https://paypal.com https://www.paypal.com/sdk/js https://checkout.paypal.com https://www.paypalobjects.com *.paypal.com https://sandbox.affirm.com https://sandbox.affirm.com/fonts https://www.sandbox.paypal.com/ bytedance: https://player.vimeo.com/ https://www.affirm.com sslocal: *.doubleclick.net 'self';img-src 'self' data: blob: *.gametime.co/ https://*.tiktok.com https://*.tiktokw.us *;manifest-src 'self' *.google.com https://www.google.com https://www.google-analytics.com https://www.google-analytics.com/j/collect https://www.gstatic.com https://www.google.com.mx https://www.googletagmanager.com https://google.com/pay https://adservice.google.com https://pay.google.com https://pay.google.com/about/redirect/ https://analytics.google.com https://fonts.gstatic.com https://www.googleadservices.com https://www.googletagmanager.com https://maps.googleapis.com https://googleads.g.doubleclick.net/;script-src *.affirm.com https://tracker.affirm.com https://assets.braintreegateway.com *.braintreegateway.com *.braintree-api.com *.braze.com https://sdk.iad-05.braze.com/api/v3/data/ https://www.facebook.com https://connect.facebook.net https://www.facebook.com/tr/ *.forter.com https://dlthst9q2beh8.cloudfront.net https://d2nww8zpyj5pk0.cloudfront.net https://d2w2nqfk3z9hdt.cloudfront.net *.google.com https://www.google.com https://www.google-analytics.com https://www.google-analytics.com/j/collect https://www.gstatic.com https://www.google.com.mx https://www.googletagmanager.com https://google.com/pay https://adservice.google.com https://pay.google.com https://pay.google.com/about/redirect/ https://analytics.google.com https://fonts.gstatic.com https://www.googleadservices.com https://www.googletagmanager.com https://maps.googleapis.com https://googleads.g.doubleclick.net/ *.gr4vy.app https://paypal.com https://www.paypal.com/sdk/js https://checkout.paypal.com https://www.paypalobjects.com *.paypal.com https://ipv4.podscribe.com/ https://d34r8q7sht0t9k.cloudfront.net *.sentry.io *.ingest.sentry.io *.ingest.us.sentry.io https://*.tiktok.com https://*.tiktokw.us https://app.link https://cdn.ketchjs.com https://cdn.sift.com/s.js https://utt.impactcdn.com https://applepay.cdn-apple.com bat.bing.com blob: https://global.ketchcdn.com *.mparticle.com 'report-sample' *.riskified.com 'self' 'unsafe-eval' 'unsafe-inline';style-src 'self' 'report-sample' 'unsafe-inline' https://fonts.googleapis.com https://use.fontawesome.com https://www.googletagmanager.com;worker-src 'self' blob: 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.hotjar.com *.mavenoid.com *.klevu.com *.ksearchnet.com *.narvar.com *.narvar.qa *.onetrust.com www.worx.com worx.com *.signifyd.com *.onlineada.workers.dev maxaccess-api.onlineada.workers.dev *.maxaccess.io *.fontawesome.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de api.bazaarvoice.com stg.api.bazaarvoice.com www.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.sharethis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.affirm.com *.affirm.ca display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com s.amazon-adsystem.com *.hotjar.com www.facebook.com *.pinterest.com www.paypalobjects.com *.amc.demdex.net *.demdex.net *.cardinalcommerce.com *.authorize.net *.vimeo.com www.google.com *.ugc.bazaarvoice.com *.bazaarvoice.com *.api.bazaarvoice.com *.amazon-adsystem.com *.weltpixel.com mcstaging.worx.com tst.kaptcha.com *.adsrvr.org www.worx.com worx.com *.dap.akadns.net *.signifyd.com *.monetate.net ssl.kaptcha.com *.online-metrix.net *.captcha-delivery.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com * https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.sharethis.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com *.affirm.com *.affirm.ca display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com *.bing.com *.adsrvr.org x.bidswitch.net pixel.advanseads *.fg8dgt.com www.facebook.com *.tremorhub.com *.reson8.com *.mathtag.com *.bluekai.com sync.search.spotxchange.com thrtle.com sync.go.sonobi.com *.demdex.net www.livehelpnow.net *.rubiconproject.net *.g.doubleclick.net tapestry.tapad.com segments.company-target.com simage2.pubmatic.com dsum.casalemedia.com ads.altitude-arena.com i.liadm.com *.listrakbi.com *.adobedtm.com *.sc.omtrdc.net *.everesttech.net *.magentocommerce.com *.sandbox.paypal.com *.ytimg.com *.swagger.io *.cloudfront.net *.bazaarvoice.com *.ugc.bazaarvoice.co *.rlcdn.com *.bfmio.com *.klevu.com *.ksearchnet.com *.narvar.com *.narvar.qa www.sandbox.paypal.com *.stats.paypal.com *.braintreegateway.com www.google.co.in *.cookielaw.org *.dap.akadns.net *.espssl.com *.s3.us-east-2.amazonaws.com *.pinterest.com *.hotjar.com www.emjcd.com *.dotomi.com *.worx.com worx.com *.five9.com *.nextdoor.com s3.amazonaws.com *.googleapis.com *.facebook.net *.eu.worx.com pippio.com *.adsymptotic.com *.openx.net *.agkn.com *.audrte.com *.krxd.net *.videohub.tv *.adxns.com *.media6degrees.com *.ads.linkedin.com *.scorecardresearch.com *.netseer.com *.us1.dyntrk.com *.insightexpressai.com *.mediawallahscript.com *.t.domdex.com *.services.xg4ken.com trkn.us *.mmsho.com *.narrative.io *.postrelease.com *.ispot.tv *.crsspxl.com *.bnmla.com *.acxiomapac.com *.y-medialink.com *.shopping.rakuten.com *.rtbiq.com *.ib-ibi.com *.signifyd.com *.monetate.net *.srv.stackadapt.com *.spotify.com *.rd.linksynergy.com um.simpli.fi cs.media.net *.addthis.com sync.ipredictive.com lrp.mxptint.net pixel.tapad.com epiv.cardlytics.com secure.adnxs.com www.entitytag.co.uk px.owneriq.net bttrack.com ssum.casalemedia.com usersync-b3.videoamp.com *.maxaccess.io *.online-metrix.net s3-us-west-2.amazonaws.com maps.googleapis.com maps.gstatic.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.pixriot.com *.storeimaging.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.sharethis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.affirm.com *.affirm.ca apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com js-agent.newrelic.com bam.nr-data.net blueacornici.atlassian.net *.monetate.net www.livehelpnow.net js.klevu.com *.listrakbi.com *.facebook.net *.steelhousemedia.com *.adacado.com *.hotjar.com *.amazon-adsystem.com *.rlcdn.com *.adsrvr.org *.bidswitch.net *.adobedtm.com *.cardinalcommerce.com *.ccdc02.com *.authorize.net *.braintreegateway.com *.paypal.com *.ytimg.com *.bazaarvoice.com *.nexus.bazaarvoice.co *.ugc.bazaarvoice.com *.api.bazaarvoice.com *.iesnare.com *.atlassian.net polyfill.io *.fg8dgt.com *.ksearchnet.com *.sandbox.braintreegateway.com *.bing.com *.tiktok.com www.mczbf.com *.cookielaw.org *.maxaccess.io *.five9.com *.r.bidswitch.net *.dstillery.com *.media6degrees.com *.onlineada.workers.dev *.fullstory.com s.pinimg.com *.mavenoid.com *.cloudfront.net mcstaging.worx.com www.worx.com worx.com *.orderwave.com *.googleapis.com get.geojs.io *.g.doubleclick.net *.nextdoor.com code.jquery.com dap-dist.akamaized.net serviceconnection.pro *.blob.core.windows.net kalicube.pro *.jsdelivr.net *.dap.akadns.net sjwoe.com www.sjwoe.com *.narvar.com *.ads.linkedin.com www.googleoptimize.com *.signifyd.com *.datadome.co *.captcha-delivery.com *.schemaapp.com ct.pinterest.com cdnjs.cloudflare.com *.online-metrix.net kenwheeler.github.io maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.sharethis.com display.ugc.bazaarvoice.com *.googleapis.com *.listrakbi.com *.mavenoid.com *.five9.com *.espssl.com *.typekit.net serviceconnection.pro *.onetrust.com www.worx.com worx.com *.signifyd.com *.klevu.com *.ksearchnet.com *.fontawesome.com assets.braintreegateway.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.worx.com *.narvar.com *.narvar.qa 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.sharethis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.affirm.com *.affirm.ca api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.onetrust.com bam.nr-data.net *.listrakbi.com *.listrak.com *.hotjar.io *.g.doubleclick.net *.demdex.net *.sc.omtrdc.net *.cardinalcommerce.com *.amazonservices.com *.amazonservices.co.uk *.amazonservices.co.jp *.amazonservices.jp *.amazonservices.it *.amazonservices.fr *.amazonservices.es *.amazonservices.de *.bazaarvoice.com *.api.bazaarvoice.com *.klevu.com *.ksearchnet.com *.braintreegateway.com *.sandbox.braintreegateway.com *.braintree-api.com *.tiktok.com *.cookielaw.org *.onlineada.workers.dev *.cloudfront.net *.execute-api.us-east-2.amazonaws.com *.five9.com *.fullstory.com www.mczbf.com *.pinterest.com *.ingest.sentry.io *.mavenoid.com *.googleapis.com surveystats.hotjar.io serviceconnection.pro kalicube.pro *.blob.core.windows.net www.facebook.com *.jsdelivr.net *.dap.akadns.net sjwoe.com www.sjwoe.com www.worx.com worx.com *.ads.linkedin.com www.googleoptimize.com www.livehelpnow.net *.signifyd.com *.monetate.net *.datadome.co *.cloudfunctions.net *.bing.com *.schemaapp.com *.google.co.in *.maxaccess.io s.amazon-adsystem.com ara.paa-reporting-advertising.amazon maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.pixriot.com *.storeimaging.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'none'; font-src 'self' fonts.gstatic.com data:; img-src * 'self' data: https:; script-src 'self' 'unsafe-inline' *.clickhouse-dev.com:* *.clickhouse-staging.com:* *.clickhouse.cloud:* clickhouse.com discover.clickhouse.com statuspage.incident.io www.recaptcha.net recaptcha.net https://www.datadoghq-browser-agent.com munchkin.marketo.net www.google.com google.com *.googletagmanager.com *.licdn.com www.gstatic.com js.stripe.com js.driftt.com *.fullstory.com vercel.live; style-src 'self' 'unsafe-inline' clickhouse.com discover.clickhouse.com fonts.googleapis.com vercel.live; media-src https://js.driftt.com/; object-src 'none'; worker-src 'self' blob:; connect-src 'self' 'unsafe-inline' clickhouse.com discover.clickhouse.com wss: *.clickhouse-dev.com:* *.clickhouse-staging.com:* *.clickhouse.cloud:* https://browser-intake-us3-datadoghq.com statuspage.incident.io www.recaptcha.net recaptcha.net *.us-east-2.amazonaws.com *.google-analytics.com *.linkedin.oribi.io *.mktoresp.com s3.eu-west-1.amazonaws.com *.fullstory.com *.auth0.com vercel.live; frame-src *.clickhouse-dev.com:* *.clickhouse-staging.com:* *.clickhouse.cloud:* clickhouse.com discover.clickhouse.com www.recaptcha.net recaptcha.net https://www.google.com https://www.googletagmanager.com https://js.stripe.com https://player.vimeo.com https://js.driftt.com/ *.auth0.com vercel.live; frame-ancestors 'none'; 1
default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.adobedtm.com *.amazon-adsystem.com *.appdemostore.com *.atdmt.com *.avocet.io *.blubrry.com *.clicktale.net *.craftyclicks.co.uk *.chatcora.natwest.com  *.doubleclick.net *.everesttech.net *.facebook.com *.facebook.net *.fca.org.uk *.google.co.uk *.google.com *.googleadservices.com *.jwpcdn.com *.liveperson.net *.linkedin.com *.lpsnmedia.net *.neolane.net *.omguk.com *.omtrdc.net *.pinimg.com *.pinterest.com *.raptmedia.com *.rbos.com *.rbs.co.uk *.rbs.com *.rbsdigital.com *.supportcentre-rbs.co.uk *.snapchat.com *.userzoom.com *.youtube.com *.ytimg.com analytics.twitter.com api.swiftype.com dcs.demdex.net dpm.demdex.net fast.demdex.net fast.rbs.demdex.net jwpltx.com rbs.demdex.net sc-static.net search-rbs.co.uk static.ads-twitter.com t.co www.brightedge.com *.everesttech.net *.everestjs.net cdn.cookielaw.org; upgrade-insecure-requests; report-uri https://rbspersonal.report-uri.com/r/t/csp/reportOnly 1
script-src 'unsafe-inline' 'nonce-3b0a5eaaddd6354d818c37f52811da03' *.fontawesome.com *.klaviyo.com connect.facebook.com analytics.tiktok.com www.youtube.com 1
frame-ancestors 'self';report-uri https://csp.withgoogle.com/csp/frame-ancestors/a00d54fdef4a77536baac3725d1409f8 1
default-src 'self' *.siepomaga.pl; base-uri 'none'; child-src 'self' *.siepomaga.pl accounts.google.com/ merch-prod.snd.payu.com/ applepay.cdn-apple.com/ pay.google.com/ secure.payu.com www.youtube.com youtube.com youtu.be www.youtube-nocookie.com youtube-nocookie.com player.vimeo.com vimeo.com www.facebook.com web.facebook.com connect.facebook.net m.facebook.com *.criteo.com *.criteo.net www.googletagmanager.com; connect-src https: blob:; font-src https: data: chrome-extension; frame-ancestors 'none'; frame-src 'self' *.siepomaga.pl accounts.google.com/ merch-prod.snd.payu.com/ applepay.cdn-apple.com/ pay.google.com/ secure.payu.com www.youtube.com youtube.com youtu.be www.youtube-nocookie.com youtube-nocookie.com player.vimeo.com vimeo.com www.facebook.com web.facebook.com connect.facebook.net m.facebook.com *.criteo.com *.criteo.net www.googletagmanager.com; img-src https: data: blob: www.facebook.com; manifest-src 'self' siepomaga.cloudflareaccess.com; media-src https: data:; object-src 'none'; script-src 'strict-dynamic' https: 'unsafe-eval' 'report-sample' 'nonce-yyFhAqQL5VcWs9+ncQ1cGlQ95QWEUL4AU2g2d7Z4s/s=' 'unsafe-inline'; style-src https: 'unsafe-inline'; report-uri https://sentry.siepomaga.pl/tunnel/?csp=true&projectId=8&key=5ff966d78089e2f12b8e6374b8c3cbed&environment=production&release=30ed3887fe25913b0c92f663f5f6baf4d206dbac; report-to csp-endpoint 1
frame-ancestors 'self'; object-src 'none'; report-to csp-report; report-uri https://www.buckle.com/csp-report 1
object-src 'none';base-uri 'self';script-src 'nonce-L8GX593nn67eTPTn_0_zOg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none'; script-src 'self' 'unsafe-inline' connect.facebook.net platform.linkedin.com platform.twitter.com cdn.matomo.cloud cdn.gtranslate.net translate.google.com translate.googleapis.com https://static.hotjar.com https://script.hotjar.com cdn.rawgit.com cdnjs.cloudflare.com https://cdn.ckeditor.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://www.google.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com *.klevu.com *.ksearchnet.com maxcdn.bootstrapcdn.com *.yotpo.com cdn.livehelpnow.net x.klarnacdn.net https://*.hotjar.com static.klaviyo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.nosto.com *.nos.to *.authorize.net https://plumrocket.com *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.authorize.net unsafe-inline 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com *.certcapture.com *.awin1.com *.zenaps.com *.fls.doubleclick.net magento-cloudflare.jetrails.com *.google.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.wesupply.xyz https://wesupplylabs.com guarantee-cdn.com *.nosto.com *.nos.to *.authorize.net https://plumrocket.com https://accounts.google.com *.weltpixel.com *.googletagmanager.com *.doubleclick.net www.xtento.com *.yotpo.com c.sharethis.mgr.consensu.org cdn.justuno.com t.sharethis.com js.klarna.com www.googletagmanager.com cdn.jst.ai 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com *.googleapis.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com *.certcapture.com *.awin1.com *.zenaps.com *.wepowerconnections.com *.ytimg.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com https://www.magezon.com https://meetanshi.com/media/logo.png www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com guarantee-cdn.com *.nosto.com *.nos.to store.paradoxlabs.com *.facebook.com *.reddit.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com www.xtento.com cdn.xtento.com *.yotpo.com challenge.livehelpnow.net cdn.userway.org developer.livehelpnow.net www.livehelpnow.net bat.bing.com platform-cdn.sharethis.com www.google.co.in l.sharethis.com fabrics-media.moodfabrics.com verify.authorize.net x.klarnacdn.net www.moodfabrics.com eqkuzx7g.cdn.imgeng.in *.jst.ai *.acsbapp.com https://*.hotjar.com static-na.payments-amazon.com *.amazonaws.com *.affirm.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com pinterest.com www.pinterest.com s.pinimg.com *.certcapture.com *.awin1.com *.dwin1.com *.zenaps.com *.wepowerconnections.com https://the.sciencebehindecommerce.com lantern.roeyecdn.com widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.klevu.com *.ksearchnet.com *.google.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cloudflare.com guarantee-cdn.com *.nosto.com *.nos.to *.authorize.net https://accounts.google.com https://www.gstatic.com *.googletagmanager.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com unpkg.com *.doubleclick.net www.xtento.com cdn.xtento.com *.yotpo.com web.facebook.com js-agent.newrelic.com bam.nr-data.net na-library.klarnaservices.com cdn.userway.org challenge.livehelpnow.net moodfabrics.atlassian.net cdn.polyfill.io acsbapp.com developer.livehelpnow.net bat.bing.com rum-static.pingdom.net cdn.justuno.com analytics.tiktok.com platform-api.sharethis.com buttons-config.sharethis.com t.sharethis.com my.justuno.com aly.justuno.com x.klarnacdn.net unsafe-inline tools.ietf.org tools.justuno.com static-tracking.klaviyo.com www.redditstatic.com *.convertexperiments.com *.jst.ai *.clarity.ms https://*.hotjar.com fonts.gstatic.com fonts.googleapis.com *.webeyez.com maxcdn.bootstrapcdn.com *.cloudfront.net *.amazonaws.com code.jquery.com nosto.stackla.com *.liadm.com *.klevu.com verify.authorize.net *.moodfabrics.com connect.nosto.com maps.googleapis.com s3-us-west-2.amazonaws.com api.retention.com https://rp.liadm.com da1bbbz2bvais.cloudfront.net https://www.dwin1.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.certcapture.com widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com *.klevu.com *.ksearchnet.com maxcdn.bootstrapcdn.com *.nosto.com *.nos.to https://accounts.google.com https://www.gstatic.com *.tagmanager.google.com *.googletagmanager.com *.yotpo.com *.googleapis.com static.klaviyo.com developer.livehelpnow.net x.klarnacdn.net *.jst.ai https://*.hotjar.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.googleapis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com *.certcapture.com *.wepowerconnections.com https://the.sciencebehindecommerce.com widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.nosto.com *.nos.to *.authorize.net https://accounts.google.com *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.doubleclick.net *.run.app *.yotpo.com bam.nr-data.net cafea271.klarnauserservices.com evt-na.klarnaservices.com static-forms.klaviyo.com api.userway.org developer.livehelpnow.net app.livehelpnow.net bsrx9ma6.klarnaservices.com cdn.acsbapp.com l.sharethis.com a.klaviyo.com stats.g.doubleclick.net rum-collector-2.pingdom.net na.klarnaevt.com telemetrics.klaviyo.com analytics.tiktok.com maps.googleapis.com *.clarity.ms *.jst.ai wss://app.livehelpnow.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.webeyez.com *.liadm.com *.alocdn.com *.cloudfront.net bat.bing.com api.retention.com *.execute-api.us-west-2.amazonaws.com alocdn.com a.usbrowserspeed.com https://idx.liadm.com pro.ip-api.com 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.moodfabrics.com/rest/all/V1/cspmanager/frontend_report; report-to report-endpoint; 1
font-src fonts.gstatic.com use.typekit.net *.fontawesome.com *.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.certcapture.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.certcapture.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com *.facebook.com s3-sa-east-1.amazonaws.com *.google.com.mx *.bing.com *.collect.igodigital.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com assets.adobedtm.com commerce.adobe.net magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.certcapture.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.equalweb.com *.sandbox.my.site.com/ *.sandbox.my.salesforce-scrt.com/ *.facebook.net *.tiktok.com/ *.cardinalcommerce.com *.ccdc02.com unpkg.com cdn.jsdelivr.net *.g.doubleclick.net *.adobe.io *.bolt.com *.commerce-quick-checkout.com localhost:8082 www.gstatic.com www.google.com *.braintreegateway.com *.sandbox.my.site.com *.sandbox.my.salesforce-scrt.com *.tiktok.com *.clarity.ms *.bing.com *.collect.igodigital.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com *.certcapture.com *.fontawesome.com unsafe-inline assets.braintreegateway.com *.cloudflare.com *.sandbox.my.site.com/ *.adobedtm.com *.cardinalcommerce.com *.ccdc02.com unpkg.com cdn.jsdelivr.net commerce.adobedtm.com www.googleadservices.com www.google-analytics.com *.g.doubleclick.net analytics.google.com www.googletagmanager.com use.typekit.net *.adobe.io *.sentry.io *.sentry-cdn.com *.newrelic.com *.nr-data.net *.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com assets.adobedtm.com commerce.adobe.net magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com localhost:8082 www.gstatic.com www.google.com js.braintreegateway.com c.paypal.com pay.google.com *.braintreegateway.com *.equalweb.com *.sandbox.my.site.com *.sandbox.my.salesforce-scrt.com *.facebook.net *.tiktok.com *.clarity.ms 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.snplow.net commerce.adobedc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com *.adobe.io performance.typekit.net *.magento-datasolutions.com *.magento-ds.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.certcapture.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.adobedc.net *.equalweb.com *.sandbox.my.salesforce-scrt.com/ *.sandbox.my.site.com/ *.tiktok.com/ *.adobedtm.com *.adobe.com *.ccdc02.com unpkg.com cdn.jsdelivr.net commerce.adobedtm.com *.g.doubleclick.net use.typekit.net t.paypal.com assets.adobedtm.com commerce.adobe.net magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com localhost:8082 www.gstatic.com www.google.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com *.braintreegateway.com *.sandbox.my.site.com *.sandbox.my.salesforce-scrt.com *.facebook.net *.tiktok.com *.clarity.ms *.bing.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' https://fonts.googleapis.com;        script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js.stripe.com https:// connect.facebook.net/ https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js https://api.sardine.ai https://static.zdassets.com/ https://ekr.zdassets https://ekr.zendesk.com https://*.zopim.com wss://demonifty.zendesk.com wss://*.zopim.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://edge.fullstory.com/s/ https://static.ads-twitter.com/uwt.js https://sc-static.net/ https://googleads.g.doubleclick.net/ https://tr.snapchat.com https://cdn.mxpnl.com;        style-src 'self' 'unsafe-inline' 'wasm-unsafe-eval' https://fonts.googleapis.com *.live-video.net;        script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://api.dev.sardine.ai https://edge.fullstory.com https://www.googletagmanager.com/gtag/js https://connect.facebook.net https://static.ads-twitter.com/uwt.js https://sc-static.net/scevent.min.js https://www.google.com/recaptcha/ https://static.zdassets.com/ https://www.gstatic.com/recaptcha/ https://tr.snapchat.com/ https://www.google-analytics.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://api.sardine.ai https://unpkg.com/@google/model-viewer/dist/model-viewer.min.js https://www.youtube.com https://www.googleoptimize.com https://www.clarity.ms https://cdn.mxpnl.com/libs/mixpanel-recorder.min.js *.live-video.net;        img-src https: blob: data:;        connect-src https://browser-intake-datadoghq.com https://www.niftygateway.com https://niftygateway.com https://analytics.google.com https://*.clarity.ms https://niftygateway.zendesk.com https://api.niftygateway.com https://odysseymarket.niftygateway.com https://api.sandbox.niftygateway.com https://stats.g.doubleclick.net https://www.facebook.com/tr/ https://www.google-analytics.com https://api-js.mixpanel.com https://www.clarity.ms wss://widget-mediator.zopim.com https://nifty-qa100.service.aws-qa.sd.gem.link https://demonifty.zendesk.com https://ekr.zdassets.com https://encrypted-tbn0.gstatic.com/images https://lh3.googleusercontent.com https://tr.snapchat.com https://eth-goerli.alchemyapi.io https://search-api-staging.s-niftygateway-001-use1.svc.gem.link https://search-api.niftygateway.com https://search-api-dev.d-niftygateway-001-use1.svc.gem.link https://ipfs.io https://rs.fullstory.com https://session-replay.browser-intake-datadoghq.com https://eth-mainnet.alchemyapi.io https://api.cloudinary.com/v1_1/nifty_gateway/auto/upload https://api.pinata.cloud/pinning/pinFileToIPFS https://openseauserdata.com https://rum.browser-intake-datadoghq.com https://api.x.immutable.com https://i.seadn.io https://cdn.optimizely.com https://img.seadn.io https://storage.opensea.io https://api.opensea.io https://sdk.iad-03.braze.com *.live-video.net ;         font-src https://fonts.gstatic.com https://use.typekit.net/ 'self';        object-src 'self';        media-src https://media.niftygateway.com https://static.zdassets.com https://openseauserdata.com https://storage.opensea.io https://res.cloudinary.com blob:;        frame-src https://js.stripe.com https://www.google.com https://api.sardine.ai https://api.dev.sardine.ai https://tr.snapchat.com/ https://www.youtube.com https://webusprd01.ihsmtaxsolutions.com/Nifty/ https://td.doubleclick.net/;        frame-ancestors 'self';        worker-src blob:; 1
frame-ancestors 'self' https://stage.lovdata.no https://smia.lovdata.no/ 1
object-src 'none';base-uri 'self';script-src 'nonce-dTUJ11lql4_45vw-W3U8uQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'  https://*.wistia.net  https://*.wistia.com;      script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://js-de.sentry-cdn.com https://*.wistia.net  https://*.wistia.com   https://assets.production.linktr.ee     https://www.youtube.com     https://assets.calendly.com     https://growth.services.beekeeper.io     https://connect.facebook.net     https://a.omappapi.com     https://tracking.g2crowd.com     https://cdn-prod.eu.securiti.ai     https://www.beekeeper.io     https://*.zoominfo.com     https://*.zi-scripts.com     https://acsbapp.com     https://browser.sentry-cdn.com     https://js.sentry-cdn.com     https://fast.wistia.com     https://js.hsforms.net     https://forms.hsforms.com     https://hubspot-forms-static-embed.s3.amazonaws.com     https://boards.greenhouse.io     https://www.bugherd.com     https://sidebar.bugherd.com     https://cdn.cookielaw.org     https://fast.wistia.net     https://www.googletagmanager.com     https://www.google-analytics.com     https://snap.licdn.com     https://bat.bing.com     https://trk.techtarget.com     https://www.influ2.com     https://tags.srv.stackadapt.com     https://lltrck.com     https://www.clarity.ms     https://googleads.g.doubleclick.net     https://j.6sc.co     https://d10lpsik1i8c69.cloudfront.net     https://tracking.intentsify.io     https://pi.pardot.com     https://a.usbrowserspeed.com     https://a.remarketstats.com     https://i.liadm.com     https://a.clickcertain.com     https://static.cloudflareinsights.com     https://www.google.com/recaptcha/     https://*.hotjar.com     https://content.p3nd0.beekeeper.io     https://www.gstatic.com     https://dev.visualwebsiteoptimizer.com     https://js.hs-analytics.net     https://js.hsadspixel.net     https://js.hs-scripts.com     https://js.hs-banner.com     https://js.hscollectedforms.net     https://js.hsleadflows.net     https://js.usemessages.com     https://*.hubspot.com;    style-src 'self' 'unsafe-inline'   https://fast.wistia.com  https://assets.calendly.com     https://cdn-prod.eu.securiti.ai     https://a.omappapi.com     https://www.beekeeper.io     https://fonts.googleapis.com     https://d10lpsik1i8c69.cloudfront.net     https://tags.srv.stackadapt.com;    connect-src 'self' data: blob:  https://pagead2.googlesyndication.com  https://e.clarity.ms  https://*.litix.io https://*.wistia.com https://*.wistia.net https://*.algolia.net wss://ws.hotjar.com     https://ltp.linktr.ee     https://calendly.com     https://fast.wistia.net     https://selfservice-java.beekeeper.io     http://pricing.services.beekeeper.io     https://stats.g.doubleclick.net     https://secure.adnxs.com     https://tracking-api.g2.com     https://app.securiti.ai     https://api.omappapi.com     https://app.eu.securiti.ai     https://cdn-prod.eu.securiti.ai     https://analytics.google.com     https://forms.hubspot.com     https://*.zoominfo.com     https://*.zi-scripts.com     https://acsbapp.com     https://*.acsbapp.com     https://notify.bugsnag.com     https://sidebar.bugherd.com/binoculars     wss://ws-mt1.pusher.com     https://sockjs.pusher.com     https://fg8vvsvnieiv3ej16jby.litix.io     https://forms-na1.hubspot.com     https://forms.hsforms.com     https://hubspot-forms-static-embed.s3.amazonaws.com     https://*.influ2.com     https://c.6sc.co     https://sessions.bugsnag.com     https://cdn.cookielaw.org     https://geolocation.onetrust.com     https://*.wistia.com     https://yoast.com     https://www.google-analytics.com     https://ipv6.6sc.co     https://tags.srv.stackadapt.com     https://settings.luckyorange.net     https://px.ads.linkedin.com     https://ibc-flow.techtarget.com     https://t.clarity.ms     https://static.cloudflareinsights.com     https://o8540.ingest.sentry.io     https://*.hotjar.io     wss://ws.hotjar.com/api     https://*.hubspot.com     https://forms.hscollectedforms.net     https://api.hubapi.com     https://region1.analytics.google.com     https://www.google.com;    font-src 'self' data:  https://*.wistia.com   https://fast.wistia.com     https://fonts.gstatic.com     https://t.influ2.com     https://www.google.com;    frame-src 'self' data: blob:  https://fast.wistia.com https://fast.wistia.net   https://www.google.com     https://calendly.com     http://pricing.services.beekeeper.io     https://www.youtube.com     https://privacy-central.eu.securiti.ai     https://forms.hsforms.com     https://www.youtube-nocookie.com     https://boards.greenhouse.io     https://*.bugherd.com     https://*.wistia.com     https://*.wistia.net     https://open.spotify.com     https://td.doubleclick.net     https://www.google.com/recaptcha     https://iab-eu-tcf.securiti.ai     https://job-boards.greenhouse.io     https://privacy-central.eu.securiti.ai     https://www.googletagmanager.com;    img-src 'self' data: https://*.wistia.net  https://*.wistia.com   https://www.google.de     https://plugin-updates.wpengine.com     https://assets.calendly.com     https://lh7-us.googleusercontent.com     https://f.hubspotusercontent10.net     https://www.linkedin.com     https://www.googletagmanager.com     https://www.facebook.com     https://sidebar.bugherd.com     https://bugherd-attachments.s3.amazonaws.com     https://d2iiunr5ws5ch1.cloudfront.net     https://i.ytimg.com     https://fast.wistia.com     https://embed-ssl.wistia.com     https://forms-na1.hsforms.com     https://cdn.cookielaw.org     https://ps.w.org     https://s.w.org     https://secure.adnxs.com     https://ib.adnxs.com     https://t.influ2.com     https://px.ads.linkedin.com     https://www.google.com     https://bat.bing.com     https://www.google-analytics.com     https://lltrck.com     https://b.6sc.co     https://px4.ads.linkedin.com     blob:     https://c.clarity.ms     https://c.bing.com     https://dev.visualwebsiteoptimizer.com     https://track.hubspot.com     https://*.hsforms.com/embed/;    media-src 'self' blob:     https://fast.wistia.com  https://*.wistia.net  https://embed-cloudfront.wistia.com;    worker-src 'self' blob:     https://beeke25stg.eight25.xyz;    frame-ancestors 'self'     https://www.google.com     https://privacy-central.eu.securiti.ai     https://open.spotify.com     https://adgen-dev.spotify.com     https://local.spotify.net     https://*.spotify.net     https://*.spotify.com; report-to csp-violation-report-endpoint ; 1
default-src 'self' motul.com *.cdninstagram.com *.elfsightcdn.com; script-src 'self' 'unsafe-eval' *.axept.io *.elfsight.com *.googletagmanager.com *.hotjar.com *.facebook.net 'unsafe-inline' *.googleapis.com *.channelsight.com js.monitor.azure.com *.explorify.com *.elfsightcdn.com *.youtube.com; img-src 'self' staging-cms.motul.com axeptio.imgix.net www.google.com *.gstatic.com data: *.elfsight.com *.facebook.com *.elfsightcdn.com *.googleapis.com *.hotjar.com *.cdninstagram.com *.motul.com *.amazonaws.com *.channelsight.com cscoreproweustor.blob.core.windows.net motul.incony.de *.explorify.com https://i.ytimg.com/ https://*.googleusercontent.com/places; child-src 'self' motul.com *.hotjar.com *.youtube.com *.youtube-nocookie.com;; style-src 'self' 'unsafe-inline' *.elfsight.com *.googleapis.com *.channelsight.com *.explorify.com; font-src 'self' *.gstatic.com *.hotjar.com *.channelsight.com *.explorify.com data:; report-uri /api/v2/security-headers; connect-src 'self' *.axept.io axeptio.imgix.net *.spinque.com *.elfsight.com *.facebook.net *.google-analytics.com analytics.google.com *.hotjar.com *.googleapis.com *.azurewebsites.net *.motul.com *.hotjar.io wss://ws4.hotjar.com *.channelsight.com https://cms.motul.com/search/api; frame-ancestors 'self' *.motul.com 1
style-src 'self' 'unsafe-inline' *.assets.post.at *.azureedge.net https://bpanel.streamdiver.com https://webcast.a1.net; report-to default; 1
object-src 'none';base-uri 'self';script-src 'nonce-Yd841X455dkkLJCEWMCGIg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
form-action 'self'; manifest-src 'self'; report-uri https://csp-flkt.domdog.io/report-uri/flipkart.com/3/2-1 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.lge.co.kr *.datadoghq-browser-agent.com *.googletagmanager.com *.doubleclick.net *.facebook.net *.criteo.com *.creativecdn.com *.naver.net *.pstatic.net *.daangn.com *.stclab.com *.google.com *.creativecdn.com *.google-analytics.com *.simpli.fi *.sauceflex.com *.facebook.com *.google.co.kr  *.widerplanet.com *.daumcdn.net *.useinsider.com *.attractt.com 1
base-uri 'self';connect-src 'self' https://www.google-analytics.com https://*.googleapis.com https://api.rudderlabs.com https://hosted.rudderlabs.com https://rudderstack.taskade.cloud https://api.stripe.com https://checkout.stripe.com https://sentry.io wss: https://cn2bi8ujy8.execute-api.us-east-1.amazonaws.com https://taskade-files.s3.us-east-1.amazonaws.com https://files.taskade.com https://vimeo.com https://fast.wistia.com https://*.loom.com https://companion.taskade.com;default-src 'self';form-action 'self';media-src 'self' https://js.driftqa.com https://files.taskade.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' https://ajax.cloudflare.com https://challenges.cloudflare.com https://js.driftt.com https://widget.drift.com https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://checkout.stripe.com https://js.stripe.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.com https://r.wdfl.co;object-src 'none';img-src 'self' data: https://www.googletagmanager.com https://www.google-analytics.com https://*.stripe.com https://files.taskade.com https://unpkg.com https://i.ytimg.com https://*.sndcdn.com https://i.vimeocdn.com https://*.wistia.com https://cdn.loom.com https://*.figma.com https://images.typeform.com https://*.whimsical.com https://companion.taskade.com;style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com;font-src 'self' data:;frame-src https://js.driftt.com https://widget.drift.com https://checkout.stripe.com https://hooks.stripe.com https://js.stripe.com https://call.taskade.com https://*.youtube.com https://*.soundcloud.com https://player.vimeo.com https://*.loom.com https://*.figma.com https://*.invisionapp.com https://*.typeform.com https://*.whimsical.com;report-uri /webhooks/csp-report;report-to /webhooks/csp-report;frame-ancestors 'none' 1
default-src 'self' ; img-src 'self' data: blob: https://*.sykesassets.co.uk https://*.bing.com https://www.google-analytics.com https://*.mapbox.com/ https://www.facebook.com https://*.google.co.jp https://*.google.com https://*.google.co.uk https://*.google.es https://*.google.ca https://*.google.de https://*.google.it https://*.google.fr https://*.google.com.au https://*.google.com.tw https://*.google.nl https://*.google.com.br https://*.google.com.tr https://*.google.be https://*.google.com.gr https://*.google.co.in https://*.google.com.mx https://*.google.dk https://*.google.com.ar https://*.google.ch https://*.google.cl https://*.google.at https://*.google.co.kr https://*.google.ie https://*.google.com.co https://*.google.pl https://*.google.pt https://*.google.bs https://*.google.is https://*.google.no https://*.google.gg https://*.google.com.pk https://t.co https://*.doubleclick.net https://*.yahoo.com https://ads.stickyadstv.com https://visitor.omnitagjs.com https://s3-p-ew1-product-pascal-target.s3-eu-west-1.amazonaws.com https://connect.facebook.net https://www.sykescottages.co.uk https://*.adalyser.com https://*.fls.doubleclick.net https://*.contentsquare.net https://simage2.pubmatic.com https://us-u.openx.net https://*.userzoom.com https://*.linkedin.com https://bam-cell.nr-data.net https://bam.nr-data.net https://*.clarity.ms https://*.googletagmanager.com https://id5-sync.com https://script.hotjar.com https://www.glassdoor.co.uk https://ssp-csync.smartadserver.com https://property-floor-plans-production.s3.eu-west-1.amazonaws.com https://tau.collect.igodigital.com https://cdn.cookielaw.org https://optanon.blob.core.windows.net/logos/static/ot_persistent_cookie.png https://analytics.twitter.com https://exchange.mediavine.com/usersync; font-src 'self' 'unsafe-inline' https://script.hotjar.com https://fonts.gstatic.com https://www.sykescottages.co.uk https://fonts.googleapis.com https://cdnjs.cloudflare.com; script-src 'unsafe-inline' 'unsafe-eval' https://cdn.cookielaw.org https://www.google-analytics.com https://www.googleadservices.com https://bat.bing.com https://connect.facebook.net https://static.ads-twitter.com https://*.contentsquare.net https://googleads.g.doubleclick.net https://analytics.twitter.com https://*.googleapis.com https://*.hotjar.com https://*.mapbox.com https://unpkg.com https://widget.trustpilot.com https://snap.licdn.com https://*.sykescottages.co.uk https://assistjs.skimresources.com https://www.googletagmanager.com https://geolocation.onetrust.com https://js-agent.newrelic.com https://bam-cell.nr-data.net https://tau.collect.igodigital.com https://d3js.org https://cdn.jsdelivr.net https://tags.creativecdn.com https://*.braintreegateway.com https://*.igodigital.com https://*.google.co.jp https://*.google.com https://*.google.co.uk https://*.google.es https://*.google.ca https://*.google.de https://*.google.it https://*.google.fr https://*.google.com.au https://*.google.com.tw https://*.google.nl https://*.google.com.br https://*.google.com.tr https://*.google.be https://*.google.com.gr https://*.google.co.in https://*.google.com.mx https://*.google.dk https://*.google.com.ar https://*.google.ch https://*.google.cl https://*.google.at https://*.google.co.kr https://*.google.ie https://*.google.com.co https://*.google.pl https://*.google.pt https://*.google.bs https://*.google.is https://*.google.no https://*.google.gg https://*.google.com.pk https://*.clarity.ms https://widget.eu.criteo.com https://*.userzoom.com https://cdnjs.cloudflare.com https://www.sykescottages.co.uk https://*.postcodeanywhere.co.uk https://apis.google.com; script-src-elem 'unsafe-inline' 'unsafe-eval' https://*.braintreegateway.com https://snap.licdn.com https://assistjs.skimresources.com https://www.googletagmanager.com https://static.criteo.net https://js-agent.newrelic.com https://sslwidget.criteo.com https://bam-cell.nr-data.net https://bam.nr-data.net https://unpkg.com https://*.hotjar.com https://*.contentsquare.net https://cdn.jsdelivr.net https://maps.googleapis.com https://*.mapbox.com https://www.google-analytics.com https://connect.facebook.net https://widget.trustpilot.com https://cdn.cookielaw.org https://platform.twitter.com/widgets.js https://*.sykescottages.co.uk https://*.collect.igodigital.com https://www.dwin1.com/3317.js https://*.onetrust.com https://www.googleadservices.com https://ajax.googleapis.com https://*.doubleclick.net https://bat.bing.com https://static.ads-twitter.com https://analytics.twitter.com https://*.clarity.ms https://cdnjs.cloudflare.com https://d3js.org/d3.v3.min.js https://widget.eu.criteo.com https://*.userzoom.com https://bam.nr-data.net/1/e799bb56f3; style-src 'self' 'unsafe-inline' https://*.mapbox.com https://unpkg.com https://fonts.googleapis.com/css https://code.jquery.com; frame-src 'unsafe-inline' https://*.fls.doubleclick.net https://apis.google.com https://www.facebook.com https://*.trustpilot.com https://bid.g.doubleclick.net https://www.googletagmanager.com https://assets.braintreegateway.com https://youtube.com https://www.youtube.com https://ams.creativecdn.com https://vars.hotjar.com; worker-src blob: https://*.sykescottages.co.uk; child-src blob: https://*.sykescottages.co.uk; connect-src https://cdn.cookielaw.org https://*.sykescottages.co.uk https://stats.g.doubleclick.net https://*.sykes.cloud/initWebchat https://*.twil.io/closechat https://www.google-analytics.com https://googleads.g.doubleclick.net https://privacyportal-eu.onetrust.com https://*.contentsquare.net https://c.contentsquare.net https://*.mapbox.com https://*.addthis.com https://bam-cell.nr-data.net https://bam.nr-data.net https://bam.nr-data.net/jserrors/1/e799bb56f3 https://www.facebook.com https://bat.bing.com https://*.hotjar.com wss://*.hotjar.com wss://tsock.us1.twilio.com/v3/wsconnect https://*.clarity.ms https://maps.googleapis.com https://geolocation.onetrust.com https://client-analytics.braintreegateway.com https://api.braintreegateway.com https://region1.google-analytics.com/g/collect https://pagead2.googlesyndication.com https://ams.creativecdn.com/tags/v2 https://*.hotjar.io https://*.google.co.jp https://*.google.com https://*.google.co.uk https://*.google.es https://*.google.ca https://*.google.de https://*.google.it https://*.google.fr https://*.google.com.au https://*.google.com.tw https://*.google.nl https://*.google.com.br https://*.google.com.tr https://*.google.be https://*.google.com.gr https://*.google.co.in https://*.google.com.mx https://*.google.dk https://*.google.com.ar https://*.google.ch https://*.google.cl https://*.google.at https://*.google.co.kr https://*.google.ie https://*.google.com.co https://*.google.pl https://*.google.pt https://*.google.bs https://*.google.is https://*.google.no https://*.google.gg https://*.google.com.pk; media-src https://promo-videos.sykesassets.co.uk https://s3-eu-west-1.amazonaws.com; report-uri https://sykescottages.report-uri.com/r/d/csp/reportOnly 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src 'nonce-liCTESAFyJ2eQe9sT18kPIFZ3' 'strict-dynamic' 'report-sample'; report-uri https://blenderartists.org/csp_reports; frame-ancestors 'self'; manifest-src 'self' 1
default-src 'self'; font-src 'self' https://d1mnljovdqnw4e.cloudfront.net data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://cdn.logr-ingest.com https://bat.bing.com; style-src 'self' 'unsafe-inline'; worker-src 'self' blob:; connect-src 'self' https://www.google-analytics.com https://www.googletagmanager.com wss://*.campspot.com https://*.rollout.io; img-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://www.campspot.com; frame-src 'self' https://www.googletagmanager.com; 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com *.googleapis.com *.shopogen.ro *.gigya.com *.carrefour.ro carrefour.ro *.google.com www.googletagmanager.com *.googletagmanager.com facebook.com *.prefixbox.com *.tiktok.com *.jsdelivr.net maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.facebook.com *.instagram.com *.gigya.com *.carrefour.ro carrefour.ro facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.googletagmanager.com *.doubleclick.net *.facebook.com *.dotdigital-pages.com *.dotdigital.com *.cookiebot.com *.google.com *.gigya.com *.carrefour.ro carrefour.ro *.krxd.net *.hotjar.com *.jsdelivr.net *.btdirect.ro *.tiktok.com *.prefixbox.com facebook.com www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com 'self' data: *.googletagmanager.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.gstatic.com blob: *.3lift.com *.adnxs.com *.adsrvr.org *.bluekai.com *.casalemedia.com *.ck-ie.com *.contextweb.com *.cookielaw.org *.dotomi.com *.eyeota.net *.flavedo.io *.flix360.com *.flix360.io *.flixcar.com *.google.ro *.google-analytics.com *.googleadservices.com *.kargo.com *.lijit.com *.media.net *.mediaplex.com *.openx.net *.paypal.com *.pubmatic.com *.rlcdn.com *.rubiconproject.com servedbyadbutler.com *.sharethrough.com *.shopogen.ro *.stickyadstv.com *.streamtheworld.com *.tremorhub.com *.yahoo.com *.gigya.com 'unsafe-inline' data: *.carrefour.ro carrefour.ro facebook.com *.krxd.net *.google.com www.googletagmanager.com *.tiktok.com *.prefixbox.com *.jsdelivr.net *.newrelic.com bam.eu01.nr-data.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.cloudflare.com *.cookiebot.com *.dotomi.com *.flix360.com *.flix360.io *.flixcar.com *.flixfacts.com *.googleapis.com *.instagram.com *.jsdelivr.net *.newrelic.com *.paypal.com *.pingdom.net servedbyadbutler.com *.shopogen.ro *.gigya.com *.carrefour.ro carrefour.ro chimpstatic.com www.googletagmanager.com *.krxd.net *.prefixbox.com *.tiktok.com *.cookielaw.org *.hotjar.com facebook.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.fontawesome.com *.shopogen.ro *.twitter.com *.typekit.net *.gigya.com 'unsafe-inline' data: *.carrefour.ro carrefour.ro *.jsdelivr.net *.prefixbox.com *.tiktok.com maxcdn.bootstrapcdn.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.citrusad.com *.doubleclick.net *.flix360.io *.flixcar.com *.googleapis.com *.googlesyndication.com *.instagram.com *.onetrust.com *.paypal.com *.pingdom.net *.shopogen.ro *.gigya.com *.carrefour.ro carrefour.ro *.cookielaw.org *.krxd.net *.hotjar.com *.jsdelivr.net *.prefixbox.com *.newrelic.com bam.eu01.nr-data.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' mypepsico.okta.com secure.pepsico.com *.oktacdn.com; connect-src 'self' mypepsico.okta.com mypepsico-admin.okta.com secure.pepsico.com *.oktacdn.com *.mixpanel.com *.mapbox.com mypepsico.kerberos.okta.com mypepsico.mtls.okta.com *.authenticatorlocalprod.com:8769 http://localhost:8769 http://127.0.0.1:8769 *.authenticatorlocalprod.com:65111 http://localhost:65111 http://127.0.0.1:65111 *.authenticatorlocalprod.com:65121 http://localhost:65121 http://127.0.0.1:65121 *.authenticatorlocalprod.com:65131 http://localhost:65131 http://127.0.0.1:65131 *.authenticatorlocalprod.com:65141 http://localhost:65141 http://127.0.0.1:65141 *.authenticatorlocalprod.com:65151 http://localhost:65151 http://127.0.0.1:65151 https://oinmanager.okta.com data: *.ingest.sentry.io; script-src 'unsafe-inline' 'unsafe-eval' 'self' 'report-sample' mypepsico.okta.com secure.pepsico.com *.oktacdn.com; style-src 'unsafe-inline' 'self' 'report-sample' mypepsico.okta.com secure.pepsico.com *.oktacdn.com; frame-src 'self' mypepsico.okta.com mypepsico-admin.okta.com secure.pepsico.com login.okta.com *.vidyard.com com-okta-authenticator:; img-src 'self' mypepsico.okta.com secure.pepsico.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com *.vidyard.com data: blob:; font-src 'self' mypepsico.okta.com secure.pepsico.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self' https://www.mypepsico.com:443 https://www.mypepsico.com https://ada.pepsico.com https://beta-ada.pepsico.com https://*.mypepsico.com https://chat.pepsico.onereach.ai https://pepops.mypepsico.com 1
default-src 'self'; script-src 'self' 'nonce-Y2U5OTg3ZDEtMjdiZC00ZDYzLWIyMDYtYmQ3ZjE4NDk3MDRm' 'strict-dynamic'; style-src 'self' https://fonts.googleapis.com https://www.googletagmanager.com https://d10lpsik1i8c69.cloudfront.net 'unsafe-inline'; img-src 'self' https://storage.googleapis.com/bfile-prod-assets-img/ https://storage.googleapis.com/bfile-prod-assets-orig/ https://docserv.bstock.com https://*.bstock.com https://bstock.com https://facebook.com https://www.facebook.com https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://*.linkedin.com https://bat.bing.com https://d10lpsik1i8c69.cloudfront.net https://*.cookielaw.org https://data.pendo.bstock.com data:; connect-src 'self' https://bapi.bstock.com https://order-process.bstock.com https://dispute.bstock.com https://auth.bstock.com https://ingestion.bstock.com https://subscription.bstock.com https://bfile-integ.appspot.com https://erp.bstock.com https://offering.bstock.com https://saved-search.bstock.com https://listing.bstock.com https://payments-transactions.bstock.com https://account.bstock.com https://bridge.bstock.com https://order.bstock.com https://payments-methods.bstock.com https://location.bstock.com https://docserv.bstock.com https://shipment.bstock.com https://search.bstock.com https://contract.bstock.com https://auction.bstock.com https://logs.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://*.launchdarkly.com https://*.bstock.com https://api.segment.io https://cdn.segment.com https://content-discoveryengine.googleapis.com https://www.google.com https://www.google.com:443 https://www.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://www.googleadservices.com https://px.ads.linkedin.com https://*.doubleclick.net https://*.doubleclick.net:443 https://bat.bing.com https://*.luckyorange.net https://*.luckyorange.com https://pubsub.googleapis.com https://*.mktoresp.com https://*.mktoutil.com ws://visitors.live ws://*.visitors.live https://sdk.iad-07.braze.com https://*.pusher.com ws://*.pusher.com https://data.pendo.bstock.com https://api.stripe.com https://maps.googleapis.com https://www.googletagmanager.com https://*.cookielaw.org; font-src 'self' https://fonts.gstatic.com; media-src 'self' https://d10lpsik1i8c69.cloudfront.net; frame-src 'self' https://www.google.com https://www.googletagmanager.com https://*.doubleclick.net https://*.js.stripe.com https://js.stripe.com https://hooks.stripe.com; report-uri /home-portal/api/csp-report; report-to csp 1
connect-src 'self' https://api.usabilla.com https://beacon.krxd.net https://dc.services.visualstudio.com https://stats.g.doubleclick.net https://tre-se.netlify.app https://www.google-analytics.com https://region1.google-analytics.com https://www.googleoptimize.com https://api.customersaas.com https://www.facebook.com https://www.google.com https://*.tre.se https://*.hotjar.com https://checkoutshopper-live.adyen.com https://cdn.linkedin.oribi.io https://adservice.google.com https://googleads.g.doubleclick.net https://webhook.gatsbyjs.com https://vc.hotjar.io https://fonts.gstatic.com https://*.tre.se https://*.mparticle.com wss://ws.hotjar.com https://content.hotjar.io https://*.optimizely.com; default-src 'self' https://*.tre.se; font-src 'self' data: https://static.customersaas.com; frame-src 'self' https://6142836.fls.doubleclick.net https://cdn.krxd.net https://d6tizftlrpuof.cloudfront.net https://www.facebook.com https://www.google.com/ https://www.youtube.com https://cloud.epost.tre.se https://coverage.tre.se https://tre.workbuster.com https://vars.hotjar.com https://checkoutshopper-live.adyen.com https://td.doubleclick.net https://www.googletagmanager.com; img-src 'self' data: http://images.ctfassets.net https://beacon.krxd.net https://clients1.google.com https://d6tizftlrpuof.cloudfront.net https://images.ctfassets.net https://jslog.krxd.net/ https://t.co https://tre-se.netlify.app https://w.usabilla.com https://www.facebook.com https://www.google-analytics.com/collect https://www.google.com https://www.google.se https://www.googletagmanager.com https://i.ytimg.com https://img.youtube.com https://d35v9wsdymy32b.cloudfront.net https://www.gstatic.com/ https://6142836.fls.doubleclick.net https://www.google.dk https://googleads.g.doubleclick.net https://checkoutshopper-live.adyen.com https://*.tre.se https://new-collect.albacross.com https://px.ads.linkedin.com https://ad.doubleclick.net; manifest-src 'self'; media-src 'self' https://videos.ctfassets.net; object-src 'none'; report-uri https://www.tre.se/logger/csp-report; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://*.adtr.io https://*.krxd.net https://adtr.io https://analytics.twitter.com https://api.usabilla.com https://az416426.vo.msecnd.net/scripts/a/ai.0.js https://bat.bing.com https://cdn.bannerflow.com https://cdn.tre.se https://cdnn.tre.se https://clients1.google.com https://connect.facebook.net https://cse.google.com https://d6tizftlrpuof.cloudfront.net https://googleads.g.doubleclick.net https://gtm.adt313.net/jsTag  https://hi3gscriptbucket.blob.core.windows.net https://rules.quantcount.com https://s.ytimg.com https://secure.quantserve.com https://ssl.google-analytics.com https://static.ads-twitter.com https://tagmanager.google.com https://w.usabilla.com/ https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.googleoptimize.com https://www.gstatic.com https://www.youtube.com https://static.customersaas.com https://*.hotjar.com https://serve.albacross.com https://*.mparticle.com https://tre.workbuster.com; style-src 'report-sample' 'self' 'unsafe-inline' https://d6tizftlrpuof.cloudfront.net https://www.google.com https://d1r5etm691cejh.cloudfront.net https://static.customersaas.com; 1
default-src 'none'; form-action 'none'; frame-ancestors 'none'; report-uri https://8fe3e890f302d9e5887ea1012b121bb1.report-uri.com/r/d/csp/wizard 1
default-src 'self'; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.facebook.net *.livechatinc.com *.google.com *.gstatic.com *.google-analytics.com *.bing.com googleads.g.doubleclick.net *.clarity.ms; style-src 'self' data: 'unsafe-inline' *.googletagmanager.com p.typekit.net use.typekit.net fonts.googleapis.com; img-src 'self' data: *.gstatic.com *.google-analytics.com *.facebook.com *.facebook.net *.itc-web.com i.ytimg.com cdn.livechatinc.com *.google.com *.bing.com *.clarity.ms; font-src 'self' data: use.typekit.net fonts.gstatic.com cdn.livechatinc.com; connect-src 'self' *.google.com *.facebook.com *.facebook.net api.livechatinc.com *.google-analytics.com stats.g.doubleclick.net *.clarity.ms; frame-src 'self' secure.livechatinc.com youtu.be *.youtube.com *.google.com; report-uri https://sentry.hutman.net/api/3/security/?sentry_key=a04ac85d1c8f41fea1eb59f045f023e1 1
font-src 'self' data: https://*.cloudfront.net https://*.episerver.net https://fonts.gstatic.com; frame-src 'self' data: https://*.bambora.com https://*.cardinalcommerce.com https://*.cdn.optimizely.com https://*.cloudfront.net https://*.criteo.com https://*.criteo.net https://*.doubleclick.net https://*.episerver.net https://*.heyday.ai https://*.paypal.com https://*.pinterest.com https://*.siteimprove.com https://*.siteimprove.net https://*.smct.io https://*.tiktok.com https://*.vimeo.com https://authentication.cardinalcommerce.com https://snapwidget.com https://v2-sim.preprod.psp-solutions.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com; img-src 'self' data: https: https://*.bambora.com https://*.collect.igodigital.com https://*.criteo.com https://*.dmxleo.com https://*.doubleclick.net https://*.episerver.net https://*.google.com https://*.googleapis.com https://*.heyday.ai https://*.paypal.com https://*.pinterest.com https://*.siteimprove.com https://*.siteimprove.net https://*.smct.io https://*.tiktok.com https://*.usercentrics.eu https://*.vimeo.com https://ads-engagement.presage.io https://authentication.cardinalcommerce.com https://bat.bing.com https://events.smct.co https://maps.gstatic.com https://s.pinimg.com https://secure.quantserve.com https://tag.rmp.rakuten.com https://track.linksynergy.com https://ws1.postescanada-canadapost.ca https://www.facebook.com https://www.google.com.vn https://www.googletagmanager.com https://www.paypalobjects.com; default-src 'none'; child-src 'self'; connect-src 'self' blob: https://*.amazonaws.com https://*.aptrinsic.com https://*.bambora.com https://*.cloudfront.net https://*.collect.igodigital.com https://*.criteo.com https://*.criteo.net https://*.doubleclick.net https://*.google.com https://*.googleapis.com https://*.heyday.ai https://*.noibu.com https://*.optimizely.com https://*.paypal.com https://*.pinterest.com https://*.services.visualstudio.com https://*.siteimprove.com https://*.siteimprove.net https://*.smct.io https://*.tiktok.com https://*.usercentrics.eu https://*.vimeo.com https://bat.bing.com https://maps.gstatic.com https://snapwidget.com https://ws1.postescanada-canadapost.ca https://www.facebook.com https://www.google-analytics.com https://www.google.com.vn wss://input.noibu.com/pv_part; media-src 'self' https://scontent.cdninstagram.com; script-src-elem 'self' 'unsafe-inline' https://*.aptrinsic.com https://*.bambora.com https://*.collect.igodigital.com https://*.criteo.com https://*.doubleclick.net https://*.episerver.net https://*.google.com https://*.googleapis.com https://*.heyday.ai https://*.monitor.azure.com https://*.noibu.com https://*.optimizely.com https://*.paypal.com https://*.pinterest.com https://*.quantcount.com https://*.siteimprove.com https://*.siteimprove.net https://*.smct.io https://*.tiktok.com https://*.usercentrics.eu https://*.vimeo.com https://ads-engagement.presage.io https://authentication.cardinalcommerce.com https://bat.bing.com https://cdn.datatables.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://code.jquery.com https://connect.facebook.net https://maps.gstatic.com https://maxcdn.bootstrapcdn.com https://maxcdn.bootstrapcdn.com/bootstrap https://s.pinimg.com https://secure.quantserve.com https://smct.co https://snapwidget.com https://tag.rmp.rakuten.com https://unpkg.com https://ws1.postescanada-canadapost.ca https://www.facebook.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.noibu.com https://snapwidget.com https://ws1.postescanada-canadapost.ca; style-src-elem 'self' 'unsafe-inline' https://*.aptrinsic.com https://*.bambora.com https://*.criteo.com https://*.doubleclick.net https://*.episerver.net https://*.google.com https://*.googleapis.com https://*.heyday.ai https://*.noibu.com https://*.paypal.com https://*.pinterest.com https://*.siteimprove.com https://*.siteimprove.net https://*.smct.io https://*.tiktok.com https://*.usercentrics.eu https://*.vimeo.com https://authentication.cardinalcommerce.com https://bat.bing.com https://cdn.datatables.net https://cdn.jsdelivr.net https://code.jquery.com https://maps.gstatic.com https://maxcdn.bootstrapcdn.com https://maxcdn.bootstrapcdn.com/bootstrap https://s.pinimg.com https://secure.quantserve.com https://snapwidget.com https://tag.rmp.rakuten.com https://ws1.postescanada-canadapost.ca https://www.facebook.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com; style-src 'self' 'unsafe-inline' https://*.noibu.com https://snapwidget.com https://ws1.postescanada-canadapost.ca; script-src-attr 'unsafe-inline'; style-src-attr 'unsafe-inline'; worker-src blob:; 1
object-src 'none';base-uri 'self';script-src 'nonce-48vCqLPzu-6YqvDjRg7RSA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: play.google.com admin.google.com accounts.google.com www.google.com drive.google.com translate.google.com translate.googleapis.com www.edmonton.ca edmonton.ca data.edmonton.ca maps.edmonton.ca gis.edmonton.ca transforming.edmonton.ca webdocs.edmonton.ca portal-onecity.edmonton.ca coewebops.com www.youtube.com edmonton.box.com edmonton.app.box.com edmonton.box.com cdn01.boxcdn.net api.box.com public.boxcloud.com www.boxcdn.net www.boxcloud.com maps.googleapis.com fonts.googleapis.com www.googletagmanager.com cdn.ckeditor.com cdn.rawgit.com cdn.datatables.net cdn.siteimprove.net www.siteimprove.com my2.siteimprove.com identity.siteimprove.com cdnjs.cloudflare.com cdn.jsdelivr.net svc.webspellchecker.net momentjs.com connect.facebook.net www.facebook.net unpkg.com www.google-analytics.com *.youtube.com fonts.gstatic.com maps.gstatic.com www.gstatic.com maxcdn.bootstrapcdn.com www.pingdom.net siteimproveanalytics.com www.siteimproveanalytics.com script.crazyegg.com code.jquery.com pagestates-tracking.crazyegg.com tracking.crazyegg.com assets-tracking.crazyegg.com www.escribemeetings.com www.tfaforms.com api.recollect.net assets.ca.recollect.net recollect-images.global.ssl.fastly.net recollect.a.ssl.fastly.net prismjs.net prismjs.com cdn.curator.io api.curator.io curator-assets.b-cdn.net www.facebook.com www.youtube-nocookie.com www.escribemeetings.com www.ytimg.com media1.giphy.com wdi-prod.yellowdev.net www.datatables.net visionservicerequests.rehrigpacific.com cdn.honey.io player.vimeo.com walkinto.in pwm-image.trendmicro.com ajax.aspnetcdn.com calendar.google.com portal.edmonton.ca infird.com www.google.ca feedback.coewebops.com region1.google-analytics.com w.soundcloud.com stackpath.bootstrapcdn.com www.global.siteimproveanalytics.io public.tableau.com edmonton.maps.arcgis.com cdn-uicons.flaticon.com overbridgenet.com ka-p.fontawesome.com use.fontawesome.com kit.fontawesome.com 550744.global.siteimproveanalytics.io ajax.googleapis.com sheets.googleapis.com curatorio.s3.amazonaws.com assets.us.recollect.net pub-edmonton.escribemeetings.com sc-static.net i.ytimg.com api.privacy-protector-adblocker.com dl.boxcloud.com *.global.siteimproveanalytics.io cdn.toolszen.com 3001.scriptcdn.net www.slant.co cdn.megabonus.com api.mapbox.com; report-uri /report-csp-violation 1
default-src 33across.com *.33across.com adnxs.com *.adnxs.com adroll.com *.adroll.com ads-twitter.com *.ads-twitter.com adsrvr.org *.adsrvr.org ajax.googleapis.com *.ajax.googleapis.com browser-intake-datadoghq.com *.browser-intake-datadoghq.com clickcease.com *.clickcease.com cloudflare.com *.cloudflare.com cognito-idp.us-east-1.amazonaws.com *.cognito-idp.us-east-1.amazonaws.com crazyegg.com *.crazyegg.com datadoghq-browser-agent.com *.datadoghq-browser-agent.com doubleclick.net *.doubleclick.net ensighten.com *.ensighten.com facebook.com *.facebook.com facebook.net *.facebook.net fontawesome.com *.fontawesome.com found.ee *.found.ee geniusmonkey.com *.geniusmonkey.com fullstory.com *.fullstory.com google-analytics.com *.google-analytics.com google.ca *.google.ca google.co.in *.google.co.in google.com *.google.com google.com.gh *.google.com.gh google.fr *.google.fr google.gr *.google.gr google.ro *.google.ro googleadservices.com *.googleadservices.com googletagmanager.com *.googletagmanager.com hive.co *.hive.co hotjar.com *.hotjar.com jquery.com *.jquery.com jsdelivr.net *.jsdelivr.net launchdarkly.com *.launchdarkly.com maps.googleapis.com *.maps.googleapis.com pendo.io *.pendo.io pinimg.com *.pinimg.com pinterest.com *.pinterest.com prod-nts-bucket.s3-us-west-1.amazonaws.com *.prod-nts-bucket.s3-us-west-1.amazonaws.com queue-it.net *.queue-it.net rawgit.com *.rawgit.com resy.com *.resy.com rkiapps.com *.rkiapps.com rokt.com *.rokt.com sc-static.net *.sc-static.net scriptcdn.net *.scriptcdn.net seatsio.net *.seatsio.net seetickets.us *.seetickets.us seeticketsusa.us *.seeticketsusa.us snapchat.com *.snapchat.com stackadapt.com *.stackadapt.com storage.googleapis.com pendo-static-5459982631698432.storage.googleapis.com stripe.com *.stripe.com tiktok.com *.tiktok.com tradablebits.com *.tradablebits.com twitter.com *.twitter.com vimeo.com *.vimeo.com vor.us *.vor.us; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' 'unsafe-eval'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=t7ixckMN4sIXMDeqHNQnc20IIQRBMulSwJPyzXh8xEw-1752197387-1.0.1.1-Ssk28nYPQRlkXZOEJ4GXQ6LjuQ1etOvdlyDYA9eg3K311hTocFl.qf.MkkkWWhouPMDAfC9seTPTDgwx2RRiey7a7CoTjgC8o9S8XMwD9XhKx1q8Ma4AwHEedNLkn8AepYFNMT8dBDGAguCIEHsZAAQADCSkAj40OLthKlsINUahtAEsdW789vOWV0UZamTOyZkZfaPumI36D7gLavNznw; report-to cf-xuczyxhcpccwbnsk 1
default-src 'self' *.ctfassets.net *.trackjs.com *.demdex.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.googletagmanager.com *.onetrust.com assets.adobedtm.com script.hotjar.com *.googleapis.com; script-src-elem 'self' 'unsafe-inline' *.hotjar.com assets.adobedtm.com *.go-mpulse.net cdn-ukwest.onetrust.com maps.googleapis.com fonts.googleapis.com static.hotjar.com *.googletagmanager.com; script-src-attr 'self' 'unsafe-inline'; style-src 'self' *.googleapis.com; style-src-elem 'self' 'unsafe-inline' cdn.honey.io *.googleapis.com *.googletagmanager.com; style-src-attr 'self' 'unsafe-inline'; img-src 'self' data: mdm-assets.integration.costacoffee.com *.demdex.net *.ctfassets.net *.trackjs.com costalimited.d3.sc.omtrdc.net *.gstatic.com *.onetrust.com cm.everesttech.net *.googleapis.com; font-src 'self' *.gstatic.com; connect-src 'self' web.costa-loyalty-platform.com ws://ws27.hotjar.com *.hotjar.com *.hotjar.io *.onetrust.com *.go-mpulse.net trial-eum-clientnsv4-s.akamaihd.net trial-eum-clienttons-s.akamaihd.net *.akstat.io *.demdex.net costalimited.d3.sc.omtrdc.net costalimited.tt.omtrdc.net *.onetrust.io *.trackjs.com maps.googleapis.com *.techlab-cdn.com login.costa.co.uk *.google-analytics.com wss://ws.hotjar.com; frame-ancestors 'self'; frame-src costalimited.demdex.net *.hotjar.com; report-uri https://costa.report-uri.com/r/t/csp/reportonly; report-to default 1
default-src 'self' primericaonline.okta.com login.primericaonline.com *.oktacdn.com *.primerica.com *.primericaonline.com cdn.cookielaw.org kit.fontawesome.com *.contentstack.io; connect-src 'self' primericaonline.okta.com primericaonline-admin.okta.com login.primericaonline.com *.oktacdn.com *.mixpanel.com *.mapbox.com primericaonline.kerberos.okta.com primericaonline.mtls.okta.com *.authenticatorlocalprod.com:8769 http://localhost:8769 http://127.0.0.1:8769 *.authenticatorlocalprod.com:65111 http://localhost:65111 http://127.0.0.1:65111 *.authenticatorlocalprod.com:65121 http://localhost:65121 http://127.0.0.1:65121 *.authenticatorlocalprod.com:65131 http://localhost:65131 http://127.0.0.1:65131 *.authenticatorlocalprod.com:65141 http://localhost:65141 http://127.0.0.1:65141 *.authenticatorlocalprod.com:65151 http://localhost:65151 http://127.0.0.1:65151 https://oinmanager.okta.com data: *.primerica.com *.primericaonline.com cdn.cookielaw.org kit.fontawesome.com *.contentstack.io; script-src 'unsafe-inline' 'unsafe-eval' 'self' 'report-sample' primericaonline.okta.com login.primericaonline.com *.oktacdn.com *.primerica.com *.primericaonline.com cdn.cookielaw.org kit.fontawesome.com *.contentstack.io; style-src 'unsafe-inline' 'self' 'report-sample' primericaonline.okta.com login.primericaonline.com *.oktacdn.com *.primerica.com *.primericaonline.com cdn.cookielaw.org kit.fontawesome.com *.contentstack.io; frame-src 'self' primericaonline.okta.com primericaonline-admin.okta.com login.primericaonline.com login.okta.com *.vidyard.com com-okta-authenticator: *.primerica.com *.primericaonline.com cdn.cookielaw.org kit.fontawesome.com *.contentstack.io; img-src 'self' primericaonline.okta.com login.primericaonline.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com *.vidyard.com data: *.primerica.com *.primericaonline.com cdn.cookielaw.org kit.fontawesome.com *.contentstack.io blob:; font-src 'self' primericaonline.okta.com login.primericaonline.com data: *.oktacdn.com fonts.gstatic.com *.primerica.com *.primericaonline.com cdn.cookielaw.org kit.fontawesome.com *.contentstack.io; frame-ancestors 'self' https://mob.primericaonline.com https://*.primericaonline.com 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri /report-csp-violation 1
font-src *.google.com *.googletagmanager.com *.googleapis.com fonts.gstatic.com *.shareasale.com *.shareasale-analytics.com shareasale.com shareasale-analytics.com *.amazonaws.com *.shop.pe shop.pe *.juicer.io *.cloudfront.net v2.zopim.com data: *.bootstrapcdn.com *.yotpo.com *.kaltura.com *.nytrng.com nytrng.com *.dynamicyield.com https://*.gladly.com https://*.smooch.io https://d1fc8wv8zag5ca.cloudfront.net https://media.fbot.me *.gstatic.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.google.com *.googletagmanager.com *.googleapis.com *.gstatic.com *.shareasale.com *.shareasale-analytics.com shareasale.com shareasale-analytics.com www.facebook.com *.amazonaws.com *.juicer.io shop.pe *.yotpo.com *.kaltura.com *.nytrng.com nytrng.com https://*.gladly.com https://*.smooch.io https://d1fc8wv8zag5ca.cloudfront.net *.authorize.net *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.dotdigital-pages.com *.dotdigital.com www.google.com *.googletagmanager.com *.googleapis.com *.gstatic.com *.shareasale.com *.shareasale-analytics.com shareasale.com shareasale-analytics.com *.amazonaws.com *.juicer.io *.shop.pe shop.pe *.criteo.com assets.bounceexchange.com vars.hotjar.com www.facebook.com imgs.signifyd.com h.online-metrix.net vendor1.leasestation.com amc.demdex.net nsg.symantec.com *.paypalobjects.com www.paypalobjects.com *.yotpo.com *.kaltura.com *.nytrng.com nytrng.com *.pinterest.com https://nl.fatquartershop.com https://widget.fbot.me *.dynamicyield.com https://*.gladly.com https://*.smooch.io https://d1fc8wv8zag5ca.cloudfront.net cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.authorize.net *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.trackedlink.net store.paradoxlabs.com *.google.com *.googletagmanager.com *.googleapis.com *.gstatic.com *.shareasale.com *.shareasale-analytics.com shareasale.com shareasale-analytics.com *.amazonaws.com *.juicer.io *.shop.pe shop.pe *.fatquartershop.com pixel.voltn.com v2.zopim.com www.google.co.in *.pinterest.com www.facebook.com *.cdnwidget.com u.cdnwidget.com bat.bing.com nsg.symantec.com events.bouncex.net pippio.com p.brsrvr.com connect.facebook.net imgs.signifyd.com events.cdnwidget.com api.bounceexchange.com amc.demdex.net *.e.aa.online-metrix.net match.adsrvr.org yotpo-editor-production.s3.amazonaws.com *.cdninstagram.com *.yotpo.com *.kaltura.com *.nytrng.com nytrng.com *.clarity.ms *.rqtrk.eu *.dynamicyield.com https://chat-assets.cdn.gladly.com https://chat-assets.cdn.gladly.qa maps.gstatic.com *.facebook.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal https://cnstrc.com/js/cust/fat-quarter-shop_Orxy5R.js www.google.com *.googletagmanager.com *.googleapis.com www.gstatic.com *.shareasale.com *.shareasale-analytics.com shareasale.com shareasale-analytics.com addshoppers.s3.amazonaws.com *.juicer.io *.traversedlp.com *.pinimg.com v2.zopim.com *.shop.pe shop.pe *.criteo.net *.criteo.com *.zdassets.com/ loader.wisepops.com *.cloudfront.net fatquartershop-com-dev.ecomm-nav.com connect.facebook.net vendor1.quickspark.com nsg.symantec.com script.crazyegg.com bat.bing.com tag.bounceexchange.com assets.bounceexchange.com cdn.brcdn.com imgs.signifyd.com cdns.brsrvr.com bam.nr-data.net js-agent.newrelic.com mc.s10.exacttarget.com *.hotjar.com bam-cell.nr-data.net *.yotpo.com *.kaltura.com *.nytrng.com nytrng.com *.staticw2.yotpo.com https://nl.fatquartershop.com *.rqtrk.eu *.clarity.ms https://static.fbot.me https://campaign.fbot.me *.dynamicyield.com *.zendesk.com https://cnstrc.com https://cdnjs.cloudflare.com/ajax/libs/Swiper/4.4.6/js/swiper.js https://*.gladly.com https://*.smooch.io https://d1fc8wv8zag5ca.cloudfront.net https://cdnjs.cloudflare.com https://chat-sdk.cdn.gladly.com https://chat-sdk.cdn.gladly.qa d2mjzob2nc713b.cloudfront.net fatquartershop.cdn1.safeopt.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.authorize.net maps.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.google.com *.googletagmanager.com fonts.googleapis.com *.gstatic.com *.shareasale.com *.shareasale-analytics.com shareasale.com shareasale-analytics.com *.amazonaws.com *.juicer.io *.shop.pe shop.pe events.bouncex.net stats.g.doubleclick.net www.google-analytics.com *.cloudfront.net *.addshoppers.com *.bootstrapcdn.com *.yotpo.com *.kaltura.com *.nytrng.com nytrng.com *.staticw2.yotpo.com *.dynamicyield.com https://*.gladly.com https://*.smooch.io https://d1fc8wv8zag5ca.cloudfront.net https://chat-sdk.cdn.gladly.com https://chat-sdk.cdn.gladly.qa cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com tagmanager.google.com *.googleapis.com dhv2ziothpgrr.cloudfront.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'unsafe-inline' data: 'unsafe-inline' blob: *.yotpo.com *.kaltura.com *.nytrng.com nytrng.com *.dynamicyield.com *.zdassets.com/ https://chat-sdk.cdn.gladly.com https://chat-sdk.cdn.gladly.qa 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.google.com *.googletagmanager.com *.googleapis.com *.gstatic.com *.shareasale.com *.shareasale-analytics.com shareasale.com shareasale-analytics.com bat.bing.com *.amazonaws.com *.juicer.io *.shop.pe shop.pe ekr.zdassets.com script.crazyegg.com *.pinterest.com stats.g.doubleclick.net wss: manager.eu.smartlook.cloud in.hotjar.com staging-core.dxpapi.com core.dxpapi.com imgs.signifyd.com bt.signifyd.com:11103 data.cdnbasket.net ids.cdnwidget.com pd.cdnwidget.com page.cdnbasket.net/ view.cdnbasket.net bam.nr-data.net vc.hotjar.io bam-cell.nr-data.net api.traversedlp.com *.paypal.com *.yotpo.com *.kaltura.com *.nytrng.com nytrng.com *.clarity.ms https://public.fbot.me *.dynamicyield.com *.zendesk.com zendesk-eu.my.sentry.io *.cnstrc.com https://cdnjs.cloudflare.com/ajax/libs/Swiper/4.4.6/js/swiper.js https://*.gladly.com https://*.smooch.io https://d1fc8wv8zag5ca.cloudfront.net https://api.us-1.gladly.chat wss://ws.us-1.gladly.chat https://chat-assets.cdn.gladly.com https://chat-sdk.cdn.gladly.com https://api.us-uat.gladly.chat wss://ws.us-uat.gladly.chat https://chat-assets.cdn.gladly.qa https://chat-sdk.cdn.gladly.qa webchat.dotdigital.com webchat.staging.dotdigital.com *.authorize.net *.google-analytics.com *.facebook.net dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
connect-src analytics.tiktok.com *.google-analytics.com 'self' 'unsafe-inline' wss:;default-src 'self' 'unsafe-inline' wss:;form-action 'self' 'unsafe-inline' wss:;frame-src *.soundcloud.com 'self' 'unsafe-inline' 'unsafe-eval' *.cookiebot.com *.wearekura.com *.google-analytics.com;img-src *.siteimproveanalytics.io analytics.tiktok.com *.google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval' *.cookiebot.com *.wearekura.com *.google-analytics.com;object-src 'none';script-src *.googletagmanager.com siteimproveanalytics.com analytics.tiktok.com 'self' 'unsafe-inline' 'unsafe-eval' *.cookiebot.com *.wearekura.com *.google-analytics.com;style-src 'self' 'unsafe-inline' 'unsafe-eval' *.cookiebot.com *.wearekura.com *.google-analytics.com 'self' 'unsafe-inline' wss: 1
default-src 'self'; script-src 'self' 'unsafe-eval'; connect-src 'self'; img-src 'self' data: www.pkobp.pl; style-src 'self' 'unsafe-inline'; font-src 'self'; report-uri /ikd_img/skins/ipko/grcv; 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://sourcingjournal.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
default-src https: wss: 'unsafe-inline' 'unsafe-eval'; img-src https: data: blob:; worker-src blob: 'self'; font-src https: data: 'unsafe-inline' 'unsafe-eval'; media-src https: wss: blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'none' 1
connect-src 'self' https://nx.nav.com https://www.google.com https://px.ads.linkedin.com https://bat.bing.com https://*.clarity.ms https://pixel-config.reddit.com https://www.redditstatic.com https://conversions-config.reddit.com https://analytics.tiktok.com https://app.launchdarkly.com https://consentcdn.cookiebot.com https://events.launchdarkly.com https://*.intercom.io wss://*.intercom.io https://*.bugsnag.com https://analytics-ipv6.tiktokw.us https://analytics.tiktok.com https://www.facebook.com https://pagead2.googlesyndication.com https://www.buzzsprout.com 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 52.71.121.170 18.210.229.244 44.212.189.233 3.212.39.155 52.22.50.55 54.156.2.105; font-src 'self' https://design-assets.nav.com https://nav-web-static.nav.com https://fonts.googleapis.com https://fonts.gstatic.com *.intercomcdn.com; frame-src 'self' *.nav.com https://www.googletagmanager.com https://td.doubleclick.net https://consentcdn.cookiebot.com https://www.youtube.com https://job-boards.greenhouse.io https://www.buzzsprout.com https://www.google.com; script-src-elem 'self' 'strict-dynamic' 'unsafe-eval' https://nav-web-static.nav.com https://consentcdn.cookiebot.com https://px.mountain.com https://connect.facebook.net https://*.clarity.ms https://bat.bing.com https://www.buzzsprout.com 'nonce-ea5f4be47b25d3f7a5edbb7c9255ca7b'; style-src 'self' 'unsafe-inline' https://nav-web-static.nav.com https://fonts.googleapis.com; media-src 'self' https://nav-web-static.nav.com https://design-assets.nav.com https://nav-cms-assets.nav.com; base-uri 'none'; img-src * data: blob:; report-to csp-endpoint 1
default-src 'self' https://www.madavi.de; font-src 'self' data: https://www.madavi.de; img-src 'self' insecure.madavi.de https://www.madavi.de; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.ampproject.org https://www.madavi.de; style-src 'self' 'unsafe-inline' https://www.madavi.de; report-uri https://www.madavi.de/wp-json/wpcsp/v1/route/LogPolicyViolation?_wpnonce=ae9fb193d1 1
report-uri /csp-log.php; report-to csp-log-endpoint; default-src 'none'; img-src 'self' data: https://werbung.leipzig.de/ https://data.leipzig.de/ https://static.leipzig.de/ https://www.gstatic.com/images/; script-src 'self' 'unsafe-inline' https://www.leipzig.de/ https://static.leipzig.de/ https://werbung.leipzig.de/delivery/ https://vrweb15.linguatec.org/VoiceReaderWeb15User/player20/scripts/ https://chatbot115.km.usu.com/kfirst-widget/vendor/ https://chatbot115.km.usu.com/kfirst-widget/js/ https://dev.lehst.de/; style-src 'self' 'unsafe-inline' https://static.leipzig.de/ https://vrweb15.linguatec.org/VoiceReaderWeb15User/player/styles/ https://chatbot115.km.usu.com/kfirst-widget/css/ https://chatbot115.km.usu.com/kfirst-widget/vendor/ https://dev.lehst.de/; font-src 'self' https://static.leipzig.de/ https://chatbot115.km.usu.com/kfirst-widget/vendor/ https://fonts.gstatic.com/; media-src 'self' https://static.leipzig.de/ https://vrweb15.linguatec.org/VoiceReaderWeb15User/player20/scripts/; connect-src 'self' https://vrweb15.linguatec.org/VoiceReaderWeb15WebService/ https://dev.lehst.de/ https://chatbot115.km.usu.com/kfirst-widget/api/ https://chatbot115.km.usu.com/kfirst-widget/icons/ https://www.leipzig.de/; frame-src https://www.youtube-nocookie.com/embed/ https://chatbot115.km.usu.com/ https://tnv.leipzig.de https://s-leipzig.maps.arcgis.com https://geoportal.leipzig.de https://www.blitzvideoserver.de https://tportal.toubiz.de https://kwis-web.leipzig.de; 1
default-src * 'self' data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' cactusvpn.com www.cactusvpn.com billing.cactusvpn.com; report-uri https://75943a29954faa0d1b365a52c248c905.report-uri.com/r/d/csp/reportOnly; 1
default-src 'self' disqo.okta.com *.oktacdn.com; connect-src 'self' disqo.okta.com disqo-admin.okta.com *.oktacdn.com *.mixpanel.com *.mapbox.com disqo.kerberos.okta.com disqo.mtls.okta.com *.authenticatorlocalprod.com:8769 http://localhost:8769 http://127.0.0.1:8769 *.authenticatorlocalprod.com:65111 http://localhost:65111 http://127.0.0.1:65111 *.authenticatorlocalprod.com:65121 http://localhost:65121 http://127.0.0.1:65121 *.authenticatorlocalprod.com:65131 http://localhost:65131 http://127.0.0.1:65131 *.authenticatorlocalprod.com:65141 http://localhost:65141 http://127.0.0.1:65141 *.authenticatorlocalprod.com:65151 http://localhost:65151 http://127.0.0.1:65151 https://oinmanager.okta.com data: *.ingest.sentry.io; script-src 'unsafe-inline' 'nonce-Q5x8gnGlf1h9HQPScdHigA' 'unsafe-eval' 'self' 'report-sample' disqo.okta.com *.oktacdn.com; style-src 'unsafe-inline' 'self' 'report-sample' disqo.okta.com *.oktacdn.com; frame-src 'self' disqo.okta.com disqo-admin.okta.com login.okta.com *.vidyard.com com-okta-authenticator:; img-src 'self' disqo.okta.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com *.vidyard.com data: blob:; font-src 'self' disqo.okta.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self' https://www.disqotech.com 1
default-src 'self'; script-src 'report-sample' 'self' https://cdn.hu-manity.co/hu-banner.min.js https://kit.fontawesome.com/d44fbdfc72.js https://www.google-analytics.com/analytics.js https://www.google.com/recaptcha/api.js https://www.googletagmanager.com/gtm.js https://www.gstatic.com/recaptcha/releases/lLirU0na9roYU3wDDisGJEVT/recaptcha__en.js https://www.youtube.com/iframe_api; style-src 'report-sample' 'self' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://designer-api.hu-manity.co https://ka-p.fontawesome.com https://region1.analytics.google.com https://stats.g.doubleclick.net https://transactional-api.hu-manity.co https://www.google-analytics.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://www.google.com https://www.youtube.com; img-src 'self' data: https://i.ytimg.com https://www.google.co.uk https://www.google.com; manifest-src 'self'; media-src 'self'; report-uri https://yp41w10j.uriports.com/reports/report; report-to default; worker-src 'none'; 1
default-src 'self' https:; font-src 'self' https: data:; img-src 'self' https: data: blob: *.visualwebsiteoptimizer.com app.vwo.com useruploads.vwo.io assets.traveljoy.com; object-src 'none'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' *.visualwebsiteoptimizer.com app.vwo.com; style-src 'self' https: 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com fonts.googleapis.com; base-uri 'self'; worker-src 'self' blob:; connect-src 'self' *.visualwebsiteoptimizer.com app.vwo.com fonts.googleapis.com assets.traveljoy.com bam.nr-data.net sandbox-assets.tjoy.io api.us.nylas.com maps.googleapis.com placehold.co hare-media-cdn.tripadvisor.com s3-dev.traveljoy.com s3-assets.traveljoy.com 'self' wss://nexus-websocket-a.intercom.io/ https://ekr.zdassets.com/ https://global.ketchcdn.com/ https://traveljoy.zendesk.com/ https://api-js.mixpanel.com/ https://bam.nr-data.net/ https://api-iam.intercom.io/ https://www.google-analytics.com/ https://api.smooch.io wss://api.smooch.io; frame-src js.stripe.com connect-js.stripe.com *.visualwebsiteoptimizer.com app.vwo.com cdn.plaid.com checkout.stripe.com *.youtube.com *.youtu.be *.recaptcha.net htp.tokenex.com 1
default-src 'self';  connect-src 'self' javascript: *.americanhardware.com *.lbbrass.com *.boiserieslussier.com *.cedan.com *.deno.ca *.hitechglazing.com *.inter-co.com *.mibro.com *.madicoinc.com *.onwardhardware.com *.reliablefasteners.com *.richelieu.com *.richelieubuildingspecialties.com *.richelieuergo.com *.richelieuglazingsupplies.com *.rshowroom.com *.task-tools.com *.thenystromgroup.com stats.g.doubleclick.net *.doubleclick.net *.ggpht.com *.google.ad *.google.ae *.google.al *.google.am *.google.ar *.google.at *.google.az *.google.be *.google.bj *.google.bs *.google.ca *.google.ch *.google.ci *.google.cl *.google.cz *.google.co.br *.google.co.cr *.google.co.fi *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.ma *.google.co.nz *.google.co.th *.google.co.ug *.google.co.uk *.google.co.ve *.google.co.za *.google.com *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bn *.google.com.bo *.google.com.br *.google.com.co *.google.com.cu *.google.com.cy *.google.com.ec *.google.com.eg *.google.com.do *.google.com.gh *.google.com.gt *.google.com.il *.google.com.jm *.google.com.jp *.google.com.kh *.google.com.lb *.google.com.ly *.google.com.mt *.google.com.mx *.google.com.my *.google.com.ng *.google.com.nl *.google.com.pa *.google.com.pe *.google.com.ph *.google.com.pr *.google.com.qa *.google.com.sa *.google.com.sv *.google.com.tr *.google.com.tw *.google.com.vn *.google.de *.google.dk *.google.dz *.google.ee *.google.es *.google.fi *.google.fr *.google.hr *.google.gm *.google.gr *.google.hn *.google.hu *.google.ie *.google.iq *.google.it *.google.jo *.google.lt *.google.lu *.google.lv *.google.mg *.google.mk *.google.mu *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.rs *.google.se *.google.si *.google.sk *.google.sr *.google.tg *.google.tn *.google.tt *.googleapis.com *.googletagmanager.com www.googletagmanager.com *.googleusercontent.com *.google-analytics.com *.gstatic.com *.mitel.io;  font-src 'self' data: chrome-extension: *.americanhardware.com *.lbbrass.com *.boiserieslussier.com *.cedan.com *.deno.ca *.hitechglazing.com *.inter-co.com *.mibro.com *.madicoinc.com *.onwardhardware.com *.reliablefasteners.com *.richelieu.com *.richelieubuildingspecialties.com *.richelieuergo.com *.richelieuglazingsupplies.com *.rshowroom.com *.task-tools.com *.thenystromgroup.com stats.g.doubleclick.net *.doubleclick.net *.ggpht.com *.google.ad *.google.ae *.google.al *.google.am *.google.ar *.google.at *.google.az *.google.be *.google.bj *.google.bs *.google.ca *.google.ch *.google.ci *.google.cl *.google.cz *.google.co.br *.google.co.cr *.google.co.fi *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.ma *.google.co.nz *.google.co.th *.google.co.ug *.google.co.uk *.google.co.ve *.google.co.za *.google.com *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bn *.google.com.bo *.google.com.br *.google.com.co *.google.com.cu *.google.com.cy *.google.com.ec *.google.com.eg *.google.com.do *.google.com.gh *.google.com.gt *.google.com.il *.google.com.jm *.google.com.jp *.google.com.kh *.google.com.lb *.google.com.ly *.google.com.mt *.google.com.mx *.google.com.my *.google.com.ng *.google.com.nl *.google.com.pa *.google.com.pe *.google.com.ph *.google.com.pr *.google.com.qa *.google.com.sa *.google.com.sv *.google.com.tr *.google.com.tw *.google.com.vn *.google.de *.google.dk *.google.dz *.google.ee *.google.es *.google.fi *.google.fr *.google.hr *.google.gm *.google.gr *.google.hn *.google.hu *.google.ie *.google.iq *.google.it *.google.jo *.google.lt *.google.lu *.google.lv *.google.mg *.google.mk *.google.mu *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.rs *.google.se *.google.si *.google.sk *.google.sr *.google.tg *.google.tn *.google.tt *.googleapis.com *.googletagmanager.com www.googletagmanager.com *.googleusercontent.com *.google-analytics.com *.gstatic.com *.moneris.com *.vantiv.com *.vantivcnp.com *.bootstrapcdn.com *.jquery.com *.cloudflare.com;  frame-src 'self' *.americanhardware.com *.lbbrass.com *.boiserieslussier.com *.cedan.com *.deno.ca *.hitechglazing.com *.inter-co.com *.mibro.com *.madicoinc.com *.onwardhardware.com *.reliablefasteners.com *.richelieu.com *.richelieubuildingspecialties.com *.richelieuergo.com *.richelieuglazingsupplies.com *.rshowroom.com *.task-tools.com *.thenystromgroup.com stats.g.doubleclick.net *.doubleclick.net *.ggpht.com *.google.ad *.google.ae *.google.al *.google.am *.google.ar *.google.at *.google.az *.google.be *.google.bj *.google.bs *.google.ca *.google.ch *.google.ci *.google.cl *.google.cz *.google.co.br *.google.co.cr *.google.co.fi *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.ma *.google.co.nz *.google.co.th *.google.co.ug *.google.co.uk *.google.co.ve *.google.co.za *.google.com *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bn *.google.com.bo *.google.com.br *.google.com.co *.google.com.cu *.google.com.cy *.google.com.ec *.google.com.eg *.google.com.do *.google.com.gh *.google.com.gt *.google.com.il *.google.com.jm *.google.com.jp *.google.com.kh *.google.com.lb *.google.com.ly *.google.com.mt *.google.com.mx *.google.com.my *.google.com.ng *.google.com.nl *.google.com.pa *.google.com.pe *.google.com.ph *.google.com.pr *.google.com.qa *.google.com.sa *.google.com.sv *.google.com.tr *.google.com.tw *.google.com.vn *.google.de *.google.dk *.google.dz *.google.ee *.google.es *.google.fi *.google.fr *.google.hr *.google.gm *.google.gr *.google.hn *.google.hu *.google.ie *.google.iq *.google.it *.google.jo *.google.lt *.google.lu *.google.lv *.google.mg *.google.mk *.google.mu *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.rs *.google.se *.google.si *.google.sk *.google.sr *.google.tg *.google.tn *.google.tt *.googleapis.com *.googletagmanager.com www.googletagmanager.com *.googleusercontent.com *.google-analytics.com *.gstatic.com *.moneris.com *.vantiv.com *.vantivcnp.com *.facebook.net *.vimeo.com *.youtube.com *.mitel.io;  img-src 'self' data: blob: *.americanhardware.com *.lbbrass.com *.boiserieslussier.com *.cedan.com *.deno.ca *.hitechglazing.com *.inter-co.com *.mibro.com *.madicoinc.com *.onwardhardware.com *.reliablefasteners.com *.richelieu.com *.richelieubuildingspecialties.com *.richelieuergo.com *.richelieuglazingsupplies.com *.rshowroom.com *.task-tools.com *.thenystromgroup.com stats.g.doubleclick.net *.doubleclick.net *.ggpht.com *.google.ad *.google.ae *.google.al *.google.am *.google.ar *.google.at *.google.az *.google.be *.google.bj *.google.bs *.google.ca *.google.ch *.google.ci *.google.cl *.google.cz *.google.co.br *.google.co.cr *.google.co.fi *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.ma *.google.co.nz *.google.co.th *.google.co.ug *.google.co.uk *.google.co.ve *.google.co.za *.google.com *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bn *.google.com.bo *.google.com.br *.google.com.co *.google.com.cu *.google.com.cy *.google.com.ec *.google.com.eg *.google.com.do *.google.com.gh *.google.com.gt *.google.com.il *.google.com.jm *.google.com.jp *.google.com.kh *.google.com.lb *.google.com.ly *.google.com.mt *.google.com.mx *.google.com.my *.google.com.ng *.google.com.nl *.google.com.pa *.google.com.pe *.google.com.ph *.google.com.pr *.google.com.qa *.google.com.sa *.google.com.sv *.google.com.tr *.google.com.tw *.google.com.vn *.google.de *.google.dk *.google.dz *.google.ee *.google.es *.google.fi *.google.fr *.google.hr *.google.gm *.google.gr *.google.hn *.google.hu *.google.ie *.google.iq *.google.it *.google.jo *.google.lt *.google.lu *.google.lv *.google.mg *.google.mk *.google.mu *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.rs *.google.se *.google.si *.google.sk *.google.sr *.google.tg *.google.tn *.google.tt *.googleapis.com *.googletagmanager.com www.googletagmanager.com *.googleusercontent.com *.google-analytics.com *.gstatic.com *.moneris.com *.vantiv.com *.vantivcnp.com browser-update.org *.bmr.ca *.pinterest.com *.kwizineenstock.ca *.potvinbouchard.ca *.orgill.com *.materio.ca;  media-src 'self' data: *.americanhardware.com *.lbbrass.com *.boiserieslussier.com *.cedan.com *.deno.ca *.hitechglazing.com *.inter-co.com *.mibro.com *.madicoinc.com *.onwardhardware.com *.reliablefasteners.com *.richelieu.com *.richelieubuildingspecialties.com *.richelieuergo.com *.richelieuglazingsupplies.com *.rshowroom.com *.task-tools.com *.thenystromgroup.com;  script-src 'self' 'unsafe-inline' 'unsafe-eval' *.americanhardware.com *.lbbrass.com *.boiserieslussier.com *.cedan.com *.deno.ca *.hitechglazing.com *.inter-co.com *.mibro.com *.madicoinc.com *.onwardhardware.com *.reliablefasteners.com *.richelieu.com *.richelieubuildingspecialties.com *.richelieuergo.com *.richelieuglazingsupplies.com *.rshowroom.com *.task-tools.com *.thenystromgroup.com stats.g.doubleclick.net *.doubleclick.net *.ggpht.com *.google.ad *.google.ae *.google.al *.google.am *.google.ar *.google.at *.google.az *.google.be *.google.bj *.google.bs *.google.ca *.google.ch *.google.ci *.google.cl *.google.cz *.google.co.br *.google.co.cr *.google.co.fi *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.ma *.google.co.nz *.google.co.th *.google.co.ug *.google.co.uk *.google.co.ve *.google.co.za *.google.com *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bn *.google.com.bo *.google.com.br *.google.com.co *.google.com.cu *.google.com.cy *.google.com.ec *.google.com.eg *.google.com.do *.google.com.gh *.google.com.gt *.google.com.il *.google.com.jm *.google.com.jp *.google.com.kh *.google.com.lb *.google.com.ly *.google.com.mt *.google.com.mx *.google.com.my *.google.com.ng *.google.com.nl *.google.com.pa *.google.com.pe *.google.com.ph *.google.com.pr *.google.com.qa *.google.com.sa *.google.com.sv *.google.com.tr *.google.com.tw *.google.com.vn *.google.de *.google.dk *.google.dz *.google.ee *.google.es *.google.fi *.google.fr *.google.hr *.google.gm *.google.gr *.google.hn *.google.hu *.google.ie *.google.iq *.google.it *.google.jo *.google.lt *.google.lu *.google.lv *.google.mg *.google.mk *.google.mu *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.rs *.google.se *.google.si *.google.sk *.google.sr *.google.tg *.google.tn *.google.tt *.googleapis.com *.googletagmanager.com www.googletagmanager.com *.googleusercontent.com *.google-analytics.com *.gstatic.com *.moneris.com *.vantiv.com *.vantivcnp.com *.facebook.net *.vimeo.com *.youtube.com *.bootstrapcdn.com *.jquery.com browser-update.org *.mitel.io;  script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' stats.g.doubleclick.net *.doubleclick.net *.ggpht.com *.google.ad *.google.ae *.google.al *.google.am *.google.ar *.google.at *.google.az *.google.be *.google.bj *.google.bs *.google.ca *.google.ch *.google.ci *.google.cl *.google.cz *.google.co.br *.google.co.cr *.google.co.fi *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.ma *.google.co.nz *.google.co.th *.google.co.ug *.google.co.uk *.google.co.ve *.google.co.za *.google.com *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bn *.google.com.bo *.google.com.br *.google.com.co *.google.com.cu *.google.com.cy *.google.com.ec *.google.com.eg *.google.com.do *.google.com.gh *.google.com.gt *.google.com.il *.google.com.jm *.google.com.jp *.google.com.kh *.google.com.lb *.google.com.ly *.google.com.mt *.google.com.mx *.google.com.my *.google.com.ng *.google.com.nl *.google.com.pa *.google.com.pe *.google.com.ph *.google.com.pr *.google.com.qa *.google.com.sa *.google.com.sv *.google.com.tr *.google.com.tw *.google.com.vn *.google.de *.google.dk *.google.dz *.google.ee *.google.es *.google.fi *.google.fr *.google.hr *.google.gm *.google.gr *.google.hn *.google.hu *.google.ie *.google.iq *.google.it *.google.jo *.google.lt *.google.lu *.google.lv *.google.mg *.google.mk *.google.mu *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.rs *.google.se *.google.si *.google.sk *.google.sr *.google.tg *.google.tn *.google.tt *.googleapis.com *.googletagmanager.com www.googletagmanager.com *.googleusercontent.com *.google-analytics.com *.gstatic.com *.moneris.com *.vantiv.com *.vantivcnp.com *.facebook.net *.vimeo.com *.youtube.com *.jquery.com;  script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.americanhardware.com *.lbbrass.com *.boiserieslussier.com *.cedan.com *.deno.ca *.hitechglazing.com *.inter-co.com *.mibro.com *.madicoinc.com *.onwardhardware.com *.reliablefasteners.com *.richelieu.com *.richelieubuildingspecialties.com *.richelieuergo.com *.richelieuglazingsupplies.com *.rshowroom.com *.task-tools.com *.thenystromgroup.com stats.g.doubleclick.net *.doubleclick.net *.ggpht.com *.google.ad *.google.ae *.google.al *.google.am *.google.ar *.google.at *.google.az *.google.be *.google.bj *.google.bs *.google.ca *.google.ch *.google.ci *.google.cl *.google.cz *.google.co.br *.google.co.cr *.google.co.fi *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.ma *.google.co.nz *.google.co.th *.google.co.ug *.google.co.uk *.google.co.ve *.google.co.za *.google.com *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bn *.google.com.bo *.google.com.br *.google.com.co *.google.com.cu *.google.com.cy *.google.com.ec *.google.com.eg *.google.com.do *.google.com.gh *.google.com.gt *.google.com.il *.google.com.jm *.google.com.jp *.google.com.kh *.google.com.lb *.google.com.ly *.google.com.mt *.google.com.mx *.google.com.my *.google.com.ng *.google.com.nl *.google.com.pa *.google.com.pe *.google.com.ph *.google.com.pr *.google.com.qa *.google.com.sa *.google.com.sv *.google.com.tr *.google.com.tw *.google.com.vn *.google.de *.google.dk *.google.dz *.google.ee *.google.es *.google.fi *.google.fr *.google.hr *.google.gm *.google.gr *.google.hn *.google.hu *.google.ie *.google.iq *.google.it *.google.jo *.google.lt *.google.lu *.google.lv *.google.mg *.google.mk *.google.mu *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.rs *.google.se *.google.si *.google.sk *.google.sr *.google.tg *.google.tn *.google.tt *.googleapis.com *.googletagmanager.com www.googletagmanager.com *.googleusercontent.com *.google-analytics.com *.gstatic.com *.moneris.com *.vantiv.com *.vantivcnp.com *.facebook.net *.vimeo.com *.youtube.com *.bootstrapcdn.com *.jquery.com browser-update.org *.mitel.io;  style-src 'self' 'unsafe-inline' *.americanhardware.com *.lbbrass.com *.boiserieslussier.com *.cedan.com *.deno.ca *.hitechglazing.com *.inter-co.com *.mibro.com *.madicoinc.com *.onwardhardware.com *.reliablefasteners.com *.richelieu.com *.richelieubuildingspecialties.com *.richelieuergo.com *.richelieuglazingsupplies.com *.rshowroom.com *.task-tools.com *.thenystromgroup.com stats.g.doubleclick.net *.doubleclick.net *.ggpht.com *.google.ad *.google.ae *.google.al *.google.am *.google.ar *.google.at *.google.az *.google.be *.google.bj *.google.bs *.google.ca *.google.ch *.google.ci *.google.cl *.google.cz *.google.co.br *.google.co.cr *.google.co.fi *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.ma *.google.co.nz *.google.co.th *.google.co.ug *.google.co.uk *.google.co.ve *.google.co.za *.google.com *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bn *.google.com.bo *.google.com.br *.google.com.co *.google.com.cu *.google.com.cy *.google.com.ec *.google.com.eg *.google.com.do *.google.com.gh *.google.com.gt *.google.com.il *.google.com.jm *.google.com.jp *.google.com.kh *.google.com.lb *.google.com.ly *.google.com.mt *.google.com.mx *.google.com.my *.google.com.ng *.google.com.nl *.google.com.pa *.google.com.pe *.google.com.ph *.google.com.pr *.google.com.qa *.google.com.sa *.google.com.sv *.google.com.tr *.google.com.tw *.google.com.vn *.google.de *.google.dk *.google.dz *.google.ee *.google.es *.google.fi *.google.fr *.google.hr *.google.gm *.google.gr *.google.hn *.google.hu *.google.ie *.google.iq *.google.it *.google.jo *.google.lt *.google.lu *.google.lv *.google.mg *.google.mk *.google.mu *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.rs *.google.se *.google.si *.google.sk *.google.sr *.google.tg *.google.tn *.google.tt *.googleapis.com *.googletagmanager.com www.googletagmanager.com *.googleusercontent.com *.google-analytics.com *.gstatic.com *.bootstrapcdn.com *.jquery.com;  style-src-attr 'self' 'unsafe-inline' *.americanhardware.com *.lbbrass.com *.boiserieslussier.com *.cedan.com *.deno.ca *.hitechglazing.com *.inter-co.com *.mibro.com *.madicoinc.com *.onwardhardware.com *.reliablefasteners.com *.richelieu.com *.richelieubuildingspecialties.com *.richelieuergo.com *.richelieuglazingsupplies.com *.rshowroom.com *.task-tools.com *.thenystromgroup.com stats.g.doubleclick.net *.doubleclick.net *.ggpht.com *.google.ad *.google.ae *.google.al *.google.am *.google.ar *.google.at *.google.az *.google.be *.google.bj *.google.bs *.google.ca *.google.ch *.google.ci *.google.cl *.google.cz *.google.co.br *.google.co.cr *.google.co.fi *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.ma *.google.co.nz *.google.co.th *.google.co.ug *.google.co.uk *.google.co.ve *.google.co.za *.google.com *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bn *.google.com.bo *.google.com.br *.google.com.co *.google.com.cu *.google.com.cy *.google.com.ec *.google.com.eg *.google.com.do *.google.com.gh *.google.com.gt *.google.com.il *.google.com.jm *.google.com.jp *.google.com.kh *.google.com.lb *.google.com.ly *.google.com.mt *.google.com.mx *.google.com.my *.google.com.ng *.google.com.nl *.google.com.pa *.google.com.pe *.google.com.ph *.google.com.pr *.google.com.qa *.google.com.sa *.google.com.sv *.google.com.tr *.google.com.tw *.google.com.vn *.google.de *.google.dk *.google.dz *.google.ee *.google.es *.google.fi *.google.fr *.google.hr *.google.gm *.google.gr *.google.hn *.google.hu *.google.ie *.google.iq *.google.it *.google.jo *.google.lt *.google.lu *.google.lv *.google.mg *.google.mk *.google.mu *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.rs *.google.se *.google.si *.google.sk *.google.sr *.google.tg *.google.tn *.google.tt *.googleapis.com *.googletagmanager.com www.googletagmanager.com *.googleusercontent.com *.google-analytics.com *.gstatic.com *.jquery.com;  style-src-elem 'self' 'unsafe-inline' *.americanhardware.com *.lbbrass.com *.boiserieslussier.com *.cedan.com *.deno.ca *.hitechglazing.com *.inter-co.com *.mibro.com *.madicoinc.com *.onwardhardware.com *.reliablefasteners.com *.richelieu.com *.richelieubuildingspecialties.com *.richelieuergo.com *.richelieuglazingsupplies.com *.rshowroom.com *.task-tools.com *.thenystromgroup.com stats.g.doubleclick.net *.doubleclick.net *.ggpht.com *.google.ad *.google.ae *.google.al *.google.am *.google.ar *.google.at *.google.az *.google.be *.google.bj *.google.bs *.google.ca *.google.ch *.google.ci *.google.cl *.google.cz *.google.co.br *.google.co.cr *.google.co.fi *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.ma *.google.co.nz *.google.co.th *.google.co.ug *.google.co.uk *.google.co.ve *.google.co.za *.google.com *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bn *.google.com.bo *.google.com.br *.google.com.co *.google.com.cu *.google.com.cy *.google.com.ec *.google.com.eg *.google.com.do *.google.com.gh *.google.com.gt *.google.com.il *.google.com.jm *.google.com.jp *.google.com.kh *.google.com.lb *.google.com.ly *.google.com.mt *.google.com.mx *.google.com.my *.google.com.ng *.google.com.nl *.google.com.pa *.google.com.pe *.google.com.ph *.google.com.pr *.google.com.qa *.google.com.sa *.google.com.sv *.google.com.tr *.google.com.tw *.google.com.vn *.google.de *.google.dk *.google.dz *.google.ee *.google.es *.google.fi *.google.fr *.google.hr *.google.gm *.google.gr *.google.hn *.google.hu *.google.ie *.google.iq *.google.it *.google.jo *.google.lt *.google.lu *.google.lv *.google.mg *.google.mk *.google.mu *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.rs *.google.se *.google.si *.google.sk *.google.sr *.google.tg *.google.tn *.google.tt *.googleapis.com *.googletagmanager.com www.googletagmanager.com *.googleusercontent.com *.google-analytics.com *.gstatic.com *.jquery.com *.mitel.io;  report-to csp-violations-group; report-uri https://www.richelieu.com/ca/fr/ext/webservice/cspReport.php?source=B 1
object-src 'none';base-uri 'self';script-src 'nonce--XrVSBGNSaG0w9V6Ydqflg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
report-uri https://events.mercadolibre.com/csp/reports?identifier=LKywlm6WL5CTIltnOMGOR39FbHx32-ZPka1S-iRmGkXrXc7NQM0k2-lBD88WoD4FWRs=&policy_id=71&user_id=&request_id=563842d1-ede5-40e7-bd0a-08a4c0fb7fe5; report-to csp-endpoint; frame-ancestors 'none' 1
default-src 'self'; style-src 'self' 'unsafe-inline' *.gstatic.com *.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' aplo-evnt.com px.ads.linkedin.com *.google.com *.doubleclick.net; font-src 'self' *.gstatic.com data:; frame-src 'self' *.netsuite.com *.google.com *.googletagmanager.com; img-src 'self' data: px.ads.linkedin.com *.google.com.mx *.googletagmanager.com; manifest-src 'self'; media-src 'self'; form-action 'self'; script-src  'self' 'unsafe-inline' 'unsafe-eval' *.apollo.io snap.licdn.com *.google.com *.googletagmanager.com *.gstatic.com *.google.com.mx data: blob: cdn.jsdelivr.net *.linkedin.com aplo-evnt.com; 1
default-src 'self'; script-src 'self' 'unsafe-eval' https: http: 'nonce-M2U3YTk4YzQtZDVkZS00NTM0LWE5MTEtNWE2Yzg3YmE5MTgz' 'strict-dynamic'; script-src-elem 'unsafe-inline' https://yamap.com https://www.googletagmanager.com https://js.stripe.com; style-src 'self' 'unsafe-inline'; font-src 'self' data:; img-src 'self' https: blob: data:; object-src 'none'; form-action 'self'; connect-src 'self' https://*; report-uri https://zk6bsphzgvpliawi65sbwjdx6m0xhmnc.lambda-url.ap-northeast-1.on.aws/; frame-src https://docs.google.com/forms; 1
base-uri 'none'; default-src 'none'; style-src 'self' https://api.band.link https://api.workspace.band.link *.s3.yandex.net ticketscloud.com 'unsafe-inline'; script-src 'sha256-VxYbYyxTasYWqiceLb7TP8ayaD3/U4YQYPrPqqTGKcE=' 'nonce-8c06ecec7a41ec9e30d77c050805744b6ed1d477f7d90a5d5cd63a0d7d0ac3f2' 'self' analytics.tiktok.com bandlink.radario.ru connect.facebook.net privacy-cs.mail.ru static.tildacdn.com ticketscloud.com top-fwz1.mail.ru vk.com yastatic.net 'self' https://api.band.link https://api.workspace.band.link *.s3.yandex.net googleads.g.doubleclick.net www.google-analytics.com www.google.com www.googletagmanager.com www.gstatic.com mc.yandex.ru mc.yandex.com *.webvisor.com; connect-src analytics.tiktok.com api.music.apple.com login.vk.com mc.admetrica.ru *.yandex-team.ru privacy-cs.mail.ru stat.tildacdn.com ticketscloud.com top-fwz1.mail.ru yandex.ru/ads/system/context.js yandexmetrica.com:* https://yandex.ru/clck/click 'self' https://api.band.link https://api.workspace.band.link *.s3.yandex.net adservice.google.com analytics.google.com *.g.doubleclick.net www.google-analytics.com mc.yandex.ru mc.yandex.com *.webvisor.com; img-src data: e-cdn-images.dzcdn.net *.cdninstagram.com *.fbcdn.net *.mzstatic.com *.userapi.com *.ytimg.com analytics.tiktok.com graph.facebook.com i.mycdn.me i.scdn.co img.youtube.com login.vk.com mc.admetrica.ru top-fwz1.mail.ru vk.com www.facebook.com yastatic.net https://avatars.mds.yandex.net avatars.yandex.net 'self' https://api.band.link https://api.workspace.band.link *.s3.yandex.net www.google-analytics.com www.google.com www.google.ru www.googletagmanager.com mc.yandex.ru mc.yandex.com *.webvisor.com; media-src *.itunes.apple.com 'self' https://api.band.link https://api.workspace.band.link *.s3.yandex.net; frame-src blob: bytedance: sslocal: music.yandex.ru ticketscloud.com w.soundcloud.com www.facebook.com www.google.com www.youtube.com youtube.com direct.yandex.ru passport.yandex.ru https://frame-analytics.band.link mc.yandex.ru mc.yandex.com *.webvisor.com; font-src static.tildacdn.com yastatic.net 'self' https://api.band.link https://api.workspace.band.link *.s3.yandex.net; manifest-src 'self' https://api.band.link https://api.workspace.band.link *.s3.yandex.net; report-uri https://csp.yandex.net/csp?project=bandlink&from=band.link 1
object-src 'none';base-uri 'self';script-src 'nonce-3_I6jb6yYqx4mN--nxVi8Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-uTca-k4fXRkyss1ihQyjtQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval' ; report-uri https://events.ocdn.eu/v2/csp-report?_ac=events&_fv=www.forbes.pl::PROD 1
object-src 'none';base-uri 'self';script-src 'nonce-6yQRYCY_Wu7B_FtxD7GPxw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com https://fonts.bunny.net *.hotjar.com data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.authorize.net *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.certcapture.com *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.braintreegateway.com *.paypal.com google.com *.google.com *.certcapture.com *.authorize.net challenges.cloudflare.com data: *.hotjar.com *.gstatic.com *.doubleclick.net *.facebook.com *.brand-display.com *.sitescout.com *.addthis.com *.metalocator.com *.googletagmanager.com *.medallia.com *.adsrvr.org *.ipredictive.com *.spotify.com *.byspotify.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.certcapture.com magefan.com cm.magefan.com *.disqus.com https://firebasestorage.googleapis.com *.magentocommerce.com *.facebook.com *.doubleclick.net *.google.com *.brand-display.com *.sitescout.com *.googletagmanager.com *.googleapis.com *.analytics.yahoo.com *.ktxlytics.io *.adnxs.com *.metalocator.com *.scooterscoffee.com *.kampyle.com *.ipredictive.com *.spotify.com *.byspotify.com *.reddit.com *.google-analytics.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.certcapture.com *.disqus.com *.avada.io *.shopify.com *.authorize.net challenges.cloudflare.com *.bluecore.com *.facebook.net *.googleapis.com *.hotjar.com *.googletagmanager.com *.doubleclick.net *.gstatic.com *.brand-display.com *.cloudflare.com *.sitescout.com up.pixel.ad *.xg4ken.com *.usersnap.com chimpstatic.com data: *.ktxlytics.io *.app-us1.com *.amazonaws.com *.addthis.com *.addthisedge.com trackcmp.net *.moatads.com *.metalocator.com *.jsdelivr.net *.medallia.com *.snapchat.com *.trackedweb.net *.appboycdn.com sc-static.net *.adsrvr.org *.ipredictive.com *.spotify.com *.byspotify.com *.braze.com *.googleadservices.com *.redditstatic.com *.reddit.com *.tiktok.com unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.certcapture.com *.fontawesome.com https://fonts.bunny.net *.googleapis.com *.mailchimp.com *.tagmanager.google.com *.googletagmanager.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.certcapture.com https://get.geojs.io *.avada.io *.authorize.net *.bluecore.com *.googleapis.com *.hotjar.com *.hotjar.io *.google-analytics.com *.doubleclick.net *.ktxlytics.io *.medallia.com *.snapchat.com *.trackedweb.net *.appboycdn.com sc-static.net *.kampyle.com *.ipredictive.com *.spotify.com *.byspotify.com *.braze.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.run.app 'self' 'unsafe-inline'; child-src *.certcapture.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://scooterscoffee.com/; report-to report-endpoint; 1
default-src 'self' image.spreadshirtmedia.net ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *.go-mpulse.net apis.google.com assets.adobedtm.com *.cloudfront.net nxtck.com ssl.gstatic.com ws.sessioncam.com *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com adtm.spreadshirts.net *.spreadshirt.de ; img-src 'self' data: https: image.spreadshirtmedia.net *.gstatic.com rtb-csync.smartadserver.com pixel.rubiconproject.com pixel.advertising.com dsum-sec.casalemedia.com cotads.adscale.de www.google-analytics.com eu-u.openx.net ih.adscale.de *.akstat.io www.facebook.com dsum-sec.casalemedia.com ad.yieldlab.net secure.adnxs.com mapping.nxtck.com stats.g.doubleclick.net www.google.com www.google.de cm.g.doubleclick.net ads.yahoo.com sync.ligadx.com eb2.3lift.com s.sspqns.com x.bidswitch.net image2.pubmatic.com sync.outbrain.com nxtck.com *.google-analytics.com *.analytics.google.com *.zdassets.com sanalytics.spreadshirt.de *.spreadshirt.de ; connect-src 'self' https: *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com *.go-mpulse.net *.akstat.io/ dpm.demdex.net *.google-analytics.com *.analytics.google.com wss://*.zendesk.com *.spreadshirt.de ; font-src 'self' https: data: *.spreadshirt.de ; style-src 'self' data: 'unsafe-inline' https: *.spreadshirt.de ; object-src 'none' ; media-src image.spreadshirtmedia.net ; frame-src 'self' https: www.google.com accounts.google.com *.spreadshirt.de ; report-uri https://csp.spreadshirts.net/csp/reportOnly ; 1
object-src 'none';base-uri 'self';script-src 'nonce-DMmfeSkQHPw5Cla5il_F1A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-njyUIbBxuhiZeHWA20DF-g' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All 1
default-src 'self' 'unsafe-inline' data: *.squaretrade.com *.facebook.com *.outbound.io *.auth0.com *.launchdarkly.com *.pndsn.com *.googleapis.com *.google.com *.googletagmanager.com *.google-analytics.com https://api.segment.io https://api.amplitude.com https://privacyportal-eu.onetrust.com https://secure.shippingapis.com https://st-prod-enc-ship-usw-ca.s3.us-west-1.amazonaws.com https://st-prod-enc-ship-use-oh.s3.us-east-2.amazonaws.com https://st-stage-enc-cust-docs-use-oh-1.s3.us-east-2.amazonaws.com https://callback.vhtcx.com https://callback.virtualhold.com https://siteintercept.qualtrics.com; form-action 'self' data: *.squaretrade.com *.force.com *.salesforce.com *.auth0.com; frame-ancestors 'self'; script-src 'self' 'unsafe-inline' data: *.squaretrade.com *.auth0.com https://cdn.segment.com *.bootstrapcdn.com *.force.com *.salesforce.com *.qualtrics.com https://platform.twitter.com; font-src 'self' data: *.squaretrade.com  https://fonts.gstatic.com https://use.typekit.net; img-src 'self' data: *.squaretrade.com *.auth0.com  *.facebook.com https://p.typekit.net *.google.com *.twitter.com https://st-prod-enc-ship-usw-ca.s3.us-west-1.amazonaws.com https://st-prod-enc-ship-use-oh.s3.us-east-2.amazonaws.com; style-src-elem 'self' 'unsafe-inline' *.squaretrade.com https://hello.myfonts.net https://service.force.com https://fonts.googleapis.com https://cdnjs.cloudflare.com https://static.smartrecruiters.com https://cdn.jsdelivr.net *.bootstrapcdn.com; script-src-elem 'self' *.squaretrade.com 'unsafe-inline'  *.salesforceliveagent.com https://cdn.segment.com https://cdn.amplitude.com https://cdn.outbound.io https://connect.facebook.net https://www.googletagmanager.com https://service.force.com https://use.typekit.net https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://www.gstatic.com https://code.jquery.com https://ajax.googleapis.com https://platform.twitter.com *.bootstrapcdn.com https://cdn.jsdelivr.net *.smartrecruiters.com https://polyfill.io 'https://www.youtube.com https://player.vimeo.com https://zn8jglatqcy5dkma1-squaretrade.siteintercept.qualtrics.com https://siteintercept.qualtrics.com; frame-src https://service.force.com https://squaretrade.az1.qualtrics.com/ https://www.google.com https://www.facebook.com https://platform.twitter.com *.doubleclick.net; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://*.gstatic.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.adyen.com pay.google.com payments-eu.amazon.com *.amazon.de *.cordialdev.com *.cordial.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.google.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.certcapture.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.adyen.com pay.google.com *.certcapture.com *.cordialdev.com *.cordial.com *.cordial.io c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com * photos.pixlee.co amc.demdex.net https://photos.pixlee.co landofcoder.com *.weltpixel.com *.googletagmanager.com *.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.adyen.com pay.google.com *.payments-amazon.com *.media-amazon.com *.paypalobjects.com https://*.gstatic.com *.certcapture.com *.disqus.com https://img.youtube.com store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com wac.edgecastcdn.net *.lightboxcdn.com https://hello.zonos.com https://a.tile.openstreetmap.org https://b.tile.openstreetmap.org https://c.tile.openstreetmap.org *.facebook.com *.reddit.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.certcapture.com *.cordialdev.com *.cordial.com track.cordial.io *.disqus.com *.authorize.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com *.googleapis.com https://cdn.searchspring.net *.turnto.com https://checkoutshopper-test.adyen.com *.lightboxcdn.com *.news.rockler.com https://hello.zonos.com cdn.searchspring.net https://widgets.turnto.com we.turnto.com landofcoder.com *.googletagmanager.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com unpkg.com *.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://fonts.googleapis.com/ *.certcapture.com *.fontawesome.com assets.braintreegateway.com *.turnto.com fonts.googleapis.com/ cdn.searchspring.net https://widgets.turnto.com *.tagmanager.google.com *.googletagmanager.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.adyen.com payments-eu.amazon.com *.certcapture.com *.cordialdev.com *.cordial.com *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.turnto.com apay-us.amazon.com *.google-analytics.com https://hello.zonos.com https://*.a.searchspring.io https://cdn-ws.turnto.com landofcoder.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.doubleclick.net *.run.app 'self' 'unsafe-inline'; child-src *.certcapture.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://a5cc4e91-2050-4411-835a-70713844fbf7.sansec.watch/; report-to report-endpoint; 1
base-uri 'self'; block-all-mixed-content; default-src 'self'; form-action 'self'; frame-ancestors 'self'; plugin-types 'none'; script-src 'self' 'report-sample' 'unsafe-inline'; style-src 'self' 'report-sample' 'unsafe-inline'; object-src 'none'; worker-src 'none'; report-uri https://prod.ap.batic.cudasvc.com/xenios/api/v1/error/report??paid=151&spid=18688&v=v1.0&payload=NQYe0s18mY9nS25t8urQrtqv-BkKl5DcpXqYDopMhWzvzwiUS_k4SH6d4zQ0YUPYCblXBVfsjszuO03W5cogxbHAT_x-7zBx-e70WdCtOjI3NRU4s1dtrthV79AB8RGtFj2t_SLCAhWcl6kHtsObH5L35AbKI9tiKMw6C60o3Hme7LYlcCFMl_tcq-6y2uZTg_otS1_Rmrmq5c2ihkgjWg==; 1
font-src fonts.gstatic.com use.typekit.net *.klarnacdn.net *.fontawesome.com *.oct8ne.com https://cdnjs.cloudflare.com *.gstatic.com https://sandbox.sequracdn.com/ *.reskyt.com/ https://cdn.doofinder.com/* data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com https://plumrocket.com https://www.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com *.klarna.com *.oct8ne.com https://plumrocket.com sandbox.sequracdn.com live.sequracdn.com sandbox.sequrapi.com live.sequrapi.com *.trustpilot.com *.paypalobjects.com/ *.flyde.io/ *.redintelligence.net/ *.reskyt.com/ *.quantummetric.com/ *.sequrapi.com/ *.klarnacdn.net/ *.doubleclick.net/ *.google.com/ https://www.facebook.com *.amazonaws.com/* https://myadsplatform-prod.s3.eu-central-1.amazonaws.com/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net p.typekit.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.adyen.com cdn.doofinder.com *.klarna.com *.klarnaevt.com *.klarnacdn.net magefan.com cm.magefan.com *.disqus.com *.oct8ne.com sandbox.sequracdn.com live.sequracdn.com sandbox.sequrapi.com live.sequrapi.com *.padelnuestro.com https://www.google.ie *.googleapis.com *.gstatic.com https://www.google.es/ads/ https://www.googletagmanager.com/ https://www.emjcd.com/ https://cj.dotomi.com/ *.cloudfront.net *.bing.com/ *.adform.net/ *.facebook.com/ *.reskyt.com/ *.connectif.cloud/ *.doubleclick.net/ *.google.com/ *.placeholder.com https://grwapi.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com www.googletagmanager.com *.adyen.com cdn.doofinder.com *.klarna.com *.klarnaservices.com *.disqus.com *.oct8ne.com https://cdnjs.cloudflare.com sandbox.sequracdn.com live.sequracdn.com sandbox.sequrapi.com live.sequrapi.com *.trustpilot.com https://sdk.privacy-center.org https://js-agent.newrelic.com https://bam.nr-data.net *.googleapis.com *.gstatic.com https://www.mczbf.com/ https://cdn.connectif.cloud/ *.cloudfront.net https://commerce.adobedtm.com/ *.bing.com/ *.adform.net/ *.jsdelivr.net/ *.flyde.io/ *.facebook.net/ *.tiktok.com/ *.klarnacdn.net/ *.reskyt.com/ *.quantummetric.com/ blob *.klarna.com/ *.sequrapi.com/ *.clarity.ms/ *.google.com/ https://grwapi.net https://unpkg.com https://eu1-config.doofinder.com/* *.doofinder.com/* https://eu1-config.doofinder.com/2.x/d0f0ef47-8a08-4c9c-9f1f-3c43a3aa757c.js *.usermaven.com/* *.creativecdn.com/* *.woopra.com/* https://static.woopra.com/ https://www.woopra.com/ https://tags.creativecdn.com/ https://ams.creativecdn.com/ https://f.creativecdn.com/ https://sync.outbrain.com/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.doofinder.com *.klarnacdn.net *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com *.trustpilot.com *.googletagmanager.com/ *.reskyt.com/ *.quantummetric.com/ *.googleapis.com https://grwapi.net *.doofinder.com/* https://cdn.doofinder.com/* https://cdn.doofinder.com/livelayer/1/css/2/common.css 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io qa-api.magedevteam.com *.sentry.io *.adyen.com *.doofinder.com wss://*.doofinder.com *.klarnaevt.com *.klarnaservices.com *.oct8ne.com sandbox.sequracdn.com live.sequracdn.com sandbox.sequrapi.com live.sequrapi.com https://pre.wayletlabs.com/* https://pro.waylet.es/* https://region1.google-analytics.com https://api.privacy-center.org *.doubleclick.net https://bam.nr-data.net *.googleapis.com *.gstatic.com *.google.com https://www.mczbf.com/ *.connectif.cloud/ *.flyde.io/ *.tiktok.com/ *.facebook.com/ *.reskyt.com/ *.quantummetric.com/ *.googlesyndication.com/ *.klarna.com/ *.klarnacdn.net/ *.clarity.ms https://grwapi.net https://track.adform.net https://google.com *.woopra.com/ 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.typekit.net fonts.gstatic.com use.typekit.net *.klevu.com *.ksearchnet.com https://fonts.gstatic.com/ *.nosto.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.nosto.com *.nos.to *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.awin1.com *.zenaps.com *.fls.doubleclick.net account.fetchify.com *.klarna.com https://www.googletagmanager.com/ *.nosto.com *.nos.to c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * widget.trustpilot.com simplicity.trustpilot.com *.googlesyndication.com *.stripe.com klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.trustpilot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.ftcdn.net *.behance.net www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.awin1.com *.zenaps.com *.klarna.com *.klarnaevt.com *.klevu.com *.ksearchnet.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.nosto.com *.nos.to www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://s3-eu-west-1.amazonaws.com *.cdninstagram.com *.poundshop.com *.poundland.com *.poundland.co.uk *.dealz.ie *.onetrust.com s.kelkoogroup.net c.bing.com c.clarity.ms bat.bing.com *.ometria.com *.google.ac *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.ua *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.com.kh *.google.cc *.google.cd *.google.cf *.google.cat *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gf *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gp *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.iq *.google.ie *.google.co.il *.google.im *.google.co.in *.google.io *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.com.lc *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.ne *.google.com.nf *.google.com.ng *.google.com.ni *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pk *.google.com.pa *.google.com.pe *.google.com.ph *.google.pl *.google.com.pg *.google.pn *.google.co.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.rs *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.sm *.google.so *.google.st *.google.sr *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tk *.google.tl *.google.tm *.google.to *.google.tn *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.co.ug *.google.co.uk *.google.com *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.co.za *.google.co.zm *.google.co.zw data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com beacon-qa.magento-datasolutions.com beacon-stage.magento-ds.com beacon.magento-ds.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com beacon-audiences.magento-ds.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.awin1.com www.dwin1.com *.zenaps.com https://the.sciencebehindecommerce.com *.klarna.com js.klevu.com *.ksearchnet.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.nosto.com *.nos.to js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.poundshop.com *.poundland.com *.poundland.co.uk *.dealz.ie s.kelkoogroup.net widget.trustpilot.com invitejs.trustpilot.com sdk.loyaltylion.net foursixty.com sdk-static.loyaltylion.net bat.bing.com *.zendesk.com static.zdassets.com *.ometria.com analytics.tiktok.com www.clarity.ms s.kk-resources.com *.googlesyndication.com *.onetrust.com *.newrelic.com *.soreto.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com *.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com beacon-audiences.magento-ds.com fonts.googleapis.com cc-cdn.com *.klevu.com *.ksearchnet.com *.nosto.com *.nos.to unsafe-inline assets.braintreegateway.com sdk.loyaltylion.net foursixty.com *.onetrust.com *.typekit.net *.stripe.network *.stripecdn.com *.amazon.com *.trustpilot.com https://statsjs.klevu.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.snplow.net commerce.adobedc.net p13n-mr.adobe.io www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com beacon-audiences.magento-ds.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobedc.net *.demdex.net *.adobe.io performance.typekit.net *.sentry.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://the.sciencebehindecommerce.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk *.klarnaevt.com *.klevu.com *.ksearchnet.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.nosto.com *.nos.to api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com sdk.loyaltylion.net foursixty.com platform.loyaltylion.com *.zendesk.com widget-mediator.zopim.com wss://widget-mediator.zopim.com analytics.tiktok.com *.clarity.ms s.kelkoogroup.net invitejs.trustpilot.com zendesk-eu.my.sentry.io *.ometria.com *.google-analytics.com *.onetrust.com *.newrelic.com *.nr-data.net *.googlesyndication.com *.soreto.com googleads.g.doubleclick.net *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.link.com *.amazon.com 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://04bdc3b5-2455-47f6-9c1d-24c9c5f93a61.sansec.watch/; report-to report-endpoint; 1
default-src https: data: 'self' 'unsafe-inline' 'unsafe-eval'     *.googleapis.com      fonts.gstatic.com      *.fontawesome.com      *.aspnetcdn.com      *.jsdelivr.net      *.googletagmanager.com;     img-src * data: *.wistia.com;     frame-ancestors 'self';     object-src 'none';     form-action 'self' *.hsforms.com *.agencybloc.com *.spinutech.com https://www.facebook.com/tr/;     base-uri 'self';     media-src s3.amazonaws.com blob: *.wistia.com *.wistia.net;     report-uri /csp/; 1
frame-src https://www.google.com/ https://optimize.google.com https://*.paddle.com https://www.recaptcha.net/; report-uri /api/v1/reports; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://docs.staticstream.org https://*.google-analytics.com https://google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com https://optimize.google.com https://www.googleoptimize.com https://www.recaptcha.net https://www.gstatic.com/recaptcha/ https://*.paddle.com https://*.zopim.com https://*.zdassets.com https://browser.sentry-cdn.com https://*.ingest.sentry.io https://cdn.jsdelivr.net https://code.jquery.com,; connect-src 'self' https://docs.staticstream.org https://*.google-analytics.com https://*.paddle.com https://browsec.zendesk.com wss://*.zopim.com https://*.zopim.com https://*.zdassets.com https://*.ingest.sentry.io https://bash.ws/ https://*.bash.ws/; 1
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; report-uri https://www.milestonesys.com/csp/report 1
style-src * 'unsafe-inline' 'self' data:; font-src * data: 'self'; frame-src * 'self'; child-src * blob:; script-src * data: wasm-eval: 'self' 'unsafe-eval' 'unsafe-inline' 'report-sample'; default-src *; img-src * blob: data: 'self'; connect-src * 'self'; worker-src * blob: 'self'; object-src 'none'; form-action * 'self'; upgrade-insecure-requests; report-uri https://o166208.ingest.sentry.io/api/1238795/security/?sentry_key=eebe259ebaa846d39aaae0e3404505ab&sentry_environment=production 1
report-uri /upload/csp/csp.php; report-to csp-endpoints 1
font-src fonts.gstatic.com use.typekit.net https://*.gstatic.com *.googleapis.com https://www.gstatic.com https://fonts.gstatic.com https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com pay.google.com payments-eu.amazon.com *.amazon.de api.bazaarvoice.com stg.api.bazaarvoice.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.adyen.com pay.google.com *.paypal.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com https://www.googletagmanager.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com * photos.pixlee.co 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.adyen.com pay.google.com *.payments-amazon.com *.media-amazon.com *.paypalobjects.com https://*.gstatic.com *.googleapis.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com https://*.google.com https://*.googleapis.com https://*.googleusercontent.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.webtrekk.net *.wt-eu02.net https://fbc.wcfbc.net https://*.flx1.com/ https://dmp.adform.net/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.pixlee.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com *.newrelic.com *.nr-data.net assets.adobedtm.com commerce.adobe.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.googleapis.com https://*.gstatic.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com https://*.google.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ https://responder.wt-safetag.com https://*.flx1.com/ https://www.googletagmanager.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com *.pxlecdn.com *.pixlee.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com https://fonts.googleapis.com/ display.ugc.bazaarvoice.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com unsafe-inline assets.braintreegateway.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.snplow.net commerce.adobedc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.net qa-api.magedevteam.com *.adyen.com *.google.com https://*.google.com payments-eu.amazon.com *.paypal.com *.googleapis.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com api.addressy.com https://ipinfo.io https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://*.flx1.com/ https://jamie.g.shortest-route.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com google.com https://inbound-analytics.pixlee.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://87a2b74d-7ec7-4aa0-9269-eab6629cdda1.sansec.watch/; report-to report-endpoint; 1
base-uri 'self'; child-src https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; connect-src 'self' https://*.cliniko.com https://stats.g.doubleclick.net https://www.google-analytics.com https://api.honeybadger.io https://*.intercom.io wss://*.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com; default-src 'self'; font-src 'self' data: https://*.cloudfront.net https://js.intercomcdn.com; form-action 'self' https://intercom.help https://api-iam.intercom.io; frame-ancestors 'none'; img-src 'self' data: https:; manifest-src 'self'; media-src: https://js.intercomcdn.com; script-src 'self' 'report-sample' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com https://ssl.google-analytics.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://www.google.com/recaptcha/api.js https://www.gstatic.com; style-src 'self' 'report-sample' 'unsafe-inline'; report-uri https://fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/reportOnly; 1
default-src 'none'; form-action 'none'; frame-ancestors 'none'; report-uri https://f11bb21a156cd4e9e562bfa86fe76e9b.report-uri.com/r/d/csp/wizard 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https://*.garda.com https://*.gardaworld.com https://*.algolia.io https://*.algolia.net https://*.algolianet.com https://*.clarity.ms https://*.cloudinary.com https://*.cookiepro.com https://*.facebook.com https://*.facebook.net https://*.fbcdn.net https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://*.gstatic.com https://*.hs-scripts.com https://*.hs-sites.com https://*.hsappstatic.net https://*.hsforms.com https://*.hsforms.net https://*.hubapi.com https://*.hubspot.com https://*.linkedin.com https://*.moneris.com https://*.onetrust.com https://*.salesforce.com https://*.usemessages.com https://*.youtube.com https://bat.bing.com https://c.bing.com https://cdn.fonts.net https://cdn.jsdelivr.net/ https://fonts.googleapis.com https://fonts.gstatic.com https://forms.hsforms.com https://js.hs-analytics.net https://js.hs-banner.com https://js.hsadspixel.net https://js.hscollectedforms.net https://maps.googleapis.com https://maps.gstatic.com https://pagead2.googlesyndication.com https://secure.data-insight365.com https://snap.licdn.com https://td.doubleclick.net https://vercel.live https://*.vercel.com https://*.vercel.app https://*.vercel-scripts.com wss://ws-us3.pusher.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://www.youtube-nocookie.com https://www.youtube.com https://*.ytimg.com https://vimeo.com/ https://player.vimeo.com/ https://i.vimeocdn.com/ https://js.zi-scripts.com/ https://ws.zoominfo.com/ google.com www.google.com www.google.ad www.google.ae www.google.com.af www.google.com.ag www.google.al www.google.am www.google.co.ao www.google.com.ar www.google.as www.google.at www.google.com.au www.google.az www.google.ba www.google.com.bd www.google.be www.google.bf www.google.bg www.google.com.bh www.google.bi www.google.bj www.google.com.bn www.google.com.bo www.google.com.br www.google.bs www.google.bt www.google.co.bw www.google.by www.google.com.bz www.google.ca www.google.cd www.google.cf www.google.cg www.google.ch www.google.ci www.google.co.ck www.google.cl www.google.cm www.google.cn www.google.com.co www.google.co.cr www.google.com.cu www.google.cv www.google.com.cy www.google.cz www.google.de www.google.dj www.google.dk www.google.dm www.google.com.do www.google.dz www.google.com.ec www.google.ee www.google.com.eg www.google.es www.google.com.et www.google.fi www.google.com.fj www.google.fm www.google.fr www.google.ga www.google.ge www.google.gg www.google.com.gh www.google.com.gi www.google.gl www.google.gm www.google.gr www.google.com.gt www.google.gy www.google.com.hk www.google.hn www.google.hr www.google.ht www.google.hu www.google.co.id www.google.ie www.google.co.il www.google.im www.google.co.in www.google.iq www.google.is www.google.it www.google.je www.google.com.jm www.google.jo www.google.co.jp www.google.co.ke www.google.com.kh www.google.ki www.google.kg www.google.co.kr www.google.com.kw www.google.kz www.google.la www.google.com.lb www.google.li www.google.lk www.google.co.ls www.google.lt www.google.lu www.google.lv www.google.com.ly www.google.co.ma www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.com.mm www.google.mn www.google.com.mt www.google.mu www.google.mv www.google.mw www.google.com.mx www.google.com.my www.google.co.mz www.google.com.na www.google.com.ng www.google.com.ni www.google.ne www.google.nl www.google.no www.google.com.np www.google.nr www.google.nu www.google.co.nz www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.pl www.google.pn www.google.com.pr www.google.ps www.google.pt www.google.com.py www.google.com.qa www.google.ro www.google.ru www.google.rw www.google.com.sa www.google.com.sb www.google.sc www.google.se www.google.com.sg www.google.sh www.google.si www.google.sk www.google.com.sl www.google.sn www.google.so www.google.sm www.google.sr www.google.st www.google.com.sv www.google.td www.google.tg www.google.co.th www.google.com.tj www.google.tl www.google.tm www.google.tn www.google.to www.google.com.tr www.google.tt www.google.com.tw www.google.co.tz www.google.com.ua www.google.co.ug www.google.co.uk www.google.com.uy www.google.co.uz www.google.com.vc www.google.co.ve www.google.co.vi www.google.com.vn www.google.vu www.google.ws www.google.rs www.google.co.za www.google.co.zm www.google.co.zw www.google.cat; 1
upgrade-insecure-requests; frame-ancestors 'self' https://*.sensibull.com https://kite.zerodha.com; report-uri https://7eae552da389ebb083bedadbd9428ed2.report-uri.com/r/d/csp/reportOnly 1
font-src fonts.gstatic.com use.typekit.net data: *.hotjar.com github.com cdn.honey.io *.photoslurp.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.redsys.es facebook.com *.adyen.com *.redsys.com *.pinterest.com sas.redsys.es *.facebook.com sas.redsys.com checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.hotjar.com *.google.com *.addthis.com *.kampyle.com facebook.com docs.google.com *.facebook.com *.pinterest.es *.pinterest.com service.force.com *.criteo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.ftcdn.net *.behance.net magefan.com cm.magefan.com *.disqus.com blob: *.w3.org *.bing.com c.bing.com *.hotjar.com *.paypal.com bat.bing.com *.clarity.ms *.google.fr facebook.com *.kampyle.com *.gstatic.com *.ladybird.nl *.google.com *.fbcdn.net *.cookiepro.com *.pinterest.com *.pronovias.com *.facebook.com *.google.es *.photoslurp.com *.googleapis.com *.sanpatrick.com *.nicolemilano.com *.cdninstagram.com instagram.com *.verawangbride.com *.whiteonebridal.com *.googletagmanager.com scontent.fmad7-1.fna.fbcdn.net click.s50.exacttarget.com * data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.disqus.com unpkg.com *.force.com bat.bing.com *.adyen.com *.pinimg.com *.google.com *.hotjar.com *.tiktok.com dropbox.com gstatic.com *.clarity.ms *.moatads.com *.addthis.com *.kampyle.com *.gstatic.com *.dropbox.com *.cookiepro.com *.facebook.net *.facebook.com facebook.net *.photoslurp.com *.googleapis.com *.salesforce.com *.addthisedge.com *.secure.force.com http://polyfill.io service.force.com bam.eu01.nr-data.net *.nicolemilano.com *.empathybroker.com x.empathy.co x.staging.empathy.co *.lightning.force.com analytics.tiktok.com *.googletagmanager.com googletagmanager.com *.salesforceliveagent.com static.lightning.force.com *.la3-c1cs-fra.salesforceliveagent.com d.la3-c1cs-fra.salesforceliveagent.com pronoviasgroup.my.salesforce.com *.pinterest.com player.vimeo.com *.surveymonkey.com *.criteo.com ct.pinterest.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.honey.io *.kampyle.com *.force.com *.photoslurp.com service.force.com *.nicolemilano.com gstatic.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.vimeo.com *.akamaized.net *.photoslurp.com player.vimeo.com vod-progressive.akamaized.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net *.tt.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com *.adobe.io performance.typekit.net *.sentry.io wss: bat.bing.com *.force.com *.tiktok.com *.google.com *.hotjar.io *.clarity.ms *.vimeo.com d.clarity.ms h.clarity.ms *.kampyle.com *.hotjar.com google.com vc.hotjar.io ws7.hotjar.com *.instagram.com *.cookiepro.com *.pinterest.com *.amazonaws.com client.rum.us-east-1.amazonaws.com sts.eu-west-1.amazonaws.com ws16.hotjar.com ws20.hotjar.com ws22.hotjar.com ws23.hotjar.com ws33.hotjar.com ws34.hotjar.com *.facebook.com *.googleapis.com *.photoslurp.com *.secure.force.com bam.eu01.nr-data.net *.empathybroker.com x.empathy.co x.staging.empathy.co stats.g.doubleclick.net *.google-analytics.com api.empathybroker.com api.empathy.co api.staging.empathy.co *.cardinalcommerce.com api-staging.empathybroker.com pronoviasgroupcti.secure.force.com analytics.pangle-ads.com properties *.criteo.com *.onetrust.com *.pangle-ads.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; connect-src *; img-src * data:; script-src 'nonce-FpNPFX3WOLLWiUkuAd3y1i9Vq1KiYqpz' 'unsafe-eval' 'strict-dynamic' 'unsafe-inline' 'self' https: http: 'self'; style-src 'self' 'unsafe-inline' https://404-tpa-276.mktoweb.com/; font-src 'self' kit.fontawesome.com https://ka-p.fontawesome.com/ https://fast.wistia.com/ data:; form-action 'self'; object-src 'none'; media-src 'self' blob:; frame-src https://www.googletagmanager.com https://td.doubleclick.net/ https://gtm.casepeer.com/ https://gtm.mycase.com/ https://insight.adsrvr.org/ https://app.netlify.com/ https://404-tpa-276.mktoweb.com/; frame-ancestors demo.affinipay.com ka-p.fontawesome.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /.netlify/functions/__csp-violations 1
default-src 'self' *.relay42.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *.centraalbeheer.nl https://googleads.g.doubleclick.net *.facebook.net https://www.google.com https://pagead2.googlesyndication.com *.linkedin.com *.relay42.com *.r42tag.com *.svtrd.com *.usabilla.com achmeadpm.achmea.nl:9999 ajax.googleapis.com api.usabilla.com app.contentsquare.com bat.bing.com cba.nmrc.nl cdn.ampproject.org cdn.harvest.graindata.com d6tizftlrpuof.cloudfront.net https://*.googletagmanager.com js.monitor.azure.com maps.googleapis.com player.quadia.net r.bing.com snap.licdn.com static.cloud.coveo.com surfly.com t.contentsquare.net tags.nmrc.nl www.dwin1.com https://www.googleadservices.com www.youtube.com www.zenaps.com www.awin1.com https://api-engage-eu.sitecorecloud.io https://d35vb5cccm4xzp.cloudfront.net https://d1mj578wat5n4o.cloudfront.net *.mypurecloud.ie;style-src 'self' 'unsafe-inline' d6tizftlrpuof.cloudfront.net static.cloud.coveo.com;img-src 'self' data: *.centraalbeheer.nl *.contentsquare.net https://*.g.doubleclick.net https://pagead2.googlesyndication.com *.r42tag.com *.relay42.com *.svtrd.com *.usabilla.com bat.bing.com c.az.contentsquare.net c.contentsquare.net cba.imgix.net d6tizftlrpuof.cloudfront.net https://*.googletagmanager.com l.contentsquare.net linkedin.com maps.googleapis.com maps.gstatic.com px.ads.linkedin.com px4.ads.linkedin.com server.arcgisonline.com www.advieskeuze.nl www.awin1.com www.facebook.com https://*.google-analytics.com https://*.google.com https://*.google.nl www.googleapis.com www.zenaps.com https://i.ytimg.com https://ad.doubleclick.net https://ade.googlesyndication.com;font-src 'self';connect-src 'self' wss: *.org.coveo.com analytics.cloud.coveo.com *.achmea.nl *.centraalbeheer.nl *.mypurecloud.ie *.contentsquare.net *.doubleclick.net *.facebook.net https://pagead2.googlesyndication.com *.nxtid.nl api.advieskeuze.nl api.usabilla.com bat.bing.com c.az.contentsquare.net c.contentsquare.net calculations.figlo.com cba.imgix.net cba.nmrc.nl controle.achmea.consentmonitor.nl https://*.in.applicationinsights.azure.com formulier.centraalbeheer.nl geocode.arcgis.com k-aeu1.contentsquare.net l.contentsquare.net maps.googleapis.com r.contentsquare.net https://*.analytics.google.com https://*.google-analytics.com surfly.com t.svtrd.com https://google.com https://*.google.com *.service.signalr.net wss://*.service.signalr.net https://google.nl https://*.google.nl px.ads.linkedin.com https://*.monitor.azure.com wss://*.centraalbeheer.nl wss://*.mypurecloud.ie https://api-engage-eu.sitecorecloud.io https://*.googletagmanager.com;media-src 'self';object-src 'none';child-src 'self' blob: youtube.com t.svtrd.com cba.nmrc.nl www.youtube-nocookie.com youtube-nocookie.com surfly.com d6tizftlrpuof.cloudfront.net redirect.surfly.com centraalbeheer-nl-p.surfly.com surfly-com-p.surfly.com *.centraalbeheer.nl player.quadia.net localfocuswidgets.net apps.mypurecloud.ie;frame-src 'self' https://www.googletagmanager.com https://td.doubleclick.net t.svtrd.com apps.mypurecloud.ie www.youtube-nocookie.com youtube-nocookie.com formulier.centraalbeheer.nl d6tizftlrpuof.cloudfront.net https://localfocuswidgets.net;frame-ancestors 'self' youtube.com www.youtube-nocookie.com youtube-nocookie.com player.quadia.net;form-action * 'self' t.svtrd.com *.achmea.nl;manifest-src 'self';report-uri https://centraalbeheer.ams.report-uri.com/r/t/csp/enforce; 1
default-src 'self'; connect-src *; img-src * data:; script-src 'nonce-1IMfaJ0K1zYrL1KlhdN0eW97OhP7uVLP' 'unsafe-eval' 'strict-dynamic' 'unsafe-inline' 'self' https: http: 'self'; style-src 'self' 'unsafe-inline' https://404-tpa-276.mktoweb.com/; font-src 'self' kit.fontawesome.com ka-p.fontawesome.com https://fast.wistia.com/ https://fast.wistia.net/ data:; form-action 'self'; object-src 'none'; media-src 'self' blob:; frame-src https://www.googletagmanager.com https://td.doubleclick.net/ https://gtm.lawpay.com/ https://gtm.mycase.com/ https://insight.adsrvr.org/ https://app.netlify.com/ https://404-tpa-276.mktoweb.com/; frame-ancestors demo.affinipay.com ka-p.fontawesome.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /.netlify/functions/__csp-violations 1
object-src 'none'; media-src *; frame-ancestors 'none'; default-src 'none'; connect-src 'self' *.algolia.net *.algolianet.com *.algolia.io; img-src blob: data: *; base-uri 'none'; worker-src 'none'; style-src 'unsafe-inline' *; font-src 'self' data:; script-src 'self' 'unsafe-inline' 'report-sample' 'nonce-n4GRVhhp24SA56IiLYVh4w==' 1
object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-mRnDJm7BH5t9wT91FfpmWg' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All 1
script-src 'unsafe-inline' 'unsafe-eval' cdn2.hubspot.net *.hubspot.com *.hubspotusercontent10.net js.hscollectedforms.net js.hsleadflows.net js.hs-scripts.com js.hsadspixel.net js.hs-analytics.net js.hs-banner.com js.hs-banner.net *.hsforms.net *.hsforms.com static.hsappstatic.net js.hubspotfeedback.com feedback.hubapi.com js.usemessages.com *.vidyard.com cdnjs.cloudflare.com cdnjs.cloudflare.com 10921146.fls.doubleclick.net plausible.io *.hotjar.com *.hotjar.io *.qualified.com bttrack.com *.googletagmanager.com *.force.com *.thycotic.com *.centrify.com *.bidr.io *.rlcdn.cm t.co *.twitter.com burly.io *.clickagy.com *.doubleclck.net *.zoominfo.com lltrck.com facebook.com *.facebook.net *.redditstatic.com *.linkedin.com *.licdn.com *.demandbase.com *.zoominfo.com 'strict-dynamic' 'nonce-aDucKucmLpZJF/3jZvVl2Q==' 1
script-src 'unsafe-inline' 'unsafe-eval' 'self' *.sleekplan.com *.mspbackups.com https://unpkg.com/ionicons@4.5.10-0/dist/ionicons/ d1f8f9xcsvx3ha.cloudfront.net posthog.mon.mspbackups.com https://momentjs.com/downloads/moment-timezone-with-data.min.js https://momentjs.com/downloads/moment.js https://code.jquery.com/jquery-3.5.1.min.js https://accounts.google.com/gsi/client https://alcdn.msauth.net/browser/2.28.1/js/msal-browser.min.js; report-uri /csp-violation-report-endpoint/ 1
report-uri /csp-report-endpoint.php 1
script-src 'nonce-eawUv3pOG73d0gW2qHnlPQ' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1
default-src 'self' https: data: blob: wss: 'unsafe-eval' 'unsafe-inline'; script-src 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' *.%2A.civiccomputing.com *.civiccomputing.com *.clarity.ms *.cloudflare.com *.googletagmanager.com *.jsdelivr.net *.library.wales; style-src-attr 'unsafe-inline' 'report-sample'; img-src 'self' data: *.ytimg.com *.vimeocdn.com *.youtube.com *.gstatic.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.ad *.google.ae *.google.al *.google.am *.google.as *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cat *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com.af *.google.com.ag *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gr *.google.gy *.google.hn *.google.hr *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kg *.google.ki *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.pn *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vu *.google.ws *.library.wales *.llgc.org.uk *.staticflickr.com *.ticketsource.co.uk fonts.gstatic.com play.google.com syndication.twitter.com translate.google.com; base-uri 'self'; frame-src 'self' *.youtube-nocookie.com *.youtube.com *.vimeo.com *.doubleclick.net *.googletagmanager.com *.google.com *.libanswers.com *.library.wales *.llyfrgell.cymru *.lyfrgell.cymru *.twitter.com div.show hwb.gov.wales sketchfab.com www.canva.com; style-src-elem 'report-sample' 'self' 'unsafe-inline' *.clarity.ms *.fontawesome.com *.libanswers.com *.library.wales connect.facebook.net fonts.googleapis.com; style-src 'self' https: data: blob: wss: *.googleapis.com 'inline' 'report-sample'; connect-src 'self' https: data: blob: wss: *.googleapis.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.google.com *.google.ad *.google.ae *.google.al *.google.am *.google.as *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cat *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com.af *.google.com.ag *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gr *.google.gy *.google.hn *.google.hr *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kg *.google.ki *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.pn *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vu *.google.ws; script-src-elem 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' *.%2A.civiccomputing.com *.civiccomputing.com *.clarity.ms *.cloudflare.com *.googletagmanager.com *.jsdelivr.net *.library.wales *.%2A.v2.scr.kaspersky-labs.com *.flickr.com *.libanswers.com adblockers.opera-mini.net connect.facebook.net s3.amazonaws.com wusote.hirizasune.com; report-uri https://www.library.wales/@http-reporting?csp=report&requestTime=1752204176849600&requestHash=cea8821c243189956dbf231dd1fbd428dc428cd5 1
default-src http:; 
            script-src http: 'unsafe-eval' 'unsafe-inline'; 
            style-src http: 'unsafe-inline'; 
            img-src http: data:; 
            font-src http: data:; 
            report-uri /csp-report 1
default-src *; script-src data: http: https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' data: 'unsafe-inline' https: *.bootstrapcdn.com; img-src * 'self' data: blob:; font-src *; connect-src https:; media-src *; object-src 'none'; frame-src *; report-uri https://www.hsag.com/_csp; 1
object-src 'none';base-uri 'self';script-src 'nonce-XjcT28F86LVa5Vf7d7wt_g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' *.acadiau.ca; img-src 'self' *.acadiau.ca *.index.digital *.sitescout.com *.gstatic.com *.bc0a.com *.fontawesome.com *.picsum.photos picsum.photos *.twimg.com *.facebook.com *.twitter.com *.google.ca *.google.com www.google-analytics.com wl-pixel.index.digital pixel.sitescout.com s3.amazonaws.com *.b0e8.com *.siteimproveanalytics.io; font-src 'self' *.fontawesome.com *.bootstrapcdn.com *.cloudflare.com *.googleapis.com *.gstatic.com cdn.jsdelivr.net; style-src 'self' *.bootstrapcdn.com *.cloudflare.com *.jsdelivr.net *.fontawesome.com *.twimg.com *.twitter.com *.googleapis.com widget.alongside.com 'unsafe-inline'; script-src 'self' *.acadiau.ca *.google.com *.googleapis.com *.fontawesome.com acuityplatform.com *.jquery.com *.bootstrapcdn.com *.cloudflare.com *.jsdelivr.net *.facebook.net *.google-analytics.com *.technolutions.net *.twitter.com *.twimg.com widget.alongside.com *.instagram.com *.cloudflare.com e.issuu.com *.pixel.ad *.hotjar.com *.bc0a.com *.b0e8.com theta360.com *.tiktok.com *.googletagmanager.com siteimproveanalytics.com 'unsafe-inline'; connect-src 'self' *.hotjar.com *.doubleclick.net www.google-analytics.com *.doubleclick.com *.sitescout.com *.doubleclick.n ka-p.fontawesome.com; frame-src 'self' *.livestream.com *.hotjar.com *.youtube.com *.vimeo.com *.twitter.com *.issuu.com *.facebook.com *.instagram.com *.sitescout.com theta360.com; frame-ancestors 'self'; 1
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gfiber-static-marketing-jt-team 1
default-src 'self';script-src 'self' 'unsafe-inline' 'nonce-y/wbJ4W8lrF2vV8BrLhojmtm' 'unsafe-eval' https://pixel.byspotify.com *.travcorpservices.com https://www.google.com https://www.google-analytics.com https://www.googleoptimize.com https://www.googletagmanager.com https://ajax.googleapis.com https://www.gstatic.com https://googleads.g.doubleclick.net https://api.feefo.com https://register.feefo.com https://bat.bing.com https://cdn.evgnet.com https://connect.facebook.net https://i.clarity.ms https://static-ssl.responsetap.com *.hotjar.com https://tag.simpli.fi https://unpkg.com https://www.bugherd.com https://www.datadoghq-browser-agent.com https://assetscdn.stackla.com/media/js https://vjs.zencdn.net https://cdn.amplitude.com/libs https://sdk.joinsherpa.io https://apps.mypurecloud.com https://consentcdn.cookiebot.com https://cdnjs.cloudflare.com https://ttc-contiki.entry.promo https://cdn.optimizely.com https://www.riddle.com;style-src 'self' 'unsafe-inline' https://assetscdn.stackla.com/media/components/stackla-uikit/dist https://fonts.googleapis.com https://p.typekit.net https://use.typekit.net https://vjs.zencdn.net https://apps.mypurecloud.com;img-src 'self' https://bat.bing.com https://c.clarity.ms https://i.ytimg.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.uplift-platform.com data:;frame-src 'self' https://10006172.fls.doubleclick.net https://uplift-cdn-stg.uplift.com https://vars.hotjar.com https://widget.stackla.com https://www.google.com https://apps.joinsherpa.io https://www.googletagmanager.com https://a25408250069.cdn.optimizely.com;font-src 'self' https://assetscdn.stackla.com https://fonts.gstatic.com https://use.typekit.net https://vjs.zencdn.net https://apps.mypurecloud.com;connect-src 'self' *.travcorpservices.com *.travcorp.com *.corp.ttc:7443 https://api.feefo.com https://bat.bing.com https://in.hotjar.com https://ws11.hotjar.com/api https://l.clarity.ms https://metrics.responsetap.com/infinity https://noembed.com https://pm-mrkt.prodgw.uplift-platform.com https://rum.browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://ttctravel.germany-2.evergage.com https://www.facebook.com https://www.google-analytics.com https://logx.optimizely.com https://region1.analytics.google.com https://ttc.contiki.com 1
object-src 'none';base-uri 'self';script-src 'nonce-CeJBfU2yihZhh72Y6ATYFQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
base-uri 'none'; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http: 'nonce-KwVMOynxC33MLLuDxFjn7Q==' 1
default-src 'self'; script-src 'self' https://pay.google.com https://google.com; script-src-elem 'self' 'unsafe-inline' https://analytics.bizbudding.com https://bizbudding.info https://www.google.com https://pay.google.com https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://secure.quantserve.com https://rules.quantcount.com  https://js.stripe.com https://www.paypal.com https://www.paypalobjects.com https://static.cloudflareinsights.com https://diffuser-cdn.app-us1.com https://www.googleadservices.com https://securepubads.g.doubleclick.net https://trackcmp.net https://prism.app-us1.com https://delivery.revcontent.com ;  style-src https: blob: data: 'unsafe-inline'; img-src https: blob: data:; font-src https: blob: data:; connect-src https: blob: data:; media-src 'self'; frame-src 'self' https://www.paypal.com https://js.stripe.com https://www.youtube.com https://cd.connatix.com  https://player.vimeo.com https://td.doubleclick.net https://www.googletagmanager.com https://securepubads.g.doubleclick.net https://*.amazon-adsystem.com https://www.google.com https://pay.google.com https://*.safeframe.googlesyndication.com https://*.adtrafficquality.google https://cdn.privacy-mgmt.com https://googleads.g.doubleclick.net; object-src 'none'; base-uri 'self'; form-action 'self' 1
script-src 'none'; connect-src 'none'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=MYcBzXSjf38T69XkIihj8odYdKQcTLCqCprFFyAWHTY-1752201284-1.0.1.1-jmlztEcuHfNnm0fQ4yEVKPJgjdlCBAdSr9KOTvpck2oZp4UXtDzYgZo_eEAlwtMskBRgiNuQaLYht1HDwnPV.yrUTRb4cc7HQZp7moP3H2Lh5WWsXV86hCE5iXFVsqTX2HgxWuIzl0ekCjmnr8hFm2b0pUM5rN_GmJ0g8nv_JUc; report-to cf-csp-endpoint 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.squarecdn.com *.googleapis.com 'self' data: *.doubleclick.net *.facebook.com *.bing.com *.bing.net *.abtasty.com *.alicdn.com *.bootstrapcdn.com *.cdnfonts.com *.fontawesome.com *.googleusercontent.com *.slant.co zip-co-media.s3.ap-southeast-2.amazonaws.com *.zip.co *.qantas.com unpkg.com *.cloudflare.com *.totaltools.com.au *.afterpay.com *.zipmoney.com.au data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com widgets.sandbox.afterpay.com *.cash.app c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.doubleclick.net *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com *.googletagmanager.com www.xtento.com zip.co static.zip.co sandbox.zip.co zipmoney.com.au sandbox.zipmoney.com.au checkout.gb.zip.co checkout.quadpay.com checkout-sandbox.quadpay.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.afterpay.com/ *.cash.app www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.googleapis.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com magefan.com cm.magefan.com *.disqus.com connect.facebook.net graph.facebook.com business.facebook.com *.abtasty.com *.adroll.com *.adsrvr.org *.bing.com *.clarity.ms *.googleusercontent.com *.online-metrix.net *.openstreetmap.org *.quantcount.com *.quantserve.com *.signifyd.com *.unbxdapi.com *.zip.co *.afterpay.com *.tapad.com *.rubiconproject.com x.bidswitch.net pixel.tapad.com *.rlcdn.com *.openx.net *.yahoo.com *.pubmatic.com s3.amazonaws.com *.casalemedia.com *.adnxs.com *.amazon-adsystem.com *.stackadapt.com *.spotify.com *.sharethis.com *.bluekai.com *.contextweb.com *.kargo.com *.twitter.com *.addthis.com www.google.ae www.google.al www.google.am www.google.at www.google.az www.google.ba www.google.be www.google.bf www.google.bj www.google.bs www.google.bt www.google.by www.google.ca www.google.cd www.google.cg www.google.ch www.google.ci www.google.cl www.google.cm www.google.co.ao www.google.co.bw www.google.co.ck www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ls www.google.co.ma www.google.co.nz www.google.co.th www.google.co.tz www.google.co.ug www.google.co.uk www.google.co.uz www.google.co.ve www.google.co.vi www.google.co.za www.google.co.zm www.google.co.zw www.google.com.ag www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bh www.google.com.bn www.google.com.bo www.google.com.br www.google.com.bz www.google.com.co www.google.com.cy www.google.com.do www.google.com.ec www.google.com.eg www.google.com.et www.google.com.fj www.google.com.gh www.google.com.gt www.google.com.hk www.google.com.jm www.google.com.kh www.google.com.kw www.google.com.lb www.google.com.ly www.google.com.mm www.google.com.mt www.google.com.mx www.google.com.my www.google.com.na www.google.com.np www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.com.pr www.google.com.py www.google.com.qa www.google.com.sa www.google.com.sb www.google.com.sg www.google.com.sl www.google.com.sv www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vc www.google.cz www.google.de www.google.dk www.google.dz www.google.ee www.google.es www.google.fi www.google.fr www.google.ge www.google.gr www.google.gy www.google.hn www.google.hr www.google.hu www.google.ie www.google.im www.google.iq www.google.is www.google.it www.google.je www.google.jo www.google.kg www.google.ki www.google.kz www.google.la www.google.lk www.google.lt www.google.lu www.google.lv www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.mn www.google.mu www.google.mv www.google.mw www.google.nl www.google.no www.google.nr www.google.pl www.google.ps www.google.pt www.google.ro www.google.rs www.google.ru www.google.rw www.google.sc www.google.se www.google.si www.google.sk www.google.sn www.google.so www.google.sr www.google.tg www.google.tl www.google.tm www.google.tn www.google.to www.google.tt www.google.vu www.google.ws link.totaltools.com.au render.barcodes.systems *.bing.net www.google.ad www.google.as www.google.co.mz www.google.com.cu www.google.com.vn www.google.cv www.google.dj www.google.ga www.google.gl www.google.gm www.google.ht www.google.sh www.google.td zip.co *.microsofttranslator.com *.totaltools.com.au 127.0.0.1 www.google.cf www.google.com.af www.google.com.gi www.google.com.ng www.google.com.ni www.google.com.tj www.google.dm www.google.fm www.google.gg *.baidu.com *.crwdcntrl.net *.google-analytics.com *.googleadservices.com *.jquery.com *.linksynergy.com *.paypalobjects.com *.scorecardresearch.com *.ytimg.com google.com www.google.nu www.xtento.com cdn.xtento.com t.zip.co static.zipmoney.com.au static.zip.co https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com *.squarecdn.com https://hbiq.net *.cash.app js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com *.google.bg *.googletagmanager.com www.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.plugins.emarsys.net *.scarabresearch.com *.disqus.com connect.facebook.net graph.facebook.com business.facebook.com *.cloudflareinsights.com cdn-4.convertexperiments.com *.33across.com *.abtasty.com *.addthis.com *.adroll.com *.adsrvr.org *.bing.com *.braintreegateway.com *.clarity.ms d21gpk1vhmjuf5.cloudfront.net d3mewz86hy02zo.cloudfront.net *.emarsys.net *.online-metrix.net *.pricespider.com *.quantcount.com *.quantserve.com *.signifyd.com *.wufoo.com *.zip.co *.zdassets.com nexuspublications.com.au *.afterpay.com *.jsdelivr.net https://unpkg.com *.cloudflare.com *.microsofttranslator.com *.totaltools.com.au 127.0.0.1 googletagmanager.com unpkg.com *.fullstory.com *.googleadservices.com *.hotjar.com *.zipmoney.com.au sc-static.net https://hosted.mastersoftgroup.com/harmony/rest/v2/address/find https://hosted.mastersoftgroup.com/harmony/rest/au/generateID www.xtento.com cdn.xtento.com static.zipmoney.com.au static.zip.co zip.co https://cdn-scripts.signifyd.com https://imgs.signifyd.com https://h64.online-metrix.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com static.afterpay.com/ *.squarecdn.com *.cash.app assets.braintreegateway.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.abtasty.com *.fontawesome.com *.typekit.net *.zip.co *.bing.com https://unpkg.com unpkg.com *.totaltools.com.au 127.0.0.1 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.gstatic.com *.zdassets.com *.google.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.afterpay.com *.squarecdn.com https://hbiq.net https://iq.afterpay-beta.com https://iq.afterpay.com *.cash.app api.lab.amplitude.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.googleapis.com *.google-analytics.com *.facebook.com *.facebook.net *.scarabresearch.com *.eservice.emarsys.net connect.facebook.net graph.facebook.com business.facebook.com *.abtasty.com *.addthis.com *.adroll.com *.adsrvr.org *.amplitude.com *.bing.com *.bing.net *.clarity.ms *.doubleclick.net *.emarsys.net *.gstatic.com *.pricespider.com *.quantcount.com *.quantserve.com *.samsung.com *.typekit.net *.unbxd.io *.zipmoney.com.au *.zip.co d21gpk1vhmjuf5.cloudfront.net d3mewz86hy02zo.cloudfront.net *.mastersoftgroup.com *.zendesk.com *.zopim.com wss://widget-mediator.zopim.com www.google.ae www.google.al www.google.am www.google.at www.google.az www.google.ba www.google.be www.google.bg www.google.bj www.google.bs www.google.bt www.google.ca www.google.cg www.google.ch www.google.ci www.google.cl www.google.co.ck www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ma www.google.co.nz www.google.co.th www.google.co.tz www.google.co.ug www.google.co.uk www.google.co.ve www.google.co.za www.google.co.zm www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bn www.google.com.bo www.google.com.br www.google.com.co www.google.com.cy www.google.com.ec www.google.com.eg www.google.com.et www.google.com.fj www.google.com.gh www.google.com.gt www.google.com.hk www.google.com.jm www.google.com.kh www.google.com.kw www.google.com.mm www.google.com.mx www.google.com.my www.google.com.na www.google.com.np www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.com.pr www.google.com.qa www.google.com.sa www.google.com.sb www.google.com.sg www.google.com.sv www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vn www.google.cz www.google.de www.google.dk www.google.ee www.google.es www.google.fi www.google.fr www.google.ge www.google.gr www.google.gy www.google.hr www.google.hu www.google.ie www.google.im www.google.iq www.google.it www.google.jo www.google.kg www.google.lk www.google.lt www.google.lu www.google.lv www.google.md www.google.me www.google.mg www.google.mk www.google.mn www.google.mu www.google.mv www.google.mw www.google.nl www.google.no www.google.nr www.google.pl www.google.pt www.google.ro www.google.rs www.google.ru www.google.se www.google.si www.google.tl www.google.to www.google.tt www.google.vu *.zdassets.com www.google.bf www.google.by www.google.cd www.google.cm www.google.co.ao www.google.co.bw www.google.co.ls www.google.co.mz www.google.co.vi www.google.co.zw www.google.com.ag www.google.com.bh www.google.com.bz www.google.com.cu www.google.com.do www.google.com.lb www.google.com.mt www.google.com.sl www.google.com.vc www.google.dj www.google.dz www.google.gm www.google.hn www.google.ki www.google.kz www.google.la www.google.sh www.google.sk www.google.sr www.google.tg www.google.ws zip.co 127.0.0.1 www.google.ad www.google.com.ng www.google.com.tj www.google.ga www.google.is www.google.ml www.google.rw www.google.sc www.google.sn www.google.so www.google.tn *.alicdn.com *.googleadservices.com *.hotjar.com *.jquery.com www.google.as www.google.co.uz www.google.com.af www.google.com.ly www.google.com.ni www.google.com.py www.google.dm www.google.ht www.google.je www.google.nu www.google.ps https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri *.adroll.com *.clarity.ms *.doubleclick.net *.google.com 'self' 'unsafe-inline'; report-uri https://f4c824ea-9c0b-4131-a2e2-886e99df7154.sansec.watch/; report-to report-endpoint; 1
frame-ancestors 'self'; report-uri https://transilien.report-uri.com/r/d/csp/enforce; report-to https://transilien.report-uri.com/r/d/csp/enforce 1
default-src 'self'; child-src 'self'; connect-src 'self' cdnjs.cloudflare.com *.algolia.net *.algolianet.com *.flickr.com *.googleapis.com *.google-analytics.com *.gstatic-cache.com *.typekit.com *.typekit.net https://www.google-analytics.com https://www.googletagmanager.com https://o15468.ingest.sentry.io/api/6068037/envelope/; font-src 'self' cdnjs.cloudflare.com *.typekit.net fonts.gstatic.com app.everviz.com/static/fonts/; frame-src 'self' maps.google.com *.typekit.net player.vimeo.com translate.googleapis.com *.twitter.com www.google.com www.googletagmanager.com *.youtube.com; img-src 'self' data: cdnjs.cloudflare.com *.staticflickr.com *.twitter.com *.typekit.net *.googletagmanager.com fonts.gstatic.com translate.google.com production-new-commonwealth-files.s3.eu-west-2.amazonaws.com staging-new-commonwealth-files.s3.eu-west-2.amazonaws.com testing-new-commonwealth-files.s3.eu-west-2.amazonaws.com https://www.google-analytics.com https://www.googletagmanager.com; media-src 'self' production-new-commonwealth-files.s3.eu-west-2.amazonaws.com staging-new-commonwealth-files.s3.eu-west-2.amazonaws.com testing-new-commonwealth-files.s3.eu-west-2.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' apis.google.com code.highcharts.com connect.facebook.net embedr.flickr.com player.vimeo.com unpkg.com www.googletagmanager.com www.gstatic.com app.everviz.com/resources/js/ app.everviz.com/inject cdn.jsdelivr.net cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://nomoredirectory.org https://unpkg.com; script-src-attr 'self'; script-src-elem 'self' 'unsafe-inline' *.googletagmanager.com player.vimeo.com cdn.jsdelivr.net cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://nomoredirectory.org https://unpkg.com; style-src 'self' 'unsafe-inline' code.highcharts.com *.typekit.net *.googleapis.com unpkg.com www.gstatic.com app.everviz.com/static/fonts/ app.everviz.com/resources/css/ cdn.jsdelivr.net cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://nomoredirectory.org https://unpkg.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' *.typekit.net cdn.jsdelivr.net cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://nomoredirectory.org https://unpkg.com; frame-ancestors 'self'; report-uri https://thecommonwealth.org/log-report-uri/reportOnly 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: dvngeac8rg9mb.cloudfront.net js.stripe.com www.gstatic.com *.googleapis.com ws.zoominfo.com www.google.com www.googletagmanager.com compilers.widgets.sphere-engine.com kit.fontawesome.com d34s7xanp5e5sf.cloudfront.net; connect-src 'self' api.stripe.com *.googleapis.com *.fontawesome.com wss://push.piazza.com; img-src 'self' data: http: https:; object-src 'none'; font-src 'self' data: *.typekit.net *.gstatic.com *.fontawesome.com; style-src 'self' 'unsafe-inline' blob: *.typekit.net *.gstatic.com *.googleapis.com dvngeac8rg9mb.cloudfront.net; frame-src 'self' www.youtube.com www.youtube-nocookie.com www.vimeo.com player.vimeo.com www.facebook.com youtu.be gfycat.com www.google.com giphy.com docs.google.com calendar.google.com www.desmos.com www.geogebra.org js.stripe.com; report-uri /security/csp_report 1
font-src 'self'; frame-src 'self'; img-src 'self' data: https://img.airtel.tv https://moe-email-campaigns.s3.amazonaws.com https://image.moengage.com; style-src report-sample 'self' 'unsafe-inline'; script-src report-sample 'self' 'unsafe-inline' https://app.link/_r https://cdn.branch.io/branch-latest.min.js https://www.googletagmanager.com/gtag/js https://cdn.moengage.com/webpush/moe_webSdk.min.latest.js https://cdn.moengage.com/webpush/modules/inapp.js https://cdn.moengage.com/webpush/beta/sdk.inapp.cdnHelper.js https://cdn.moengage.com/webpush/releases/serviceworker_cdn.min.latest.js https://cdn.moengage.com/webpush/moe_webSdk_cards.min.latest.js https://cdn.moengage.com/webpush/moe_webSdk_webp.min.latest.js; 1
object-src 'none';base-uri 'self';script-src 'nonce-8ocyzXm1RADtJCKAS_eG5g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/youtube-marketing/about_youtube 1
worker-src blob:; font-src fonts.gstatic.com *.kxcdn.com *.fontawesome.com principiaskin.com *.principiaskin.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.facebook.com *.pinterest.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ facebook.com www.facebook.com *.kxcdn.com youtube.com www.youtube.com platform.twitter.com google.com *.addthis.com *.mercadolibre.com *.weltpixel.com connect.facebook.net graph.facebook.com business.facebook.com *.facebook.com *.authorize.net *.google.com *.paypal.com *.freshchat.com *.pagseguro.uol.com.br *.doubleclick.net *.pinterest.com *.principiacosmeticos.com principiaskin.com *.principiaskin.com *.googletagmanager.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io scontent.cdninstagram.com *.kxcdn.com *.twitter.com *.googleapis.com google.com *.gstatic.com *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.apptrian.com *.instagram.com *.magentocommerce.com *.ytimg.com s.ytimg.com *.pinterest.com *.googleadservices.com *.google.com *.google.com.br *.google.it *.google-analytics.com www.paypalobjects.com *.paypalobjects.com *.paypal.com www.paypal.com t.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.ftcdn.com *.behance.com *.pagseguro.com/ *.apptrian.com *.mercadolivre.com *.yotpo.com *.adobedtm.com *.demdex.net *.everesttech.net assets.braintreegateway.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com c.paypal.com checkout.paypal.com https://pagseguro.uol.com.br https://sandbox.pagseguro.uol.com.br https://stc.pagseguro.uol.com.br https://sandbox.stc.pagseguro.uol.com.br *.doubleclick.net *.onesignal.com *.principiacosmeticos.com principiaskin.com *.principiaskin.com *.googletagmanager.com https://principiacosmeticos.com/mtracking.gif https://www.google.com.ar/ads/ga-audiences https://www.google.com.ar/pagead/1p-user-list/700931334/ https://principiaskincare.com.br/mtracking.gif https://t.co/1/i/adsct *.facebook.com content.app-us1.com cdn.jsdelivr.net *.cloudfront.net *.hsforms.net *.hsforms.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com google.com *.gstatic.com cdn.ampproject.org connect.facebook.net www.googletagmanager.com googletagmanager.com *.kxcdn.com platform.twitter.com *.addthis.com *.addthisedge.com *.moatads.com *.mlstatic.com www.facebook.com graph.facebook.com business.facebook.com www.apptrian.com *.freshchat.com *.google.com *.google-analytics.com *.facebook.com *.adobedtm.com *.authorize.net *.braintreegateway.com *.cardinalcommerce.com *.paypal.com www.paypal.com *.ytimg.com *.googleadservices.com *.paypalobjects.com www.paypalobjects.com *.vimeo.com www.youtube.com *.viacep.com.br *.apptrian.com *.polyfill.io *.cloudflare.com *.pagseguro.uol.com.br *.tiktok.com *.pinimg.com *.mercadopago.com *.doubleclick.net *.ccdc02.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.avada.io pay.google.com *.yotpo.com *.onesignal.com https://onesignal.com/api/v1/sync/980b27db-f331-407d-8b91-7ea1ff79c577/web *.principiacosmeticos.com https://principiacosmeticos.com/mtc.js *.k-analytix.com principiaskin.com *.principiaskin.com *.cloudflareinsights.com https://designestylelab.com/css/ https://analytics-manager.com/an https://analytics-manager.com/an/ https://principiaskincare.com.br/mtc.js https://static.cloudflareinights.com/beacon.min.js/v52afc6f149f6479b8c77fa569edb01181681764108816 *.ads-twitter.com/uwt.js *.pinterest.com diffuser-cdn.app-us1.com prism.app-us1.com crmprincipiaskin.activehosted.com trackcmp.net cdn.jsdelivr.net *.hsforms.net *.hsforms.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com google.com *.kxcdn.com *.gstatic.com *.fontawesome.com *.freshchat.com fonts.googleapis.com *.mercadopago.com getfirebug.com cdn.dnky.co webchat.dotdigital.com *.yotpo.com *.onesignal.com https://onesignal.com/sdks/OneSignalSDKStyles.css *.principiacosmeticos.com principiaskin.com *.principiaskin.com *.googletagmanager.com *.google.com cdn.jsdelivr.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://www.paypal.com/xoplatform/logger/api/logger cdn.ampproject.org *.kxcdn.com *.mercadopago.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.rastreio.alfatracking.com.br *.tracking.totalexpress.com.br *.rastreio.fmtransportes.com.br *.correios.com.br www.apptrian.com *.instagram.com *.pinterest.com *.apptrian.com *.polyfill.io *.cloudflare.com *.paypal.com *.pinimg.com *.tiktok.com *.google.com *.google.com.br *.google.it https://www.google.com.br/ads/ga-audiences https://www.google.it/ads/ga-audiences *.google-analytics.com *.doubleclick.net *.yotpo.com *.mercadolibre.com *.onesignal.com https://onesignal.com/api/v1/apps/980b27db-f331-407d-8b91-7ea1ff79c577/icon *.principiacosmeticos.com https://principiacosmeticos.com/mtc/event *.konduto.com principiaskin.com *.principiaskin.com *.googleapis.com *.viacep.com.br https://viacep.com.br/ws/ viacep.com.br/ws *.amcglobal.sc.omtrdc.net *.geostag.cardinalcommerce.com *.geo.cardinalcommerce.com *.1eafstag.cardinalcommerce.com *.1eaf.cardinalcommerce.com *.centinelapistag.cardinalcommerce.com *.centinelapi.cardinalcommerce.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.api.comapi.com *.webchat.dotdigital.com *.ekr.zdassets.com *.braintreegateway.com *.braintree-api.com https://principiaskincare.com.br/mtc/event https://pagead2.googlesyndication.com/pagead/buyside_topics/set/ analytics.pangle-ads.com https://google.com/ccm/form-data/700931334 https://google.com/pagead/form-data/700931334 analytics-ipv6.tiktokw.us http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io crmprincipiaskin.activehosted.com t.elasticsuite.io *.hsforms.net *.hsforms.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri csp-reporting/; report-to report-endpoint; 1
img-src 'self' data: https: https://*.johnnybet.com/ https://*.johnnybet.com/; default-src 'none'; font-src 'self' data: https://fonts.gstatic.com/ https://*.johnnybet.com/ https://*.johnnybet.com/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://*.johnnybet.com/ https://*.johnnybet.com/; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com/ https://mc.yandex.ru/metrika/tag.js https://static.hotjar.com https://www.gstatic.com/recaptcha/ https://ajax.googleapis.com/ajax/libs/webfont/ https://www.googletagmanager.com/ https://*.google-analytics.com/ https://bam.nr-data.net/ https://js-agent.newrelic.com/ https://connect.facebook.net/ https://www.googleoptimize.com/ https://script.hotjar.com/ https://unpkg.com/ https://*.johnnybet.com/ https://www.johnnybet.com/faye https://*.johnnybet.com/; media-src 'self' https://*.johnnybet.com/ https://*.johnnybet.com/; frame-src 'self' http: https:; manifest-src 'self' https://*.johnnybet.com/ https://*.johnnybet.com/; connect-src 'self' https://stats.g.doubleclick.net/ https://*.google-analytics.com/ https://bam.nr-data.net/ https://mc.yandex.md/ https://mc.yandex.ru/ https://yandexmetrica.com:* https://*.johnnybet.com/ https://www.johnnybet.com/faye https://*.johnnybet.com/ 1
font-src *.googleapis.com *.gstatic.com 'unsafe-inline' data: https://www.googletagmanager.com apps.mypurecloud.com use.typekit.net static.klaviyo.com *.silencershop.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.authorize.net *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com *.authorize.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://www.youtube.com https://c.paypal.com/ https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.silencershop.com *.signifyd.com *.online-metrix.net/ data.adxcel-ec2.com engine.gettopple.com trkn.us *.cloudfront.net https://b.stats.paypal.com/ https://slc.stats.paypal.com/ https://c.paypal.com/ https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com tagmanager.google.com https://www.googletagmanager.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.authorize.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.silencershop.com apps.usw2.pure.cloud *.signifyd.com delivery.gettopple.com *.online-metrix.net d14jnfavjicsbe.cloudfront.net sleeknotecustomerscripts.sleeknote.com sleeknotestaticcontent.sleeknote.com sec.webeyez.com widget.trustpilot.com *.fontawesome.com *.google-analytics.com https://bam.nr-data.net https://bam-cell.nr-data.net https://c.paypal.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com https://h64.online-metrix.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com https://static.klaviyo.com unsafe-inline assets.braintreegateway.com apps.mypurecloud.com use.typekit.net p.typekit.net *.silencershop.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io *.googleapis.com https://www.google-analytics.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.addressy.com *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.silencershop.com *.signifyd.com invitejs.trustpilot.com send.webeyez.com sec.webeyez.com *.google-analytics.com https://bam.nr-data.net https://bam-cell.nr-data.net https://payments.sandbox.braintree-api.com/ https://origin-analytics-sand.sandbox.braintree-api.com/ https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://smartsolutions.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 1
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/families_google 1
worker-src blob:; font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.cloudfront.net *.ripcurl.com *.maps.googleapis.com *.googleapis.com *.bootstrapcdn.com *.yotpo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.adyen.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.adyen.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.certcapture.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.cloudfront.net *.ripcurl.com *.livechatinc.com *.hotjar.com maps.googleapis.com *.googleapis.com *.searchspring.net *.googletagmanager.com self csxd.{crossdomain} *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.adyen.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com *.certcapture.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.cloudfront.net *.ripcurl.com *.maps.googleapis.com *.googleapis.com *.dmxleo.com *.aralego.com *.doubleclick.net *.bidswitch.net *.adnxs.com *.bing.com *.google.com *.google.com.bd *.google.com.au *.google.com.nz *.google.com.us *.google.com.fr *.google.com.de *.google.com.ch *.google.com.es *.google.com.it *.google.com.nl *.google.com.uk *.google.com.pt *.onetrust.com *.facebook.com *.facebook.net *.dycdn.net *.a.searchspring.io *.paypalobjects.com a.omappapi.com *.smartadserver.com *.taboola.com *.socdm.com *.criteo.com *.casalemedia.com *.dable.io *.adingo.jp *.360yield.com *.rlcdn.com *.media.net *.outbrain.com *.pubmatic.com *.rubiconproject.com s.ad.smaato.net *.teads.tv *.clmbtech.com *.3lift.com sync-criteo.ads.yieldmo.com *.1rx.io *.bluekai.com *.contextweb.com sync.targeting.unrulymedia.com *.stickyadstv.com blob: *.contentsquare.net *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.adyen.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.attn.tv events.attentivemobile.com *.certcapture.com player.vimeo.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://hosted.mastersoftgroup.com/ *.cloudfront.net *.ripcurl.com *.searchspring.io *.maps.googleapis.com *.googleapis.com acsbapp.com *.acsbapp.com *.freshrelevance.com *.freshchat.com *.searchspring.net *.bing.com *.facebook.net *.criteo.net *.criteo.com *.lexer.io *.affilae.com *.jquery.com *.cloudflare.com *.googletagmanager.com *.onetrust.com *.omappapi.com *.micpn.com *.mastersoftgroup.com *.cardinalcommerce.com snapui.searchspring.io *.googleadservices.com *.bingg.net *.attentivemobile.com *.vimeo.com *.braintreegateway.com gstatic.com a.omappapi.com t.cfjump.com js.createsend1.com *.trustpilot.com *.dycdn.net wss://am.freshrelevance.com/ *.googlesyndication.com blob: unsafe-inline *.contentsquare.net app.contentsquare.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.certcapture.com assets.braintreegateway.com *.cloudfront.net *.ripcurl.com *.maps.googleapis.com *.googleapis.com *.typekit.net *.searchspring.io *.freshchat.com *.searchspring.net *.bing.com *.google.com *.cloudflare.com *.bootstrapcdn.com *.onetrust.com *.omappapi.com *.mastersoftgroup.com a.omappapi.com *.yotpo.com t.cfjump.com acsbapp.com *.acsbapp.com *.dycdn.net blob: 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cloudfront.net *.ripcurl.com *.maps.googleapis.com *.googleapis.com *.dmxleo.com *.aralego.com *.doubleclick.net *.bidswitch.net *.adnxs.com *.onetrust.com *.facebook.com data: *.youtube.com blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.adyen.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.attn.tv events.attentivemobile.com *.certcapture.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.cloudfront.net *.ripcurl.com *.google-analytics.com *.maps.googleapis.com *.googleapis.com *.searchspring.io acsbapp.com *.acsbapp.com *.freshrelevance.com *.freshchat.com *.searchspring.net *.bing.com *.facebook.net *.criteo.net *.criteo.com *.lexer.io *.jquery.com *.cloudflare.com *.googletagmanager.com *.onetrust.com *.omappapi.com *.micpn.com *.dycdn.net assets.adobedtm.com *.adobe.com *.mastersoftgroup.com snapui.searchspring.io *.googleadservices.com googleads.g.doubleclick.net *.vimeocdn.com *.youtube.com *.bingg.net *.attentivemobile.com *.vimeo.com *.braintreegateway.com gstatic.com a.omappapi.com t.cfjump.com js.createsend1.com *.trustpilot.com wss://am.freshrelevance.com/ *.googlesyndication.com *.g.doubleclick.net blob: *.contentsquare.net *.contentsquare.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com blob: http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' *.buzzsprout.com *.cookielaw.org *.getblueshift.com *.onetrust.org *.typekit.net *.vercel-scripts.com bat.bing.com connect.facebook.net static.hotjar.com script.hotjar.com vercel.live *.chatbot.com *.clarity.ms *-onerhino.vercel.app unpkg.com cwv.onerhino.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net;style-src 'self' 'unsafe-inline' *.typekit.net vercel.live;img-src 'self' blob: data: *.buzzsprout.com *.cookielaw.org *.ctfassets.net *.facebook.com *.internationalliving.com *.nodebb.com *.youtube.com *.ytimg.com *.vercel.com vercel.com *.bing.com *.clarity.ms https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat;connect-src wss://*.pusher.com 'self' *.cookielaw.org api.getblueshift.com *.onetrust.com *.hotjar.io vercel.live *.chatbot.com bat.bing.com *.clarity.ms crux-api.vercel.app https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat;font-src 'self' *.typekit.net vercel.live;frame-src 'self' *.buzzsprout.com *.typeform.com *.youtube-nocookie.com *.youtube.com fast.wistia.net player.vimeo.com td.doubleclick.net vimeo.com vercel.live *.chatbot.com *.googletagmanager.com;object-src 'none';base-uri 'self';form-action 'self';frame-ancestors 'none' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.googleapis.com https://*.google.com https://google.com/pay https://cdn.cookielaw.org https://*.cquotient.com https://*.sprinklr.com https://appleid.cdn-apple.com https://*.adyen.com https://*.cdn.adyen.com https://d.ratepay.com https://cdn.jsdelivr.net https://*.paypal.com https://*.gstatic.com https://*.google-analytics.com https://*.acsbapp.com https://acsbapp.com https://*.cloudflare.com;connect-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.googleapis.com https://*.google.com https://google.com/pay https://cdn.cookielaw.org https://*.cquotient.com https://*.sprinklr.com https://appleid.cdn-apple.com https://*.adyen.com https://*.cdn.adyen.com https://d.ratepay.com https://cdn.jsdelivr.net https://*.paypal.com https://*.gstatic.com https://*.google-analytics.com https://*.acsbapp.com https://acsbapp.com https://*.cloudflare.com;report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report;report-to https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report 1
default-src * https: data: blob: 'unsafe-inline' 'unsafe-hashes'; 1
font-src *.klarnacdn.net *.fontawesome.com https://cdnjs.cloudflare.com *.gstatic.com 'self' data: *.typekit.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors https://api.clerk.io https://cdn.clerk.io 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.klarna.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.braintreegateway.com *.typekit.net *.kaptcha.com *.creativecdn.com *.trustpilot.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com https://cdn.clerk.io *.klarna.com *.klarnaevt.com *.klarnacdn.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.hsforms.net *.hsforms.com 'self' data: *.magentocommerce.com *.facebook.com data: 'self' 'unsafe-inline'; script-src geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io https://api.clerk.io https://cdn.clerk.io *.klarnacdn.net *.klarnaservices.com https://cdnjs.cloudflare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com *.google.com *.gstatic.com *.googletagmanager.com vmax.backend.verbolia.com *.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src https://api.clerk.io https://cdn.clerk.io *.klarnacdn.net *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com *.typekit.net *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com *.slgnt.eu *.syteapi.com vmax.backend.verbolia.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
base-uri 'self';connect-src 'self' https: wss:;default-src 'none';font-src 'self' data: https:;form-action 'self' https:;frame-ancestors https:;frame-src https: blob:;img-src 'self' blob: data: https: http:;manifest-src 'none';media-src 'self' https: blob:;object-src 'self' https://djtflbt20bdde.cloudfront.net;script-src 'self' 'unsafe-inline' 'unsafe-eval' https:;worker-src 'self' https://zenkit.com https://*.zenkit.com;report-uri /csp-report;script-src-attr 'none';style-src 'self' https: 'unsafe-inline' 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' https:; report-uri https://usercontent.mobileread.org/csp-report 1
font-src cash-f.squarecdn.com *.gstatic.com data: *.googleapis.com *.cloudinary.com *.klevu.com *.ksearchnet.com *.yotpo.com *.klarnacdn.net *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.global-e.com *.google-analytics.com *.useinsider.com self unsafe-inline *.honey.io *.maze.co *.mention-me.com *.qualtrics.com intentclientscriptslon.s3.eu-west-2.amazonaws.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com * cloudinary.com *.cloudinary.com *.yotpo.com *.twitter.com *.pcipalstaging.cloud *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.twitter.com *.bglobale.com *.freshchat.com *.global-e.com *.google-analytics.com *.pcipalstaging.cloud *.adyen.com *.useinsider.com *.vimeo.com *.vimeocdn.com *.zenaps.com *.doubleclick.net *.facebook.com self *.mention-me.com *.qualtrics.com intentclientscriptslon.s3.eu-west-2.amazonaws.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com * www.google.com cloudinary.com *.cloudinary.com cdnjs.cloudflare.com *.yotpo.com *.twitter.com *.bglobale.com *.freshchat.com *.global-e.com *.google-analytics.com *.pcipalstaging.cloud *.adyen.com *.useinsider.com *.vimeo.com *.vimeocdn.com *.zenaps.com *.doubleclick.net *.facebook.com self unsafe-inline *.pinterest.com *.pinterest.co.uk consentag.eu dressipi-production.seasaltcornwall.com *.paypalobjects.com *.maze.co *.teads.tv *.mention-me.com *.qualtrics.com intentclientscriptslon.s3.eu-west-2.amazonaws.com www.xtento.com *.trustpilot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com * *.gstatic.com *.googleapis.com *.bird.eu cloudinary.com *.cloudinary.com blob: *.klevu.com *.ksearchnet.com *.yotpo.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.global-e.com *.seasaltcornwall.com *.blucommerce.com yotpo-stool.s3.amazonaws.com *.contentsquare.net *.freshchat.com *.bing.com *.doubleclick.net *.google.com maps.googleapis.com *.google.co.uk seasaltcornwall.com *.adyen.com *.fbsbx.com *.kaltura.com *.pinterest.com *.securitymetrics.com *.zenaps.com *.awin1.com *.facebook.com *.atdmt.com *.outbrain.com *.tribalfusion.com *.openx.net *.clarity.ms *.facebook.net *.flagcdn.com flagcdn.com dummymasterdressipihost *.useinsider.com *.cookielaw.org *.fitanalytics.com *.quantserve.com *.yahoo.com *.dotomi.com *.soreto.com *.teads.tv *.roeye.com *.bglobale.com *.maze.co *.google.co.ma *.mention-me.com *.qualtrics.com intentclientscriptslon.s3.eu-west-2.amazonaws.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.gstatic.com cloudinary.com *.cloudinary.com cdnjs.cloudflare.com *.vimeo.com unpkg.com js.klevu.com *.ksearchnet.com *.yotpo.com *.klarnaservices.com *.cloudflare.com *.cookielaw.org *.twitter.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.klevu.com *.bglobale.com js-agent.newrelic.com *.googletagmanager.com *.contentsquare.net *.freshchat.com *.bing.com *.doubleclick.net maps.googleapis.com *.global-e.com *.google.com *.onetrust.com *.useinsider.com *.dwin1.com *.kaltura.com *.pinimg.com *.zenaps.com *.facebook.net *.tribalfusion.com *.cloudfront.net consentag.eu *.outbrain.com *.ctnsnet.com *.clarity.ms *.freshworks.com dummymasterdressipihost *.seasaltcornwall.com *.fitanalytics.com *.quantserve.com *.yahoo.com *.dotomi.com *.soreto.com *.quantcount.com *.maze.co *.teads.tv *.roeye.com *.roeyecdn.com cdn.sub2tech.com *.klarna.com *.klarnaevt.com *.mention-me.com *.qualtrics.com intentclientscriptslon.s3.eu-west-2.amazonaws.com www.xtento.com cdn.xtento.com *.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cash.app fonts.googleapis.com cloudinary.com *.cloudinary.com *.googleapis.com unpkg.com *.klevu.com *.ksearchnet.com *.yotpo.com *.klarnacdn.net *.cloudflare.com *.twitter.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com getfirebug.com t.contentsquare.net *.freshchat.com *.bing.com *.google-analytics.com *.useinsider.com *.honey.io *.freshworks.com dummymasterdressipihost *.seasaltcornwall.com *.maze.co *.mention-me.com *.qualtrics.com intentclientscriptslon.s3.eu-west-2.amazonaws.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com cloudinary.com *.cloudinary.com *.vimeo.com *.vimeocdn.com *.akamaized.net *.seasaltcornwall.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com * *.googleapis.com cloudinary.com *.cloudinary.com *.klevu.com *.ksearchnet.com *.yotpo.com *.klarnaservices.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.brilliantcollector.com *.contentsquare.net *.freshchat.com *.bing.com stats.g.doubleclick.net *.google-analytics.com *.edq.com *.pcipal.cloud *.pcipalstaging.cloud *.cookielaw.org *.adyen.com *.useinsider.com *.pinterest.com *.onetrust.com *.clarity.ms *.freshworks.com *.trustpilot.com *.fitanalytics.com *.soreto.com *.teads.tv *.seasaltcornwall.com *.google.com *.maze.co *.klarna.com *.klarnaevt.com *.outbrain.com *.mention-me.com *.qualtrics.com intentclientscriptslon.s3.eu-west-2.amazonaws.com 'self' 'unsafe-inline'; child-src blob: *.contentsquare.net *.seasaltcornwall.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://7f108780-eb30-4f9e-b2b8-4fb9052f2e3b.sansec.watch/; report-to report-endpoint; 1
frame-ancestors 'self' https://*.mastercontrol.com mastercontrol.service-now.com; object-src 'none'; form-action 'self' https://*.mastercontrol.com *.rise.com *.service-now.com mastercontrol.influitive.com gateway.zscloud.net mastercontrol.uservoice.com https://*.facebook.com https://connect.facebook.net; base-uri 'self' https://*.mastercontrol.com https://*.clarity.ms; report-uri https://reportcsp.azurewebsites.net/api/CSPViolation 1
frame-ancestors www.gstatic.com https://devmi1.wom.co https://dev.wom.co *.paypal.com *.wom.co; font-src fonts.googleapis.com fonts.gstatic.com *.fontawesome.com https://app.wom.co *.amazonaws.com *.addi.com *.yieldmo.com *.casalemedia.com *.newrelic.com *.newrelic.co *.nr-data.net *.aralego.net *.aralego.com *.mediavine.com *.stickyadstv.com *.adgrx.com *.bluekai.com *.revcontent.com *.pubmatic.com *.outbrain.com *.postrelease.com *.liadm.com *.bidswitch.net *.emxdgt.com *.crcom.gov.co *.omappapi.com *.googlesyndication.com *.getblue.io *.pangle-ads.com *.yahoo.net *.wom.co https://devmi1.wom.co *.criteo.com *.clmbtech.com *.decidata.tv *.gfl85trk.com *.pingdom.net *.tremorhub.com *.smaato.net *.sharethrough.com *.360yield.com *.omnitagjs.com *.yahoo.com *.3lift.com *.teads.tv *.taboola.com *.smartadserver.com *.rubiconproject.com *.media.net *.adnxs.com *.paypal.com *.doubleclick.net *.192.168.232.4:7105 *.avantel.co *.openstreetmap.org data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com https://www.facebook.com *.amazonaws.com *.addi.com *.yieldmo.com *.casalemedia.com *.newrelic.com *.newrelic.co *.nr-data.net *.aralego.net *.aralego.com *.mediavine.com *.stickyadstv.com *.adgrx.com *.bluekai.com *.revcontent.com *.pubmatic.com *.outbrain.com *.postrelease.com *.liadm.com *.bidswitch.net *.emxdgt.com *.crcom.gov.co *.omappapi.com *.googlesyndication.com *.getblue.io *.pangle-ads.com *.yahoo.net *.wom.co https://devmi1.wom.co *.criteo.com *.clmbtech.com *.decidata.tv *.gfl85trk.com *.pingdom.net *.tremorhub.com *.smaato.net *.sharethrough.com *.360yield.com *.omnitagjs.com *.yahoo.com *.3lift.com *.teads.tv *.taboola.com *.smartadserver.com *.rubiconproject.com *.media.net *.adnxs.com *.doubleclick.net *.192.168.232.4:7105 *.avantel.co *.openstreetmap.org 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com www.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.mercadolibre.com https://www.googletagmanager.com https://api.retargetly.com https://*.hotjar.com https://*.doubleclick.net https://www.facebook.com https://resources-rt.idx.lat/ *.amazonaws.com *.addi.com *.yieldmo.com *.casalemedia.com *.newrelic.com *.newrelic.co *.nr-data.net *.aralego.net *.aralego.com *.mediavine.com *.stickyadstv.com *.adgrx.com *.bluekai.com *.revcontent.com *.pubmatic.com *.outbrain.com *.postrelease.com *.liadm.com *.bidswitch.net *.emxdgt.com *.crcom.gov.co *.omappapi.com *.googlesyndication.com *.getblue.io *.pangle-ads.com *.yahoo.net *.wom.co https://devmi1.wom.co *.criteo.com *.clmbtech.com *.decidata.tv *.gfl85trk.com *.pingdom.net *.tremorhub.com *.smaato.net *.sharethrough.com *.360yield.com *.omnitagjs.com *.yahoo.com *.3lift.com *.teads.tv *.taboola.com *.smartadserver.com *.rubiconproject.com *.media.net *.adnxs.com *.doubleclick.net *.192.168.232.4:7105 *.avantel.co *.openstreetmap.org 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.googleapis.com maps.gstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.mercadolivre.com https://*.bing.com https://www.facebook.com https://www.google.com https://www.google.com.mx https://*.clarity.ms https://www.google.com.co https://analytics.twitter.com https://app.wom.co https://dev.placetopay.com https://t.co https://checkout-co.placetopay.dev *.amazonaws.com *.addi.com *.yieldmo.com *.casalemedia.com *.newrelic.com *.newrelic.co *.nr-data.net *.aralego.net *.aralego.com *.mediavine.com *.stickyadstv.com *.adgrx.com *.bluekai.com *.revcontent.com *.pubmatic.com *.outbrain.com *.postrelease.com *.liadm.com *.bidswitch.net *.emxdgt.com *.crcom.gov.co *.omappapi.com *.googlesyndication.com *.getblue.io *.pangle-ads.com *.yahoo.net *.wom.co https://devmi1.wom.co *.criteo.com *.clmbtech.com *.decidata.tv *.gfl85trk.com *.pingdom.net *.tremorhub.com *.smaato.net *.sharethrough.com *.360yield.com *.omnitagjs.com *.yahoo.com *.3lift.com *.teads.tv *.taboola.com *.smartadserver.com *.rubiconproject.com *.media.net *.adnxs.com *.doubleclick.net *.192.168.232.4:7105 *.avantel.co *.openstreetmap.org data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com maps.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ maps.gstatic.com fonts.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.mlstatic.com *.mercadopago.com https://widget.manychat.com https://www.google.com https://api.retargetly.com https://*.clarity.ms https://connect.facebook.net https://bat.bing.com https://analytics.tiktok.com https://d12zyq17vm1xwx.cloudfront.net https://*.hotjar.com https://static.ads-twitter.com https://script.crazyegg.com https://resources-rt.idx.lat *.amazonaws.com *.addi.com *.yieldmo.com *.casalemedia.com *.newrelic.com *.newrelic.co *.nr-data.net *.aralego.net *.aralego.com *.mediavine.com *.stickyadstv.com *.adgrx.com *.bluekai.com *.revcontent.com *.pubmatic.com *.outbrain.com *.postrelease.com *.liadm.com *.bidswitch.net *.emxdgt.com *.crcom.gov.co *.omappapi.com *.googlesyndication.com *.getblue.io *.pangle-ads.com *.yahoo.net *.wom.co https://devmi1.wom.co *.criteo.com *.clmbtech.com *.decidata.tv *.gfl85trk.com *.pingdom.net *.tremorhub.com *.smaato.net *.sharethrough.com *.360yield.com *.omnitagjs.com *.yahoo.com *.3lift.com *.teads.tv *.taboola.com *.smartadserver.com *.rubiconproject.com *.media.net *.adnxs.com *.doubleclick.net *.192.168.232.4:7105 *.avantel.co *.openstreetmap.org 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline fonts.googleapis.com *.fontawesome.com https://app.wom.co *.amazonaws.com *.addi.com *.yieldmo.com *.casalemedia.com *.newrelic.com *.newrelic.co *.nr-data.net *.aralego.net *.aralego.com *.mediavine.com *.stickyadstv.com *.adgrx.com *.bluekai.com *.revcontent.com *.pubmatic.com *.outbrain.com *.postrelease.com *.liadm.com *.bidswitch.net *.emxdgt.com *.crcom.gov.co *.omappapi.com *.googlesyndication.com *.getblue.io *.pangle-ads.com *.yahoo.net *.wom.co https://devmi1.wom.co *.criteo.com *.clmbtech.com *.decidata.tv *.gfl85trk.com *.pingdom.net *.tremorhub.com *.smaato.net *.sharethrough.com *.360yield.com *.omnitagjs.com *.yahoo.com *.3lift.com *.teads.tv *.taboola.com *.smartadserver.com *.rubiconproject.com *.media.net *.adnxs.com *.paypal.com *.doubleclick.net *.192.168.232.4:7105 *.avantel.co *.openstreetmap.org 'self' 'unsafe-inline'; object-src *.amazonaws.com *.addi.com *.yieldmo.com *.casalemedia.com *.newrelic.com *.newrelic.co *.nr-data.net *.aralego.net *.aralego.com *.mediavine.com *.stickyadstv.com *.adgrx.com *.bluekai.com *.revcontent.com *.pubmatic.com *.outbrain.com *.postrelease.com *.liadm.com *.bidswitch.net *.emxdgt.com *.crcom.gov.co *.omappapi.com *.googlesyndication.com *.getblue.io *.pangle-ads.com *.yahoo.net *.wom.co https://devmi1.wom.co *.criteo.com *.clmbtech.com *.decidata.tv *.gfl85trk.com *.pingdom.net *.tremorhub.com *.smaato.net *.sharethrough.com *.360yield.com *.omnitagjs.com *.yahoo.com *.3lift.com *.teads.tv *.taboola.com *.smartadserver.com *.rubiconproject.com *.media.net *.adnxs.com *.paypal.com *.doubleclick.net *.192.168.232.4:7105 *.avantel.co *.openstreetmap.org 'self' 'unsafe-inline'; media-src *.adobe.com *.amazonaws.com *.addi.com *.yieldmo.com *.casalemedia.com *.newrelic.com *.newrelic.co *.nr-data.net *.aralego.net *.aralego.com *.mediavine.com *.stickyadstv.com *.adgrx.com *.bluekai.com *.revcontent.com *.pubmatic.com *.outbrain.com *.postrelease.com *.liadm.com *.bidswitch.net *.emxdgt.com *.crcom.gov.co *.omappapi.com *.googlesyndication.com *.getblue.io *.pangle-ads.com *.yahoo.net *.wom.co https://devmi1.wom.co *.criteo.com *.clmbtech.com *.decidata.tv *.gfl85trk.com *.pingdom.net *.tremorhub.com *.smaato.net *.sharethrough.com *.360yield.com *.omnitagjs.com *.yahoo.com *.3lift.com *.teads.tv *.taboola.com *.smartadserver.com *.rubiconproject.com *.media.net *.adnxs.com *.paypal.com *.doubleclick.net *.192.168.232.4:7105 *.avantel.co *.openstreetmap.org 'self' 'unsafe-inline'; manifest-src *.amazonaws.com *.addi.com *.yieldmo.com *.casalemedia.com *.newrelic.com *.newrelic.co *.nr-data.net *.aralego.net *.aralego.com *.mediavine.com *.stickyadstv.com *.adgrx.com *.bluekai.com *.revcontent.com *.pubmatic.com *.outbrain.com *.postrelease.com *.liadm.com *.bidswitch.net *.emxdgt.com *.crcom.gov.co *.omappapi.com *.googlesyndication.com *.getblue.io *.pangle-ads.com *.yahoo.net *.wom.co https://devmi1.wom.co *.criteo.com *.clmbtech.com *.decidata.tv *.gfl85trk.com *.pingdom.net *.tremorhub.com *.smaato.net *.sharethrough.com *.360yield.com *.omnitagjs.com *.yahoo.com *.3lift.com *.teads.tv *.taboola.com *.smartadserver.com *.rubiconproject.com *.media.net *.adnxs.com *.paypal.com *.doubleclick.net *.192.168.232.4:7105 *.avantel.co *.openstreetmap.org 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.mercadopago.com *.mercadolibre.com https://www.google-analytics.com https://stats.g.doubleclick.net https://notifications-icommkt.com https://track-icommkt.com https://analytics.tiktok.com https://*.clarity.ms https://analytics.google.com https://script.crazyegg.com https://rt.idx.lat *.amazonaws.com *.addi.com *.yieldmo.com *.casalemedia.com *.newrelic.com *.newrelic.co *.nr-data.net *.aralego.net *.aralego.com *.mediavine.com *.stickyadstv.com *.adgrx.com *.bluekai.com *.revcontent.com *.pubmatic.com *.outbrain.com *.postrelease.com *.liadm.com *.bidswitch.net *.emxdgt.com *.crcom.gov.co *.omappapi.com *.googlesyndication.com *.getblue.io *.pangle-ads.com *.yahoo.net *.wom.co https://devmi1.wom.co *.criteo.com *.clmbtech.com *.decidata.tv *.gfl85trk.com *.pingdom.net *.tremorhub.com *.smaato.net *.sharethrough.com *.360yield.com *.omnitagjs.com *.yahoo.com *.3lift.com *.teads.tv *.taboola.com *.smartadserver.com *.rubiconproject.com *.media.net *.adnxs.com *.doubleclick.net *.192.168.232.4:7105 *.avantel.co *.openstreetmap.org 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com *.amazonaws.com *.addi.com *.yieldmo.com *.casalemedia.com *.newrelic.com *.newrelic.co *.nr-data.net *.aralego.net *.aralego.com *.mediavine.com *.stickyadstv.com *.adgrx.com *.bluekai.com *.revcontent.com *.pubmatic.com *.outbrain.com *.postrelease.com *.liadm.com *.bidswitch.net *.emxdgt.com *.crcom.gov.co *.omappapi.com *.googlesyndication.com *.getblue.io *.pangle-ads.com *.yahoo.net *.wom.co https://devmi1.wom.co *.criteo.com *.clmbtech.com *.decidata.tv *.gfl85trk.com *.pingdom.net *.tremorhub.com *.smaato.net *.sharethrough.com *.360yield.com *.omnitagjs.com *.yahoo.com *.3lift.com *.teads.tv *.taboola.com *.smartadserver.com *.rubiconproject.com *.media.net *.adnxs.com *.doubleclick.net *.192.168.232.4:7105 *.avantel.co *.openstreetmap.org http: https: blob: 'self' 'unsafe-inline'; default-src https://*.api.comapi.com https://wom-co.convertia.com *.amazonaws.com *.addi.com *.yieldmo.com *.casalemedia.com *.newrelic.com *.newrelic.co *.nr-data.net *.aralego.net *.aralego.com *.mediavine.com *.stickyadstv.com *.adgrx.com *.bluekai.com *.revcontent.com *.pubmatic.com *.outbrain.com *.postrelease.com *.liadm.com *.bidswitch.net *.emxdgt.com *.crcom.gov.co *.omappapi.com *.googlesyndication.com *.getblue.io *.pangle-ads.com *.yahoo.net *.wom.co https://devmi1.wom.co *.criteo.com *.clmbtech.com *.decidata.tv *.gfl85trk.com *.pingdom.net *.tremorhub.com *.smaato.net *.sharethrough.com *.360yield.com *.omnitagjs.com *.yahoo.com *.3lift.com *.teads.tv *.taboola.com *.smartadserver.com *.rubiconproject.com *.media.net *.adnxs.com *.paypal.com *.doubleclick.net *.192.168.232.4:7105 *.avantel.co *.openstreetmap.org 'self' 'unsafe-inline' 'unsafe-eval'; base-uri *.amazonaws.com *.addi.com *.yieldmo.com *.casalemedia.com *.newrelic.com *.newrelic.co *.nr-data.net *.aralego.net *.aralego.com *.mediavine.com *.stickyadstv.com *.adgrx.com *.bluekai.com *.revcontent.com *.pubmatic.com *.outbrain.com *.postrelease.com *.liadm.com *.bidswitch.net *.emxdgt.com *.crcom.gov.co *.omappapi.com *.googlesyndication.com *.getblue.io *.pangle-ads.com *.yahoo.net *.wom.co https://devmi1.wom.co *.criteo.com *.clmbtech.com *.decidata.tv *.gfl85trk.com *.pingdom.net *.tremorhub.com *.smaato.net *.sharethrough.com *.360yield.com *.omnitagjs.com *.yahoo.com *.3lift.com *.teads.tv *.taboola.com *.smartadserver.com *.rubiconproject.com *.media.net *.adnxs.com *.paypal.com *.doubleclick.net *.192.168.232.4:7105 *.avantel.co *.openstreetmap.org 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-VVyvRkFSu6nrEDErcJyBCw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'none'; connect-src 'self' https://*.mediaflow.com https://mfstatic.com https://matomo.malmo.se https://edge.api.brightcove.com https://manifest.prod.boltdns.net https://house-fastly-signed-eu-west-1-prod.brightcovecdn.com; font-src 'self' data: https://mfstatic.com; frame-src 'self' https://stadsatlas.malmo.se https://*.mediaflow.com https://www.youtube.com; img-src 'self' data: https://devenemang.malmo.se https://test-devenemang.malmo.se https://assets.malmo.se https://malmo.se https://metrics.brightcove.com https://*.prod.boltdns.net https://assets.mediaflowpro.com https://*.brightcovecdn.com https://*.inviewer.se https://i.ytimg.com; media-src 'self' https://*.brightcovecdn.com https://*.mediaflow.com blob:; script-src 'self' 'nonce-cf858d20-5e0c-11f0-be12-a9f92954fc96' https://matomo.malmo.se https://players.brightcove.net 'strict-dynamic' 'unsafe-eval'; script-src-elem 'self' 'nonce-cf858d20-5e0c-11f0-be12-a9f92954fc96' https://matomo.malmo.se https://www.google.com/recaptcha https://players.brightcove.net https://mfstatic.com https://www.youtube.com; style-src 'self' https://malmo.se https://mfstatic.com 'unsafe-inline' data:; 1
default-src 'self'; script-src 'self' https://trusted-scripts.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://trusted-images.com; font-src 'self'; frame-src 'self' https://forms.office.com; object-src 'none'; base-uri 'self'; form-action 'self'; report-uri https://your-reporting-endpoint.com/report-csp; 1
default-src 'self' 'report-sample'; connect-src 'self' https://matomo.psi.ch/; font-src 'self' data: player.podigee-cdn.net assets.brevo.com; frame-src 'self' *.ddev.site *.psi.ch player.vimeo.com www.youtube-nocookie.com feeds.sirop.org maps.google.com www.jove.com player.podigee-cdn.net cdnapisec.kaltura.com www.google.com www.srf.ch www.youtube.com psi.mediaspace.cast.switch.ch; img-src 'self' data: gfa-status.web.psi.ch share.web.psi.ch webcam.switch.ch; media-src 'self' *.ethz.ch data:; object-src 'none'; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://polyfill-fastly.io https://unpkg.com https://matomo.psi.ch/; script-src-elem 'self' 'unsafe-inline' test-t6dnbai-3bjapdgtwdrsg.eu-2.platformsh.site www.gstatic.com *.psi.ch www.google.com player.podigee-cdn.net sibforms.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://polyfill-fastly.io https://unpkg.com; style-src 'self' 'report-sample' 'unsafe-inline' www.gstatic.com player.podigee-cdn.net sibforms.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; webrtc 'block'; worker-src 'self'; base-uri 'self'; form-action 'self' www.google.com; frame-ancestors 'self'; report-uri https://www.psi.ch/de/log-report-uri/reportOnly 1
base-uri 'none'; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http: 'nonce-fDZr8hEbIYf9a/6QsGIvEw==' 1
default-src 'self'; script-src 'self' *.argenta.be *.googleapis.com *.adobedtm.com *.googletagmanager.com *.doubleclick.net *.adsrvr.org *.teads.tv *.facebook.net *.hotjar.com *.tiqcdn.com *.pingdom.net *.google.ie 'unsafe-inline' 'unsafe-eval' wasm-eval; style-src 'self' 'unsafe-inline'; object-src 'none'; base-uri 'self'; connect-src 'self' https://agentaspaarbank.tt.omtrdc.net *.googleapis.com *.simargenta.be *.argenta.be *.teads.tv *.googlesyndication.com *.pingdom.net *.google.com; font-src 'self'; frame-src 'self'  *.tst-argenta.be *.adsrvr.org *.teads.tv *.doubleclick.net *.googletagmanager.com; img-src 'self' *.argenta.be *.simargenta.be *.facebook.com *.google.be *.google.com *.google.ie *.teads.tv *.gstatic.com; manifest-src 'self'; media-src 'self'; worker-src 'none'; 1
object-src 'none';base-uri 'self';script-src 'nonce-AkJMFvBajGfwhoQmPLkgWw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
form-action 'self'; frame-src 'none'; frame-ancestors 'self'; report-uri https://sentry.it.uwosh.edu/api/3/security/?sentry_key=a83fa724347d841bd65fdab57f19925a; report-to csp-endpoint 1
object-src 'none';base-uri 'self';script-src 'nonce-HzFRnBhccyi-FRcjLOq3JA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://connect.facebook.net https://googleads.g.doubleclick.net https://grow.clearbitjs.com https://js-na1.hs-scripts.com https://js.hs-analytics.net https://js.hs-banner.com https://js.hs-scripts.com https://js.hsadspixel.net https://js.hscollectedforms.net https://js.hsforms.net https://js.hsleadflows.net https://js.hubspot.com https://js.usemessages.com https://sc.lfeeder.com https://script.hotjar.com https://snap.licdn.com https://static.hotjar.com https://unpkg.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com https://www.googleadservices.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://analytics.google.com https://api.hubapi.com https://api.hubspot.com https://cta-service-cms2.hubspot.com https://forms.hscollectedforms.net https://forms.hsforms.com https://forms.hubspot.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://stats.g.doubleclick.net https://www.google-analytics.com https://www.google.com https://www.google.com.br; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://app.hubspot.com https://td.doubleclick.net https://www.google.com https://www.googletagmanager.com https://www.youtube.com; img-src 'self' data: https://20650649.fs1.hubspotusercontent-na1.net https://forms-na1.hsforms.com https://forms.hsforms.com https://googleads.g.doubleclick.net https://i.ytimg.com https://perf-na1.hsforms.com https://pulsus.mobi https://px.ads.linkedin.com https://px4.ads.linkedin.com https://tr-rc.lfeeder.com https://track.hubspot.com https://www.facebook.com https://www.google-analytics.com https://www.google.com.br; manifest-src 'self'; media-src 'self'; worker-src 'none'; 1
default-src 'self' *.rgi.net *.rgfi.net; script-src 'self' *.rgi.net *.rgfi.net 'unsafe-inline'; img-src 'self' *.rgi.net *.rgfi.net; frame-src 'self' *.rgi.net www.youtube.com www.youtube-nocookie.com; frame-ancestors 'self' *.data-line.de *.rgi.net; object-src 'none'; report-uri https://gindat.report-uri.com/r/d/csp/reportOnly 1
default-src 'self'; connect-src *; img-src * data:; script-src 'nonce-fspJzoeDR6o7m2LHNN22D2kldhA2I0lA' 'unsafe-eval' 'strict-dynamic' 'unsafe-inline' 'self' https: http: 'self'; style-src 'self' 'unsafe-inline' https://404-tpa-276.mktoweb.com/; font-src 'self' kit.fontawesome.com https://ka-p.fontawesome.com/ https://fast.wistia.com/ data:; form-action 'self'; object-src 'none'; media-src 'self' blob:; frame-src https://www.googletagmanager.com https://td.doubleclick.net/ https://gtm.docketwise.com/ https://www.youtube.com/ https://insight.adsrvr.org/ https://app.netlify.com/ https://404-tpa-276.mktoweb.com/; frame-ancestors demo.affinipay.com ka-p.fontawesome.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /.netlify/functions/__csp-violations 1
default-src 'self'; child-src 'none'; object-src 'none'; script-src http: https: 'nonce-uQBANa6S1KzrIrYkkr26kaRRJi6DsnKwhjjiiTVpEPE='; connect-src 'self'; worker-src blob:; style-src 'self' 'unsafe-inline'; img-src 'self'; font-src 'self'; base-uri 'self'; 1
object-src 'none';base-uri 'self';script-src 'nonce-GkOr97kPgcbxaLSnCJTExw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
worker-src *.osano.com; font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com *.elev.io *.paypalobjects.com *.klarnacdn.net 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.affirm.com *.affirm.ca c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.osano.com *.klarna.com https://*.talkable.com 'self' 'unsafe-inline'; img-src *.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io widgets.automizely.com widgets.automizely.io *.googleapis.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com *.affirm.com *.affirm.ca www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.adnxs.com *.adsrvr.org *.bidr.io *.bing.com *.facebook.com *.gotolstoy.com *.lightboxcdn.com *.localizecdn.com *.reddit.com *.twitter.com https://*.ordergroove.com *.klarna.com *.klarnaevt.com *.klarnacdn.net *.cdn.imgeng.in *.hsforms.net *.hsforms.com 'self' data: data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com ajax.googleapis.com fonts.googleapis.com widgets.automizely.com widgets.automizely.io *.googleapis.com *.gstatic.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.affirm.com *.affirm.ca js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.adnxs.com *.ads-twitter.com *.adsrvr.org *.attn.tv *.bing.com *.byspotify.com *.dixa.io *.dstillery.com *.elev.io *.exponea.com *.facebook.net *.gleamjs.io *.gotolstoy.com *.hotjar.com *.impactcdn.com *.iubenda.com *.lightboxcdn.com *.localizecdn.com *.noibu.com *.onescreen.ai *.pepperjam.com *.pinimg.com *.pinterest.com *.redditstatic.com *.tiktok.com getrockerbox.com *.osano.com https://*.ordergroove.com *.klarna.com *.klarnacdn.net *.klarnaservices.com s7.addthis.com *.cdn.imgeng.in *.hsforms.net *.hsforms.com https://d2jjzw81hqbuqv.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com widgets.automizely.com widgets.automizely.io assets.braintreegateway.com *.gotolstoy.com *.lightboxcdn.com *.plyr.io *.osano.com *.klarnacdn.net *.adobedtm.com *.cdn.imgeng.in *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.gotolstoy.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com api.automizely.com api.automizely.io *.googleapis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.affirm.com *.affirm.ca api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.adnxs.com *.attentivemobile.com *.attn.tv *.bing.com *.dixa.io *.elev.io *.exponea.com *.facebook.com *.gotolstoy.com *.hotjar.com *.iubenda.com *.localizecdn.com *.noibu.com *.onescreen.ai *.pinterest.com *.plyr.io *.reddit.com *.redditstatic.com *.spotify.com *.tiktok.com *.osano.com https://*.ordergroove.com *.klarnaevt.com *.klarnaservices.com *.klarna.com ekr.zdassets.com/ t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://472ad5a6-d25e-45ca-8d99-f4067de68ea9.sansec.watch/; report-to report-endpoint; 1
default-src 'self'; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' https://*.adtrafficquality.google https://*.affirm.com https://*.agilone.com https://*.bing.com https://*.criteo.com https://*.criteo.net https://*.creativecdn.com https://*.cybersource.com https://*.datadome.co https://*.deepsearch.adlucent.com https://*.facebook.net https://*.g.doubleclick.net https://*.go-mpulse.net https://*.google-analytics.com https://*.google.com https://*.googleadservices.com https://*.googleapis.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.gstatic.com https://*.hotjar.com https://*.hotjar.io https://*.kickfire.com https://*.optimizely.com https://*.osano.com https://*.pepperjam.com https://*.pinterest.com https://*.redditstatic.com https://*.sail-horizon.com https://*.securedvisit.com https://*.serenaandlily.com https://*.sift.com https://*.sitedataprocessing.com https://*.surveymonkey.com https://*.techlab-cdn.com https://*.yotpo.com https://*.zdassets.com https://cnstrc.com https://s.pinimg.com https://vercel.live https://*.adobedtm.com https://*.agkn.com https://*.demdex.net https://*.rezync.com https://*.sitescout.com https://*.usbrowserspeed.com https://thrtle.com https://*.liadm.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.honey.io https://*.paypalobjects.com https://*.typekit.net https://*.yotpo.com https://vercel.live; img-src 'self' data: blob: https://*.adobedtm.com https://*.adtrafficquality.google https://*.affirm.com https://*.akstat.io https://*.amplience.net https://*.bigcontent.io https://*.bing.com https://bat.com https://bing.net https://*.creativecdn.com https://*.criteo.net https://*.facebook.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.gstatic.com https://*.honey.io https://*.kickfire.com https://*.paypalobjects.com https://*.pepperjam.com https://*.reddit.com https://*.serenaandlily.com https://*.yotpo.com https://vercel.com https://*.adnxs.com https://*.alocdn.com https://*.capitaloneshopping.com https://*.casalemedia.com https://*.dmxleo.com https://*.ivaws.com https://*.rkdms.com https://*.scene7.com https://*.smassets.net https://*.socdm.com https://*.taboola.com https://*.toast.com https://trkn.us https://hexagon-analytics.com; font-src 'self' data: https://*.gstatic.com https://*.honey.io https://*.paypalobjects.com https://*.googleapis.com https://*.typekit.net https://*.yotpo.com https://vercel.live https://*.ivaws.com; connect-src 'self' https://*.adtrafficquality.google https://*.affirm.com https://*.akamaihd.net https://*.akstat.io https://*.amplience.net https://*.bigcontent.io https://*.bing.com https://*.bing.net https://*.cnstrc.com https://*.creativecdn.com https://*.criteo.com https://*.datadome.co https://*.facebook.com https://*.g.doubleclick.net https://*.go-mpulse.net https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.hotjar.io https://*.liadm.com https://*.optimizely.com https://*.osano.com https://*.pinterest.com https://*.reddit.com https://*.redditstatic.com https://*.sail-personalize.com https://*.sail-track.com https://*.serenaandlily.com https://*.techlab-cdn.com https://*.yotpo.com https://*.zdassets.com https://*.zendesk.com https://vercel.live https://browser-intake-datadoghq.com https://google.com wss://*.hotjar.com https://*.my.sentry.io; media-src 'self' https://*.amplience.net https://*.bigcontent.io https://*.gstatic.com; child-src 'self' blob:; frame-src 'self' https://*.acuityscheduling.com https://*.affirm.com https://*.agilone.com https://*.creativecdn.com https://*.cybersource.com https://*.extforms.netsuite.com https://*.facebook.com https://*.google.com https://*.googletagmanager.com https://*.pinterest.com https://*.pepperjamnetwork.com https://*.surveymonkey.com https://vercel.live; fenced-frame-src 'self'; worker-src 'self' blob:; frame-ancestors 'self' https://*.cybersource.com https://*.serenaandlily.com; 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: http:; script-src data: 'unsafe-inline' 'unsafe-eval' https: http: blob:; style-src data: 'self' 'unsafe-inline' https:; img-src data: 'self' https: blob: android-webview-video-poster:; font-src 'self' https: data:; connect-src 'self' data: https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://prod.bhaskarapi.com/api/1.0/web-backend/csp-report; 1
report-uri /csp-report.php; 1
object-src * ; report-uri https://www.sunlife.ca/slfreporting/reportUri 1
frame-ancestors 'self'; report-uri https://ordermygear.report-uri.com/r/t/csp/wizard 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://managewp.com https://orion.managewp.com https://s42013.pcdn.co https://db0hcalplzljl.cloudfront.net/ https://*.google.com api.w.org https://*.googleapis.com ogp.me https://www.facebook.com *.google-analytics.com api.w.org *.googletagmanager.com tags.tiqcdn.com use.typekit.net s.w.org https://secure.gravatar.com https://connect.facebook.net https://p.typekit.net https://www.googleadservices.com https://fonts.gstatic.com https://www.gstatic.com  https://*.g.doubleclick.net https://player.vimeo.com https://*.youtube.com https://*.youtube-nocookie.com https://*.googlevideo.com https://*.ytimg.com data:;  img-src * data:;  object-src 'none'; 1
font-src *.fontawesome.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com api.bazaarvoice.com stg.api.bazaarvoice.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.affirm.com *.affirm.ca display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.affirm.com *.affirm.ca display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.affirm.com *.affirm.ca apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.avada.io *.cloudflare.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com display.ugc.bazaarvoice.com unsafe-inline assets.braintreegateway.com *.fontawesome.com fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.affirm.com *.affirm.ca api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com api.addressy.com https://get.geojs.io *.avada.io https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'self' 'unsafe-eval' https://connect.facebook.net https://am.yahoo.co.jp https://b99.yahoo.co.jp https://www.google-analytics.com assets.adobedtm.com https://www.googletagmanager.com http://hm.mieru-ca.com https://hpjp.mieru-ca.com https://www.everestjs.net https://s.yimg.jp http://aigjapan.sc.omtrdc.net https://www.youtube.com 'sha256-dMIRRtml3Oi21Iaq03PtC+8mIuBozHki1nfF3K1YXgw=' 'sha256-Yw3/67WDFoT7czVF2RALaOaLaRtweKwjgMzcHEb7oIs=' 'sha256-+/WzJIUpU+5NsHuQGBp2n0iZvi5LUQ0h8K/qrDy2YJQ=' 'sha256-T4GdVguKtoAY/4wetSihwnlAEpUpN0SBr64TOJa8NU0=' 'sha256-KIDFo1cCsPZjm0CKg+wI3amz1hzD9mNUJ2+4AGHa3uU=' 'sha256-LBsTTQlX5+H68ly1EZvOY6Z9bHzQqntXIpb70r7UJis=' 'sha256-U/nEWHrEPshKXL66+Ph2p6sLJqyHx9w9Sjv8K1Ya0zU=' 'sha256-BcF795XkHI9YEs7DNkb2Auwhmzf0SqcdlO/cXV17POc=' 'sha256-cQonxShNT1IfSfxwOOa2GnQjv3H9iqQdPYmUrW6Tl9w=' 'sha256-Dsxt1/qoUZUtAc/xB2KsqxHj3ORjhh9iGH+ezhmuyks=' 'sha256-UeZ0R36qQ5kcoJ4QcT9JHYwgL70p9095Vm9jdRGAKSc=' 'nonce-b2ftqkzgovzrsa';script-src-elem 'self' https://connect.facebook.net https://am.yahoo.co.jp https://b99.yahoo.co.jp https://www.google-analytics.com assets.adobedtm.com https://www.googletagmanager.com http://hm.mieru-ca.com https://hpjp.mieru-ca.com https://www.everestjs.net https://s.yimg.jp http://aigjapan.sc.omtrdc.net https://www.youtube.com 'sha256-dMIRRtml3Oi21Iaq03PtC+8mIuBozHki1nfF3K1YXgw=' 'sha256-Yw3/67WDFoT7czVF2RALaOaLaRtweKwjgMzcHEb7oIs=' 'sha256-+/WzJIUpU+5NsHuQGBp2n0iZvi5LUQ0h8K/qrDy2YJQ=' 'sha256-T4GdVguKtoAY/4wetSihwnlAEpUpN0SBr64TOJa8NU0=' 'sha256-KIDFo1cCsPZjm0CKg+wI3amz1hzD9mNUJ2+4AGHa3uU=' 'sha256-LBsTTQlX5+H68ly1EZvOY6Z9bHzQqntXIpb70r7UJis=' 'sha256-U/nEWHrEPshKXL66+Ph2p6sLJqyHx9w9Sjv8K1Ya0zU=' 'sha256-BcF795XkHI9YEs7DNkb2Auwhmzf0SqcdlO/cXV17POc=' 'sha256-cQonxShNT1IfSfxwOOa2GnQjv3H9iqQdPYmUrW6Tl9w=' 'sha256-Dsxt1/qoUZUtAc/xB2KsqxHj3ORjhh9iGH+ezhmuyks=' 'sha256-UeZ0R36qQ5kcoJ4QcT9JHYwgL70p9095Vm9jdRGAKSc=' 'nonce-b2ftqkzgovzrsa'; 1
default-src 'none'; base-uri 'self'; child-src 'self' blob:; connect-src 'self' bam.nr-data.net links.services.disqus.com cdn.cookielaw.org api.segment.io *.mapbox.com *.mux.com analytics.google.com www.google-analytics.com geolocation.onetrust.com wss: bat.bing.com *.clarity.ms wahoofitness-us.attn.tv wahoofitness.attn.tv events.attentivemobile.com stats.g.doubleclick.net region1.analytics.google.com www.google.com privacyportal.onetrust.com api.rudderstack.com vc.hotjar.io region1.google-analytics.com www.google.cz www.google.au cdn.segment.com fonts.googleapis.com cdn.wahooligan.com www.google.no *.wahooligan.com; font-src 'self' cdn.wahooligan.com fonts.gstatic.com moz-extension data:; form-action 'self' www.wahooligan.com *.wahoofitness.com wahoofitness.zendesk.com api.wahooligan.com www.facebook.com bat.bing.com n.clarity.ms analytics.google.com wahoofitness.centercode.com api.wahooligan.com/oauth/authorize api.staging.wahooligan.com/oauth/authorize *.wahooligan.com; frame-ancestors 'self' *.zendesk.com *.wahooligan.com *.wahoofitness.com; frame-src 'self' disqus.com metabase.wahooligan.com www.youtube-nocookie.com js.stripe.com www.googletagmanager.com td.doubleclick.net www.facebook.com; img-src * data: blob:; media-src blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.wahooligan.com www.google-analytics.com api.tiles.mapbox.com code.jquery.com cdn.segment.com cdnjs.cloudflare.com js.stripe.com js-agent.newrelic.com bam.nr-data.net bam.nr-data.com *.zendesk.com static.zdassets.com cdn.cookielaw.org c.disquscdn.com optanon.blob.core.windows.net www.gstatic.com www.googletagmanager.com cdn.rudderlabs.com data: *.wahooligan.com; script-src-elem 'self' 'unsafe-inline' cdn.wahooligan.com code.jquery.online code.jquery.com cdn.cookielaw.org cdn.segment.com bam.nr-data.com bam.nr-data.net www.googletagmanager.com js-agent.newrelic.com optanon.blob.core.windows.net assets.zendesk.com static.zdassets.com www.google-analytics.com api.tiles.mapbox.com cdnjs.cloudflare.com geolocation.onetrust.com www.gstatic.com js.stripe.com cdn.rudderlabs.com cdn.attn.tv *.zendesk.com www.clarity.ms script.hotjar.com static.hotjar.com resources.xg4ken.com googleads.g.doubleclick.net bat.bing.com connect.facebook.net n.clarity.ms analytics.google.com *.wahooligan.com; style-src 'self' 'unsafe-inline' fonts.gstatic.com cdn.cookielaw.org fonts.googleapis.com api.tiles.mapbox.com cdn.wahooligan.com c.disquscdn.com www.gstatic.com; style-src-elem 'self' 'unsafe-inline' cdn.wahooligan.com cdn.cookielaw.org assets.zendesk.com api.tiles.mapbox.com fonts.googleapis.com www.gstatic.com connect.facebook.net cdnjs.cloudflare.com; report-uri https://www.wahooligan.com/csp_reports 1
default-src 'self'; style-src 'self' 'unsafe-inline' https://stackpath.bootstrapcdn.com https://fonts.googleapis.com https://cdn.jsdelivr.net https://optimize.google.com https://fonts.googleapis.com; script-src 'self' https://*.smallcase.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com https://app.link https://script.hotjar.com https://static.hotjar.com https://www.youtube.com https://s.ytimg.com https://apis.google.com https://connect.facebook.net https://*.razorpay.com https://*.gateway-tt.in https://cdn.segment.com https://cdn.amplitude.com https://cdn.moengage.com https://stackpath.bootstrapcdn.com https://a.quora.com https://q.quora.com 'unsafe-eval' 'unsafe-inline' https://appleid.cdn-apple.com https://optimize.google.com https://www.googleoptimize.com https://*.googlesyndication.com https://partner.googleadservices.com https://www.googletagservices.com https://adservice.google.com https://adservice.google.co.in https://*.tickertape.in https://*.vmax.com https://*.smartyads.com https://*.itdsmr.com https://*.google.com https://www.gstatic.com https://*.nexum.smallcase.com https://securepubads.g.doubleclick.net https://cms.stag.smallcase.com; img-src 'self' data: https://*.tickertape.in http://*.tickertape.in https://*.smallcase.com https://*.cloudfront.net https://s3.ap-south-1.amazonaws.com https://s3.amazonaws.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://www.google.com https://www.google.co.in https://pocket-image-cache.com https://*.ytimg.com https://script.hotjar.com https://premium.thehindubusinessline.com https://thehindubusinessline.com https://thehindu.com https://www.thehindu.com https://www.thehindubusinessline.com https://*.reutersmedia.net https://img.youtube.com https://www.facebook.com https://cdn.razorpay.com https://d36bckgfrodyym.cloudfront.net https://moe-email-campaigns.s3.amazonaws.com https://image.moengage.com https://via.placeholder.com https://q.quora.com https://optimize.google.com https://*.tenor.com https://d3jkipq6ucdzmu.cloudfront.net https://pagead2.googlesyndication.com https://www.dspim.com https://*.vmax.com https://*.smartyads.com https://*.itdsmr.com https://dummyimage.com https://*.dummyimage.com https://*.coolbootsmedia.com https://*.pubmatic.com https://*.ergadx.com https://*.criteo.com https://*.themediagrid.com https://*.Pubmatic.com https://*.openx.com https://*.rubiconproject.com https://*.colombiaonline.com https://*.teads.tv https://*.rubiconproject.com https://*.triplelift.com; connect-src https://*.tickertape.in http://*.tickertape.in wss://*.tickertape.in https://*.smallcase.com https://www.google-analytics.com https://www.googletagmanager.com https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com https://surveystats.hotjar.io https://stats.g.doubleclick.net https://graph.facebook.com https://*.razorpay.com https://cdn.segment.com https://api.segment.io https://api.amplitude.com/ https://s3.ap-south-1.amazonaws.com https://sdk-01.moengage.com https://sdk-02.moengage.com https://sdk-03.moengage.com https://d36bckgfrodyym.cloudfront.net https://*.s3.ap-south-1.amazonaws.com https://analytics.google.com https://optimize.google.com https://*.tenor.com https://d3jkipq6ucdzmu.cloudfront.net https://pagead2.googlesyndication.com https://*.vmax.com https://*.amplitude.com:* https://*.smartyads.com https://*.itdsmr.com https://*.google.com https://firebaseremoteconfig.googleapis.com https://firebaseinstallations.googleapis.com https://firebase.googleapis.com https://*.facebook.com https://*.nexum.smallcase.com https://securepubads.g.doubleclick.net https://cms.stag.smallcase.com; frame-src https://connect.smallcase.com https://connect.smallca.se https://gateway.smallca.se/ https://vars.hotjar.com https://www.googletagmanager.com https://accounts.google.com https://www.youtube.com https://api.razorpay.com https://*.gateway-tt.in https://cdn.moengage.com https://optimize.google.com https://tpc.googlesyndication.com https://*.googlesyndication.com/ https://*.tenor.com https://googleads.g.doubleclick.net https://smallcase.zerodha.com https://*.vmax.com https://*.smartyads.com https://*.itdsmr.com https://*.google.com https://securepubads.g.doubleclick.net; font-src 'self' data: https://script.hotjar.com https://fonts.gstatic.com https://fonts.gstatic.com; frame-ancestors 'self' https://*.smallcase.com; object-src 'none'; report-uri https://sentry.smallcase.com/api/87/security/?sentry_key=fca379fbdc3c49029e8a98bb96a88db2&sentry_environment=production&sentry_release=tickertape-web@8.36.0@production 1
frame-ancestors 'self'; report-uri https://www.themercury.com.au/csp-reports 1
default-src 'self' https://*.popso.it; script-src 'self' https://*.popso.it https://*.googleapis.com https://*.brightcove.net https://*.google.com https://*.gstatic.com https://*.zencdn.net https://*.googletagmanager.com https://*.google-analytics.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://*.popso.it https://*.googleapis.com 'unsafe-inline'; object-src 'self' https://*.popso.it; base-uri 'self' https://*.popso.it; connect-src 'self' https://*.popso.it https://*.onthemap.io https://*.brightcove.com https://*.brightcovecdn.com https://*.boltdns.net https://*.googleapis.com https://*.google.com http://manifest.prod.boltdns.net https://*.googletagmanager.com https://*.google-analytics.com; font-src 'self' https://*.popso.it https://*.gstatic.com https://*.zencdn.net data:; frame-src 'self' https://*.popso.it https://*.google.com https://*.computercheck24.com; img-src 'self' https://*.popso.it https://*.boltdns.net https://*.googleapis.com https://*.gstatic.com https://*.googletagmanager.com https://*.google-analytics.com data:; manifest-src 'self' https://*.popso.it; media-src 'self' https://*.popso.it https://*.brightcovecdn.com https://*.boltdns.net http://manifest.prod.boltdns.net blob:; worker-src 'self' https://*.popso.it blob:; report-uri https://security.popso.it/event-logger/csp-ro; 1
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' ajax.aspnetcdn.com *.plexonline.com *.plexus-online.com *.plex.com web-sdk.aptrinsic.com; style-src 'report-sample' 'self' data: 'unsafe-inline' ajax.aspnetcdn.com *.plexonline.com *.plexus-online.com *.plex.com web-sdk.aptrinsic.com; img-src 'self' data: ajax.aspnetcdn.com *.plexonline.com *.plexus-online.com www.gstatic.com 127.0.0.1:18623 *.plex.com; font-src 'self' *.plex.com data: *.plexus-online.com fonts.gstatic.com maxcdn.bootstrapcdn.com *.plexonline.com at.alicdn.com use.typekit.net; connect-src 'self' web-sdk.aptrinsic.com esp.aptrinsic.com *.plex.com pcn-move.plexdev.io cdnma.cdnservice.space cdnma.global-cache.online cdnmb.global-cache.online 127.0.0.1:18623 js.authorize.net tablet.sigwebtablet.com:47290; media-src 'self' *.plex.com; object-src 'self'; child-src 'self'; frame-src 'self'; worker-src 'self'; frame-ancestors 'self' www.plexonline.com www.plexus-online.com; form-action 'self' *.plexus-online.com *.plexonline.com *.plex.com; base-uri 'self'; manifest-src 'self'; script-src-elem 'self' 'unsafe-inline' web-sdk.aptrinsic.com www.gstatic.com *.plexonline.com *.plex.com js.authorize.net jstest.authorize.net *.google-analytics.com www.pagespeed-mod.com *.plexus-online.com www.gstatic.com; style-src-elem 'unsafe-inline' *.plexonline.com web-sdk.aptrinsic.com www.gstatic.com maxcdn.bootstrapcdn.com *.plex.com *.plexus-online.com; report-uri https://csp.security.plex.com/csp/reporting 1
default-src 'self' https://*.prime.diftech.org ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline'; img-src 'self' blob: data:; font-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; report-uri /api/v1/pl-landing/csp-report 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' puravida.com.br *.puravida.com.br wake-components.fbitsstatic.net puravida.fbitsstatic.net fbits.net nr-data.net newrelic.com google.com googletagmanager.com google-analytics.com facebook.net facebook.com jquery.com bootstrapcdn.com *.fbits.net *.nr-data.net *.newrelic.com *.google.com *.googletagmanager.com *.google-analytics.com *.facebook.net *.facebook.com *.jquery.com *.bootstrapcdn.com wss://signalr.fbits.net k-analytix.com *.k-analytix.com i.konduto.com static.traycheckout.com.br *.traycheckout.com.br *.yapay.com.br *.traycheckout.com.br h.online-metrix.net *.clearsale.com.br *.2listen.com.br *.googleadservices.com *.trackcmp.net *.soclminer.com.br static.hotjar.com *.hotjar.com cdn.convertbox.com googleadservices.com wss://ws11.hotjar.com wss://ws9.hotjar.com wss://ws3.hotjar.com wss://ws18.hotjar.com wss://ws21.hotjar.com wss://ws1.hotjar.com wss://ws13.hotjar.com wss://ws20.hotjar.com wss://ws23.hotjar.com *.hotjar.io vars.hotjar.com wss://ws4.hotjar.com wss://ws16.hotjar.com wss://ws8.hotjar.com wss://ws15.hotjar.com wss://ws5.hotjar.com wss://ws12.hotjar.com wss://ws14.hotjar.com wss://ws22.hotjar.com wss://ws10.hotjar.com wss://ws19.hotjar.com wss://ws6.hotjar.com wss://ws25.hotjar.com wss://ws17.hotjar.com wss://ws7.hotjar.com wss://ws2.hotjar.com wss://ws24.hotjar.com dzpxyxks1bfmb.cloudfront.net *.getblue.io *.criteo.com *.criteo.net *.g.doubleclick.net *.cloudfront.net *.dwin1.com *.awin1.com *.zenaps.com *.sciencebehindecommerce.com artfut.com *.artfut.com *.pinimg.com *.bing.com *.metaffiliation.com *.2eb4a95jq.de ws.puravida.com.br *.doubleclick.net *.rdstation.com.br googleoptimize.com smct.co browser.sentry-cdn.com *.sentry.io *.bambuser.com *.btg360.com.br *.smct.co *.smct.io *.amazonaws.com *.reclameaqui.com.br *.pinterest.com *.socialminer.com *.gstatic.com *.dsspn.com *.afftrack.pro *.clarity.ms *.cloudflare.com *.koin.com.br *.soclminer.com.br *.btg360.com.br *.socialminer.com samuraiexpertsstorage.blob.core.windows.net recorrencia-samurai.azurewebsites.net analytics.tiktok.com *.googleoptimize.com *.oli.live mautic.puravida.com.br signalrcore.fbits.net wss://signalrcore.fbits.net survey.solucx.com.br *.cloudfront.net service.smarthint.co *.useinsider.com *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadopago.com.br *.paypal.com *.paypalobjects.com *.licdn.com *.appspot.com *.purplemetrics.com.br *.fbitsstatic.net *.linkedin.com *.google.com.br *.googleapis.com *.unpkg.com *.fbits.store *.puravida.com.br *.adyen.com *.jsdelivr.net cdn.jsdelivr.net *.pagar.me *.mundipagg.com pvecommercefiles.blob.core.windows.net *.blob.core.windows.net *.getnet.com.br *.braintree-api.com *.braintreegateway.com *.pagseguro.com.br *.pagbank.com *.vindi.com.br *.cieloecommerce.cielo.com.br *.braspag.com.br *.pagador.com.br *.online-metrix.net bt-wake-connector.com.br *.datadoghq-browser-agent.com *.datadoghq.com *.browser-intake-us3-datadoghq.com browser-intake-us3-datadoghq.com *.pagaleve.com.br *.pagaleve.io wake-api.pagaleve.com.br securegtm.despegar.com api.ipify.org browser-intake-datadoghq.com *.datadoghq-browser-agent.com *.datadoghq.com *.specialone.io unpkg.com wake.koin.com.br temp-puravidalabs-backend-pvclub-black-friday-production.azurewebsites.net paypal-wake.s3.us-east-1.amazonaws.com puravidalabs-backend-ecommerce-optin-service-p.azurewebsites.net *.cardinalcommerce.com *.secureacs.com api.globalgetnet.com *.globalgetnet.com *.sandbox.3dsecure.io *.crmback.io *.crmback.dev *.crmback.com x.cbstatus.net *.3dsecure.io *.cookielaw.org *.googlesyndication.com ; img-src https: data:; style-src https: 'unsafe-inline'; font-src https: data:; frame-ancestors *.puravida.com.br puravida.com.br; report-uri https://pub-csp.fbits.net/checkout_sem_carrinho; report-to https://pub-csp.fbits.net/checkout_sem_carrinho; worker-src 'self' blob:; 1
object-src 'none';base-uri 'self';script-src 'nonce-a3ShBtvMKpm6uomu0x8xpw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src * 'unsafe-eval' 'unsafe-inline' blob: data:; script-src 'self' 'unsafe-eval' 'report-sample' https://*.betgenius.com/ https://*.force.com/ https://*.geniussports.com/ https://*.kambicdn.com/ https://*.online-metrix.net/ https://*.paypal.com/ https://*.salesforce.com/ https://*.salesforceliveagent.com/ https://*.webpu.sh/ https://apis.google.com/ https://c.paypal.com/ https://cdn-gl.imrworldwide.com/ https://cdn.geocomply.com/ https://cdn.jsdelivr.net/ https://cdn.quantummetric.com/ https://challenges.cloudflare.com/turnstile/ https://connect.facebook.net/ https://h.online-metrix.net/ https://js.braintreegateway.com/ https://maps.googleapis.com/ https://micro-frontends.rushstreetcontent.com/ https://paywithmybank.com/ https://platform.twitter.com/ https://player.performgroup.com/ https://request.eprotect.vantivcnp.com/ https://service.riverscontent.com/ https://static.ads-twitter.com/ https://static.cloudflareinsights.com/ https://static.nps.today/ https://static.zdassets.com/ https://websdk.appsflyer.com/ https://www.datadoghq-browser-agent.com/ https://www.google-analytics.com/ https://www.google.com/ https://www.googleadservices.com/ https://www.googleoptimize.com/ https://www.googletagmanager.com/ https://www.paypalobjects.com/ https://ajax.cloudflare.com/ https://cdn.kushkipagos.com/ https://cdn.siftscience.com/ https://challenges.cloudflare.com/ https://googleads.g.doubleclick.net/ https://includes.ccdc02.com/ https://songbird.cardinalcommerce.com/ https://widget-mediator.zopim.com/ 'nonce-cNUoB8ZHq7EHWB8sIMdglNn+onY='; worker-src 'self' blob:; report-uri https://pci.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubfbf01b16e06749de383ba09b993b5515&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env%3Aprod-sa-co; 1
object-src 'none';base-uri 'self';script-src 'nonce-dznqOysKfPLQeESRUe0vYw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
report-to slardar-endpoint; script-src 'unsafe-inline' 'unsafe-eval' 'report-sample' data: blob: 'nonce-ae9b3f757bef91b852232f74a84a16f8-argus' 'strict-dynamic' https: 'wasm-unsafe-eval'; upgrade-insecure-requests ; 1
frame-ancestors 'self'; report-uri https://www.kidspot.com.au/csp-reports 1
font-src fonts.gstatic.com use.typekit.net *.bglobale.com *.global-e.com *.klarnacdn.net *.fontawesome.com *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.twitter.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com sandbox.secure.checkout.visa.com secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com *.bglobale.com *.global-e.com *.klarna.com https://www.googletagmanager.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.youtube.com/ *.weltpixel.com *.wesupply.xyz https://wesupplylabs.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.afd.co.uk *.brsrvr.com *.bloomreach.cloud sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com *.bglobale.com *.global-e.com *.klarna.com *.klarnaevt.com *.klarnacdn.net http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: *.paypal.com *.cloudflare.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com www.google.com *.afd.co.uk cdn.brcdn.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com x.klarnacdn.net sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.bglobale.com *.global-e.com *.klarna.com *.klarnacdn.net *.klarnaservices.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.trackedlink.net https://www.googletagmanager.com tagmanager.google.com unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.bglobale.com *.global-e.com *.klarnacdn.net *.fontawesome.com unsafe-inline assets.braintreegateway.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com *.sentry.io *.afd.co.uk *.dxpapi.com thm.visa.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.klarnauserservices.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.cloudflare.com *.twitter.com *.twimg.com *.googleadservices.com *.google-analytics.com *.sandbox.paypal.com *.paypalobjects.com *.trackedlink.net *.ampproject.org 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com cdn.jsdelivr.net cdn.almapay.com https://fonts.gstatic.com https://ws.colissimo.fr *.sagepay.com *.opayo.eu.elavon.com https://cdnjs.cloudflare.com 'self' data: static.sensefuel.live data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.sips-services.com *.sagepay.com *.opayo.eu.elavon.com *.arcot.com *.rsa3dsauth.co.uk *.rsa3dsauth.com *.boc.cn *.afs.com.bh *.enfuce.com *.cardcenter.ch *.nexigroup.com *.pluscard.de *.qiib.com.qa *.paylife.at *.redsys.es *.3dsecure.no *.modirum.com *.edb.com *.viseca.ch *.apata.io *.capitalone.com *.dnp-cdms.jp *.revolut.com *.bankserv.co.za *.swisscard.ch *.six-group.com *.marqeta.com *.cardinalcommerce.com *.wlp-acs.com *.imbank.com *.tsys.co.uk *.sia.eu *.garanti.com.tr *.commerzbank.de *.cmbchina.com *.alahli.com *.mycardsecure.com *.gps.com.bh *.citibank.com *.wibmo.com *.dkb.de *.monzo.com *.alinma.com *.nccc.com.tw *.starlingbank.com *.danskebank.com *.pekao24.pl *.lloydsbank.co.uk/ *.lloydsbank.com/ *.lloydsbankinggroup.com/ *.channel-cards-auth-api.lloydsbankinggroup.com/ *.sparebank1.no *.rabobank.nl *.s-id-check-sparkassen.de *.sparkassen-kreditkarten.de *.mbank.pl *.secure2gw.ro *.btrl.ro *.cafis-paynet.jp *.borica.bg *.fibank.bg *.cic.fr *.zaba.hr *.citibank.co.in *.centrum24.pl *.bankmillennium.pl *.icps.mu *.egolomt.mn *.lcl.fr *.ctbcbank.com *.qiwi.com *.postfinance.ch *.citadele.lv *.kib.com.kw *.cathaybk.com.tw *.pkobp.pl *.acdcproc.com *.abanca.com *.n26.com *.klikbca.com *.psa.at *.sumup.com *.eglobal.com.mx *.pl.ing.com *.qnb.com *.rpc-raiffeisen.com *.sebkort.com *.ocbc.com *.tapngo.com.hk *.stcpay.com.sa *.creditmutuel.fr *.luottokunta.fi *.swedbank.se *.unibank.am *.estcard.ee *.hyundaicard.com *.privatbank.ua *.fssnet.co.in *.kbcard.com *.luminorgroup.com *.mashreq.com *.mercurypaymentservices.it *.moneta.cz *.sensebank.com.ua *.sibs.pt *.stripeauthentications.com *.dskbank.bg *.otpbank.hu *.techcombank.com.vn *.touch.tech *.asseco-see.hr *.3dsecure-csas.cz *.cyris.com *.secureacs.com *.acb.com.vn 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com https://www.youtube.com *.youtube-nocookie.com bid.g.doubleclick.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.getalma.eu *.almapay.com/ *.stripe.com/ *.checkout.com/ *.adyen.com/ *.truefitcorp.com *.weltpixel.com https://form.typeform.com *.sagepay.com *.opayo.eu.elavon.com *.arcot.com *.rsa3dsauth.co.uk *.rsa3dsauth.com *.boc.cn *.afs.com.bh *.enfuce.com *.cardcenter.ch *.pluscard.de *.qiib.com.qa *.nexigroup.com *.paylife.at *.redsys.es *.3dsecure.no *.modirum.com *.edb.com *.viseca.ch *.apata.io *.capitalone.com *.dnp-cdms.jp *.revolut.com *.bankserv.co.za *.swisscard.ch *.six-group.com *.marqeta.com *.cardinalcommerce.com *.wlp-acs.com *.imbank.com *.tsys.co.uk *.sia.eu *.garanti.com.tr *.commerzbank.de *.cmbchina.com *.alahli.com *.mycardsecure.com *.gps.com.bh *.citibank.com *.wibmo.com *.dkb.de *.monzo.com *.alinma.com *.nccc.com.tw *.starlingbank.com *.danskebank.com *.pekao24.pl *.lloydsbank.co.uk/ *.lloydsbank.com/ *.lloydsbankinggroup.com/ *.channel-cards-auth-api.lloydsbankinggroup.com/ *.sparebank1.no *.rabobank.nl *.s-id-check-sparkassen.de *.sparkassen-kreditkarten.de *.mbank.pl *.secure2gw.ro *.btrl.ro *.cafis-paynet.jp *.borica.bg *.fibank.bg *.cic.fr *.zaba.hr *.citibank.co.in *.centrum24.pl *.bankmillennium.pl *.icps.mu *.egolomt.mn *.lcl.fr *.ctbcbank.com *.qiwi.com *.postfinance.ch *.citadele.lv *.kib.com.kw *.cathaybk.com.tw *.pkobp.pl *.acdcproc.com *.abanca.com *.n26.com *.klikbca.com *.psa.at *.sumup.com *.eglobal.com.mx *.pl.ing.com *.qnb.com *.rpc-raiffeisen.com *.sebkort.com *.ocbc.com *.tapngo.com.hk *.stcpay.com.sa *.creditmutuel.fr *.luottokunta.fi *.swedbank.se *.unibank.am *.estcard.ee *.hyundaicard.com *.privatbank.ua *.fssnet.co.in *.kbcard.com *.luminorgroup.com *.mashreq.com *.mercurypaymentservices.it *.moneta.cz *.sensebank.com.ua *.sibs.pt *.stripeauthentications.com *.dskbank.bg *.otpbank.hu *.techcombank.com.vn *.touch.tech *.asseco-see.hr *.3dsecure-csas.cz *.cyris.com *.secureacs.com *.acb.com.vn *.google.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.ftcdn.net *.behance.net *.paypal.com *.typekit.net *.gstatic.com *.afd.co.uk t.powerreviews.com assets-manager.abtasty.com https://maps.googleapis.com https://maps.gstatic.com https://ws.colissimo.fr https://*.tile.openstreetmap.fr https://*.onyourmap.com https://google.fr https://www.magezon.com *.sagepay.com *.opayo.eu.elavon.com ebizmarts-website.s3.amazonaws.com *.openstreetmap.org www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.hsforms.net *.hsforms.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.afd.co.uk cdn.jsdelivr.net js-agent.newrelic.com party.spockee.io app.ekoo.co ui.powerreviews.com *.truefitcorp.com https://maps.googleapis.com https://www.google.com https://www.gstatic.com https://ws.colissimo.fr https://api.mapbox.com https://*.typeform.com widget.proximis.com *.sagepay.com *.opayo.eu.elavon.com https://cdnjs.cloudflare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com *.hsforms.net *.hsforms.com *.gstatic.com https://www.googletagmanager.com tagmanager.google.com  tag.search.sensefuel.live pdata.damart.fr try.abtasty.com                  'self' 'unsafe-eval' 'nonce-dXY4YncycmFxemxvN2t1dHM3bjdydGx2N3M3cGRnaXE=' 'sha256-W5akSSK6LD5BjIlNICMcXaUObQSRAaj6bs7JHADURBA=' 'sha256-3qVqeAdyxxTdPkkRzqapjGkAUYLahxSrB7Mdup+GPQ0=' 'sha256-2rvfFrggTCtyF5WOiTri1gDS8Boibj4Njn0e+VCBmDI=' 'sha256-p8MCfMHqrovsjRYU9z0bU17dd0z81k/fVbGrtBBiM9g=' 'sha256-0pk2s4oXwBELlC6IBVb3nNaM2PjfjwI2N6OGIX5lx8Y=' 'sha256-nkEZknO0IxNxY/CkTMBhjNhwPvglpYumjx31B4fjkY8='; style-src *.adobe.com fonts.googleapis.com cdn.jsdelivr.net ui.powerreviews.com https://fonts.googleapis.com https://ws.colissimo.fr https://api.mapbox.com https://*.typeform.com *.sagepay.com *.opayo.eu.elavon.com https://cdnjs.cloudflare.com assets.braintreegateway.com *.googleapis.com *.gstatic.com tagmanager.google.com tag.search.sensefuel.live 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net vimeo.com www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.afd.co.uk *.getalma.eu *.almapay.com api.spockee.io backoffice-api.spockee.io ui.powerreviews.com display.powerreviews.com app.ekoo.co maps.googleapis.com https://ws.colissimo.fr https://maps.googleapis.com https://nominatim.openstreetmap.org https://*.onyourmap.com https://*.mapbox.com *.sagepay.com *.opayo.eu.elavon.com *.openstreetmap.org api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com c.search.sensefuel.live 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.underdogfantasy.com login.underdogsports.com underdog.underdog.auth0app.com browser-intake-datadoghq.com *.typekit.net api2.branch.io api2.amplitude.com api.lab.amplitude.com static.intercomassets.com *.intercom.io wss://nexus-websocket-a.intercom.io *.intercomcdn.com api.consentjs.datagrail.io app.link *.geocomply.net *.geocomply.com www.facebook.com connect.facebook.net cdn.sift.com *.prod.bidr.io *.event.prod.bidr.io *.googleapis.com fonts.gstatic.com google.com *.google.com www.googletagmanager.com googleads.g.doubleclick.net td.doubleclick.net www.googleadservices.com *.connextra.com *.amazon-adsystem.com ara.paa-reporting-advertising.amazon *.optimove.net *.adnxs.com cdn.contentful.com *.pusher.com wss://*.pusher.com wss://*.pusherapp.com *.telemetry.vaultdcr.com *.paysafe.com use.fontawesome.com trustly.one paywithmybank.com cdn1.paywithmybank.com *.algolia.net *.algolianet.com sdk.iad-06.braze.com braze-images.com js.appboycdn.com *.greenhouse.io www.paypal.com www.paypalobjects.com app.sigmacomputing.com *.socure.com onelinksmartscript.appsflyer.com impressions.onelink.me hexagon-analytics.com static.cloudflareinsights.com d2hrivdxn8ekm8.cloudfront.net; report-uri https://browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub4d90fa7d4b2d9b8c89337d758778172e&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=service%3acontent%2dsecurity%2dpolicy%2cenv%3aud1%2dproduction 1
default-src 'self' image.spreadshirtmedia.net ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *.go-mpulse.net apis.google.com assets.adobedtm.com *.cloudfront.net nxtck.com ssl.gstatic.com ws.sessioncam.com *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com adtm.spreadshirts.net *.spreadshirt.net ; img-src 'self' data: https: image.spreadshirtmedia.net *.gstatic.com rtb-csync.smartadserver.com pixel.rubiconproject.com pixel.advertising.com dsum-sec.casalemedia.com cotads.adscale.de www.google-analytics.com eu-u.openx.net ih.adscale.de *.akstat.io www.facebook.com dsum-sec.casalemedia.com ad.yieldlab.net secure.adnxs.com mapping.nxtck.com stats.g.doubleclick.net www.google.com www.google.de cm.g.doubleclick.net ads.yahoo.com sync.ligadx.com eb2.3lift.com s.sspqns.com x.bidswitch.net image2.pubmatic.com sync.outbrain.com nxtck.com *.google-analytics.com *.analytics.google.com *.zdassets.com sanalytics.spreadshirt.net *.spreadshirt.net ; connect-src 'self' https: *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com *.go-mpulse.net *.akstat.io/ dpm.demdex.net *.google-analytics.com *.analytics.google.com wss://*.zendesk.com *.spreadshirt.net ; font-src 'self' https: data: *.spreadshirt.net ; style-src 'self' data: 'unsafe-inline' https: *.spreadshirt.net ; object-src 'none' ; media-src image.spreadshirtmedia.net ; frame-src 'self' https: www.google.com accounts.google.com *.spreadshirt.net ; report-uri https://csp.spreadshirts.net/csp/reportOnly ; 1
script-src 'self' 'unsafe-inline' chrome-extension: https://rusmeteo.net https://pos.gosuslugi.ru https://counter.rambler.ru https://st.top100.ru https://mc.yandex.ru https://stat.sputnik.ru 'unsafe-eval' 127.0.0.1:8182 127.0.0.1:8888 127.0.0.1:5005; frame-src 'self' https://pos.gosuslugi.ru chrome-extension: https://mc.yandex.ru https://mc.yandex.com https://mc.yandex.md; object-src 'self'; report-uri /cspreportonly; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com cash-f.squarecdn.com *.googleapis.com data: *.bic.com *.shopbic.com *.bazaarvoice.com *.googleusercontent.com *.slant.co *.aws.projects.clever-age.net *.fontawesome.com fonts.googleapis.com https://cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com * *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de api.bazaarvoice.com stg.api.bazaarvoice.com *.facebook.com *.wlp-acs.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.certcapture.com *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com * www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.certcapture.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.bic.com *.shopbic.com *.adsrvr.org *.amazon-adsystem.com *.criteo.com *.doubleclick.net *.googletagmanager.com *.pinterest.com *.sitescout.com *.snapchat.com *.tradedoubler.com *.wlp-acs.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net * *.googleapis.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com *.certcapture.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com *.bic.com *.shopbic.com *.aws.projects.clever-age.net *.adsrvr.org *.bazaarvoice.com *.bing.com *.clarity.ms *.contentsquare.net *.criteo.net *.doubleclick.net *.facebook.com *.facebook.net *.google.com *.googlesyndication.com *.googletagmanager.com *.googleusercontent.com *.ipredictive.com *.linkedin.com *.outbrain.com *.privacy-center.org *.sitescout.com *.tiktok.com s3.amazonaws.com www.google.ca www.google.es www.google.fr www.google.it *.openstreetmap.org maps.googleapis.com maps.gstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.authorize.net assets.secure.checkout.visa.com sandbox.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.certcapture.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com *.bic.com *.shopbic.com *.aws.projects.clever-age.net *.abtasty.com *.adsrvr.org *.amazon-adsystem.com *.bazaarvoice.com *.bing.com *.clarity.ms *.contentsquare.net *.criteo.com *.criteo.net *.doubleclick.net *.facebook.net *.googlesyndication.com *.googletagmanager.com *.licdn.com *.noibu.com *.outbrain.com *.pinimg.com *.pinterest.com *.pixel.ad *.privacy-center.org *.skeepers.io *.snapchat.com *.tiktok.com sc-static.net targetemsecure.blob.core.windows.net maps.googleapis.com maps.gstatic.com fonts.googleapis.com https://widgets.rr.skeepers.io/ https://api-product-reviews.cxr.skeepers.io/ https://cl-ppr.rr.skeepers.io/ https://cl-pbr.cxr.skeepers.io/ https://cdnjs.cloudflare.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.cash.app *.certcapture.com display.ugc.bazaarvoice.com *.bic.com *.shopbic.com *.aws.projects.clever-age.net *.bazaarvoice.com *.googletagmanager.com *.typekit.net *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.bic.com *.shopbic.com *.bing.com *.gstatic.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com * *.googleapis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.certcapture.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.bic.com *.shopbic.com *.aws.projects.clever-age.net *.abtasty.com *.adsrvr.org *.amazon-adsystem.com *.bazaarvoice.com *.bing.com *.clarity.ms *.contentsquare.net *.criteo.com *.doubleclick.net *.facebook.com *.google-analytics.com *.googlesyndication.com *.gstatic.com *.linkedin.com *.noibu.com *.outbrain.com *.paa-reporting-advertising.amazon *.pinterest.com *.privacy-center.org *.samsung.com *.skeepers.io *.slgnt.eu *.snapchat.com *.tiktok.com *.typekit.net www.google.ca www.google.es www.google.fr www.google.it maps.googleapis.com https://widgets.rr.skeepers.io/ https://api-product-reviews.cxr.skeepers.io/ https://cl-ppr.rr.skeepers.io/ https://cl-pbr.cxr.skeepers.io/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com 'self' 'unsafe-inline'; child-src *.certcapture.com http: https: blob: 'self' 'unsafe-inline'; default-src *.bic.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://b5d2d853-cb54-412f-93ec-9e1c49a8e581.sansec.watch/; report-to report-endpoint; 1
font-src traxxas.com fonts.googleapis.com fonts.gstatic.com cdn.jsdelivr.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com pay.google.com sandbox.secure.checkout.visa.com secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com *.paypal.com * traxxas.com fonts.gstatic.com zonos.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.gstatic.com sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com traxxas.com assurance.sysnetgs.com i1.createsend1.com i2.createsend1.com i3.createsend1.com i4.createsend1.com i5.createsend1.com i6.createsend1.com i7.createsend1.com i8.createsend1.com i9.createsend1.com i10.createsend1.com fonts.gstatic.com hn.inspectlet.com hello.zonos.com connect.facebook.net www.facebook.com facebook.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.online-metrix.net testflex.cybersource.com flex.cybersource.com pay.google.com x.klarnacdn.net sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com traxxas.com support.traxxas.com assurance.sysnetgs.com cdn.inspectlet.com fonts.gstatic.com s7.addthis.com zonos.com cdn.jsdelivr.net route.elements.zonos.com js-agent.newrelic.com connect.facebook.net https://maps.googleapis.com https://maps.gstatic.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com https://h64.online-metrix.net https://hello.zonos.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com traxxas.com fonts.googleapis.com fonts.gstatic.com zonos.com cdn.jsdelivr.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com thm.visa.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com traxxas.com fonts.gstatic.com hn.inspectlet.com wss://ws.inspectlet.com zonos.com hello.zonos.com cdn.jsdelivr.net route.elements.zonos.com js-agent.newrelic.com connect.facebook.net cdn.inspectlet.com assurance.sysnetgs.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; frame-src 'self' https://9628652.fls.doubleclick.net https://td.doubleclick.net https://js.driftt.com https://a8447815042.cdn-pci.optimizely.com https://ct.pinterest.com https://tealium-f.squarecdn.com; worker-src 'self' blob:; connect-src 'self' https://assets.ctfassets.net https://api.broadway.squareup.com https://campaign-hub-production-f.squarecdn.com https://api.squareup.com/v1/cdp/batch https://api.squarestagingexternal.com/v1/cdp/batch https://api.squarestagingexternal.com https://api.squareup.com https://api.squareupstaging.com *.contentsquare.net https://capi.squareup.com https://browser-intake-datadoghq.com https://stats.g.doubleclick.net https://facebook.com https://www.facebook.com https://googleads.g.doubleclick.net http://www.google-analytics.com https://www.google-analytics.com https://google.com https://www.google.com https://us-central1-sq-sgtm-prod.cloudfunctions.net https://www.googletagmanager.com http://images.ctfassets.net https://images.ctfassets.net http://424-iab-218.mktoresp.com https://424-iab-218.mktoresp.com https://xms2-marketo.beta.stage.sqprod.co https://424-iab-218.mktoutil.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://privacyportal.onetrust.com https://logx.optimizely.com https://ct.pinterest.com https://conversions-config.reddit.com https://pixel-config.reddit.com https://www.redditstatic.com *.ingest.us.sentry.io *.6sc.co https://api.sprig.com https://squareupstaging.com https://visitor-scoring-new.marketlinc.com https://api.chilipiper.com https://pw-renderer-production-c.squarecdn.com localhost:*; font-src 'self' https://cash-f.squarecdn.com https://square-fonts-production-f.squarecdn.com; img-src 'self' data: blob: https://ib.adnxs.com https://assets.ctfassets.net https://cdn.blisspointmedia.com https://campaign-hub-production-f.squarecdn.com *.contentsquare.net https://ad.doubleclick.net https://facebook.com https://www.facebook.com https://google.com https://www.google.com https://adservice.google.com https://googleads.g.doubleclick.net http://www.google-analytics.com https://www.google-analytics.com https://*.g.doubleclick.net https://www.googletagmanager.com http://images.ctfassets.net https://images.ctfassets.net https://px.ads.linkedin.com https://cdn.cookielaw.org https://pixel.pointmediatracker.com https://alb.reddit.com *.6sc.co https://api.squareup.com https://api.squareupstaging.com https://insight.adsrvr.org https://match.adsrvr.org https://pw-renderer-production-c.squarecdn.com; manifest-src 'self' https://pw-renderer-production-c.squarecdn.com; media-src 'self' https://assets.ctfassets.net https://js.driftt.com http://videos.ctfassets.net https://videos.ctfassets.net; script-src 'self' *.contentsquare.net https://www.datadoghq-browser-agent.com https://js.driftt.com https://connect.facebook.net https://www.googleadservices.com https://googleads.g.doubleclick.net http://www.google-analytics.com https://www.google-analytics.com https://www.googletagmanager.com https://campaign-hub-production-f.squarecdn.com https://lift-ai-js.marketlinc.com https://martech-development-c.squarecdn.com https://martech-production-c.squarecdn.com https://martech-staging-c.squarecdn.com http://munchkin.marketo.net https://munchkin.marketo.net https://cdn.cookielaw.org https://a8447815042.cdn-pci.optimizely.com https://s.pinimg.com https://ct.pinterest.com https://pw-renderer-production-c.squarecdn.com https://pw-renderer-staging-c.squarecdn.com https://pwt-production-c.squarecdn.com https://pwt-staging-c.squarecdn.com https://www.redditstatic.com *.6sc.co https://cdn.sprig.com https://xms-production-f.squarecdn.com https://www.youtube.com https://pw-renderer-production-c.squarecdn.com 'nonce-4ktdEQPjg0OGcniv8LOzdA=='; style-src 'self' https://square-fonts-production-f.squarecdn.com 'unsafe-inline' https://pw-renderer-production-c.squarecdn.com; frame-ancestors 'self' https://app.contentful.com; report-uri https://browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubd9af00759e65a48ba7ee3ff1dfa4260b&dd-evp-origin=content-security-policy&ddsource=csp-report; report-to browser-intake-datadoghq 1
object-src 'none'; frame-ancestors 'none'; base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://*.mercdn.net https://www.google.com https://*.adtrafficquality.google https://*.g.doubleclick.net https://analytics.tiktok.com https://b99.yahoo.co.jp https://bat.bing.com https://*.smartnews-ads.com https://connect.facebook.net https://ct.pinterest.com https://d.line-scdn.net https://dmp.im-apps.net https://dynamic.criteo.com https://h.accesstrade.net https://s.pinimg.com https://s.yimg.jp https://*.criteo.com https://static.ads-twitter.com https://statics.a8.net https://*.blob.core.windows.net https://trj.valuecommerce.com https://*.google-analytics.com; style-src 'self' 'unsafe-inline' https://*.mercdn.net https://fonts.googleapis.com; font-src https://fonts.gstatic.com; report-uri https://asia-northeast1-security-csp-report-collector.cloudfunctions.net/csp-report-collector-jp 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://*.gstatic.com *.fontawesome.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io *.adp.com *.googleapis.com data: *.espssl.com maxcdn.bootstrapcdn.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.adyen.com api.bazaarvoice.com stg.api.bazaarvoice.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io *.facebook.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.adyen.com *.wesupply.xyz https://wesupplylabs.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io *.burpee.com *.criteo.net *.criteo.com *.freshchat.com *.doubleclick.net *.paypalobjects.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * js.mollie.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.ftcdn.net *.behance.net *.paypal.com *.typekit.net *.gstatic.com *.adyen.com https://*.gstatic.com https://images.unsplash.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io *.clarity.ms *.doubleclick.net *.bing.com *.alocdn.com *.google-analytics.com *.google.com.br *.google.com *.google.com.ua *.google.de www.facebook.com *.rlcdn.com *.criteo.com *.espssl.com *.burpee.com *.listrakbi.com *.linksynergy.com *.securedvisit.com *.bazaarvoice.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://www.mollie.com https://redchamps.com *.hsforms.net *.hsforms.com 'self' data: https://maps.gstatic.com *.googletagmanager.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com js-agent.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.adyen.com *.googleapis.com https://maps.googleapis.com *.cloudflare.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com *.jsdelivr.net *.adp.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io *.rapidspike.com *.facebook.com *.googleoptimize.com *.listrakbi.com *.rkdms.com *.amplitude.com *.trustpilot.com *.googletagmanager.com *.googleadservices.com data: *.bing.com *.criteo.net *.rmtag.com *.facebook.net *.doubleclick.net *.linksynergy.com *.clarity.ms *.datadome.co *.datadome.com *.criteo.com *.rakuten.com *.freshchat.com *.securedvisit.com *.burpee.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com js.mollie.com *.hsforms.net *.hsforms.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://fonts.googleapis.com/ *.fontawesome.com display.ugc.bazaarvoice.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io *.listrakbi.com *.trustpilot.com *.googleapis.com data: *.freshchat.com *.espssl.com *.cloudflare.com *.adp.com assets.braintreegateway.com maxcdn.bootstrapcdn.com *.gstatic.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.adyen.com *.googleapis.com https://maps.googleapis.com https://player.vimeo.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io *.facebook.com *.listrakbi.com *.paypalobjects.com *.clarity.ms *.rapidspike.com *.google-analytics.com *.doubleclick.net data: *.algolia.io *.revcontent.com *.datadome.co *.datadome.com *.adp.com *.amplitude.com *.bing.com *.bazaarvoice.com *.burpee.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.burpee.com/csp-report; report-to report-endpoint; 1
default-src *.bellroy.com 'self' https: data:; base-uri 'self'; connect-src *.bellroy.com https: wss: www.google.com api.tangiblee.com; font-src *.bellroy.com 'self' data: https: themes.googleusercontent.com fonts.googleapis.com fonts.gstatic.com; frame-src *.bellroy.com 'self' https: data: ms-appx-web: www.facebook.com; img-src *.bellroy.com https: data: blob: android-webview-video-poster:; media-src *.bellroy.com https: data: blob:; script-src *.bellroy.com 'self' https: 'unsafe-inline' 'unsafe-eval' data: opera: google.com *.visa.com d1fc8wv8zag5ca.cloudfront.net; style-src *.bellroy.com https: 'unsafe-inline' data:; worker-src 'self' blob:; child-src 'self' blob:; block-all-mixed-content; report-uri /csp_reports 1
object-src 'none'; script-src 'self' 'report-sample' 'unsafe-eval' www.youtube.com vimeo.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://player.vimeo.com https://unpkg.com unpkg.com; style-src 'self' 'report-sample' 'unsafe-inline' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com unpkg.com; worker-src 'self'; base-uri 'self'; form-action 'self'; frame-ancestors 'self' 1
font-src *.googleapis.com *.gstatic.com data: *.cloudflare.com *.typekit.net *.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.sharethis.com www.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.superoffice.com *.addthis.com *.google.com *.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.sharethis.com *.gstatic.com *.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.ytimg.com *.lightemporium.com *.usercentrics.eu data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.sharethis.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.cloudflare.com *.google-analytics.com *.google.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.hotjar.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.sharethis.com fonts.googleapis.com unsafe-inline assets.braintreegateway.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.sharethis.com *.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.doubleclick.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'self' 'unsafe-inline' js.datadome.co ct.captcha-delivery.com *.onetrust.com *.googletagmanager.com *.cookielaw.org *.qualtrics.com *.siteintercept.qualtrics.com *.salesforce.com *.sandbox.my.salesforce.com *.en25.com *.segment.com *.amplitude.com *.salesforceliveagent.com *.salesforceliveagent.com; connect-src 'self' api-js.datadome.co *.onetrust.com *.cookielaw.org *.rcp-api.reutersconnect.com *.cdn.reuters.com *.reutersconnect.com siteintercept.qualtrics.com wss://*.rcp-api.reutersconnect.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.segment.io *.amplitude.com *.thomsonreuters.com *.cdn.reuters.com; frame-src 'self' geo.captcha-delivery.com *.onetrust.com *.salesforce.com *.sandbox.my.salesforce.com; worker-src 'self' blob: https://*.reutersconnect.com; report-to csp-endpoint; 1
script-src 'sha256-jHvGB2lsYN4mG2tnP4TSIlTMJoxGF1eSNqekN3OAvp4=' 'self' self unsafe-eval; style-src self unsafe-eval; report-uri https://d302fc2a-dd34-416c-a079-e29edadd0fcf.sansec.watch/ 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com https://*.easypack24.net fonts.googleapis.com https://*.typekit.net https://font.static.useinsider.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.paypal.com https://*.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.braintreegateway.com *.paypal.com google.com *.google.com https://www.googletagmanager.com/ secure.payu.com merch-prod.snd.payu.com https://parcelshop.dhl.pl https://pudofinder.dpd.com.pl https://widget.packeta.com https://backup.widget.packeta.com https://*.dpd.com.pl/ https://*.dpd.cz/ https://consentcdn.cookiebot.com https://*.livechatinc.com https://secure-fra.livechatinc.com https://creativecdn.com https://martes.api.useinsider.com https://ams.creativecdn.com https://*.doubleclick.net https://*.criteo.com https://martes.api.useinsider.com/ https://*.criteo.net https://www.facebook.com https://*.avin1.com https://*.packeta.com https://api.dpd.cz/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.paypal.com *.typekit.net *.gstatic.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ static.payu.com https://*.sysadvisors.pl https://*.easypack24.net https://*.inpost.pl https://trustmate.io magefan.com cm.magefan.com quickchart.io img.youtube.com https://fitanu.com https://*.paynow.pl https://*.cookiebot.com https://*.glami.pl https://*.bing.com https://google.pl https://*.useinsider.com https://*.google.pl https://log.api.useinsider.com https://*.adnxs.com https://cm.g.doubleclick.net https://*.creativecdn.com https://*.udmserve.net https://*.rubiconproject.com https://*.wp.pl https://*.teads.tv https://*.taboola.com https://*.adscale.de https://*.3lift.com https://*.outbrain.com https://*.smartadserver.com https://*.yieldmo.com https://*.openx.net https://*.360yield.com https://*.33across.com https://*.seedtag.com https://sync.go.sonobi.com https://*.nexx360.io https://*.clarity.ms https://*.casalemedia.com https://*.lijit.com https://*.omnitagjs.com https://*.media.net https://*.loopme.me https://onetag-sys.com https://*.mgid.com https://*.ad.smaato.net https://*.rmp.rakuten.com https://*.visx.net http://*.credit-agricole.pl https://*.facebook.com https://*.bidswitch.net https://*.zdusercontent.com https://*.criteo.com https://*.1rx.io https://*.emxdgt.com https://*.yieldlab.net https://*.tremorhub.com https://*.sharethrough.com https://*.pubmatic.com https://*.postrelease.com https://*.mediavine.com https://*.ivitrack.com https://id5-sync.com https://*.zendesk.com https://*.dmxleo.com https://*.facebook.net https://*.avin1.com https://*.unrulymedia.com https://sklepmartes.pl https://*.packeta.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ secure.payu.com secure.snd.payu.com https://*.sysadvisors.pl https://*.googlesyndication.com https://pagead2.googlesyndication.com https://widget.packeta.com https://backup.widget.packeta.com https://unpkg.com https://cdn.jsdelivr.net https://api.mapbox.com https://*.easypack24.net https://trustmate.io https://cz.im9.cz https://sk.im9.cz *.avada.io *.snrbox.com https://*.paynow.pl https://*.intum.com https://*.demoup.com https://cdn.intum.com https://*.cookiebot.com https://*.clarity.ms https://*.azureedge.net https://*.livechatinc.com https://*.wp.pl https://*.dmdi.pl https://*.savecart.pl https://*.goadservices.com https://*.bing.com https://*.dwin1.com https://glamipixel.com https://trafficscanner.pl https://*.cloudflareinsights.com https://martes.api.useinsider.com https://tags.creativecdn.com https://script.ar-mtch1.com https://eitri.api.useinsider.com https://*.allekurier.pl https://*.luigisbox.com https://*.criteo.com https://*.facebook.net https://*.tiktok.com https://*.avin1.com https://*.martessport.eu https://*.packeta.com https://*.sklepmartes.pl 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com https://*.sysadvisors.pl https://cdn.jsdelivr.net https://*.easypack24.net https://api.mapbox.com https://trustmate.io *.snrcdn.net fonts.gstatic.com https://assets.api.useinsider.com https://*.luigisbox.com https://*.sklepmartes.pl 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ secure.payu.com merch-prod.snd.payu.com https://*.sysadvisors.pl https://widget.packeta.com https://backup.widget.packeta.com https://*.easypack24.net https://api.mapbox.com https://events.mapbox.com https://trustmate.io https://get.geojs.io *.avada.io *.snrbox.com https://*.demoup.com https://mycliplister.com https://*.google-analytics.com https://*.livechatinc.com https://googleads.g.doubleclick.net https://ams.creativecdn.com https://lt.ar-mtch1.com https://*.cookiebot.com https://*.useinsider.com https://*.clarity.ms https://*.bing.com https://*.inpost.pl https://*.luigisbox.com https://*.tiktok.com https://*.sklepmartes.pl https://*.criteo.com https://*.keys.adm-services.goog https://*.facebook.com https://*.googlesyndication.com https://*.packeta.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-IIaZflBn2hX6clVlUvYAHQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.wesupply.xyz https://wesupplylabs.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net converse.com.mx searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com converse.com.mx searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com commerce.adobe.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com https://sdk.mercadopago.com/js/v2 https://js.fintoc.com/v1 *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net converse.com.mx searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net converse.com.mx searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com converse.com.mx searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com converse.com.mx searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.magento-datasolutions.com *.magento-ds.com https://sdk.mercadopago.com/ https://api.mercadopago.com/v1/payments https://api.fintoc.com/ https://api.fintoc.com/v1/payment_intents *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net converse.com.mx searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net cash-f.squarecdn.com converse.com.br https://magento.com *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com * www.facebook.com 'self' connect.facebook.net graph.facebook.com business.facebook.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com * https://gum.criteo.com/ api.sunset.systems targeting.voxus.tv https://springmedia.go2cloud.org/ https://googleads.g.doubleclick.net/ https://www.google.com.br/ https://tpc.googlesyndication.com/ https://static.criteo.net/ td.doubleclick.net https://fledge.us.criteo.com/ https://www.googletagmanager.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com https://plumrocket.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net * converse.com.br www.facebook.com https://mcstaging.converse.com.br www.google.com.br conectiva.io https://s.ad.smaato.net https://simage2.pubmatic.com https://ade.clmbtech.com/ https://sync-criteo.ads.yieldmo.com https://e1.emxdgt.com https://x.bidswitch.net/ https://cm.g.doubleclick.net https://ib.adnxs.com/ secure.adnxs.com https://pixel.rubiconproject.com/ https://match.sharethrough.com https://rtb-csync.smartadserver.com https://sync-t1.taboola.com/ https://criteo-sync.teads.tv https://eb2.3lift.com/ https://ups.analytics.yahoo.com/ https://tg.socdm.com/ https://visitor.omnitagjs.com https://gum.criteo.com https://r.casalemedia.com https://ads.stickyadstv.com https://ad.360yield.com https://matching.ivitrack.com https://i.liadm.com/ https://exchange.mediavine.com https://c.bing.com/ https://trends.revcontent.com https://criteo-partners.tremorhub.com/ https://secure.adnxs.com https://contextual.media.net https://dis.criteo.com https://tags.bluekai.com https://cm.adgrx.com https://sync.outbrain.com bat.bing.com https://device.clearsale.com.br https://c.clarity.ms https://rsp.servername.net http://rsp.servername.net https://googleads.g.doubleclick.net/ http://www.googleadservices.com/ https://idsync.rlcdn.com/ https://*.rakuten.com https://*.linksynergy.com https://*.nxtck.com https://*.xg4ken.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com.br http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ connect.facebook.net graph.facebook.com business.facebook.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com https://adobe.com/ www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net https://amcglobal.sc.omtrdc.net/ commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com https://adyen.com pay.google.com *.payments-amazon.com http://www.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com converse.com.br js-agent.newrelic.com js.go2sdk.com tag.rmp.rakuten.com ads01.groovinads.com img.metaffiliation.com https://assets.adobedtm.com/ https://secure.authorize.net/ https://test.authorize.net/ https://js.braintreegateway.com/ https://unpkg.com/ https://commerce.adobe.net/ https://use.typekit.net/ https://t.paypal.com https://s.ytimg.com https://magento-ds.com www.facebook.com connect.facebook.net https://graph.facebook.com/ https://business.facebook.com/ https://google.com.br/ https://gstatic.com/ http://www.googletagmanager.com/ https://www.googletagmanager.com/ http://www.paypalobjects.com https://www.googleoptimize.com https://static.zdassets.com/ https://device.clearsale.com.br https://dynamic.criteo.com www.rtb123.com conectiva.io analytics.tiktok.com cdn.targeting.voxus.com.br https://app.cartstack.com.br bat.bing.com https://static.hotjar.com https://service.maxymiser.net https://widget-mediator.zopim.com https://sslwidget.criteo.com https://bat.bing.com www.clarity.ms targeting.voxus.com.br https://script.hotjar.com/ https://tpc.googlesyndication.com https://*.rakuten.com https://*.linksynergy.com https://*.nxtck.com https://*.xg4ken.com https://*.googletagmanager.com *.googleapis.com *.google.com *.gstatic.com graph.facebook.com business.facebook.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src https://adobe.com fonts.googleapis.com *.cash.app converse.com.br https://fonts.googleapis.com https://magento.com *.fontawesome.com https://gstatic.com use.typekit.net p.typekit.net *.googleapis.com *.google.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://static.zdassets.com/ http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io * fcmregistrations.googleapis.com firebaseinstallations.googleapis.com k.clarity.ms bam.nr-data.net converse.com.br https://dpm.demdex.net https://amcglobal.sc.omtrdc.net *.google-analytics.com https://commerce.adobedtm.com https://commerce.adobedc.net https://*.snplow.net https://api.magento.com https://*.adobe.io https://performance.typekit.net https://www.sandbox.paypal.com https://www.paypalobjects.com https://www.paypal.com https://pilot-payflowlink.paypal.com https://commerce.adobe.io https://commerce.adobe.net https://qa-api.magedevteam.com https://*.sentry.io https://*.adyen.com http://magento.com https://magento.com http://stats.g.doubleclick.net https://stats.g.doubleclick.net http://www.google-analytics.com https://www.google-analytics.com www.facebook.com https://connect.facebook.net https://graph.facebook.com https://business.facebook.com https://t.elasticsuite.io https://analytics.google.com/ https://ekr.zdassets.com/ https://conscooper.zendesk.com wss://widget-mediator.zopim.com https://analytics.tiktok.com targeting.voxus.com.br api.performa.ai https://www.google.com.br https://bat.bing.com/ https://api.ipify.org logs-01.loggly.com https://api.voxus.tv https://conectiva.io https://coopershoes.zendesk.com/ https://*.clarity.ms/ https://vc.hotjar.io/ https://pagead2.googlesyndication.com/ https://measurement-api.criteo.com/ https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com.br http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ http://dpm.demdex.net https://www.google.com https://www.gstatic.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src converse.com.br bat.bing.com k.clarity.ms www.google.com commerce.adobedc.net analytics.tiktok.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
worker-src blob:; font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com https://www.gstatic.com maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.adyen.com pay.google.com payments-eu.amazon.com *.amazon.de *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.adyen.com pay.google.com https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com * https://*.contentsquare.net https://*.contentsquare.com https://analytics.tiktok.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.adyen.com pay.google.com *.payments-amazon.com *.media-amazon.com *.paypalobjects.com https://images.unsplash.com *.googleapis.com https://*.gstatic.com https://*.google.com https://*.googleapis.com https://*.googleusercontent.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://*.contentsquare.net https://*.contentsquare.com https://www.google.nl https://www.google.de https://bat.bing.com https://match.sharethrough.com https://cm.g.doubleclick.net https://criteo-partners.tremorhub.com https://x.bidswitch.net https://ib.adnxs.com https://rtb-csync.smartadserver.com https://sync-t1.taboola.com https://visitor.omnitagjs.com https://r.casalemedia.com https://gum.criteo.com https://id5-sync.com https://ad.360yield.com https://matching.ivitrack.com https://contextual.media.net https://ad.yieldlab.net https://ps.eyeota.net https://exchange.mediavine.com https://jadserve.postrelease.com https://sync.outbrain.com https://simage2.pubmatic.com https://pixel.rubiconproject.com https://criteo-sync.teads.tv https://eb2.3lift.com https://sync-criteo.ads.yieldmo.com https://e1.emxdgt.com https://dis.criteo.com https://sync.1rx.io https://analytics.tiktok.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.magento-ds.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.magento-datasolutions.com *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js *.googleapis.com https://*.gstatic.com *.getflowbox.com https://*.google.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com connect.getflowbox.com t.contentsquare.net static.hotjar.com https://*.contentsquare.net https://app.contentsquare.com https://*.cookiefirst.com https://*.noibu.com https://cdn-4.convertexperiments.com https://s.pinimg.com https://static.criteo.net https://www.dwin1.com https://bat.bing.com https://ct.pinterest.com https://cdn.watchtower.graindata.com https://script.hotjar.com https://lantern.roeyecdn.com https://sslwidget.criteo.com https://cdn.segmentify.com https://*.prenatal.nl https://analytics.tiktok.com https://app.aiden.cx 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com assets.braintreegateway.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com https://*.cookiefirst.com https://cdn.segmentify.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.sentry.io *.paypal.com google.com *.google.com *.magento-datasolutions.com *.magento-ds.com *.adyen.com https://*.google.com payments-eu.amazon.com *.googleapis.com *.getflowbox.com https://ipinfo.io https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site https://*.contentsquare.net https://*.contentsquare.com https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://*.cookiefirst.com https://pipeline.prenatal.nl https://region1.google-analytics.com https://www.google.nl https://ct.pinterest.com https://measurement-api.criteo.com https://vc.hotjar.io https://gandalf-eu.segmentify.com https://*.convertexperiments.com https://*.noibu.com https://analytics.tiktok.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com blob: http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' fonts.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.talemonger.auth.storable.io *.facebook.net *.cloudflare.com *.google-analytics.com *.googletagmanager.com *.pendo.io *.pusher.com https://maxcdn.bootstrapcdn.com https://code.jquery.com https://ajax.googleapis.com https://cdn.jsdelivr.net https://cdn.hellosign.com *.fullstory.com *.zdassets.com *.storage.googleapis.com *.storable.io https://static.cloudflareinsights.com *.storedgefms.com *.smdservers.net https://lottingem.com https://extensionscontrol.com https://secured-pixel.com https://performance.radar.cloudflare.com; style-src 'self' data: 'unsafe-inline' https://use.fontawesome.com https://stackpath.bootstrapcdn.com https://fonts.googleapis.com https://cdn.jsdelivr.net https://maxcdn.bootstrapcdn.com *.storedgefms.com *.storage.googleapis.com fonts.googleapis.com https://www.gstatic.com https://cdn.honey.io https://pwm-image.trendmicro.com; img-src 'self' data: blob: *.google.com *.gstatic.com *.googleusercontent.com *.cloudfront.net *.storage.googleapis.com *.sparefoot.com *.storedge.com *.storable.io *.createsend1.com *.talemonger.auth.storable.io; font-src data: https://frontdoorcdn.mindverse.ai https://fonts.gstatic.com https://use.fontawesome.com https://static.hsappstatic.net https://www.slant.co fonts.gstatic.com use.typekit.net www.slant.co api.twilio.com data.pendo.io rnl-se-uploads.s3.amazonaws.com www.google-analytics.com www.googletagmanager.com i.ytimg.com translate.google.com assets.storedgefms.com cdn.honey.io file i.vimeocdn.com library.iterable.com s3-external-1.amazonaws.com api.fillr.com;  connect-src 'self' data: wss://* *.storedge.com *.storedgefms.com *.storable.io *.pendo.io *.google-analytics.com *.fullstory.com https://eventgw.twilio.com https://o4507427284123728.ingest.de.sentry.io https://storedge.zendesk.com https://ekr.zdassets.com edge.fullstory.com region1.google-analytics.com rs.fullstory.com sockjs-mt1.pusher.com www.google-analytics.com zendesk-eu.my.sentry.io clientstream.launchdarkly.com everyview.info performance.radar.cloudflare.com tablet.sigwebtablet.com:47290 topodat.info undefined:8443 blob: d2rol5dpdbtxxu.cloudfront.net cdn.shopimgs.com; media-src 'self' data: https://ssl.gstatic.com https://www.phnkey.com https://media.twiliocdn.com; object-src 'none'; frame-src 'self' *.google.com *.youtube.com *.storedge.com *.storable.io *.polaris.storable.io *.hellosign.com *.storageunitinsurance.com *.10federalstorage.com https://mvin.online https://www.ebay.com https://maps.app.goo.gl https://challenges.cloudflare.com esign-signing-ui.polaris.storable.io appv2.kisssolutionsusa.com authenticate.ibotta.com edocuments.statefarm.com forms.zohopublic.com g.co gateway.zscaler.net gateway.zscalerone.net gateway.zscalertwo.net kisssolutions.page.link player.vimeo.com pwm-image.trendmicro.com www.google.com www.gostoreit.com www.phnkey.com www.sandiegoselfstorage.com storagedepot.tenantconnect.com coppersafestorage.com g.page tiny.cc www.49selfstorage.com www.myownpolicy.com www.youtube-nocookie.com gostoreit.tenantconnect.com nam10.safelinks.protection.outlook.com www.facebook.com; worker-src 'self' blob:; base-uri 'self'; child-src blob:; manifest-src 'self'; report-uri https://storable.report-uri.com/r/t/csp/wizard; 1
default-src * maps.googleapis.com *.google.com cdn1.readspeaker.com *.googletagmanager.com *.google-analytics.com dewaserv6645.dewa.gov.ae analytics.google.com fonts.googleapis.com dewa-uaen-prd-rammas-appsvc-bot-fva0avabh8hkana5.uaenorth-01.azurewebsites.net gipw.gupshup.io maps.googleapis.com maps.gstatic.com *.dewa.gov.ae mindrockets.app fonts.gstatic.com mindrocketsinc.com *.gstatic.com *.google.ae analytics.tiktok.com acdn.adnxs.com td.doubleclick.net cdn.appdynamics.com happinessmeter.dubai.gov.ae online.fliphtml5.com lm.serving-sys.com secure-ds.serving-sys.com connect.facebook.net googleads.g.doubleclick.net tools.eurolandir.com tools.euroland.com *.facebook.com vjs.zencdn.net data: blob: js.arcgis.com localhost;script-src * data: 'self' 'unsafe-inline' 'unsafe-eval' maps.googleapis.com *.google.com cdn1.readspeaker.com *.googletagmanager.com *.google-analytics.com dewaserv6645.dewa.gov.ae analytics.google.com fonts.googleapis.com dewa-uaen-prd-rammas-appsvc-bot-fva0avabh8hkana5.uaenorth-01.azurewebsites.net  gipw.gupshup.io maps.googleapis.com maps.gstatic.com *.dewa.gov.ae  mindrockets.app fonts.gstatic.com mindrocketsinc.com *.gstatic.com *.google.ae analytics.tiktok.com acdn.adnxs.com td.doubleclick.net cdn.appdynamics.com happinessmeter.dubai.gov.ae online.fliphtml5.com lm.serving-sys.com secure-ds.serving-sys.com connect.facebook.net googleads.g.doubleclick.net www.youtube.com tools.eurolandir.com tools.euroland.com *.facebook.com vjs.zencdn.net data: blob: js.arcgis.com;style-src * data: 'self' 'unsafe-inline' 'unsafe-eval' maps.googleapis.com *.google.com cdn1.readspeaker.com *.googletagmanager.com *.google-analytics.com dewaserv6645.dewa.gov.ae analytics.google.com fonts.googleapis.com dewa-uaen-prd-rammas-appsvc-bot-fva0avabh8hkana5.uaenorth-01.azurewebsites.net  gipw.gupshup.io maps.googleapis.com maps.gstatic.com *.dewa.gov.ae  mindrockets.app fonts.gstatic.com mindrocketsinc.com *.gstatic.com *.google.ae analytics.tiktok.com acdn.adnxs.com td.doubleclick.net cdn.appdynamics.com happinessmeter.dubai.gov.ae online.fliphtml5.com lm.serving-sys.com secure-ds.serving-sys.com connect.facebook.net googleads.g.doubleclick.net tools.eurolandir.com tools.euroland.com *.facebook.com vjs.zencdn.net data: blob: js.arcgis.com;img-src * data: 'self' 'unsafe-inline' 'unsafe-eval' maps.googleapis.com *.google.com cdn1.readspeaker.com *.googletagmanager.com *.google-analytics.com dewaserv6645.dewa.gov.ae analytics.google.com fonts.googleapis.com dewa-uaen-prd-rammas-appsvc-bot-fva0avabh8hkana5.uaenorth-01.azurewebsites.net  gipw.gupshup.io maps.googleapis.com maps.gstatic.com *.dewa.gov.ae  mindrockets.app fonts.gstatic.com mindrocketsinc.com *.gstatic.com *.google.ae analytics.tiktok.com acdn.adnxs.com td.doubleclick.net cdn.appdynamics.com happinessmeter.dubai.gov.ae online.fliphtml5.com lm.serving-sys.com secure-ds.serving-sys.com connect.facebook.net googleads.g.doubleclick.net tools.eurolandir.com tools.euroland.com *.facebook.com vjs.zencdn.net data: blob: js.arcgis.com; 1
font-src *.cloudflare.com *.googleapis.com *.gstatic.com *.reviews.io *.slant.co *.solvemate.com *.klarnacdn.net *.media-amazon.com chat.digitalgenius.com data: 'self' 'unsafe-inline'; form-action * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src * 'self' 'unsafe-inline'; img-src *.holzkern.com *.accdn.dev *.bing.com *.bing.net *.clarity.ms *.criteo.com *.criteo.net *.doubleclick.net *.facebook.com *.ggpht.com *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.kameleoon.com *.luckyorange.com *.payments-amazon.com *.pinterest.com *.reviews.io *.solvemate.com *.tiktok.com *.twitter.com d10lpsik1i8c69.cloudfront.net t.co x.bidswitch.net ib.adnxs.com rtb-csync.smartadserver.com sync-t1.taboola.com visitor.omnitagjs.com r.casalemedia.com id5-sync.com ad.360yield.com matching.ivitrack.com contextual.media.net exchange.mediavine.com jadserve.postrelease.com sync.outbrain.com simage2.pubmatic.com pixel.rubiconproject.com match.sharethrough.com criteo-sync.teads.tv criteo-partners.tremorhub.com eb2.3lift.com a.twiago.com ad.yieldlab.net sync-criteo.ads.yieldmo.com e1.emxdgt.com sync.1rx.io sync.targeting.unrulymedia.com collector-45613.tvsquared.com public-prod-dspcookiematching.dmxleo.com aa.agkn.com *.reviews.co.uk *.paypalobjects.com *.media-amazon.com *.klarnacdn.net *.paypal.com safesly.com *.klarna.com *.klarnaevt.com dpm.demdex.net *.vimeocdn.com *.adyen.com www.google.ad www.google.ae www.google.al www.google.am www.google.as www.google.at www.google.az www.google.ba www.google.be www.google.bf www.google.bg www.google.bi www.google.bj www.google.bs www.google.bt www.google.by www.google.ca www.google.cd www.google.cf www.google.cg www.google.ch www.google.ci www.google.cl www.google.cm www.google.co.ao www.google.co.bw www.google.co.ck www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ls www.google.co.ma www.google.co.mz www.google.co.nz www.google.co.th www.google.co.tz www.google.co.ug www.google.co.uk www.google.co.uz www.google.co.ve www.google.co.vi www.google.co.za www.google.co.zm www.google.co.zw www.google.com.af www.google.com.ag www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bh www.google.com.bn www.google.com.bo www.google.com.br www.google.com.bz www.google.com.co www.google.com.cu www.google.com.cy www.google.com.do www.google.com.ec www.google.com.eg www.google.com.et www.google.com.fj www.google.com.gh www.google.com.gi www.google.com.gt www.google.com.hk www.google.com.jm www.google.com.kh www.google.com.kw www.google.com.lb www.google.com.ly www.google.com.mm www.google.com.mt www.google.com.mx www.google.com.my www.google.com.na www.google.com.ng www.google.com.ni www.google.com.np www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.com.pr www.google.com.py www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.sl www.google.com.sv www.google.com.tj www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vc www.google.com.vn www.google.cv www.google.cz www.google.de www.google.dj www.google.dk www.google.dm www.google.dz www.google.ee www.google.es www.google.fi www.google.fr www.google.ga www.google.ge www.google.gg www.google.gl www.google.gm www.google.gr www.google.gy www.google.hn www.google.hr www.google.ht www.google.hu www.google.ie www.google.im www.google.iq www.google.is www.google.it www.google.je www.google.jo www.google.kg www.google.kz www.google.la www.google.li www.google.lk www.google.lt www.google.lu www.google.lv www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.mn www.google.mu www.google.mv www.google.mw www.google.ne www.google.nl www.google.no www.google.pl www.google.ps www.google.pt www.google.ro www.google.rs www.google.ru www.google.rw www.google.sc www.google.se www.google.si www.google.sk www.google.sm www.google.sn www.google.so www.google.sr www.google.st www.google.td www.google.tg www.google.tm www.google.tn www.google.to www.google.tt www.google.vu www.google.ws data: 'self' 'unsafe-inline'; script-src *.holzkern.com *.accdn.dev *.addthis.com *.ads-twitter.com *.bing.com *.boxx.ai *.clarity.ms *.cloudflare.com *.cloudflareinsights.com *.cnd-motionmedia.de *.criteo.com *.doubleclick.net *.facebook.net *.google.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.kameleoon.com *.kameleoon.eu *.netcoresmartech.com *.payments-amazon.com *.pinimg.com *.pinterest.com *.reviews.io *.snapchat.com *.solvemate.com *.sovendus.com *.tiktok.com *.vimeo.com d10lpsik1i8c69.cloudfront.net sc-static.net js.klarna.com collector-45613.tvsquared.com *.reviews.co.uk *.newrelic.com *.nr-data.net *.paypal.com *.stripe.com *.qstatic.com *.braintreegateway.com *.klarna.com *.klarnacdn.net *.gstatic.com *.cdn-apple.com *.cardinalcommerce.com *.paypalobjects.com chat.digitalgenius.com *.dgdeepai.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.holzkern.com *.cloudflare.com *.googleapis.com *.googletagmanager.com *.kameleoon.com *.reviews.io *.solvemate.com *.vimeocdn.com *.klarnacdn.net d10lpsik1i8c69.cloudfront.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.bing.com *.google.com *.gstatic.com *.solvemate.com *.vimeocdn.com 'self' 'unsafe-inline'; manifest-src *.netcoresmartech.com 'self' 'unsafe-inline'; connect-src * 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri *.solvemate.com *.vimeo.com 'self' 'unsafe-inline'; report-uri https://68687097-c7e3-4199-ac7f-b76294254f77.sansec.watch/; report-to report-endpoint; 1
object-src 'none';report-uri /csp-report 1
default-src 'self' d1re4mvb3lawey.cloudfront.net *.bibliu.co *.bibliu.com; style-src 'self'; img-src 'self' d1re4mvb3lawey.cloudfront.net *.bibliu.co *.bibliu.com; font-src 'self' d1re4mvb3lawey.cloudfront.net *.bibliu.co *.bibliu.com; frame-src 'self' *.bibliu.co *.bibliu.com; 1
default-src 'self' *.devfolio.co data:; script-src 'self' *.devfolio.co 'unsafe-eval' 'unsafe-inline' https://cdn.segment.com/ https://maps.googleapis.com/ https://cdnjs.cloudflare.com/ https://cdn.jsdelivr.net/ https://cdnmd.global-cache.online/ https://static.cloudflareinsights.com/ https://www.youtube.com/ https://checkout.razorpay.com/ https://apis.google.com/ https://gstatic.com/ https://ssl.gstatic.com/ https://player.vimeo.com/ https://connect.facebook.net/ https://google.com/ https://accounts.google.com/gsi/client https://ssl.google-analytics.com/ https://translate.googleapis.com/ https://unpkg.com/ https://cdn.rudderlabs.com https://www.pagespeed-mod.com/ https://www.google-analytics.com/ https://www.gstatic.com/ http://www.google.com/ *.cloudfront.net/ https://polyfill.io/ https://sessions.bugsnag.com/ https://d2wy8f7a9ursnm.cloudfront.net/v7/bugsnag.min.js https://cdn.tokenproof.xyz/js/tokenproof-oa-widget-v1.0.js blob: ; connect-src 'self' *.devfolio.co https://sessions.bugsnag.com/ https://maps.googleapis.com/ https://api.segment.io/ https://cdn.segment.com/ https://autocomplete.clearbit.com/ wss://*.devfolio.co/ https://lh3.googleusercontent.com/ https://sentry.io/ https://vimeo.com/ wss://*.bridge.walletconnect.org/ https://mainnet.infura.io wss://mainnet.infura.io https://arbitrum-mainnet.infura.io wss://eth-mainnet.ws.alchemyapi.io/ https://eth-mainnet.alchemyapi.io/ https://arb-mainnet.g.alchemy.com/ wss://arb-mainnet.g.alchemy.com/ wss://www.walletlink.org/ https://api.wallet.coinbase.com https://dns.google.com/ https://api.giphy.com/ https://registry.walletconnect.org/ https://api.segment.io/  *.dataplane.rudderstack.com/  https://api.rudderlabs.com/ https://www.google-analytics.com/ https://api.trongrid.io/ https://sun.tronex.io/ https://devfolio-prod.s3.ap-south-1.amazonaws.com/ https://explorer-api.walletconnect.com/ wss://relay.walletconnect.com/ https://sockjs-us2.pusher.com/ https://api.rudderstack.com/ https://cloudflare-eth.com/ https://anon-aadhaar-artifacts.s3.eu-central-1.amazonaws.com/ data:; style-src 'self' https://fonts.googleapis.com/ https://translate.googleapis.com/ 'unsafe-inline' data:; img-src 'self' * *.devfolio.co/ data: blob:; frame-src https://www.loom.com/ https://www.youtube.com/ https://drive.google.com/ https://m.youtube.com/ https://www.dailymotion.com/  https://vimeo.com/ https://api.razorpay.com/ https://accounts.google.com/ https://www.google.com/ https://player.vimeo.com/ https://loom.com/ https://www.drive.google.com/ https://razorpay.com/ *.razorpay.com/ https://mozbar.moz.com/; font-src 'self' https://fonts.gstatic.com/ https://devfolio-prod.s3.ap-south-1.amazonaws.com/ https://o91302.ingest.sentry.io/  https://mozbar.moz.com https://cdn.tokenproof.xyz/fonts/ data:; frame-ancestors 'self'; media-src 'self' *.devfolio.co/ *.githubusercontent.com/ https://www.youtube.com/ https://m.youtube.com/ https://youtu.be/ https://youtube.com/ https://drive.google.com/ https://www.drive.google.com/ data: blob:; report-uri https://o91302.ingest.sentry.io/api/1193563/security/?sentry_key=66b59c332abd4ee9902ba11631dc07c6 1
default-src 'self' https://chla.lndo.site https://*.lndo.site https://*.prod.acquia-sites.com https://chla.org https://www.chla.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://assets.adobedtm.com https://static.cloudflareinsights.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com; img-src 'self' data: https://cm.everesttech.net https://dpm.demdex.net; frame-src 'self' https://app-appdev-ezbooking-prod-001.ase-eapps-prod-001.p.azurewebsites.net  https://app-appdev-chla-symptom-checker-prod-001.ase-eapps-prod-001.p.azurewebsites.net  https://app-bot-appdev-globalhealth-prod-001.ase-eapps-prod-001.p.azurewebsites.net https://childrenshospitalla.demdex.net; child-src 'self' https://app-appdev-ezbooking-prod-001.ase-eapps-prod-001.p.azurewebsites.net  https://app-appdev-chla-symptom-checker-prod-001.ase-eapps-prod-001.p.azurewebsites.net  https://app-bot-appdev-globalhealth-prod-001.ase-eapps-prod-001.p.azurewebsites.net; connect-src 'self' https://assets.adobedtm.com https://*.demdex.net https://cdn.evgnet.com https://cm.everesttech.net https://edge.adobedc.net; report-uri /report-csp-violation 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' api.42chat.com *.api.42chat.com ads.aae.org *.ads.aae.org www.actox.org *.www.actox.org adobedtm.com *.adobedtm.com adroll.com *.adroll.com ads-twitter.com *.ads-twitter.com adtrafficquality.google *.adtrafficquality.google ajax.googleapis.com *.ajax.googleapis.com chatbase.co *.chatbase.co clarity.ms *.clarity.ms doubleclick.net *.doubleclick.net cookiebot.com *.cookiebot.com eventscribe.net *.eventscribe.net facebook.net *.facebook.net feathr.co *.feathr.co google-analytics.com *.google-analytics.com google.com *.google.com googleadservices.com *.googleadservices.com googlesyndication.com *.googlesyndication.com googletagmanager.com *.googletagmanager.com hotjar.com *.hotjar.com licdn.com *.licdn.com logwork.com *.logwork.com magnetmail.net *.magnetmail.net marketo.net *.marketo.net mycadmium.com *.mycadmium.com osano.com *.osano.com realmagnet.land *.realmagnet.land revive-adserver.net *.revive-adserver.net scriptcdn.net *.scriptcdn.net snapengage.com *.snapengage.com snoball.it *.snoball.it stackadapt.com *.stackadapt.com storage.googleapis.com *.storage.googleapis.com pages.thenationalcouncil.org *.pages.thenationalcouncil.org www.tickcounter.com *.www.tickcounter.com translate.googleapis.com *.translate.googleapis.com twitter.com *.twitter.com unpkg.com *.unpkg.com vimeo.com *.vimeo.com youtube.com *.youtube.com zdassets.com *.zdassets.com; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=CmpFuOf0ikoglZ08nBJCT_Pui7XQZCJjOa9C2qkJnyk-1752196716-1.0.1.1-mKFLyaYkoZeL_YCdXKc_m8phdV.Suzr8X9b97kefzYX_ddWhpTQR3OQv2n43Lp4Vr6p3U4wt7xlVUkZxLpycFMudG1.jJHHESo2wFwTmHRBNFCFWjXjAjPIGXyt9liWcqcHN8D3JxVb2QeWqnozPSV3Y1i8jKwvDOITHRO5lkrlhsfNTblo1MxuebRwWe70piDHKvf7PJQ2ZAVLdLnPXVg; report-to cf-xhhmskcdngjxcqjo 1
object-src 'none';base-uri 'self';script-src 'nonce-L1LvYaFBOxOUSfnOYzVaUQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-b7ORJi-bpBd6JvgQPX9YBw' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All 1
frame-ancestors https://*.facebook.com https://*.youtube.com https://*.graphic.com.gh; 1
font-src fonts.gstatic.com use.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.pushpushgo.com *.klevu.com data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.facebook.com *.googlesyndication.com *.constructor.com *.constructor.dev 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.googlesyndication.com *.roeye.com *.pushpushgo.com *.klevu.com *.constructor.com *.constructor.dev data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com https://browser.sentry-cdn.com *.pushpushgo.com *.klevu.com *.constructor.com *.constructor.dev 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adobe.io performance.typekit.net *.sentry.io *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.doubleclick.net *.googlesyndication.com https://*.ingest.sentry.io *.constructor.com *.constructor.dev *.cnstrc.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
connect-src  'unsafe-inline' https: https://chat.tendertech.ru  wss://chat.tendertech.ru:7272 https://blacklist.tendertech.ru https://storage.tendertech.ru 1
default-src 'self'; script-src 'self' 'unsafe-inline' blob: https://cdn.prod.website-files.com https://www.googletagmanager.com https://widget.intercom.io https://smartpass.referralrock.com https://js.navattic.com https://js.hs-scripts.com https://global.localizecdn.com https://js.intercomcdn.com https://js.refiner.io https://embed.lu.ma https://app.posthog.com https://static.cloudflareinsights.com https://smartpass.instatus.com; style-src 'self' https://cdn.prod.website-files.com https://embed.lu.ma https://fonts.googleapis.com https://rsms.me/inter/ 'unsafe-inline'; font-src 'self' https://rsms.me/inter/font-files/ https://fonts.gstatic.com; img-src 'self' data: https://smartpass.app https://*.smartpass.app https://cdn.prod.website-files.com https://storage.googleapis.com/sp-img-cdn/ https://global.localizecdn.com https://www.googletagmanager.com https://widget.intercom.io https://smartpass.referralrock.com https://js.navattic.com https://js.hs-scripts.com; connect-src 'self' https://smartpass.app wss://smartpass.app https://global.localizecdn.com https://firebaseinstallations.googleapis.com https://fcmregistrations.googleapis.com https://*.ingest.sentry.io https://cdn.prod.website-files.com https://www.googletagmanager.com https://*.intercom.io wss://*.intercom.io https://smartpass.referralrock.com https://js.navattic.com https://js.hs-scripts.com  https://*.refiner.io https://api.instatus.com; frame-src 'self' https://js.refiner.io 1
script-src 'strict-dynamic' 'unsafe-inline' https: 'nonce-5ee72bf0faaeec4efb76642ed5d6a35d';object-src 'none';base-uri 'none';frame-src 'self' https://paywall.imoje.pl https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://wchat.freshchat.com https://*.webpush.freshchat.com https://www.youtube.com https://youtube.com https://youtu.be https://www.youtube-nocookie.com https://youtube-nocookie.com https://www.facebook.com https://open.spotify.com/embed/ https://podcasters.spotify.com/pod/show/ https://player.vimeo.com/video/ https://td.doubleclick.net https://platform.twitter.com/ https://www.googletagmanager.com/ 1
default-src 'self'; script-src 'self' https://cdn.levelaccess.net https://cdn.segment.com https://js-agent.newrelic.com https://script.hotjar.com https://static.hotjar.com https://static.khealth.com https://static.legitscript.com; style-src 'self'; object-src 'none'; base-uri 'self'; img-src 'self' data: https://static.legitscript.com; font-src 'self'; connect-src 'self' https://cdn.levelaccess.net https://api.segment.io https://bam.nr-data.net https://cdn.segment.com; frame-src 'none'; manifest-src 'self'; media-src 'self'; worker-src 'self'; report-to csp-endpoint 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=show&source%5Bapp%5D=ShopifyAppStore&source%5Bcontroller%5D=merchant%2Fapp_details&source%5Buuid%5D=7a588321-a5b3-4059-b33f-09288a01bb22-1752201644; report-to shopify-csp 1
object-src 'none';base-uri 'self';script-src 'nonce-Trspi58fRUIv49j7pB9SIg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.tool.lu *.baidu.com *.bdstatic.com; object-src 'none'; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.tool.lu *.baidu.com; img-src 'self' data: *.tool.lu *.href.lu *.baidu.com; media-src 'none'; child-src 'self' *.tool.lu; font-src *.tool.lu *.alicdn.com; connect-src 'self' *.tool.lu *.baidu.com *.alicdn.com; report-uri //a.tool.lu/csp 1
font-src cdnjs.cloudflare.com fonts.gstatic.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com magento.buildify.shop *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.sharethis.com platform.twitter.com magento.buildify.shop c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.sharethis.com s3.amazonaws.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://cdn.polyfill.io *.sharethis.com platform.twitter.com platform.instagram.com apis.google.com magento.buildify.shop https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://browser.sentry-cdn.com *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.sharethis.com cdnjs.cloudflare.com fonts.googleapis.com magento.buildify.shop https://static.klaviyo.com *.fontawesome.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.sharethis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://*.ingest.sentry.io https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' shop2gether.com.br *.shop2gether.com.br wake-components.fbitsstatic.net shop2gether.fbitsstatic.net fbits.net nr-data.net newrelic.com google.com googletagmanager.com google-analytics.com facebook.net facebook.com jquery.com bootstrapcdn.com *.fbits.net *.nr-data.net *.newrelic.com *.google.com *.googletagmanager.com *.google-analytics.com *.facebook.net *.facebook.com *.jquery.com *.bootstrapcdn.com wss://signalr.fbits.net k-analytix.com *.k-analytix.com i.konduto.com *.yapay.com.br *.traycheckout.com.br h.online-metrix.net *.clearsale.com.br dzpxyxks1bfmb.cloudfront.net *.gstatic.com *.koin.com.br *.soclminer.com.br *.btg360.com.br *.socialminer.com signalrcore.fbits.net wss://signalrcore.fbits.net *.cloudfront.net *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadopago.com.br *.paypal.com *.paypalobjects.com gstatic.com *.fbits.store *.adyen.com *.criteo.com *.criteo.net *.g.doubleclick.net *.google.com.br *.googleadservices.com static.zdassets.com clarity.ms assets.zendesk.com *.creativecdn.com *.zdassets.com shop2gether.zendesk.com widget-mediator.zopim.com *.clarity.ms td.doubleclick.net icomm-public.s3.amazonaws.com *.pagar.me *.mundipagg.com *.getnet.com.br vm.icommgroup.com.br:3005 *.icommgroup.com.br:3005 *.icommgroup.com.br s3.sa-east-1.amazonaws.com *.sa-east-1.amazonaws.com *.braintree-api.com *.braintreegateway.com *.pagseguro.com.br *.adyen.com *.pagbank.com *.infraicommgroup.com:3005 *.infraicommgroup.com *.vindi.com.br *.cieloecommerce.cielo.com.br *.braspag.com.br *.pagador.com.br *.online-metrix.net bt-wake-connector.com.br *.pagaleve.com.br *.pagaleve.io wake-api.pagaleve.com.br securegtm.despegar.com api.ipify.org browser-intake-datadoghq.com *.datadoghq-browser-agent.com *.datadoghq.com wake.koin.com.br n8n.icommgroup.com.br *.azurewebsites.net *.hotjar.com *.fbits.net koin-custom-conector-gateway.fbits.net *.koin.com.br static.hotjar.com static.fbits.net payments.koin.com.br *.pinterest.com paypal-wake.s3.us-east-1.amazonaws.com *.useinsider.com *.api.useinsider.com nocodb.infraicommgroup.com:8080 nocodb.infraicommgroup.com *.cardinalcommerce.com *.secureacs.com *.crmbonus.com api.globalgetnet.com *.globalgetnet.com *.sandbox.3dsecure.io *.varify.io *.3dsecure.io ; img-src https: data:; style-src https: 'unsafe-inline'; font-src https: data:; frame-ancestors *.shop2gether.com.br shop2gether.com.br; report-uri https://pub-csp.fbits.net/checkout_sem_carrinho; report-to https://pub-csp.fbits.net/checkout_sem_carrinho; worker-src 'self' blob:; 1
default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src https://* 'self' epichttp:;script-src 'nonce-b73768046b8846c5991cb68d45b506fc' https://0798A0PMYC1002 'self';img-src https://* 'self' blob: data:;style-src https://0798A0PMYC1002 'self' 'unsafe-inline';worker-src 'self' blob:;child-src 'self' blob:;form-action 'self';media-src https://* 'self' blob:; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com cdn.jsdelivr.net cdn.almapay.com https://fonts.gstatic.com https://ws.colissimo.fr *.sagepay.com *.opayo.eu.elavon.com https://cdnjs.cloudflare.com 'self' data: static.sensefuel.live data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.sips-services.com *.sagepay.com *.opayo.eu.elavon.com *.arcot.com *.rsa3dsauth.co.uk *.rsa3dsauth.com *.boc.cn *.afs.com.bh *.enfuce.com *.cardcenter.ch *.nexigroup.com *.pluscard.de *.qiib.com.qa *.paylife.at *.redsys.es *.3dsecure.no *.modirum.com *.edb.com *.viseca.ch *.apata.io *.capitalone.com *.dnp-cdms.jp *.revolut.com *.bankserv.co.za *.swisscard.ch *.six-group.com *.marqeta.com *.cardinalcommerce.com *.wlp-acs.com *.imbank.com *.tsys.co.uk *.sia.eu *.garanti.com.tr *.commerzbank.de *.cmbchina.com *.alahli.com *.mycardsecure.com *.gps.com.bh *.citibank.com *.wibmo.com *.dkb.de *.monzo.com *.alinma.com *.nccc.com.tw *.starlingbank.com *.danskebank.com *.pekao24.pl *.lloydsbank.co.uk/ *.lloydsbank.com/ *.lloydsbankinggroup.com/ *.channel-cards-auth-api.lloydsbankinggroup.com/ *.sparebank1.no *.rabobank.nl *.s-id-check-sparkassen.de *.sparkassen-kreditkarten.de *.mbank.pl *.secure2gw.ro *.btrl.ro *.cafis-paynet.jp *.borica.bg *.fibank.bg *.cic.fr *.zaba.hr *.citibank.co.in *.centrum24.pl *.bankmillennium.pl *.icps.mu *.egolomt.mn *.lcl.fr *.ctbcbank.com *.qiwi.com *.postfinance.ch *.citadele.lv *.kib.com.kw *.cathaybk.com.tw *.pkobp.pl *.acdcproc.com *.abanca.com *.n26.com *.klikbca.com *.psa.at *.sumup.com *.eglobal.com.mx *.pl.ing.com *.qnb.com *.rpc-raiffeisen.com *.sebkort.com *.ocbc.com *.tapngo.com.hk *.stcpay.com.sa *.creditmutuel.fr *.luottokunta.fi *.swedbank.se *.unibank.am *.estcard.ee *.hyundaicard.com *.privatbank.ua *.fssnet.co.in *.kbcard.com *.luminorgroup.com *.mashreq.com *.mercurypaymentservices.it *.moneta.cz *.sensebank.com.ua *.sibs.pt *.stripeauthentications.com *.dskbank.bg *.otpbank.hu *.techcombank.com.vn *.touch.tech *.asseco-see.hr *.3dsecure-csas.cz *.cyris.com *.secureacs.com *.acb.com.vn 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com https://www.youtube.com *.youtube-nocookie.com bid.g.doubleclick.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.getalma.eu *.almapay.com/ *.stripe.com/ *.checkout.com/ *.adyen.com/ *.truefitcorp.com *.weltpixel.com https://form.typeform.com *.sagepay.com *.opayo.eu.elavon.com *.arcot.com *.rsa3dsauth.co.uk *.rsa3dsauth.com *.boc.cn *.afs.com.bh *.enfuce.com *.cardcenter.ch *.pluscard.de *.qiib.com.qa *.nexigroup.com *.paylife.at *.redsys.es *.3dsecure.no *.modirum.com *.edb.com *.viseca.ch *.apata.io *.capitalone.com *.dnp-cdms.jp *.revolut.com *.bankserv.co.za *.swisscard.ch *.six-group.com *.marqeta.com *.cardinalcommerce.com *.wlp-acs.com *.imbank.com *.tsys.co.uk *.sia.eu *.garanti.com.tr *.commerzbank.de *.cmbchina.com *.alahli.com *.mycardsecure.com *.gps.com.bh *.citibank.com *.wibmo.com *.dkb.de *.monzo.com *.alinma.com *.nccc.com.tw *.starlingbank.com *.danskebank.com *.pekao24.pl *.lloydsbank.co.uk/ *.lloydsbank.com/ *.lloydsbankinggroup.com/ *.channel-cards-auth-api.lloydsbankinggroup.com/ *.sparebank1.no *.rabobank.nl *.s-id-check-sparkassen.de *.sparkassen-kreditkarten.de *.mbank.pl *.secure2gw.ro *.btrl.ro *.cafis-paynet.jp *.borica.bg *.fibank.bg *.cic.fr *.zaba.hr *.citibank.co.in *.centrum24.pl *.bankmillennium.pl *.icps.mu *.egolomt.mn *.lcl.fr *.ctbcbank.com *.qiwi.com *.postfinance.ch *.citadele.lv *.kib.com.kw *.cathaybk.com.tw *.pkobp.pl *.acdcproc.com *.abanca.com *.n26.com *.klikbca.com *.psa.at *.sumup.com *.eglobal.com.mx *.pl.ing.com *.qnb.com *.rpc-raiffeisen.com *.sebkort.com *.ocbc.com *.tapngo.com.hk *.stcpay.com.sa *.creditmutuel.fr *.luottokunta.fi *.swedbank.se *.unibank.am *.estcard.ee *.hyundaicard.com *.privatbank.ua *.fssnet.co.in *.kbcard.com *.luminorgroup.com *.mashreq.com *.mercurypaymentservices.it *.moneta.cz *.sensebank.com.ua *.sibs.pt *.stripeauthentications.com *.dskbank.bg *.otpbank.hu *.techcombank.com.vn *.touch.tech *.asseco-see.hr *.3dsecure-csas.cz *.cyris.com *.secureacs.com *.acb.com.vn *.google.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.ftcdn.net *.behance.net *.paypal.com *.typekit.net *.gstatic.com *.afd.co.uk t.powerreviews.com assets-manager.abtasty.com https://maps.googleapis.com https://maps.gstatic.com https://ws.colissimo.fr https://*.tile.openstreetmap.fr https://*.onyourmap.com https://google.fr https://www.magezon.com *.sagepay.com *.opayo.eu.elavon.com ebizmarts-website.s3.amazonaws.com *.openstreetmap.org www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.hsforms.net *.hsforms.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.afd.co.uk cdn.jsdelivr.net js-agent.newrelic.com party.spockee.io app.ekoo.co ui.powerreviews.com *.truefitcorp.com https://maps.googleapis.com https://www.google.com https://www.gstatic.com https://ws.colissimo.fr https://api.mapbox.com https://*.typeform.com widget.proximis.com *.sagepay.com *.opayo.eu.elavon.com https://cdnjs.cloudflare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com *.hsforms.net *.hsforms.com *.gstatic.com https://www.googletagmanager.com tagmanager.google.com  tag.search.sensefuel.live pdata.damart.fr try.abtasty.com                  'self' 'unsafe-eval' 'nonce-dnpicXpwbXR4eGEzanRheG4wdXI0aWd4cXl0YWY4cG8=' 'sha256-W5akSSK6LD5BjIlNICMcXaUObQSRAaj6bs7JHADURBA=' 'sha256-3qVqeAdyxxTdPkkRzqapjGkAUYLahxSrB7Mdup+GPQ0=' 'sha256-2rvfFrggTCtyF5WOiTri1gDS8Boibj4Njn0e+VCBmDI=' 'sha256-p8MCfMHqrovsjRYU9z0bU17dd0z81k/fVbGrtBBiM9g=' 'sha256-0pk2s4oXwBELlC6IBVb3nNaM2PjfjwI2N6OGIX5lx8Y=' 'sha256-nkEZknO0IxNxY/CkTMBhjNhwPvglpYumjx31B4fjkY8='; style-src *.adobe.com fonts.googleapis.com cdn.jsdelivr.net ui.powerreviews.com https://fonts.googleapis.com https://ws.colissimo.fr https://api.mapbox.com https://*.typeform.com *.sagepay.com *.opayo.eu.elavon.com https://cdnjs.cloudflare.com assets.braintreegateway.com *.googleapis.com *.gstatic.com tagmanager.google.com tag.search.sensefuel.live 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net vimeo.com www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.afd.co.uk *.getalma.eu *.almapay.com api.spockee.io backoffice-api.spockee.io ui.powerreviews.com display.powerreviews.com app.ekoo.co maps.googleapis.com https://ws.colissimo.fr https://maps.googleapis.com https://nominatim.openstreetmap.org https://*.onyourmap.com https://*.mapbox.com *.sagepay.com *.opayo.eu.elavon.com *.openstreetmap.org api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com c.search.sensefuel.live 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src-elem *.adobe.io *.adobedtm.com u.clarity.ms www.naheed.pk *.doubleclick.net; font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com *.fontawesome.com fonts.googleapis.com maxcdn.bootstrapcdn.com *.cloudflare.com *.twitter.com *.bootstrapcdn.com *.facebook.com *.facebook.net 85ecg0pj2hynkd6mp-1.a1.typesense.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.paypal.com *.twitter.com 85ecg0pj2hynkd6mp-1.a1.typesense.net 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.facebook.com platform.twitter.com *.twitter.com *.google.com.pk *.addthis.com *.facebook.net *.doubleclick.net *.googletagmanager.com www.xtento.com 85ecg0pj2hynkd6mp-1.a1.typesense.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.googleapis.com magefan.com cm.magefan.com www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com *.naheed.pk *.cloudflare.com *.googleadservices.com *.google.com.pk *.google-analytics.com *.twitter.com 'self' data: *.facebook.com *.facebook.net www.xtento.com cdn.xtento.com 85ecg0pj2hynkd6mp-1.a1.typesense.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.googleapis.com *.gstatic.com connect.facebook.net twitter.com platform.twitter.com cdn.jsdelivr.net *.cloudflare.com *.twitter.com *.google-analytics.com googletagmanager.com *.trustedshops.com *.fontawesome.com *.addthis.com s7.addthis.com m.addthis.com z.moatads.com *.addthisedge.com graph.facebook.com widgets.pinterest.com dpm.demdex.net *.paypal.com *.adobe.io *.adobedtm.com *.sentry.io *.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.facebook.com *.tiktok.com *.facebook.net u.clarity.ms www.naheed.pk *.doubleclick.net www.xtento.com cdn.xtento.com 85ecg0pj2hynkd6mp-1.a1.typesense.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudflare.com *.googleapis.com *.twitter.com *.gstatic.com *.typekit.net *.bootstrapcdn.com *.adobedtm.com 85ecg0pj2hynkd6mp-1.a1.typesense.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 85ecg0pj2hynkd6mp-1.a1.typesense.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io *.googleapis.com *.cloudflare.com *.twitter.com cdn.jsdelivr.net api.mergn.com *.facebook.com *.facebook.net *.tiktok.com u.clarity.ms 85ecg0pj2hynkd6mp-1.a1.typesense.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-src 'self' https://js.stripe.com https://dialog.filepicker.io https://www.filepicker.io https://content.googleapis.com https://www.google.com https://insight.adsrvr.org https://match.adsrvr.org https://vimeo.com https://player.vimeo.com https://www.youtube.com https://suicidegirls.com https://gfycat.com https://streamable.com https://bandcamp.com https://open.spotify.com https://www.youtube-nocookie.com https://www.facebook.com https://m.facebook.com https://platform.twitter.com https://player.twitch.tv https://w.soundcloud.com https://eroshare.com https://oddshot.tv https://www.pornhub.com https://www.reverbnation.com https://drive.google.com https://www.washingtonpost.com https://www.arte.tv https://www.mixcloud.com https://www.redgifs.com https://redgifs.com https://www.instagram.com https://instagram.com https://www.flickr.com http://www.funnyordie.com https://giphy.com/ 1
default-src 'self'; style-src 'self' 'unsafe-inline' googletagmanager.com tagmanager.google.com fonts.googleapis.com; script-src 'self' www.google.com *.googletagmanager.com *.gstatic.com; img-src 'self' googletagmanager.com *.gstatic.com * data:; frame-src 'self' www.youtube.com www.google.com blob:;frame-ancestors 'none'; form-action 'self'; font-src 'self' fonts.gstatic.com data:; connect-src 'self' *.googleapis.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.google.com 1
base-uri 'none'; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http: 'nonce-/JFFuzQM+5I+ucYvSAyskw==' 1
default-src 'none'; report-uri /next-external/log/csp/violations; report-to csp-violations; connect-src 'self' wss://www.nordnet.fi https://www.googletagmanager.com https://analytics.nordnet.fi https://cdn.prod.nntech.io https://files.nordnet.fi https://api.prod.nntech.io https://api.test.nntech.io https://experimentation.public.prod.nntech.io https://www.google.com https://storage.googleapis.com https://www.recaptcha.net; font-src 'self' https://cdn.prod.nntech.io https://files.nordnet.fi; frame-src 'self' https://analytics.nordnet.fi https://10961666.fls.doubleclick.net https://www.youtube.com https://www.youtube-nocookie.com https://player.vimeo.com https://w.soundcloud.com https://embed.acast.com https://link.tink.com https://www.tv2.no https://checkout.trustly.com https://www.recaptcha.net https://t.email.nordnet.fi; img-src 'self' https://www.googletagmanager.com https://analytics.nordnet.fi https://cdn.prod.nntech.io https://files.nordnet.fi data: blob: https://shareville-static.s3.amazonaws.com https://shareville-media.s3.amazonaws.com https://cdn.tink.se https://images.ctfassets.net https://i.vimeocdn.com https://img.youtube.com https://www.recaptcha.net https://blogi.nordnet.fi; manifest-src 'self'; media-src https://cdn.prod.nntech.io https://files.nordnet.fi https://videos.ctfassets.net; object-src 'self'; script-src 'self' 'nonce-7fde9337-4e75-454f-8227-911cb5a89c0b' https://analytics.nordnet.fi https://cdn.prod.nntech.io https://files.nordnet.fi https://www.recaptcha.net; script-src-attr 'none'; style-src 'unsafe-inline' 'self' https://cdn.prod.nntech.io https://files.nordnet.fi; worker-src 'none'; base-uri 'none'; form-action 'self' https://www.shareville.se https://pvu.nets.no https://pvu.avtalegiro.no https://online.alandsbanken.fi https://verkkopankki.danskebank.fi https://verkkomaksu.handelsbanken.fi https://epmt.nordea.fi https://identify.nordea.com https://verkkomaksu.poppankki.fi https://verkkomaksu.saastopankki.fi https://online.s-pankki.fi https://auth.aktia.fi https://kirjaudu.aktia.fi https://ebank.aktia.fi; frame-ancestors 'self' https://app.contentful.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.cloudflare.com  https://*.migracion.gob.do https://cdn.userway.org https://eticket.migracion.gob.do https://personal.migracion.gob.do https://cdn.jsdelivr.net https://connect.facebook.net https://www.google-analytics.com https://challenges.cloudflare.com https://static.cloudflareinsights.com; worker-src https://migracion.gob.do blob:; style-src 'self' 'unsafe-inline' https://cdn.userway.org https://fonts.googleapis.com https://cdn.jsdelivr.net; font-src 'self' https://cdn.userway.org https://fonts.gstatic.com https://cdn.jsdelivr.net; media-src https://cdn.userway.org; img-src 'self' https://secure.gravatar.com https://s.w.org https://a.tile.openstreetmap.org https://b.tile.openstreetmap.org https://c.tile.openstreetmap.org data: https://cdn.userway.org https://*.migracion.gob.do https://cdn.jsdelivr.net https://www.google-analytics.com; connect-src 'self' https://cdn.userway.org https://api.userway.org https://*.migracion.gob.do https://www.google-analytics.com https://challenges.cloudflare.com; frame-src 'self' https://cdn.userway.org https://www.facebook.com https://www.youtube.com https://be.nortic.ogtic.gob.do https://eticket.migracion.gob.do https://challenges.cloudflare.com; object-src 'self'; base-uri 'self'; form-action 'self' https://*.migracion.gob.do; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://report-uri.migracion.gob.do/api/reports; report-to csp-endpoint; 1
font-src https://fonts.gstatic.com *.fontawesome.com * https://www.google.com https://www.gstatic.com maxcdn.bootstrapcdn.com fonts.gstatic.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de 'self' 'unsafe-inline'; frame-ancestors https://api.clerk.io https://cdn.clerk.io 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.sharethis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://www.paypal.com https://www.googletagmanager.com https://www.google.com https://www.vimeo.com https://f.vimeocdn.com https://adyen.com https://checkoutshopper-test.adyen.com https://checkoutshopper-live.adyen.com https://pal-test.adyen.com https://pal-live.adyen.com https://amazon.com https://www.yotpo.com https://int-ecommerce.nexi.it *.kasanova.com * https://www.googletagmanager.com/ accounts.google.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.sharethis.com https://cdn.clerk.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com *.google.com *.gstatic.com https://www.vimeo.com https://f.vimeocdn.com *.googleapis.com *.ggpht https://ecommerce.nexi.it *.cloudfront.net *.kasanova.com * https://static.zdassets.com/ http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com https://www.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.sharethis.com https://api.clerk.io https://cdn.clerk.io *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com *.googleapis.com https://f.vimeocdn.com *.gstatic.com https://googleads.g.doubleclick.net *.clerk.io https://int-ecommerce.nexi.it *.kasanova.com https://assets.livestory.io https://js-agent.newrelic.com *.consentcdn.cookiebot.com/ * http://www.googletagmanager.com/ https://www.googletagmanager.com/ accounts.google.com cdn.jsdelivr.net cdn.scalapay.com b2c-cdn.scalapay.com https://accounts.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.sharethis.com https://api.clerk.io https://cdn.clerk.io https://fonts.googleapis.com * *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com accounts.google.com cdn.jsdelivr.net maxcdn.bootstrapcdn.com fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://static.zdassets.com/ http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.sharethis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de https://assets.livestory.io https://api.livestory.io https://www.google-analytics.com https://int-ecommerce.nexi.it *.kasanova.com *.googleapis.com * http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ http://dpm.demdex.net https://www.google.com https://www.gstatic.com accounts.google.com t.elasticsuite.io *.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src data: 'self' blob: 'unsafe-inline' 'unsafe-eval' *.atyarisi.com wss://*.atyarisi.com *.google.com *.google.com.tr *.googletagmanager.com *.google-analytics.com *.support.google.com *.doubleclick.net *.googleadservices.com *.microsoft.com *.apple.com *.facebook.com *.facebook.net *.yahoo.com *.newrelic.com *.twitter.com *.instagram.com *.youtube.com tjktv.ercdn.net *.tjk.org *.broadage.com *.media.net *.liderform.com.tr *.googleapis.com *.googlevideo.com *.gstatic.com  *.nsoft-cdn.com *.rlcdn.com *.crwdcntrl.net *.dengage.com *.nr-data.net *.taboola.com *.tiktok.com *.dengagecdn.com *.rsc.cdn77.org; img-src * data:; report-uri /csp/cspreport/ 1
object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-LIzL3nlec19OLOsKdAOG8A' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All 1
worker-src blob:; font-src *.gstatic.com *.stape.io *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://www.google.com/ *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.stape.io secure.pay1.de payments.amazon.de jsctool.com www.jsctool.com js.playground.klarna.com *.weltpixel.com https://secure.pay1.de/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://www.google.com/ https://www.google.de/ https://www.trustedshops.de/ magefan.com cm.magefan.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.gstatic.com *.doubleclick.net *.stape.io https://www.magezon.com cdn.pay1.de x.klarnacdn.net *.cloudfront.net m.media-amazon.com static-eu.payments-amazon.com d.ratepay.com https://widgets.trustedshops.com https://products.ki-demo.ovh https://tedox.ki-test.ovh blob: https://widgets-qa.trustedshops.com https://app.usercentrics.eu/ https://legal-images.trustedshops.com/ https://maps.googleapis.com/ https://maps.gstatic.com/ https://www.trustedshops.com/ data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ http://widgets.trustedshops.com/ https://widgets.trustedshops.com/ https://www.google-analytics.com/ https://www.google.com/ https://www.gstatic.com/ *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.gstatic.com *.googletagmanager.com *.doubleclick.net *.stape.io *.googleapis.com *.avada.io secure.pay1.de d.ratepay.com static-eu.payments-amazon.com x.klarnacdn.net cdn.klarna.com jsctool.com d.payla.io www.jsctool.com https://products.ki-demo.ovh https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com https://app.usercentrics.eu/ https://secure.pay1.de/ https://www.googletagmanager.com/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.googletagmanager.com *.stape.io *.fontawesome.com *.google.com *.gstatic.com d.ratepay.com d.payla.io dr.payla.io https://products.ki-demo.ovh https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://payments.amazon.de/ http://widgets.trustedshops.com/ https://widgets.trustedshops.com/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ *.google-analytics.com *.google.com *.doubleclick.net *.googlesyndication.com *.stape.io http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io payments.amazon.de payments-eu.amazon.com d.ratepay.com jsctool.com eu.playground.klarnaevt.com www.jsctool.com https://products.ki-demo.ovh https://produkte.ki-trade.org *.trustedshops.com *.etrusted.com https://integrations.etrusted.site https://aggregator.service.usercentrics.eu/ https://api.usercentrics.eu/ https://graphql.usercentrics.eu/ https://maps.googleapis.com/ https://region1.google-analytics.com/ 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' https: 'unsafe-inline' data: 'unsafe-eval'; report-uri https://servix.idnes.cz/log/csp-report.aspx?w=emimino 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com *.cloudflare.com *.twitter.com *.facebook.net *.twimg.com *.hotjar.com *.trustedshops.com *.googleapis.com *.magentocommerce.com *.paypal.com *.cardinalcommerce.com *.authorize.net *.masterpassturkiye.com *.iyzipay.com *.bkm.com.tr *.akbank.com.tr *.yapikredi.com.tr *.garanti.com.tr *.zopim.com *.zopim.io *.mncdn.com *.personaclick.com *.mnmedya.com *.ipaper.io *.useinsider.com https://*.useinsider.com wss://*.useinsider.com *.tiktok.com *.googleoptimize.com *.creativecdn.com https://buysoci.al https://*.amazonaws.com *.criteo.com *.rossmann.com.tr cdn.rossmann.com.tr *.vimeo.com www.rossmann.com.tr data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.paypal.com *.twitter.com *.facebook.com *.mncdn.com *.personaclick.com *.mnmedya.com *.ipaper.io *.useinsider.com https://*.useinsider.com wss://*.useinsider.com *.tiktok.com *.googleoptimize.com *.creativecdn.com https://buysoci.al https://*.amazonaws.com *.criteo.com *.rossmann.com.tr cdn.rossmann.com.tr *.vimeo.com 'self' 'unsafe-inline'; frame-ancestors *.google.com *.gstatic.com *.mncdn.com *.personaclick.com *.mnmedya.com *.ipaper.io *.useinsider.com https://*.useinsider.com wss://*.useinsider.com *.tiktok.com *.googleoptimize.com *.creativecdn.com https://buysoci.al https://*.amazonaws.com *.criteo.com *.rossmann.com.tr cdn.rossmann.com.tr *.vimeo.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com https://www.googletagmanager.com/ *.twitter.com *.gstatic.com *.hotjar.com *.google.com.tr *.veinteractive.com *.demdex.net *.solocpm.com *.facebook.com *.facebook.net *.addthis.com *.livechatinc.com *.yandex.ru *.adyen.com *.vimeo.com *.doubleclick.net *.bluekai.com *.useinsider.com *.masterpassturkiye.com *.iyzipay.com *.bkm.com.tr *.akbank.com.tr *.yapikredi.com.tr *.garanti.com.tr https://www.youtube.com http://www.sandbox.paypal.com www.paypal.com *.mncdn.com *.personaclick.com *.mnmedya.com *.ipaper.io https://*.useinsider.com wss://*.useinsider.com *.tiktok.com *.googleoptimize.com *.creativecdn.com https://buysoci.al https://*.amazonaws.com *.criteo.com *.rossmann.com.tr cdn.rossmann.com.tr rossmann.api.useinsider.com td.doubleclick.net ams.creativecdn.com 'self' 'unsafe-inline'; img-src *.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.swagger.io *.paypal.com *.typekit.net *.gstatic.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypalobjects.com *.hotjar.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.magentocommerce.com *.cardinalcommerce.com *.authorize.net *.omtrdc.net *.newrelic.com *.doubleclick.net *.google.com *.google.com.tr *.facebook.com *.facebook.net *.demdex.net *.everesttech.net *.googleapis.com *.adis.ws *.livechatinc.com *.yandex.ru *.adyen.com *.setrowid.com *.setrow.com *.instagram.com *.useinsider.com *.googletagmanager.com *.iyzicopwi.com.tr *.masterpassturkiye.com *.iyzipay.com *.bkm.com.tr *.akbank.com.tr *.yapikredi.com.tr *.garanti.com.tr *.bing.com *.zopim.com *.zopim.io *.google.co.in *.mastercard.com *.mncdn.com *.personaclick.com *.mnmedya.com *.ipaper.io https://*.useinsider.com wss://*.useinsider.com *.tiktok.com *.googleoptimize.com *.creativecdn.com https://buysoci.al https://*.amazonaws.com *.criteo.com *.rossmann.com.tr *.vimeo.com *.bidswitch.net *.adnxs.com *.casalemedia.com *.media.net *.360yield.com *.outbrain.com *.rubinproject.com *.sharethrough.com *.smartadserver.net *.taboola.com *.teads.tv *.3lift.com *.emxdgt.com *.adform.net *.omnitagjs.com *.sync.com *.ivitrack.com *.mediavine.com *.pubmatic.com *.tremorhub.com *.yieldlab.net *.yieldmo.com *.semasio.net *.krxd.net *.thebrighttag.com *.smartadserver.com *.yahoo.com https://id5-sync.com *.rubiconproject.com www.rossmann.com.tr cdn.rossmann.com.tr web-image.useinsider.com image.useinsider.com analytics.twitter.com t.co www.facebook.com www.google.com.tr data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.magentocommerce.com *.paypal.com *.hotjar.com *.cardinalcommerce.com *.authorize.net *.omtrdc.net *.instana.io *.google.com.tr *.googletagmanager.com *.veinteractive.com *.facebook.net *.supert.ag *.setrowid.com *.mainadv.com *.doubleclick.net *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.livechatinc.com *.yandex.ru *.adyen.com *.vimeo.com *.jsdelivr.net *.setrow.com *.instagram.com *.criteo.com *.criteo.net *.ciritizr.com *.bkrtx.com *.cloudfront.net *.useinsider.com *.critizr.com *.behance.net *.swagger.io *.iyzicopwi.com.tr *.masterpassturkiye.com *.iyzipay.com *.bkm.com.tr *.akbank.com.tr *.garanti.com.tr *.bing.com *.zopim.com *.zdassets.com *.mncdn.com *.personaclick.com *.mnmedya.com *.ipaper.io https://*.useinsider.com wss://*.useinsider.com *.tiktok.com *.googleoptimize.com *.creativecdn.com https://buysoci.al https://*.amazonaws.com *.rossmann.com.tr www.rossmann.com.tr rossmann.api.useinsider.com connect.facebook.net tags.creativecdn.com static.ads-twitter.com embeds.ipaper.io static.hotjar.com www.clarity.ms cdn.rossmann.com.tr eitri.api.useinsider.com analytics.tiktok.com script.hotjar.com ams.creativecdn.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com *.facebook.net *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.magentocommerce.com *.paypal.com *.paypalobjects.com *.hotjar.com *.cardinalcommerce.com *.authorize.net *.omtrdc.net *.newrelic.com *.setrowid.com *.setrow.com *.critizr.com *.useinsider.com *.adobedtm.com *.google-analytics.com *.googletagmanager.com *.swagger.io *.masterpassturkiye.com *.iyzipay.com *.bkm.com.tr *.akbank.com.tr *.yapikredi.com.tr *.garanti.com.tr *.bing.com *.mncdn.com *.personaclick.com *.mnmedya.com *.ipaper.io https://*.useinsider.com wss://*.useinsider.com *.tiktok.com *.googleoptimize.com *.creativecdn.com https://buysoci.al https://*.amazonaws.com *.criteo.com *.rossmann.com.tr *.vimeo.com www.rossmann.com.tr cdn.rossmann.com.tr maxcdn.bootstrapcdn.com assets.api.useinsider.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net *.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://get.geojs.io *.avada.io *.cloudflare.com https://stats.g.doubleclick.net *.twitter.com *.facebook.com *.facebook.net *.paypalobjects.com *.hotjar.com *.hotjar.io *.twimg.com *.magentocommerce.com *.cardinalcommerce.com *.cardinalcommerce.net *.veinteractive.com *.demdex.net *.yandex.ru *.vimeo.com *.setrowid.com *.setrow.com *.useinsider.com *.adobedtm.com *.swagger.io *.masterpassturkiye.com *.iyzipay.com *.bkm.com.tr *.akbank.com.tr *.yapikredi.com.tr *.garanti.com.tr *.zdassets.com *.zopim.com *.zopim.io wss://widget-mediator.zopim.com *.google-analytics.com *.mncdn.com *.personaclick.com *.mnmedya.com *.ipaper.io https://*.useinsider.com wss://*.useinsider.com *.tiktok.com *.googleoptimize.com *.creativecdn.com https://buysoci.al https://*.amazonaws.com *.criteo.com *.rossmann.com.tr www.rossmann.com.tr cdn.rossmann.com.tr rossmann.api.useinsider.com aryuder.api.useinsider.com hit.api.useinsider.com ams.creativecdn.com q.clarity.ms recommendationv2.api.useinsider.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src www.rossmann.com.tr cdn.rossmann.com.tr q.clarity.ms googleads.g.doubleclick.net analytics.tiktok.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' www.google-analytics.com www.youtube.com cdn.cookielaw.org *.onetrust.com *.gstatic.com *.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com cdn.jsdelivr.net cdn.cookielaw.org img03.en25.com *.youtube.com *.google.com *.gstatic.com *.google-analytics.com embed.vev.page *.vev.design *.googleapis.com discover.hdrinc.com; style-src 'self' 'unsafe-inline' cloud.typography.com cdn.jsdelivr.net *.googleapis.com www.hdrinc.com; img-src 'self' data: *; media-src film.vev.design cdn.vev.design; frame-src 'self' *.google.com *.youtube.com *.vimeo.com discover.hdrinc.com *.doubleclick.net player.blubrry.com e.issuu.com caupneif01 *.youtube-nocookie.com *.googletagmanager.com; child-src 'self' *.google.com *.youtube.com; font-src 'self' data: cloud.typography.com cdn.vev.design *.gstatic.com www.hdrinc.com cdn.scite.ai use.typekit.net fonts.vev.design; connect-src 'self' *.googleapis.com *.google-analytics.com *.cookielaw.org *.onetrust.com analytics.google.com *.doubleclick.net region1.analytics.google.com *.google.com *.gstatic.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://spy.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
font-src *.fontawesome.com *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com https://fonts.gstatic.com cdn1.stamped.io stamped.io *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.twitter.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.twitter.com *.trustpilot.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com cdn.stamped.io static.addtoany.com *.cookiebot.com *.doubleclick.net consentcdn.cookiebot.com bat.bing.com hose.gardeningexpress.co.uk 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.cloudflare.com *.klarna.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.cloudfront.net cdn1.stamped.io stamped.io mageside.com cdn.stamped.io www.ojrq.net *.clarity.ms *.bing.com *.cookiebot.com help.gardeningexpress.co.uk/ flagpedia.net www.google.com.ua www.google.de www.google.co.uk bat.bing.com hose.gardeningexpress.co.uk fonts.gstatic.com bat.bing.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com connect.facebook.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.cloudflare.com *.twitter.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.googleapis.com *.trustpilot.com cdn1.stamped.io stamped.io *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com cdn.stamped.io static.addtoany.com *.cookiebot.com *.clarity.ms bam.nr-data.net cdn.jsdelivr.net *.impactcdn.com *.newrelic.com maps.googleapis.com consent.cookiebot.com ajax.googleapis.com bat.bing.com pagead2.googlesyndication.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com *.fontawesome.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.trustpilot.com cdn1.stamped.io stamped.io *.stripe.network *.stripecdn.com *.amazon.com maxcdn.bootstrapcdn.com *.addtoany.com www.googletagmanager.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com cdn1.stamped.io stamped.io 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io form-assets.mailchimp.com *.intuit.com *.amazonaws.com https://gardeningexpress.us12.list-manage.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com cdn1.stamped.io stamped.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com http://dpm.demdex.net cdn.stamped.io static.addtoany.com *.cookiebot.com *.clarity.ms bam.nr-data.net cdn.jsdelivr.net *.impactcdn.com pagead2.googlesyndication.com gardeningexpress.pxf.io *.doubleclick.net *.google.com www.gstatic.com maps.googleapis.com bat.bing.com hose.gardeningexpress.co.uk google.com bat.bing.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src bat.bing.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' https:; font-src 'self' https: data:; img-src 'self' https: data:; object-src 'none'; script-src 'self' https: 'nonce-408a943776868ab26caa56188adfe8e1'; style-src 'self' https: 'nonce-408a943776868ab26caa56188adfe8e1'; base-uri 'self'; report-uri /csp_violation_report 1
default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com *.myheritage.fr https://www.myheritage.fr  'unsafe-eval' 'nonce-d0d46757deea71c57f560a627cce0aa9' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com https://www.google.com/ccm/collect https://cdn.builder.io *.myheritage.fr;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self' https://builder.io;img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=report&canonical_page_id=/company/home/ 1
default-src 'none'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; report-uri /csp-violation-report 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.modo.com.ar fonts.googleapis.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.magerocket.com *.gocuotas.com 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com https://mobbex.com *.magerocket.com *.gocuotas.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * www.facebook.com *.weltpixel.com *.googletagmanager.com *.doubleclick.net 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.paypal.com *.typekit.net *.gstatic.com *.google.com.ar *.google.es *.google.com.uy *.mercadopago.com.ar *.modo.com.ar *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.mobbex.com *.magerocket.com *.gocuotas.com https://firebasestorage.googleapis.com flagpedia.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.facebook.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.com *.clarity.ms *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.woowup.com *.hotjar.com *.pageimprove.io pageimprove.io *.getblue.io *.adidas.com *.modo.com.ar *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.mobbex.com *.magerocket.com *.gocuotas.com *.avada.io *.gstatic.com maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com cdn.ampproject.org www.gstatic.com connect.facebook.net *.googletagmanager.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.clarity.ms unpkg.com *.doubleclick.net https://merchants.playdigital.com.ar/ https://merchants.preprod.playdigital.com.ar/ https://ecommerce-modal.modo.com.ar/ https://ecommerce-modal.preprod.modo.com.ar/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.gstatic.com assets.braintreegateway.com www.gstatic.com *.tagmanager.google.com *.googletagmanager.com https://ecommerce-modal.modo.com.ar/ https://ecommerce-modal.preprod.modo.com.ar/ 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.pangle-ads.com *.modo.com.ar *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.mobbex.com *.magerocket.com *.gocuotas.com https://get.geojs.io *.avada.io www.gstatic.com maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com cdn.ampproject.org www.googleapis.com *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.clarity.ms *.doubleclick.net *.run.app https://merchants.playdigital.com.ar/ https://merchants.preprod.playdigital.com.ar/ https://ecommerce-modal.modo.com.ar/ https://ecommerce-modal.preprod.modo.com.ar/ 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.klarnacdn.net *.fontawesome.com https://cdnjs.cloudflare.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors https://api.clerk.io https://cdn.clerk.io 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.klarna.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.trustpilot.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com https://cdn.clerk.io *.klarna.com *.klarnaevt.com *.klarnacdn.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: data: 'self' 'unsafe-inline'; script-src geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io https://api.clerk.io https://cdn.clerk.io *.klarna.com *.klarnacdn.net *.klarnaservices.com https://cdnjs.cloudflare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.google.com *.gstatic.com *.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src https://api.clerk.io https://cdn.clerk.io *.klarnacdn.net *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com api.magento.com commerce.adobe.io www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com t.elasticsuite.io *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-J4jxDJFiA6QeTT5HIfoTiw' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All 1
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'report-sample' 'self' https://connect.facebook.net/ https://*.clarity.ms/ https://try.abtasty.com/ https://www.googletagmanager.com/gtag/ https://sleeknotestaticcontent.sleeknote.com/ https://bat.bing.com/ https://cdn.cookielaw.org/scripttemplates/ https://cdn.jsdelivr.net/npm/@typebot.io/js@0.2.15/dist/web.js https://cdn.mouseflow.com/projects/a65f2542-c798-4cbc-b46e-2101e508dc85.js https://cdnjs.cloudflare.com/ajax/libs/jsSHA/2.3.1/sha256.js https://connect.facebook.net/en_US/fbevents.js https://googleads.g.doubleclick.net/pagead/viewthroughconversion/766888392/ https://rules.quantcount.com/rules-p-9xPpAFMcLk8qV.js https://secure.quantserve.com/quant.js https://sleeknotecustomerscripts.sleeknote.com/21647.js https://sleeknotestaticcontent.sleeknote.com/core.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://static.ads-twitter.com/uwt.js https://static.wondaris.com/sdks/webhook-collector-module-webjs-latest.min.js https://utt.impactcdn.com/A3571279-5f42-4d2f-9539-72ae761405d11.js https://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js https://www.google-analytics.com/analytics.js https://www.google.com/recaptcha/api.js https://*.googletagmanager.com https://www.redditstatic.com/ads/pixel.js https://code.highcharts.com/stock/highstock.js https://code.highcharts.com/highcharts-more.js https://cdn.jsdelivr.net/npm/@typebot.io/js@0.2/dist/web.js https://code.highcharts.com https://analytics.google.com https://pixel.byspotify.com/ping.min.js https://d34r8q7sht0t9k.cloudfront.net/tag.js https://collector-31846.tvsquared.com https://secure.leadforensics.com https://*.6sc.co https://pi.pardot.com https://go.message.ofx.com https://*.demandbase.com https://www.gstatic.com/recaptcha/releases/ https://www.smartrecruiters.com/job-api/public/search/widgets/OFX1/ https://subscriptions.smartrecruiters.com/widget/ https://static.smartrecruiters.com/job-widget/; style-src 'unsafe-inline' 'report-sample' 'self' https://static.smartrecruiters.com/job-widget/; img-src 'self' data: https://c.bing.com https://static.wondaris.com https://analytics.google.com https://alb.reddit.com https://analytics.sleeknote.com https://analytics.twitter.com https://bat.bing.com https://*.clarity.ms https://pixel.quantserve.com https://www.linkedin.com/ https://px.ads.linkedin.com https://t.co https://www.facebook.com https://*.google-analytics.com https://www.google.com https://*.googletagmanager.com https://pixel.byspotify.com https://d34r8q7sht0t9k.cloudfront.net https://www.google.com.au https://stats.g.doubleclick.net https://ad.doubleclick.net https://www.ofx.com https://cdn.cookielaw.org https://www.google.com.sg https://verifi.podscribe.com https://collector-31846.tvsquared.com https://www.google.ca/ads/ga-audiences https://www.google.ca/pagead/1p-user-list/ https://www.google.co.uk/ads/ga-audiences https://www.google.co.pk/ads/ga-audiences https://www.google.co.nz/ads/ga-audiences https://www.google.co.in/ads/ga-audiences https://www.google.co.nz/pagead/1p-user-list/ https://www.google.com.my/ads/ga-audiences https://www.google.co.in/pagead/1p-user-list/ https://www.google.com.my/pagead/1p-user-list/ https://www.google.com.ng/ads/ga-audiences https://www.google.co.za/ads/ga-audiences https://www.google.co.za/pagead/1p-user-list/ https://www.google.lk/ads/ga-audiences https://www.google.co.id/pagead/1p-user-list/ https://www.google.co.id/ads/ga-audiences https://www.google.com.hk/ads/ga-audiences https://www.google.com.hk/pagead/1p-user-list/ https://www.google.com.vn/ads/ga-audiences https://www.google.com.vn/pagead/1p-user-list/ https://www.google.dk/ads/ga-audiences https://www.google.com.ph/ads/ga-audiences https://www.google.fr/ads/ga-audiences https://www.google.co.jp/ads/ga-audiences https://www.google.co.jp/pagead/1p-user-list/ https://www.google.com.np/pagead/1p-user-list/ https://www.google.com.np/ads/ga-audiences https://www.google.com.bd/ads/ga-audiences https://www.google.pl/ads/ga-audiences https://www.google.de/ads/ga-audiences https://www.google.com.mx/ads/ga-audiences https://www.google.com.mx/pagead/1p-user-list/ https://www.google.com.ph/pagead/1p-user-list/ https://sleeknote.com https://www.google.com.ng/pagead/1p-user-list/ https://www.google.co.zm/ads/ga-audiences https://www.google.co.uz/ads/ga-audiences https://www.google.co.uz/pagead/1p-user-list/ https://www.google.com.pk/ads/ga-audiences https://www.google.co.zm/pagead/1p-user-list/ https://adservice.google.com/pagead/regclk https://www.google.ch/ads/ga-audiences https://www.google.ch/pagead/1p-user-list/ https://www.google.hu/ads/ga-audiences https://www.google.sk/ads/ga-audiences https://www.google.ae/ads/ga-audiences https://www.google.ae/pagead/1p-user-list/ https://www.google.com.cy/ads/ga-audiences https://www.google.it/ads/ga-audiences https://www.google.com.om/ads/ga-audiences https://www.google.ro/ads/ga-audiences https://www.google.com.tw/ads/ga-audiences https://www.google.com.tw/pagead/1p-user-list/ https://www.google.co.th/ads/ga-audiences https://www.google.com.tr/ads/ga-audiences https://www.google.mu/ads/ga-audiences https://www.google.mu/pagead/1p-user-list/ https://www.google.com.kh/ads/ga-audiences https://www.google.com.et/ads/ga-audiences https://www.google.co.kr/ads/ga-audiences https://www.google.co.kr/pagead/1p-user-list/ https://www.google.co.th/pagead/1p-user-list/ https://www.google.com.tr/pagead/1p-user-list/ https://www.google.bg/ads/ga-audiences https://www.google.com.sa/ads/ga-audiences https://www.google.com.sa/pagead/1p-user-list/ https://www.google.nl/ads/ga-audiences https://www.google.co.cr/ads/ga-audiences https://www.google.com.pk/pagead/1p-user-list/ https://www.google.at/ads/ga-audiences https://www.google.ie/ads/ga-audiences https://www.google.com.sg/ads/ga-audiences https://www.google.fi/ads/ga-audiences https://www.google.com.kw/ads/ga-audiences https://www.google.com.kw/pagead/1p-user-list/ https://www.google.iq/pagead/1p-user-list/ https://www.google.cz/ads/ga-audiences https://www.google.co.il/ads/ga-audiences https://www.google.co.il/pagead/1p-user-list/ https://www.google.com.bd/pagead/1p-user-list/ https://www.google.al/ads/ga-audiences https://www.google.gr/ads/ga-audiences https://www.google.rs/ads/ga-audiences https://www.google.rs/pagead/1p-user-list/ https://www.google.no/ads/ga-audiences https://www.google.mk/ads/ga-audiences https://www.google.mk/pagead/1p-user-list/ https://www.google.se/ads/ga-audiences https://www.google.com.fj/ads/ga-audiences https://www.google.com.fj/pagead/1p-user-list/ https://www.google.co.ma/ads/ga-audiences https://www.google.co.ma/pagead/1p-user-list/ https://www.google.co.ke/ads/ga-audiences https://www.google.com.bh/ads/ga-audiences https://www.google.com.bh/pagead/1p-user-list/ https://www.google.es/ads/ga-audiences https://www.google.co.ug/ads/ga-audiences https://www.google.co.ug/pagead/1p-user-list/ https://www.google.co.ke/pagead/1p-user-list/ https://www.google.com.et/pagead/1p-user-list/ https://www.google.com.sb/ads/ga-audiences https://www.google.hr/ads/ga-audiences https://www.google.lu/ads/ga-audiences https://www.google.lk/pagead/1p-user-list/ https://www.google.com.om/pagead/1p-user-list/ https://www.google.tl/ads/ga-audiences https://www.google.tl/pagead/1p-user-list/ https://www.google.kz/ads/ga-audiences https://www.google.kz/pagead/1p-user-list/ https://www.google.gg/ads/ga-audiences https://www.google.com.mm/ads/ga-audiences https://www.google.pt/ads/ga-audiences https://www.google.ee/ads/ga-audiences https://www.google.com.eg/ads/ga-audiences https://www.google.gg/pagead/1p-user-list/ https://www.google.be/ads/ga-audiences https://www.google.mn/ads/ga-audiences https://www.google.ci/ads/ga-audiences https://www.google.com.pg/ads/ga-audiences https://www.google.com.gh/ads/ga-audiences https://www.google.com.eg/pagead/1p-user-list/ https://www.google.im/ads/ga-audiences https://www.google.im/pagead/1p-user-list/ https://www.google.com.qa/ads/ga-audiences https://www.google.com.qa/pagead/1p-user-list/ https://www.google.si/ads/ga-audiences https://www.google.tn/ads/ga-audiences https://www.google.tn/pagead/1p-user-list/ https://www.google.dz/ads/ga-audiences https://www.google.dz/pagead/1p-user-list/ https://www.google.com.gh/pagead/1p-user-list/ https://www.google.ws/ads/ga-audiences https://www.google.ge/ads/ga-audiences https://www.google.ge/pagead/1p-user-list/ https://www.google.lv/ads/ga-audiences https://www.google.cl/ads/ga-audiences https://www.google.ne/ads/ga-audiences https://www.google.ne/pagead/1p-user-list/ https://www.google.me/ads/ga-audiences https://www.google.me/pagead/1p-user-list/ https://www.google.mv/ads/ga-audiences https://www.google.com.na/ads/ga-audiences https://www.google.com.na/pagead/1p-user-list/ https://www.google.mw/ads/ga-audiences https://www.google.mw/pagead/1p-user-list/ https://www.google.com.gi/ads/ga-audiences https://www.google.com.gi/pagead/1p-user-list/ https://www.google.co.tz/ads/ga-audiences https://www.google.co.tz/pagead/1p-user-list/ https://www.google.be/pagead/1p-user-list/ https://www.google.md/ads/ga-audiences https://www.google.com.pe/ads/ga-audiences https://www.google.com.pe/pagead/1p-user-list/ https://www.google.vu/ads/ga-audiences https://www.google.com.ar/ads/ga-audiences https://www.google.com.ar/pagead/1p-user-list/ https://www.google.com.lb/ads/ga-audiences https://www.google.com.lb/pagead/1p-user-list/ https://www.google.gy/ads/ga-audiences https://www.google.vu/pagead/1p-user-list/ https://www.google.lt/ads/ga-audiences https://www.google.az/ads/ga-audiences https://www.google.az/pagead/1p-user-list/ https://www.google.com.bn/ads/ga-audiences https://www.google.com.bn/pagead/1p-user-list/ https://www.google.sn/ads/ga-audiences https://www.google.sn/pagead/1p-user-list/ https://www.google.ba/ads/ga-audiences https://www.google.sm/ads/ga-audiences https://www.google.com.br/ads/ga-audiences https://www.google.com.br/pagead/1p-user-list/ https://www.google.dk/pagead/1p-user-list/ https://www.google.co.bw/ads/ga-audiences https://www.google.co.bw/pagead/1p-user-list/ https://www.google.com.jm/ads/ga-audiences https://www.google.com.jm/pagead/1p-user-list/ https://www.google.jo/ads/ga-audiences https://www.google.jo/pagead/1p-user-list/ https://www.google.ga/ads/ga-audiences https://www.google.com.do/ads/ga-audiences https://www.google.com.do/pagead/1p-user-list/ https://www.google.sr/ads/ga-audiences https://www.google.bj/ads/ga-audiences https://www.google.bj/pagead/1p-user-list/ https://www.google.com/pagead/1p-user-list/ https://www.google.ru/ads/ga-audiences https://www.google.com.co/ads/ga-audiences https://www.google.com.co/pagead/1p-user-list/ https://www.google.je/ads/ga-audiences https://www.google.je/pagead/1p-user-list/ https://www.google.com.gt/ads/ga-audiences https://www.google.com.gt/pagead/1p-user-list/ https://www.google.com.ag/ads/ga-audiences https://www.google.com.mt/ads/ga-audiences https://www.google.ad/ads/ga-audiences https://www.google.ad/pagead/1p-user-list/ https://www.google.com.ec/ads/ga-audiences https://www.google.com.ec/pagead/1p-user-list/ https://www.google.hn/ads/ga-audiences https://www.google.hn/pagead/1p-user-list/ https://www.google.ci/pagead/1p-user-list/ https://www.google.ru/pagead/1p-user-list/ https://www.google.com.sl/ads/ga-audiences https://www.google.sr/pagead/1p-user-list/ https://www.google.bs/ads/ga-audiences https://www.google.bs/pagead/1p-user-list/ https://www.google.dj/ads/ga-audiences https://www.google.com.pa/ads/ga-audiences https://www.google.com.pa/pagead/1p-user-list/ https://www.google.al/pagead/1p-user-list/ https://www.google.cl/pagead/1p-user-list/ https://www.google.ht/ads/ga-audiences https://www.google.ws/pagead/1p-user-list/ https://www.google.com.pr/ads/ga-audiences https://www.google.com.pr/pagead/1p-user-list/ https://www.google.co.ao/ads/ga-audiences https://www.google.co.ao/pagead/1p-user-list/ https://www.google.com.sb/pagead/1p-user-list/ https://www.google.as/pagead/1p-user-list/ https://www.google.as/ads/ga-audiences https://www.google.co.cr/pagead/1p-user-list/ https://www.google.md/pagead/1p-user-list/ https://*.6sc.co https://id.rlcdn.com/ https://assets-manager.abtasty.com/ https://segments.company-target.com/; font-src 'self' data: https://fonts.gstatic.com https://common-fonts.abtasty.com https://sleeknote.com; frame-src 'self' https://1852302.fls.doubleclick.net https://widget.trustpilot.com https://td.doubleclick.net https://www.googletagmanager.com/ https://*.company-target.com/ https://www.google.com/ https://www.youtube.com/ https://www.youtube-nocookie.com/ https://subscriptions.smartrecruiters.com/; connect-src 'self' https://dcinfos-cache.abtasty.com/ https://api-data-connector.abtasty.com/ https://ofx-privacy.my.onetrust.com/ https://geolocation.onetrust.com/ https://api.ofx.com https://ariane.abtasty.com https://bat.bing.com https://cdn.cookielaw.org https://*.clarity.ms https://fonts.googleapis.com https://px.ads.linkedin.com https://ssgtm.ofx.com https://stats.g.doubleclick.net https://try.abtasty.com https://www.redditstatic.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://analytics.google.com https://pixel.byspotify.com https://d34r8q7sht0t9k.cloudfront.net https://pixel-config.reddit.com https://www.google.com.au https://pixels.spotify.com https://ipv4.podscribe.com https://adservice.google.co https://adservice.google.com https://*.sleeknote.com https://adservice.google.com/pagead/regclk https://www.google.com/pagead/landing https://typebot.io https://www.google.co.id/ads/ga-audiences https://www.google.co.za/ads/ga-audiences https://www.google.com.ph/ads/ga-audiences https://www.google.co.nz/ads/ga-audiences https://www.google.com.vn/ads/ga-audiences https://www.google.com.my/ads/ga-audiences https://www.google.ca/ads/ga-audiences https://www.google.bg/ads/ga-audiences https://www.google.co.in/ads/ga-audiences https://www.google.ro/ads/ga-audiences https://www.google.co.uk/ads/ga-audiences https://www.google.com.tr/ads/ga-audiences https://www.google.com.sg/ads/ga-audiences https://www.google.com.hk/ads/ga-audiences https://www.google.co.jp/ads/ga-audiences https://www.google.com.fj/ads/ga-audiences https://www.google.fi/ads/ga-audiences https://www.google.co.ma/ads/ga-audiences https://www.google.fr/ads/ga-audiences https://www.google.com.sa/ads/ga-audiences https://www.google.com.tw/ads/ga-audiences https://www.google.at/ads/ga-audiences https://www.google.co.il/ads/ga-audiences https://www.google.gr/ads/ga-audiences https://www.google.com.pk/ads/ga-audiences https://www.google.mk/ads/ga-audiences https://www.google.de/ads/ga-audiences https://www.google.co.kr/ads/ga-audiences https://www.google.com.kw/ads/ga-audiences https://www.google.co.th/ads/ga-audiences https://www.google.be/ads/ga-audiences https://www.google.com.cy/ads/ga-audiences https://www.google.es/ads/ga-audiences https://www.google.se/ads/ga-audiences https://www.google.cz/ads/ga-audiences https://www.google.lv/ads/ga-audiences https://www.google.ae/ads/ga-audiences https://www.google.lk/ads/ga-audiences https://www.google.pl/ads/ga-audiences https://www.google.hr/ads/ga-audiences https://www.google.nl/ads/ga-audiences https://www.google.ie/ads/ga-audiences https://www.google.kz/ads/ga-audiences https://www.google.rs/ads/ga-audiences https://www.google.md/ads/ga-audiences https://www.google.ch/ads/ga-audiences https://www.google.az/ads/ga-audiences https://www.google.it/ads/ga-audiences https://www.google.mu/ads/ga-audiences https://www.google.com.bd/ads/ga-audiences https://www.google.sn/ads/ga-audiences https://www.google.com.br/ads/ga-audiences https://www.google.sk/ads/ga-audiences https://www.google.ge/ads/ga-audiences https://www.google.no/ads/ga-audiences https://www.google.dk/ads/ga-audiences https://www.google.im/ads/ga-audiences https://www.google.gg/ads/ga-audiences https://www.google.com.qa/ads/ga-audiences https://www.google.ru/ads/ga-audiences https://www.google.pt/ads/ga-audiences https://www.google.com.np/ads/ga-audiences https://www.google.je/ads/ga-audiences https://www.google.com.na/ads/ga-audiences https://www.google.com.et/ads/ga-audiences https://www.google.com.kh/ads/ga-audiences https://www.google.lt/ads/ga-audiences https://www.google.com.co/ads/ga-audiences https://www.google.com.ng/ads/ga-audiences https://www.google.com.ec/ads/ga-audiences https://www.google.ci/ads/ga-audiences https://www.google.com.gh/ads/ga-audiences https://www.google.com.ar/ads/ga-audiences https://www.google.tn/ads/ga-audiences https://www.google.com.sl/ads/ga-audiences https://www.google.com.mx/ads/ga-audiences https://www.google.co.uz/ads/ga-audiences https://www.google.com.eg/ads/ga-audiences https://www.google.si/ads/ga-audiences https://www.google.as/ads/ga-audiences https://www.google.com/ccm/collect https://*.6sc.co https://*.demandbase.com https://*.company-target.com/; media-src 'self'; worker-src 'none'; manifest-src 'self'; object-src 'none'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.klevu.com *.ksearchnet.com *.fontawesome.com *.stripe.com *.klarna.com *.klarnaevt.com *.klarnacdn.net klarna.com https://fonts.gstatic.com https://static.klaviyo.com *.stripecdn.com *.link.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.adyen.com pay.google.com payments-eu.amazon.com *.amazon.de *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es 'self' *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.facebook.com * *.stripe.com stripe.com *.link.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com *.braintreegateway.com *.paypal.com google.com *.google.com *.adyen.com pay.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.awin1.com *.zenaps.com *.fls.doubleclick.net account.fetchify.com *.google.com/ *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com *.stripe.com * *.weltpixel.com c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.adyen.com pay.google.com *.payments-amazon.com *.media-amazon.com *.paypalobjects.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com *.awin1.com *.zenaps.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com https://www.magezon.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.googleapis.com * www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com *.typekit.net google.com *.google.com *.cdn-apple.com *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.awin1.com www.dwin1.com *.zenaps.com https://the.sciencebehindecommerce.com chimpstatic.com downloads.mailchimp.com *.list-manage.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com s7.addthis.com *.avada.io *.google.com/ *.facebook.com https://connect.facebook.net graph.facebook.com business.facebook.com *.stripe.com https://maps.googleapis.com https://static.hotjar.com * js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com https://www.googletagmanager.com tagmanager.google.com www.xtento.com cdn.xtento.com https://js.klevu.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com downloads.mailchimp.com cc-cdn.com https://static.klaviyo.com *.klevu.com *.ksearchnet.com *.fontawesome.com *.stripe.com *.klarna.com *.klarnaevt.com *.klarnacdn.net assets.braintreegateway.com tagmanager.google.com https://fonts.googleapis.com *.stripe.network *.stripecdn.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adobe.io performance.typekit.net *.sentry.io www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.adyen.com payments-eu.amazon.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de https://the.sciencebehindecommerce.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com ekr.zdassets.com/ https://get.geojs.io *.avada.io *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.stripe.com https://developer.adobe.com https://maps.googleapis.com * api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' sf-tbid.okta.com tbid.digital.salesforce.com *.oktacdn.com; connect-src 'self' sf-tbid.okta.com sf-tbid-admin.okta.com tbid.digital.salesforce.com *.oktacdn.com *.mixpanel.com *.mapbox.com sf-tbid.kerberos.okta.com sf-tbid.mtls.okta.com *.authenticatorlocalprod.com:8769 http://localhost:8769 http://127.0.0.1:8769 *.authenticatorlocalprod.com:65111 http://localhost:65111 http://127.0.0.1:65111 *.authenticatorlocalprod.com:65121 http://localhost:65121 http://127.0.0.1:65121 *.authenticatorlocalprod.com:65131 http://localhost:65131 http://127.0.0.1:65131 *.authenticatorlocalprod.com:65141 http://localhost:65141 http://127.0.0.1:65141 *.authenticatorlocalprod.com:65151 http://localhost:65151 http://127.0.0.1:65151 https://oinmanager.okta.com data:; script-src 'unsafe-inline' 'unsafe-eval' 'self' 'report-sample' sf-tbid.okta.com tbid.digital.salesforce.com *.oktacdn.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'unsafe-inline' 'self' 'report-sample' sf-tbid.okta.com tbid.digital.salesforce.com *.oktacdn.com; frame-src 'self' sf-tbid.okta.com sf-tbid-admin.okta.com tbid.digital.salesforce.com login.okta.com *.vidyard.com com-okta-authenticator: https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; img-src 'self' sf-tbid.okta.com tbid.digital.salesforce.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com *.vidyard.com data: blob:; font-src 'self' sf-tbid.okta.com tbid.digital.salesforce.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self' https://iis.digital.salesforce.com 1
font-src *.lafoirfouille.fr use.typekit.net fonts.gstatic.com static.sensefuel.live data: 'self' 'unsafe-inline'; form-action *.lafoirfouille.fr sogecommerce.societegenerale.eu 'self' 'unsafe-inline'; frame-src *.lafoirfouille.fr www.google.com sogecommerce.societegenerale.eu 'self' 'unsafe-inline'; img-src *.lafoirfouille.fr www.googletagmanager.com cdn.cookielaw.org tag.beyable.com data: 'self' 'unsafe-inline'; script-src *.lafoirfouille.fr front.activation.beyable.com tag.search.sensefuel.live tag.search.sensefuel.com tag.beyable.com www.gstatic.com www.google.com www.googletagmanager.com cdn.cookielaw.org static.target2sell.com *.socloz.com beyableprodrt.blob.core.windows.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.lafoirfouille.fr fonts.googleapis.com use.typekit.net p.typekit.net tag.search.sensefuel.com *.search.sensefuel.live tag.beyable.com 'self' 'unsafe-inline'; manifest-src *.lafoirfouille.fr 'self' 'unsafe-inline'; connect-src *.lafoirfouille.fr *.snoophome.com cdn.cookielaw.org geolocation.onetrust.com *.target2sell.com *.search.sensefuel.live *.ingest.de.sentry.io www.google-analytics.com beyableprodrt.blob.core.windows.net 'self' 'unsafe-inline'; media-src *.lafoirfouille.fr *.search.sensefuel.live 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors https://*.lafoirfouille.fr/ https://api.cqeq65dd63-ffdigital1-d1-public.model-t.cc.commerce.ondemand.com https://api.cqeq65dd63-ffdigital1-s1-public.model-t.cc.commerce.ondemand.com https://api.cqeq65dd63-ffdigital1-p1-public.model-t.cc.commerce.ondemand.com https://v.calameo.com 'self'; object-src data: 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-0yhNkLHipKLUAnfbJbiyxg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' http: https: data: blob: 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self'; 1
font-src *.gstatic.com data: *.walmartimages.com *.amazonaws.com *.fontawesome.com https://fonts.bunny.net *.alothemes.com *.magepow.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com www.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com www.apptrian.com *.bing.com www.google.lv www.google.se www.google.dk www.google.no www.google.fi mcstaging.canac.ca canac.ca www.canac.ca www.facebook.com t.ofsys.com *.clarity.ms *.flippenterprise.net *.wishabi.com *.wishabi.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://firebasestorage.googleapis.com *.alothemes.com *.magepow.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com connect.facebook.net s.pinimg.com ct.pinterest.com sdk.privacy-center.org t.ofsys.com *.clarity.ms js-agent.newrelic.com aq.flippenterprise.net *.addthis.com www.constructeurvirtuel.com www.canac.ca mcstaging.canac.ca 'self' js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.avada.io *.alothemes.com *.magepow.com *.google.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.flippenterprise.net *.fontawesome.com unsafe-inline assets.braintreegateway.com https://fonts.bunny.net *.alothemes.com *.magepow.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.apptrian.com stats.g.doubleclick.net *.analytics.google.com ct.pinterest.com *.clarity.ms bam.nr-data.net *.flippenterprise.net *.launchdarkly.com maps.googleapis.com cdn-gateflipp.flippback.com *.flipp.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com t.elasticsuite.io https://get.geojs.io *.avada.io *.alothemes.com *.magepow.com *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com bonialconnect.com *.oney.io assets.app.smart-tribune.com cdnjs.cloudflare.com api-gateway.app.smart-tribune.com polyfill-fastly.io https://epaync.nc/static/ 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.adyen.com pay.google.com payments-eu.amazon.com *.amazon.de secure.ogone.com v1-sim.preprod.psp-solutions.com v2-sim.preprod.psp-solutions.com www.facebook.com/tr/ bpcepaymentservices-3ds-vdm.wlp-acs.com bnpp-3ds-vdm.wlp-acs.com assets.app.smart-tribune.com cdnjs.cloudflare.com api-gateway.app.smart-tribune.com polyfill-fastly.io https://epaync.nc/vads-payment/ https://epaync.nc/api-payment/ https://epaync.nc/static/ https://connect-v2.fintecture.com https://connect-v2-sbx.fintecture.com 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.adyen.com pay.google.com secure.ogone.com ogone.test.v-psp.com widget.trustpilot.com gum.criteo.com s.salecycle.com https://10766555.fls.doubleclick.net/ static.criteo.net/ www.facebook.com/ magasins.bureau-vallee.fr magasins.bureau-vallee.be magasins.bureau-vallee.nc magasins.bureau-vallee.re magasins.bureau-vallee.gf magasins.bureau-vallee.yt magasins.bureau-vallee.gp magasins.bureau-vallee.sx t.clic2buy.com bpcepaymentservices-3ds-vdm.wlp-acs.com assets.app.smart-tribune.com cdnjs.cloudflare.com api-gateway.app.smart-tribune.com polyfill-fastly.io td.doubleclick.net https://epaync.nc/vads-payment/ https://epaync.nc/static/ https://www.googletagmanager.com/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.paypal.com *.typekit.net *.gstatic.com *.adyen.com pay.google.com *.payments-amazon.com *.media-amazon.com *.paypalobjects.com a.tile.openstreetmap.org b.tile.openstreetmap.org c.tile.openstreetmap.org bva-preprod-fbi-fr-media-s3.s3.amazonaws.com bva-recette-fbi-fr-media-s3.s3.amazonaws.com bv-prd-fbi-fr-media.s3.eu-west-3.amazonaws.com bv-prd-fbi-fr-media.s3.amazonaws.com d2hlj6xfalexml.cloudfront.net d3n1o8ch79p937.cloudfront.net dxbyzx5id4chj.cloudfront.net bonialconnect.com content-media.bonial.biz rum-metrics.quanta.io bat.bing.com ib.adnxs.com www.facebook.com cm.g.doubleclick.net gum.criteo.com dis.criteo.com sync-t1.taboola.com x.bidswitch.net r.casalemedia.com ad.360yield.com contextual.media.net sync.outbrain.com pixel.rubiconproject.com match.sharethrough.com rtb-csync.smartadserver.com criteo-sync.teads.tv eb2.3lift.com ups.analytics.yahoo.com e1.emxdgt.com cm.adform.net visitor.omnitagjs.com id5-sync.com matching.ivitrack.com exchange.mediavine.com simage2.pubmatic.com criteo-partners.tremorhub.com ad.yieldlab.net sync-criteo.ads.yieldmo.com beacon.krxd.net s.thebrighttag.com www.bureau-vallee.fr www.google.fr bvci-e2.colop.com utypia.bureau-vallee.fr *.oney.io assets.app.smart-tribune.com cdnjs.cloudflare.com api-gateway.app.smart-tribune.com polyfill-fastly.io www.gstatic.com jadserve.postrelease.com ad.doubleclick.net public-prod-dspcookiematching.dmxleo.com https://epaync.nc/static/latest/images/type-carte/ https://epaync.nc/static/ https://epaync.nc/vads-payment/ http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://assets.fintecture.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com magasins.bureau-vallee.fr widget.trustpilot.com bonialconnect.com s3.amazonaws.com maps.googleapis.com/ d16fk4ms6rqz1v.cloudfront.net bat.bing.com appstatic.quanta.io try.abtasty.com acdn.adnxs.com static.criteo.net sslwidget.criteo.com connect.facebook.net cdn.jsdelivr.net static.target2sell.com js-agent.newrelic.com/ bam.eu01.nr-data.net *.oney.io magasins.bureau-vallee.be magasins.bureau-vallee.nc magasins.bureau-vallee.re magasins.bureau-vallee.gf magasins.bureau-vallee.yt magasins.bureau-vallee.gp magasins.bureau-vallee.sx rs.clic2buy.com assets.app.smart-tribune.com cdnjs.cloudflare.com api-gateway.app.smart-tribune.com polyfill-fastly.io pagead2.googlesyndication.com tpc.googlesyndication.com *.algolia.io https://epaync.nc/api-payment/ https://epaync.nc/static/ http://www.googletagmanager.com/ https://www.googletagmanager.com/ assets-staging.oney.io *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com assets.app.smart-tribune.com cdnjs.cloudflare.com api-gateway.app.smart-tribune.com polyfill-fastly.io https://epaync.nc/static/ *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src pay.google.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.salesmanago.pl *.salesmanago.es *.salesmanago.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.adyen.com payments-eu.amazon.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io s3.eu-west-1.amazonaws.com www.bonialserviceswidget.de maps.googleapis.com trackingapi.bonial.fr bonialconnect.com dcinfos-cache.abtasty.com ariane.abtasty.com c.salecycle.com api.ipify.org i.salecycle.com wss://ws.salecycle.com/ region1.analytics.google.com www.facebook.com serv-api.target2sell.com bat.bing.com/actionp/ rum-metrics.quanta.io reco.target2sell.com bam.eu01.nr-data.net www.google.fr *.oney.io autocomplete.geocoder.api.here.com assets.app.smart-tribune.com cdnjs.cloudflare.com api-gateway.app.smart-tribune.com polyfill-fastly.io try.abtasty.com pagead2.googlesyndication.com measurement-api.criteo.com apigw-cf.bva-integ-web.decade.fr https://epaync.nc/vads-payment/ https://epaync.nc/api-payment/ http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ bva-recette-impression-s3.s3.eu-west-3.amazonaws.com bva-preprod-impression-s3.s3.eu-west-3.amazonaws.com bva-prod-impression-s3.s3.eu-west-3.amazonaws.com *.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.salesmanago.pl *.salesmanago.es *.salesmanago.com https://epaync.nc/vads-payment/ https://epaync.nc/api-payment/ https://epaync.nc/static/ *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com *.myheritage.es https://www.myheritage.es  'unsafe-eval' 'nonce-e772d1ea5381d45045949b28bc190ed2' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com https://www.google.com/ccm/collect https://cdn.builder.io *.myheritage.es;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self' https://builder.io;img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=report&canonical_page_id=/company/home/ 1
font-src fonts.gstatic.com use.typekit.net cdn.jsdelivr.net cdn.almapay.com https://www.googletagmanager.com *.googleapis.com *.gstatic.com *.klarnacdn.net *.fontawesome.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnaevt.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src bid.g.doubleclick.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.getalma.eu connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk *.klarna.com js.mollie.com * *.trustpilot.com *.stripe.com klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com p.typekit.net *.vimeocdn.com i.ytimg.com *.youtube.com *.gstatic.com https://images.unsplash.com https://static.afterpay.com https://site-assets.afterpay.com/ *.klarna.com *.klarnaevt.com *.klarnacdn.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://www.mollie.com * data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com assets.adobedtm.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com cdn.jsdelivr.net tagmanager.google.com https://www.googletagmanager.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js https://maps.googleapis.com https://developer.adobe.com https://magento.com https://cdn.avmws.com/ http://cdn.avmws.com/ connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com https://js.sandbox.afterpay.com https://js.afterpay.com *.klarna.com *.klarnacdn.net *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io js.mollie.com * *.trustpilot.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarnaevt.com *.amazon.com *.link.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com cdn.jsdelivr.net https://www.googletagmanager.com tagmanager.google.com *.googleapis.com static.afterpay.com/ js.sandbox.afterpay.com js.afterpay.com *.klarnacdn.net https://static.klaviyo.com *.fontawesome.com * *.trustpilot.com *.stripe.network *.stripecdn.com *.amazon.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src * 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com *.adobe.io performance.typekit.net commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io *.getalma.eu https://www.google-analytics.com https://maps.googleapis.com https://player.vimeo.com https://developer.adobe.com https://cdn.avmws.com/ http://cdn.avmws.com/ connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com sessions.bugsnag.com static.afterpay.com static.sandbox.afterpay.com js.sandbox.afterpay.com js.afterpay.com api.addressy.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io * *.stripe.com klarna.com *.link.com *.amazon.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' *.apsiyon.com; style-src 'self' 'unsafe-inline' analytics.tiktok.com analytics.tiktok.com/api/v2/monitor cdn.apsiyon.com cdnjs.cloudflare.com translate.googleapis.com fonts.googleapis.com *.apsiyon.com wchat.freshchat.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.apsiyon.com www.google.com www.clarity.ms cdn.apsiyon.com analytics.tiktok.com analytics.tiktok.com/api/v2/monitor www.analytics.tiktok.com/api/v2/monitor connect.facebook.net www.googledservices.com www.googleadservices.com code.jquery.com cdn.jsdelivr.net maps.googleapis.com www.googletagmanager.com  www.google-analytics.com googleads.g.doubleclick.net cdn.taboola.com trc.taboola.com  www.gstatic.com wchat.freshchat.com  snap.licdn.com; frame-src 'self' www.googletagmanager.com www.googleadservices.com connect.facebook.net web.facebook.com *.apsiyon.com m.facebook.com  www.google.ro www.youtube.com youtube.com httpsapsiyoncom.webpush.freshchat.com www.google.com bid.g.doubleclick.net wchat.freshchat.com www.facebook.com analytics.tiktok.com analytics.tiktok.com/api/v2/monitor; img-src data: * ; connect-src 'self' 'unsafe-inline' localhost:51192 analytics.tiktok.com analytics.tiktok.com/api/v2/monitor www.google.bg www.google.li www.google.com.bd www.google.ro www.google.com.hk www.google.co.jp www.google.tm www.google.ps www.google.pl www.google.ba www.google.co.za www.google.cz www.google.md www.google.com.ua www.google.com.qa www.google.ba www.google.com.et www.google.jo www.google.hu www.google.ph stats.g.doubleclick.net www.google.at www.google.com.cy www.google.nl www.google.kz www.google.co.in www.google.com.sa www.google.es www.google.kg  www.google.co.id www.google.dk www.google.com.kw www.google.co.kr www.google.cn www.google.co.th www.google.co.uz www.google.co.uk www.google.ae www.google.ch www.google.az www.google.lu www.google.it www.google.com.pk www.google.be www.google.fi www.google.no www.google.sn www.bing.com www.google.se www.google.iq www.google.ie www.google.fr www.googleanalytics.com www.google.de www.google.ru *.taboola.com www.google.co.il  www.facebook.com  www.google.com.tr *.clarity.ms  *.apsiyon.com  analytics.google.com www.google-analytics.com; font-src 'self' data: fonts.googleapis.com use.fontawesome.com themes.googleusercontent.com *.apsiyon.com themes.googleusercontent.com static3.avast.com cdnjs.cloudflare.com fonts.gstatic.com; 1
font-src *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudflare.com *.cookiebot.com fonts.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.bird.eu *.feedaty.com *.gumlet.io *.cookiebot.com *.google.it stileo.it *.adnxs.com *.sharethrough.com *.doubleclick.net *.bidswitch.net *.smartadserver.com *.taboola.com *.omnitagjs.com *.casalemedia.com *.criteo.com *.media.net *.mediavine. *.postrelease.com *.outbrain.com *.pubmatic.com *.rubiconproject.com *.teads.tv *.tremorhub.com *.ivitrack.com *.3lift.com *.yieldlab.net ad.360yield.com id5-sync.com sync.1rx.io sync-criteo.ads.yieldmo.com *.emxdgt.com *.servenobid.com *.unrulymedia.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io *.feedaty.com *.avada.io https://widget.feedaty.com https://insights.algolia.io *.cookiebot.com *.dwin1.com *.criteo.com glamipixel.com *.cookieless-data.com *.cloudfront.net *.datnova.com *.sddan.com fonts.googleapis.com consent.cookiebot.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.feedaty.com *.fontawesome.com maxcdn.bootstrapcdn.com https://widget.feedaty.com *.cloudflare.com *.cookiebot.com fonts.googleapis.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.algolia.net *.algolia.com *.algolianet.com insights.algolia.io *.feedaty.com https://get.geojs.io *.avada.io https://widget.feedaty.com *.cookiebot.com wss://ws.salecycle.com *.salecycle.com *.criteo.com *.doubleclick.net *.fontawesome.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.google-analytics.com *.facebook.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src https:;frame-ancestors about: 'self';frame-src https://optimize.google.com *;style-src https://optimize.google.com https://fonts.googleapis.com https: data: 'unsafe-inline' *;script-src https://www.googleanalytics.com https://www.google-analytics.com https://optimize.google.com * 'unsafe-inline' 'unsafe-eval';img-src https://www.google-analytics.com https://www.googletagmanager.com https://optimize.google.com https: data: *;font-src https://fonts.gstatic.com data: *;object-src 'none';connect-src * ws: wss:; report-uri https://res.destinia.com/web/csp-violation-report-endpoint; report-to default; 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.zopim.com *.fontawesome.com data: www.dewitschijndel.nl www.bardani.nl www.safarica.nl www.cabanon.nl secure.adnxs.com cdn.faceworks.nl chrome-extension fonts.bunny.net www.slant.co data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com www.dewitschijndel.nl www.bardani.nl www.safarica.nl www.cabanon.nl 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com www.dewitschijndel.nl www.bardani.nl www.safarica.nl www.cabanon.nl 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com *.doubleclick.net *.facebook.com cdn.dnky.co *.hotjar.com *.trustpilot.com *.criteo.com *.addthis.com *.multisafepay.com https://pay.google.com www.xtento.com tpc.googlesyndication.com www.dewitschijndel.nl www.bardani.nl www.safarica.nl www.cabanon.nl contact.robinhq.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com https://images.unsplash.com *.google.nl connect.onlinesucces.nl px.ads.linkedin.com stats.g.doubleclick.net *.googleapis.com *.linkedin.com gallery.mailchimp.com *.trustedshops.com *.zopim.com cdn.jsdelivr.net *.jmango360.com *.datatrics.com *.smaato.net magefan.com cm.magefan.com *.disqus.com *.multisafepay.com www.xtento.com cdn.xtento.com www.google.it bat.bing.com c.clarity.ms www.google.be ad.doubleclick.net www.google.rs www.google.lv www.google.ie www.facebook.com pagead2.googlesyndication.com www.dewitschijndel.nl www.bardani.nl www.safarica.nl www.cabanon.nl c.bing.com lh3.ggpht.com isst.dewitschijndel.nl lh3.googleusercontent.com www.google.de www.google.fr www.google.es www.google.co.uk www.google.at www.google.hr www.google.lu www.google.ch www.google.pt www.google.se www.google.dk www.google.pl www.google.no www.google.cz www.google.hu www.google.gr www.google.si www.google.co.jp www.google.ro www.google.com.tr www.google.co.in www.google.co.ma www.google.fi www.google.lt www.google.com.ua www.google.com.mt region1.google-analytics.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.paypal.com *.googleapis.com *.googleadservices.com cdn.dnky.co api.comapi.com *.trackedlink.net snap.licdn.com chimpstatic.com checkout.buckaroo.nl *.adyen.com *.zopim.com *.hotjar.com *.zdassets.com *.sendcloud.sc *.mailchimp.com *.trustedshops.com *.fontawesome.com *.feedbackcompany.com *.trustpilot.com *.newrelic.com *.nr-data.net https://cdn.jsdelivr.net *.googleoptimize.com *.clarity.ms *.datatrics.com *.criteo.net *.criteo.com cdn.mouseflow.com *.disqus.com *.addthis.com https://z.moatads.com https://v1.addthisedge.com *.multisafepay.com https://pay.google.com www.xtento.com cdn.xtento.com bat.bing.com dewitschijndel.nl selfservice.robinhq.com az416426.vo.msecnd.net robincontentdesktop.blob.core.windows.net tpc.googlesyndication.com connect.facebook.net www.dewitschijndel.nl www.bardani.nl www.safarica.nl www.cabanon.nl secure.adnxs.com www.pagespeed-mod.com pagead2.googlesyndication.com www.clarity.ms data1.ahjilop.com www.google.at 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com cdn.dnky.co checkout.buckaroo.nl *.fontawesome.com *.mailchimp.com *.trustpilot.com https://cdn.jsdelivr.net *.multisafepay.com www.dewitschijndel.nl www.bardani.nl www.safarica.nl www.cabanon.nl 'self' 'unsafe-inline'; object-src www.dewitschijndel.nl www.bardani.nl www.safarica.nl www.cabanon.nl 'self' 'unsafe-inline'; media-src *.adobe.com *.zopim.com www.dewitschijndel.nl www.bardani.nl www.safarica.nl www.cabanon.nl www.youtube.com 'self' 'unsafe-inline'; manifest-src www.dewitschijndel.nl www.bardani.nl www.safarica.nl www.cabanon.nl 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.facebook.com *.facebook.net *.google.com *.paypal.com commerce.adobedc.net api.comapi.com stats.g.doubleclick.net *.zdassets.com *.hotjar.com *.hotjar.io *.zopim.com wss://*.zopim.com *.feedbackcompany.com *.zendesk.com *.nr-data.net *.clarity.ms *.datatrics.com https://profiles-staging.2factors.nl *.multisafepay.com bat.bing.com www.google.it dewitschijndel.nl dc.services.visualstudio.com www.google.nl ad.doubleclick.net www.google.be maps.googleapis.com www.google.rs www.dewitschijndel.nl www.bardani.nl www.safarica.nl www.cabanon.nl isst.dewitschijndel.nl www.google.com pagead2.googlesyndication.com properties googleads.g.doubleclick.net www.bing.com www.google.de www.google.fr www.google.es www.google.co.uk www.google.at www.google.hr www.google.lu www.google.ch www.google.pt www.google.se www.google.dk www.google.pl www.google.no www.google.cz www.google.hu www.google.gr www.google.si www.google.co.jp www.google.ro www.google.com.tr www.google.co.in www.google.co.ma www.google.fi www.google.lt www.google.com.ua www.google.com.mt translate.googleapis.com bat.bing.net 'self' 'unsafe-inline'; child-src www.dewitschijndel.nl www.bardani.nl www.safarica.nl www.cabanon.nl http: https: blob: 'self' 'unsafe-inline'; default-src www.dewitschijndel.nl www.bardani.nl www.safarica.nl www.cabanon.nl selfservice.robinhq.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri www.dewitschijndel.nl www.bardani.nl www.safarica.nl www.cabanon.nl 'self' 'unsafe-inline'; report-uri /csp_reporter.php; 1
frame-ancestors https://*.prace.cz https://my.teamio.com https://*.facebook.com https://*.jobs.cz https://*.topjobs.sk; report-uri /csp-reports/ 1
object-src 'none'; script-src 'self' chosen.jquery.js https://polyfill-fastly.io https://unpkg.com; script-src-attr 'self'; style-src 'self' chosen.css https://use.typekit.net; style-src-attr 'self'; frame-ancestors 'self' 1
object-src 'none';base-uri 'self';script-src 'nonce-sIqGEZiT--Xp10CZahq7nA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.googleapis.com https://www.gstatic.com *.fontawesome.com https://live.icecat.biz data: https://googletagmanager.com https://tagmanager.google.com https://fonts.gstatic.com locator.uberall.com script.hotjar.com *.hotjar.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.mollie.com dashboard.trustprofile.com td.doubleclick.net https://s3-eu-west-1.amazonaws.com/ https://td.doubleclick.net https://google-analytics.com https://objects.icecat.biz/ *.trustpilot.com https://www.google.com www.xtento.com trafic-career.talent-soft.com view.publitas.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.googleapis.com *.gstatic.com cdn.doofinder.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.mollie.com funtrafic.imgix.net bat.bing.com www.google.be lqip-funtrafic.imgix.net https://funtrafic-large.imgix.net/media/ https://funtrafic-thumb.imgix.net/media/ https://pdpthumb-funtrafic.imgix.net https://pdplarge-funtrafic.imgix.net https://pdpfull-funtrafic.imgix.net https://content.fun.be https://adservice.google.com https://region1.analytics.google.com https://googletagmanager.com https://tagmanager.google.com https://bat.bing.com  https://pagead2.googlesyndication.com https://td.doubleclick.net https://google-analytics.com www.xtento.com cdn.xtento.com bat.bing.net catalogmedia.trafic.com funtrafic-thumb.imgix.net joko-mobile-app-media.s3.eu-west-1.amazonaws.com locator.uberall.com magentoadmin.trafic.com www.google.de www.google.fr www.google.lt www.google.lu *.google.com www.trafic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.googleapis.com https://www.gstatic.com cdn.doofinder.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.mollie.com static.hotjar.com eu1-config.doofinder.com widget.trustpilot.com invitejs.trustpilot.com script.hotjar.com bat.bing.com js-agent.newrelic.com https://live.icecat.biz https://bat.bing.com  https://js-agent.newrelic.com https://googletagmanager.com https://tagmanager.google.com https://td.doubleclick.net https://google-analytics.com *.trustpilot.com www.xtento.com cdn.xtento.com api.mapbox.com locator.uberall.com view.publitas.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.doofinder.com *.fontawesome.com cdn.doofinder.com https://live.icecat.biz blob: https://googletagmanager.com https://tagmanager.google.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com *.doofinder.com wss://*.doofinder.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com region1.analytics.google.com eu1-api.doofinder.com bam.eu01.nr-data.net https://invitejs.trustpilot.com https://live.icecat.biz https://magentoadmin.trafic.docker https://adservice.google.com https://region1.analytics.google.com https://www.google.com https://www.google.be https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://td.doubleclick.net https://google-analytics.com  https://pagead2.googlesyndication.com api.mapbox.com bat.bing.com bat.bing.net content.hotjar.io events.mapbox.com locator.uberall.com surveystats.hotjar.io vc.hotjar.io *.hotjar.com wss: wss://ws.hotjar.com www.google.lu *.google.com *.mapbox.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src bat.bing.com bam.eu01.nr-data.net googleads.g.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src https://* 'self' epichttp:;script-src 'nonce-58b4ca7feb6649efa5d7263a8e47aec0' https://ET0965RPMYCH101 'self';img-src https://* 'self' blob: data:;style-src https://ET0965RPMYCH101 'self' 'unsafe-inline';worker-src 'self' blob:;child-src 'self' blob:;form-action 'self';media-src https://* 'self' blob:; 1
default-src * 'unsafe-inline' 'unsafe-eval'; script-src 'none'; report-uri https://greatergiving.report-uri.com/r/d/csp/reportOnly 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.fontawesome.com * data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.googlesyndication.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.googlesyndication.com *.roeye.com https://static.buckaroo.nl * data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com *.jsdelivr.net https://static.buckaroo.nl https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://buckaroo.nl * 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl *.fontawesome.com * 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com * 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.doubleclick.net *.googlesyndication.com https://static.buckaroo.nl wss://websockets.buckaroo.io/ https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl * 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com *.myheritage.de https://www.myheritage.de  'unsafe-eval' 'nonce-d08d8781ab2aa0c0c64d761f6c5a5bf3' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com https://www.google.com/ccm/collect https://cdn.builder.io *.myheritage.de;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self' https://builder.io;img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=report&canonical_page_id=/company/home/ 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=HC_UbOO6TsGg9ocHlGPGWogMog1LBFm.W2f42dGGeEk-1752200895-1.0.1.1-yOkuojyZArIRw1tpjvAPsuHVC3aJ6BNRgl7_ZgzIJl8ARU9wwroSd8zAtvC.5S1r2M2N5CbUoPQjFe4fwtnhTsKdUnC5oYBuJjFGKEvm4Cxv7_qAnOkYjaEveCeobRU6D0SE4nQsjL.yloMHjSDiAACohfeSvp2gx.ARB969ShANjXvzXljR7Bct3RecangU; report-to cf-mjrehloehehurmnj 1
object-src 'none';base-uri 'self';script-src 'nonce-pUaQiR8OtCDOAfGIuv51bQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://octane.co https://*.octane.co https://ride-static.octane.co https://ride-api.octane.co https://octane.co https://*.octane.co https://octanelending.com https://*.octanelending.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.google.com *.vwo.com *.visualwebsiteoptimizer.com *.intercom.io *.intercomcdn.com *.onetrust.com https://cdn.cookielaw.org; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://octane.co https://*.octane.co https://ride-static.octane.co https://ride-api.octane.co https://octane.co https://*.octane.co https://octanelending.com https://*.octanelending.com fonts.googleapis.com www.gstatic.com app.vwo.com www.googletagmanager.com translate.googleapis.com; frame-ancestors 'self' https://polarisxchange.com https://slingshot.polarisxchange.com https://indianmotorcycle.polarisxchange.com https://www.rvs.com https://rvs.com https://buy.cycletrader.com https://www.atvrider.com https://www.cyclevolta.com https://www.cycleworld.com https://www.dirtrider.com https://www.motorcyclecruiser.com https://www.motorcyclistonline.com https://www.utvdriver.com https://octane.co https://*.octane.co https://ride-static.octane.co https://ride-api.octane.co https://octanelending.com https://*.octanelending.com https://*.dev-octanelisting.com https://*.octanelisting.com; worker-src 'self' blob:; upgrade-insecure-requests 1
default-src 'none'; report-uri /next-external/log/csp/violations; report-to csp-violations; connect-src 'self' wss://www.nordnet.no https://www.googletagmanager.com https://analytics.nordnet.no https://cdn.prod.nntech.io https://files.nordnet.no https://api.prod.nntech.io https://api.test.nntech.io https://experimentation.public.prod.nntech.io https://www.google.com https://storage.googleapis.com https://www.recaptcha.net; font-src 'self' https://cdn.prod.nntech.io https://files.nordnet.no; frame-src 'self' https://analytics.nordnet.no https://10961666.fls.doubleclick.net https://www.youtube.com https://www.youtube-nocookie.com https://player.vimeo.com https://w.soundcloud.com https://embed.acast.com https://link.tink.com https://www.tv2.no https://checkout.trustly.com https://www.recaptcha.net https://t.email.nordnet.no; img-src 'self' https://www.googletagmanager.com https://analytics.nordnet.no https://cdn.prod.nntech.io https://files.nordnet.no data: blob: https://shareville-static.s3.amazonaws.com https://shareville-media.s3.amazonaws.com https://cdn.tink.se https://images.ctfassets.net https://i.vimeocdn.com https://img.youtube.com https://www.recaptcha.net https://blogg.nordnet.no; manifest-src 'self'; media-src https://cdn.prod.nntech.io https://files.nordnet.no https://videos.ctfassets.net; object-src 'self'; script-src 'self' 'nonce-32042efc-9db5-4cda-8c8c-f4e1d068fd68' https://analytics.nordnet.no https://cdn.prod.nntech.io https://files.nordnet.no https://www.recaptcha.net; script-src-attr 'none'; style-src 'unsafe-inline' 'self' https://cdn.prod.nntech.io https://files.nordnet.no; worker-src 'none'; base-uri 'none'; form-action 'self' https://www.shareville.se https://pvu.nets.no https://pvu.avtalegiro.no https://online.alandsbanken.fi https://verkkopankki.danskebank.fi https://verkkomaksu.handelsbanken.fi https://epmt.nordea.fi https://identify.nordea.com https://verkkomaksu.poppankki.fi https://verkkomaksu.saastopankki.fi https://online.s-pankki.fi https://auth.aktia.fi https://kirjaudu.aktia.fi https://ebank.aktia.fi; frame-ancestors 'self' https://app.contentful.com; 1
default-src 'self' https: data: streamable.com; www.youtube.com; script-src 'none' 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' 'unsafe-inline' https: www.googletagmanager.com; www.youtube.com;; style-src-elem 'self' 'unsafe-inline' https: cdn.lineicons.com; fonts.googleapis.com; style-src-attr 'self' 'unsafe-inline' https:; img-src 'self' https: data: cmefnbespa.cloudimg.io; forms-eu1.hsforms.com;; connect-src 'self' 'none' https: data: www.google.com; forms-eu1.hsforms.com; forms-eu1.hscollectedforms.net; text/plain; media-src 'self' https: www.youtube.com; frame-src 'self' https: www.youtube.com; streamable.com; www.google.com; sandbox allow-same-origin 1
font-src fonts.gstatic.com use.typekit.net cash-f.squarecdn.com https://client.crisp.chat https://plugin-magento-ui.glopalservice.com *.fontawesome.com https://fonts.bunny.net *.cloudflare.com fonts.gstatic.com/ maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com applepay.cdn-apple.com www.promessedefleurs.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com * p.monetico-services.com www.promessedefleurs.com 'self' 'unsafe-inline'; frame-ancestors www.promessedefleurs.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ * ct.pinterest.com js.mollie.com *.payplug.com *.dalenys.com www.promessedefleurs.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io * https://images.unsplash.com https://image.crisp.chat https://cdn-redirector.glopal.com https://plugin-magento-ui.glopalservice.com *.jardindupicvert.com *.jardindupicvert.com.localhost *.promessedefleurs.com *.promessedefleurs.com.localhost cl.avis-verifies.com ct.pinterest.com bat.bing.com www.google.com.vn https://firebasestorage.googleapis.com https://www.mollie.com https://secure-magenta.dalenys.com https://redchamps.com *.openstreetmap.fr *.openstreetmap.org unpkg.com *.google.com *.google.fr *.google.ie www.promessedefleurs.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com https://maps.googleapis.com https://client.crisp.chat https://cdn-redirector.glopal.com https://plugin-magento-ui.glopalservice.com cdn-renderer.glopalstore.com cl.avis-verifies.com bat.bing.com s.pinimg.com *.avada.io js.mollie.com https://cdnjs.cloudflare.com https://secure-magenta.dalenys.com applepay.cdn-apple.com api-qa.payplug.com cdn-qa.payplug.com api.payplug.com cdn.payplug.com *.google.com *.google.fr *.google.ie *.googletagmanager.com *.googleadservices.com https://unpkg.com/pwacompat www.promessedefleurs.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.cash.app https://client.crisp.chat https://cdn-redirector.glopal.com https://plugin-magento-ui.glopalservice.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://cdnjs.cloudflare.com https://secure-magenta.dalenys.com unpkg.com www.promessedefleurs.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.promessedefleurs.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io * https://maps.googleapis.com https://player.vimeo.com https://client.crisp.chat wss://client.relay.crisp.chat https://plugins.crisp.chat https://api-plugin-facade.glopalservice.com https://cognito-idp.eu-west-1.amazonaws.com api.glopaltranslator.com *.jardindupicvert.com *.jardindupicvert.com.localhost *.promessedefleurs.com *.promessedefleurs.com.localhost ct.pinterest.com https://get.geojs.io *.avada.io *.openstreetmap.org *.arcgis.com *.google-analytics.com *.doubleclick.net www.promessedefleurs.com 'self' 'unsafe-inline'; child-src www.promessedefleurs.com http: https: blob: 'self' 'unsafe-inline'; default-src cl.avis-verifies.com www.promessedefleurs.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' tags.tiqcdn.com tags.tiqcdn.cn collect.tealiumiq.com *.criteo.com *.criteo.net *.omtrdc.net *.yimg.jp *.yahoo.co.jp prf.hn *.doubleclick.net *.line.me *.google.com *.google.it *.bing.com *.google-analytics.com *.licdn.com *.tiktok.com sc-static.net *.usehero.com *.contentsquare.net *.demdex.net *.facebook.com *.googletagmanager.com *.facebook.net *.googleadservices.com *.teads.tv zegna.d3.sc.omtrdc.net www.google.* *.zegna.com *.measmerize.com *.googlesyndication.com maps.gstatic.com *.riskified.com sandbox.gestpay.net ecomm.sella.it *.online-metrix.net amp.akamaized.net *.snapchat.com *.gstatic.com *.go-mpulse.net cm.everesttech.net *.googleapis.com *.akstat.io *.akamaihd.net *.line-scdn.net *.algolianet.com *.algolia.net *.algolia.com zegna-cloud-media.s3.amazonaws.com zegna-cloud-media.s3.eu-west-1.amazonaws.com zegna-cloud-media.s3-eu-west-1.amazonaws.com livechat.zegna.cn *.baidu.com blob: data: ; font-src 'self' data: *.googleapis.com *.gstatic.com; report-uri /cgi-bin/csp_report.cgi 1
default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com *.myheritage.nl https://www.myheritage.nl  'unsafe-eval' 'nonce-fbe0b1894315e1821f759b50f193b610' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com https://www.google.com/ccm/collect https://cdn.builder.io *.myheritage.nl;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self' https://builder.io;img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=report&canonical_page_id=/company/home/ 1
default-src 'self'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self';base-uri 'self';form-action 'self' 1
object-src 'none';base-uri 'self';script-src 'nonce-mpzEVy5S1EhO-ykiYtbaVg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src https://* 'self' epichttp:;script-src 'nonce-09d073ec84394537bbd98d68de0c33d8' https://ET1089RPMYCH101 'self';img-src https://* 'self' blob: data:;style-src https://ET1089RPMYCH101 'self' 'unsafe-inline';worker-src 'self' blob:;child-src 'self' blob:;form-action 'self';media-src https://* 'self' blob:; 1
font-src fonts.googleapis.com fonts.gstatic.com *.googleapis.com *.gstatic.com data: oct8necdneu.azureedge.net *.trustedshops.com *.analytrix-tool.it *.convalytrix.it *.caast.tv *.efarma.dna-ai.dnafactory.it *.hotjar.com https://fonts.gstatic.com *.klarnacdn.net https://widgets.trustedshops.com *.yotpo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com sis-t.redsys.es:* sis.redsys.es sis-t.sermepa.es:* sis.sermepa.es * *.reskyt.com *.bing.com *.pinterest.com *.creativecdn.com *.tiktok.com *.t.co *.twitter.co *.doubleclick.net t.co *.twitter.com *.byspotify.com *.syndigo.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors https://www.salesmanago.pl https://api.clerk.io https://cdn.clerk.io 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.adyen.com *.vimeo.com *.oct8ne.com * *.cookiebot.com *.cookiebot.eu *.reskyt.com *.bing.com *.pinterest.com *.creativecdn.com *.tiktok.com *.t.co *.twitter.co *.doubleclick.net t.co *.twitter.com *.byspotify.com *.syndigo.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.klarna.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.adyen.com maps.googleapis.com maps.gstatic.com *.gstatic.com *.googleapis.com https://images.unsplash.com *.google.com *.google.es *.google.com.br *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net oct8necdneu.azureedge.net *.trustedshops.com *.bynder.com analytics.tiktok.com *.clerk.io assets.atida.com connect.facebook.net *.cookiebot.eu efarma-supercraft.s3.eu-south-1.amzonaws.com dwin1.com facebook.com google.com google.it googletagmanager.com *.doubleclick.net yotpo.com *.zdassets.com gastatic.com *.yotpo.com *.analytrix-tool.it *.convalytrix.it *.efarma.dna-ai.dnafactory.it *.atida.com *.dosfarma.com *.facebook.com *.zenaps.com *.awin1.com *.reskyt.com *.bing.com *.pinterest.com *.creativecdn.com *.tiktok.com *.t.co t.co *.twitter.co *.twitter.com *.cloudfront.net *.byspotify.com *.cookiebot.com *.googlesyndication.com *.syndigo.com *.assets.efarma.com efarma-supercraft.s3.eu-south-1.amazonaws.com *.efarma.com *.bing.net *.usercentrics.eu *.hotjar.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com https://cdn.clerk.io *.klarna.com *.klarnaevt.com *.klarnacdn.net https://widgets.trustedshops.com https://widgets-qa.trustedshops.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com polyfill.io maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.gstatic.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js *.google.com *.google.es *.google.com.br *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net *.cookiebot.com *.oct8ne.com *.trustedshops.com *.analytrix-tool.it *.convalytrix.it *.caast.tv *.efarma.dna-ai.dnafactory.it *.clerk.io *.cloudfront.net *.zdassets.com *.zendesk.com *.api.smooch.io *.connectif.cloud *.atida.com *.dosfarma.com *.newrelic.com *.nr-data.net *.dwin1.com *.pinimg.com *.ads-twitter.com *.tiktok.com *.kk-resources.com *.bing.com *.creativecdn.com *.facebook.net *.googlesyndication.com *.awin1.com *.zenaps.com *.facebook.com *.wepowerconnections.com *.sciencebehindecommerce.com *.reskyt.com *.pinterest.com *.t.co *.twitter.co *.doubleclick.net t.co *.twitter.com *.byspotify.com *.syndigo.com *.cookiebot.eu stapecdn.com *.efarma.com *.hotjar.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com cdn.scalapay.com b2c-cdn.scalapay.com https://api.clerk.io https://cdn.clerk.io widget.freshworks.com m2epro.freshdesk.com *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.trustedshops.com *.analytrix-tool.it *.convalytrix.it *.caast.tv *.efarma.dna-ai.dnafactory.it *.googletagmanager.com *.reskyt.com *.bing.com *.pinterest.com *.creativecdn.com *.tiktok.com *.t.co *.twitter.co *.doubleclick.net t.co *.twitter.com *.byspotify.com *.syndigo.com *.hotjar.com unsafe-inline assets.braintreegateway.com https://api.clerk.io https://cdn.clerk.io widget.freshworks.com m2epro.freshdesk.com https://fonts.googleapis.com *.klarnacdn.net https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.google.com *.google.es *.google.com.br *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net *.oct8ne.com *.google.com/pay *.analytrix-tool.it *.convalytrix.it *.clerk.io *.caast.tv *.efarma.dna-ai.dnafactory.it *.api.smooch.io *.zdassets.com *.zendesk.com *.connectif.cloud *.atida.com *.dosfarma.com *.algolia.io *.cookiebot.com *.cookiebot.eu *.nr-data.net google.com *.googlesyndication.com *.awin1.com *.zenaps.com *.facebook.com *.wepowerconnections.com *.sciencebehindecommerce.com *.reskyt.com *.bing.com *.pinterest.com *.creativecdn.com *.tiktok.com *.t.co *.twitter.co *.doubleclick.net t.co *.twitter.com *.byspotify.com *.syndigo.com *.bing.net *.efarma.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com widget.freshworks.com m2epro.freshdesk.com *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.salesmanago.pl *.salesmanago.es *.salesmanago.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
connect-src 'self' localhost *.s3.eu-west-1.amazonaws.com api.locize.app *.hubspot.com forms.hscollectedforms.net forms.hsforms.com *.youtube.com *.youtube-nocookie.com i.ytimg.com api.atelierdeschefs.fr *.google.com *.googleapis.com *.firebaseapp.com checkoutshopper-live.adyen.com *.cdn.adyen.com *.adyen.com checkout.getalma.eu api.getalma.eu cdn.jsdelivr.net hooks.stripe.com *.google-analytics.com connect.facebook.net *.facebook.com bat.bing.com bat.bing.net googleads.g.doubleclick.net *.googleadservices.com *.google.com *.tiktok.com *.doubleclick.net *.wlp-acs.com *.monext.fr *.cic.fr *.creditmutuel.fr *.marqeta.com *.secure.lcl.fr 3ds.redsys.es vercel.live checkoutshopper-live.adyen.com *.cdn.adyen.com *.adyen.com *.ads.linkedin.com px.ads.linkedin.com *.axept.io axeptio.imgix.net *.snapchat.com snap.licdn.com *.googletagmanager.com genki.atelierdeschefs.fr;    script-src 'self' 'unsafe-eval' 'unsafe-inline' *.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hscollectedforms.net js.usemessages.com *.hubspot.com js.hsleadflows.net *.googletagmanager.com genki.atelierdeschefs.fr *.youtube.com *.youtube-nocookie.com i.ytimg.com *.google.com *.googleapis.com checkoutshopper-live.adyen.com *.cdn.adyen.com *.adyen.com checkout.getalma.eu api.getalma.eu cdn.jsdelivr.net hooks.stripe.com *.google-analytics.com connect.facebook.net *.facebook.com bat.bing.com bat.bing.net googleads.g.doubleclick.net *.googleadservices.com *.google.com *.tiktok.com *.doubleclick.net *.wlp-acs.com *.monext.fr *.cic.fr *.creditmutuel.fr *.marqeta.com *.secure.lcl.fr 3ds.redsys.es vercel.live *.gstatic.com *.axept.io axeptio.imgix.net *.snapchat.com snap.licdn.com sc-static.net;    style-src 'self' 'unsafe-inline' *.google.com *.googleapis.com;    img-src 'self' blob: data: *.hubspot.com forms.hscollectedforms.net forms.hsforms.com *.googletagmanager.com genki.atelierdeschefs.fr *.youtube.com *.youtube-nocookie.com i.ytimg.com purecatamphetamine.github.io *.cloudfront.net *.s3.eu-west-1.amazonaws.com checkoutshopper-live.adyen.com *.cdn.adyen.com *.adyen.com connect.facebook.net *.facebook.com bat.bing.com bat.bing.net *.google-analytics.com googleads.g.doubleclick.net *.google.com *.google.ie *.google.fr *.google.be *.google.ca *.google.ch *.google.tn *.google.dz *.google.co.uk *.google.es *.google.lu *.google.de *.google.sn *.google.ci *.google.co.il *.google.mg *.google.it *.google.pt *.google.com.mx *.google.com.ma *.google.mu *.google.nl *.google.com.au *.google.com.br *.google.co.th *.google.co.ma *.google.cm *.google.ae *.google.co.jp *.google.cd *.google.com.lb *.google.ga *.google.ad *.google.co.nz *.google.sk *.google.com.tr *.google-analytics.com googleads.g.doubleclick.net *.googleadservices.com *.google.com *.gstatic.com *.snapchat.com snap.licdn.com *.ads.linkedin.com px.ads.linkedin.com *.axept.io axeptio.imgix.net;    font-src 'self' data: fonts.atelierdeschefs.fr at.alicdn.com fonts.gstatic.com github.com;    object-src data:;    base-uri 'self';    form-action 'self' *.wlp-acs.com *.monext.fr *.cic.fr *.creditmutuel.fr *.marqeta.com *.secure.lcl.fr 3ds.redsys.es connect.facebook.net *.facebook.com checkoutshopper-live.adyen.com *.cdn.adyen.com *.adyen.com;    frame-ancestors 'none';    frame-src connect.facebook.net *.facebook.com checkoutshopper-live.adyen.com *.cdn.adyen.com *.adyen.com *.firebaseapp.com *.doubleclick.net *.snapchat.com snap.licdn.com *.googletagmanager.com genki.atelierdeschefs.fr googleads.g.doubleclick.net *.googleadservices.com *.google.com *.youtube.com *.youtube-nocookie.com i.ytimg.com;    manifest-src 'self';    block-all-mixed-content;    report-uri https://csp-report.browser-intake-datadoghq.eu/api/v2/logs?dd-api-key=pubc9d6ee3ce79da61dcd985b50012b6709&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env%3Aprod 1
default-src 'self'; script-src 'self'; style-src 'self'; img-src 'self'; font-src 'self'; connect-src 'self'; media-src 'self'; frame-src 'self'; child-src 'self'; manifest-src 'self'; object-src 'none'; frame-ancestors 'self'; block-all-mixed-content; report-uri https://uship.report-uri.com/r/t/csp/reportOnly; report-to csp 1
default-src 'self'; script-src 'self' *.artfut.com *.bootstrapcdn.com *.clarity.ms *.cloudfront.net *.criteo.com *.facebook.com *.fullstory.com *.gstatic.com *.google-analytics.com *.google.com *.googleapis.com *.jsdelivr.net *.livechatinc.com *.moengage.com *.onetrust.com *.razorpay.com *.tatadigital.com *.trackier.com *.unbxdapi.com c.amazon-adsystem.com connect.facebook.net googleads.g.doubleclick.net sc-static.net tr.snapchat.com www.googleadservices.com www.googletagmanager.com; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.googleapis.com *.jsdelivr.net *.onetrust.com www.gstatic.com; img-src 'self' data: https:; connect-src 'self' aax-eu.amazon-adsystem.com ad.doubleclick.net analytics.google.com api.fastrackeyewear.com apac-recommendations.unbxd.io ara.paa-reporting-advertising.amazon connect.facebook.net d3995ea24pmi7m.cloudfront.net google.com *.amazon.in *.clarity.ms *.criteo.com *.facebook.com *.fullstory.com *.google.com *.googleapis.com *.livechatinc.com *.moengage.com *.onetrust.com *.paytm.in *.phonepe.com *.razorpay.com *.tatadigital.com *.titaneyeplus.com *.unbxdapi.com s.amazon-adsystem.com search.unbxd.io secure.paytmpayments.com stats.g.doubleclick.net tr.snapchat.com tr6.snapchat.com www.google-analytics.com www.google.co.in www.google.com www.googleadservices.com; font-src 'self' *.amazon-adsystem.com *.gstatic.com *.google.co.in *.onetrust.com *.unbxd.io ad.doubleclick.net ara.paa-reporting-advertising.amazon google.com stats.g.doubleclick.net www.google-analytics.com www.googleadservices.com; frame-src 'self' *; report-uri https://admin.titaneyeplus.com/csp.php; 1
default-src 'self' data: blob: *.armstrong.com *.armstrongceilings.com armstrongceilings.my.salesforce-sites.com d2qrdklrsxowl2.cloudfront.net fonts.gstatic.com www.google-analytics.com *.akamaihd.net brightcove.hs.llnwd.net *.brightcove.com *.media.brightcove.com manifest.prod.boltdns.net fast.fonts.net ;style-src 'self' 'unsafe-inline' fast.fonts.net d2qrdklrsxowl2.cloudfront.net *.s3.amazonaws.com fonts.googleapis.com display.ugc.bazaarvoice.com s7d9.scene7.com player.interactivity.brightcove.com armstrongceilings.my.site.com;form-action 'self' *.armstrong.com *.armstrongceilings.com armstrongceilings.tfaforms.net *.salesforceliveagent.com *.la3-c2-ia4.salesforceliveagent.com www.facebook.com api.bazaarvoice.com;frame-ancestors 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.armstrong.com *.armstrongceilings.com cdn-cookieyes.com js.hsforms.net *.bazaarvoice.com *.outbrain.com *.salesforceliveagent.com *.ugc.bazaarvoice.com assets.adobedtm.com connect.facebook.net d2qrdklrsxowl2.cloudfront.net googleads.g.doubleclick.net lib-us-3.brilliantcollector.com players.brightcove.net siteintercept.qualtrics.com snap.licdn.com vjs.zencdn.net *.google-analytics.com www.googleadservices.com www.googletagmanager.com znbmda84ti8npbglj-armstrong.siteintercept.qualtrics.com *.googleapis.com html5.dcatalog.com *.google.com display.ugc.bazaarvoice.com www.gstatic.com s7d9.scene7.com *.mountain.com armstrongceilings.tfaforms.net googleads.g.doubleclick.net js-na1.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hscollectedforms.net *.analytics.google.com 100.20.58.101 18.210.229.244 3.212.39.155 34.215.155.61 35.160.46.251 35.85.84.151 44.212.189.233 44.228.85.26 44.238.122.172 52.22.50.55 52.71.121.170 54.156.2.105 player.interactivity.brightcove.com x.clearbitjs.com *.clearbitscripts.com pixel.byspotify.com pixels.spotify.com *.clarity.ms s.pinimg.com *.pinterest.com armstrongceilings.my.site.com;frame-src *;img-src 'self' data: blob: *;connect-src 'self' *.akamaihd.net *.armstrong.com *.armstrongceilings.com cdn-cookieyes.com *.cookieyes.com forms.hsforms.com *.brightcove.com *.qualtrics.com *.hapyak.com cdn.linkedin.oribi.io armstrong.tt.omtrdc.net brightcove.hs.llnwd.net dpm.demdex.net edge.api.brightcove.com lib-us-3.brilliantcollector.com manifest.prod.boltdns.net stats.g.doubleclick.net *.googleapis.com s7d9.scene7.com www.facebook.com *.google.com forms.hubspot.com *.google-analytics.com 100.20.58.101 18.210.229.244 3.212.39.155 34.215.155.61 35.160.46.251 35.85.84.151 44.212.189.233 44.228.85.26 44.238.122.172 52.22.50.55 52.71.121.170 54.156.2.105 px.ads.linkedin.com *.clearbitscripts.com app.clearbit.com pixels.spotify.com house-fastly-signed-us-east-1-prod.brightcovecdn.com *.clarity.ms *.pinterest.com armstrongceilings.my.salesforce-scrt.com;object-src players.brightcove.net 1
default-src 'self'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=muT7OEN7OAbqM4v9JtRXQSVIbvt5wP9J3JLGi.9v9JE-1752200027-1.0.1.1-sr6L0V238rhTCjWom0BxFeHKqGtoJIM9LVEb3uY66nF_j3dB0pFrcM5to1ti6TLN7MOCzWLPvxItabMcUbObtvkWBMcV7hnAsBnib_7x6V2CES85zhgi29j07LSAtwW2c861MwubEQaDhyC652..pgSvL.Qf23WWaPo.5_4khJ7QBEIWiG0YJykbAqrCVopdHhmclZ0ZqOd46lJC1sWtyQ; report-to cf-vutdyfdxskrrfzaf 1
default-src 'self' https:; font-src 'self' https: data:; object-src 'none'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com; worker-src 'self' blob:; style-src 'self' https: 'unsafe-inline'; img-src 'self' https: data: www.googletagmanager.com; connect-src 'self' https: ws: wss:; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubf68dfe1092b9b71f30b0f8123a55b7f0&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=project%3Ask%2Cenv%3Aproduction&service=sk 1
default-src 'self'; script-src  'self' https:       'unsafe-inline' 'unsafe-eval'; style-src   'self' https:       'unsafe-inline'; font-src    'self' https: data: 'unsafe-inline'; img-src     'self' https: data:; connect-src 'self' https:; frame-src   'self' https://*.vipleiloes.com.br https://*.provedor.space https://streaming01.vplpar.com:5443; media-src   'self' https:; form-action 'self' https:; base-uri    'self'; frame-ancestors 'self' https://*.vipleiloes.com.br https://streaming01.vplpar.com:5443; object-src  'none'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bing.com *.cookiebot.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.google.com *.gstatic.com *.doubleclick.net *.curator.io *.elfsight.com *.hotjar.com *.facebook.net *.cloudfront.net *.micpn.com *.searchstax.com *.wisepops.com wisepops.com *.wisepops.net wisepops.net *.sentry-cdn.com *.thehotelsnetwork.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.fonts.net *.myfonts.net *.doubleclick.net *.curator.io; img-src 'self' data: blob: *.google.co.uk *.facebook.com *.doubleclick.net *.google-analytics.com *.micpn.com *.googleapis.com *.gstatic.com *.cloudfront.net *.curator.io *.tripadvisor.com; connect-src 'self' *.bing.com *.cookiebot.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.google.com *.gstatic.com *.doubleclick.net *.micpn.com *.facebook.com *.mapbox.com *.curator.io *.wisepops.net *.wisepops.com wisepops.net wisepops.com *.thehotelsnetwork.com; font-src 'self' data: *.fonts.net *.myfonts.net *.gstatic.com; worker-src 'self' blob:; child-src 'self' blob: *.google.com *.googleapis.com *.googletagmanager.com *.doubleclick.net; frame-src 'self' *.google.com *.doubleclick.net *.facebook.com; media-src 'self'; object-src 'none'; base-uri 'self'; report-uri https://3chillies.report-uri.com/r/d/csp/reportOnly; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://aau.edu.jo https://*.aau.edu.jo *.googleusercontent.com *.jsdelivr.net *.gstatic.com *.bootstrapcdn.com *.googleapis.com *.google.com; report-uri //report-csp-violation 1
font-src fonts.gstatic.com use.typekit.net *.hotjar.com *.safetypay.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://test.oppwa.com/ https://oppwa.com/ https://eu-prod.oppwa.com/ https://www.datafast.com.ec/ *.safetypay.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com https://test.oppwa.com/ https://oppwa.com/ https://www.datafast.com.ec/ *.doubleclick.net *.groovinads.com *.freshchat.com *.safetypay.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.weltpixel.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.wesupply.xyz https://wesupplylabs.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net p.typekit.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io https://test.oppwa.com/ https://oppwa.com/ https://www.datafast.com.ec/ *.tia.com.ec app.tiamagento.test *.doubleclick.net *.groovinads.com www.google.com *.google.com www.google.es *.google.es www.googletagmanager.com *.googletagmanager.com *.googleapis.com *.cookie-script.com *.amazonaws.com *.safetypay.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com www.googletagmanager.com *.braindw.com https://test.oppwa.com/ https://oppwa.com/ https://eu-prod.oppwa.com/ https://www.datafast.com.ec/ *.tia.com.ec munchkin.marketo.net *.hotjar.com *.cookie-script.com *.newrelic.com *.smartlook.com *.dynatrace.com *.pushpushgo.com *.groovinads.com *.doubleclick.net *.google-analytics.com *.freshchat.com *.googleapis.com *.tiktok.com *.googleadservices.com *.qualtrics.com *.safetypay.com connect.facebook.net www.facebook.com graph.facebook.com business.facebook.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com analytics.google.com *.facebook.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com https://test.oppwa.com/ https://oppwa.com/ https://eu-prod.oppwa.com/ https://www.datafast.com.ec/ *.freshchat.com *.safetypay.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src *.safetypay.com 'self' 'unsafe-inline'; media-src *.adobe.com *.safetypay.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.snplow.net commerce.adobedc.net api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com *.sentry.io fcmregistrations.googleapis.com firebaseinstallations.googleapis.com *.braindw.com https://test.oppwa.com/ https://oppwa.com/ https://eu-prod.oppwa.com/ https://www.datafast.com.ec/ *.mktoresp.com *.hotjar.com *.cookie-script.com *.nr-data.net *.hotjar.io *.smartlook.cloud *.doubleclick.net *.googleapis.com *.google.com www.googletagmanager.com *.googletagmanager.com *.analytics.google.com *.tiktok.com *.qualtrics.com *.googlesyndication.com *.adobe.com *.safetypay.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com *.google-analytics.com analytics.google.com *.facebook.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.safetypay.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri *.safetypay.com 'self' 'unsafe-inline'; 1
default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src https://* 'self' epichttp:;script-src 'nonce-2d435ff32c7f4ea7a387081870bf18b9' https://mywvuchart.com 'self';img-src https://* 'self' blob: data:;style-src https://mywvuchart.com 'self' 'unsafe-inline';worker-src 'self' blob:;child-src 'self' blob:;form-action 'self';media-src https://* 'self' blob:; 1
object-src 'none';base-uri 'self';script-src 'nonce-wdeWRjvx_oTbHaAbPavojA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.gstatic.com fonts.gstatic.com use.typekit.net *.typekit.net *.googleapis.com data: https://www.googletagmanager.com *.fontawesome.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action www.facebook.com ecommerce.raiffeisenbank.rs *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self' *.jasmin.rs *.cookiebot.com *.hotjar.com *.googletagmanager.com www.gstatic.com 'self'; frame-src www.facebook.com bid.g.doubleclick.net storifyme.com storifyme.xyz *.storifyme.com *.storifyme.xyz *.jasmin.rs *.yandex.com *.yandex.md *.doubleclick.net *.cookiebot.com *.googletagmanager.com *.yango.com fast.amc.demdex.net *.adobe.com *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com 'self' 'unsafe-inline'; img-src *.googleapis.com *.gstatic.com stats.g.doubleclick.net www.google.com www.google.rs www.facebook.com www.googletagmanager.com storifyme.com storifyme.xyz *.storifyme.com *.storifyme.xyz assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com googleads.g.doubleclick.net bid.g.doubleclick.net analytics.google.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io maps.googleapis.com maps.gstatic.com *.yandex.ru https://yandex.ru *.yandex.com *.yandex.md *.cookiebot.com *.yads.tech *.sharethis.com *.ymmobi.com *.doubleclick.net *.opera.com *.jasmin.rs jasmin.b-cdn.net kickoffcrm.com *.google.ru *.yango.com *.facebook.net *.linkedin.com data: www.googleadservices.com www.google-analytics.com p.typekit.net *.paypal.com *.typekit.net magefan.com cm.magefan.com *.disqus.com https://img.youtube.com https://firebasestorage.googleapis.com data: 'self' 'unsafe-inline'; script-src *.googleapis.com *.gstatic.com *.googletagmanager.com www.google-analytics.com connect.facebook.net googleads.g.doubleclick.net stats.g.doubleclick.net storifyme.com storifyme.xyz *.storifyme.com *.storifyme.xyz *.hotjar.com *.yandex.ru *.yandex.com *.cookiebot.com *.jasmin.rs mc.yango.com jasmin.sales-snap.com *.licdn.com assets.adobedtm.com *.adobe.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com tagmanager.google.com https://www.googletagmanager.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.disqus.com *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.jasmin.rs jasmin.sales-snap.com *.adobe.com fonts.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.fontawesome.com https://fonts.bunny.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.b-cdn.net storifyme.com storifyme.xyz *.storifyme.com *.storifyme.xyz *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.googleapis.com *.google.com google.com www.google-analytics.com connect.facebook.net stats.g.doubleclick.net *.facebook.com dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com analytics.google.com www.googletagmanager.com *.cardinalcommerce.com vimeo.com ekr.zdassets.com get.geojs.io *.avada.io *.hotjar.com *.hotjar.io wss://ws.hotjar.com storifyme.com storifyme.xyz *.storifyme.com *.storifyme.xyz *.yandex.ru *.yandex.com yandex.com *.yandex.md *.doubleclick.net *.jasmin.rs *.googlesyndication.com *.yango.com jasmin.sales-snap.com *.linkedin.com *.cookiebot.com *.newrelic.com *.nr-data.net *.adobe.io performance.typekit.net *.sentry.io *.paypal.com https://www.google-analytics.com https://get.geojs.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
connect-src *;frame-src *;img-src https: data: blob: about: safari-extension: safari-resource: chrome-extension: http://*.rackcdn.com http://*.tumblr.com http://huaban.com;worker-src https: blob:;script-src https: 'unsafe-eval' 'unsafe-inline'; report-uri /log/csp 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.squarecdn.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.useinsider.com https://www.gstatic.com https://fonts.gstatic.com https://*.typekit.net https://fonts.googleapis.com *.alicdn.com *.bazaarvoice.com *.googleusercontent.com *.homehardware.com.au *.hotjar.com *.hsappstatic.net *.slant.co *.zip.co *.alipayobjects.com *.cloudflare.com *.fontawesome.com *.fonts.net *.fontshare.com *.googleapis.com *.migaku.com *.mitre10.com.au *.qantas.com *.ziplyne.com *.crisp.chat data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.googlesyndication.com api.bazaarvoice.com stg.api.bazaarvoice.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors https://app.contentful.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com widgets.sandbox.afterpay.com *.cash.app *.sharethis.com https://*.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.useinsider.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * www.xtento.com zip.co static.zip.co sandbox.zip.co zipmoney.com.au sandbox.zipmoney.com.au checkout.gb.zip.co checkout.quadpay.com checkout-sandbox.quadpay.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com *.ftcdn.net *.behance.net *.afterpay.com/ *.cash.app *.sharethis.com 'self' data: https://*.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.openstreetmap.org https://maps.googleapis.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com *.useinsider.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com maps.gstatic.com https://*.mitre10.com.au https://*.openstreetmap.org https://scontent.cdninstagram.com https://tracker.unbxdapi.com *.dotomi.com *.eyeota.net *.googleapis.com *.mitre10.com.au *.openx.net *.pubmatic.com www.google.bf www.google.ca www.google.ch www.google.cm www.google.co.ck www.google.co.id www.google.co.in www.google.co.kr www.google.co.nz www.google.co.ug www.google.co.uk www.google.co.za www.google.co.zm www.google.com.au www.google.com.bd www.google.com.fj www.google.com.gh www.google.com.hk www.google.com.pg www.google.com.ph www.google.com.pk www.google.com.sa www.google.com.sg www.google.com.tw www.google.com.vn www.google.de www.google.dk www.google.es www.google.fr www.google.gr www.google.hr www.google.hu www.google.ie www.google.it www.google.nl www.google.pl www.google.rs www.google.se *.amazon-adsystem.com *.bazaarvoice.com *.ctnsnet.com *.homehardware.com.au *.shophumm.com.au *.unbxdapi.com *.zip.co www.google.ae www.google.am www.google.at www.google.ba www.google.be www.google.bt www.google.by www.google.ci www.google.cl www.google.co.bw www.google.co.cr www.google.co.il www.google.co.jp www.google.co.ke www.google.co.ls www.google.co.ma www.google.co.mz www.google.co.th www.google.co.tz www.google.co.uz www.google.co.ve www.google.co.vi www.google.co.zw www.google.com.ar www.google.com.br www.google.com.co www.google.com.do www.google.com.ec www.google.com.eg www.google.com.jm www.google.com.kh www.google.com.kw www.google.com.lb www.google.com.ly www.google.com.mt www.google.com.mx www.google.com.my www.google.com.na www.google.com.ng www.google.com.np www.google.com.pa www.google.com.pe www.google.com.pr www.google.com.qa www.google.com.sb www.google.com.sl www.google.com.tr www.google.com.ua www.google.com.uy www.google.cz www.google.dz www.google.ee www.google.fi www.google.ge www.google.gg www.google.hn www.google.im www.google.iq www.google.jo www.google.ki www.google.la www.google.lk www.google.lt www.google.lu www.google.lv www.google.md www.google.mk www.google.mu www.google.mw www.google.no www.google.pt www.google.ro www.google.ru www.google.sc www.google.si www.google.sk www.google.sn www.google.tn www.google.tt www.google.vu www.google.ws zip.co *.afterpay.com *.afterpay-beta.com *.clarity.ms *.contentsquare.net *.curalate.com *.cursors-4u.net *.google.com *.googleusercontent.com *.pinterest.com *.qualtrics.com *.shopback.com *.snapchat.com *.zipmoney.com.au dakotaram.com s3.amazonaws.com web-cockroach.herokuapp.com www.google.ad www.google.al www.google.as www.google.az www.google.bj www.google.bs www.google.cd www.google.cg www.google.co.ao www.google.com.af www.google.com.ag www.google.com.bh www.google.com.bn www.google.com.bo www.google.com.bz www.google.com.cu www.google.com.cy www.google.com.et www.google.com.gt www.google.com.mm www.google.com.ni www.google.com.om www.google.com.py www.google.com.sv www.google.com.vc www.google.cv www.google.dj www.google.fm www.google.ga www.google.gm www.google.gy www.google.ht www.google.is www.google.je www.google.kg www.google.kz www.google.me www.google.mg www.google.ml www.google.mn www.google.mv www.google.nr www.google.ps www.google.rw www.google.so www.google.sr www.google.tg www.google.tl www.google.tm www.google.to yastatic.net *.alicdn.com *.googleadservices.com www.google.com.gi www.google.dm www.google.gl www.google.nu www.google.pn www.google.sh www.google.td *.ctfassets.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com www.xtento.com cdn.xtento.com *.hsforms.net *.hsforms.com t.zip.co static.zipmoney.com.au static.zip.co https://images.ctfassets.net https://images.secure.ctfassets.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com *.squarecdn.com https://hbiq.net *.cash.app *.sharethis.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com *.plugins.emarsys.net *.scarabresearch.com *.useinsider.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com maps.googleapis.com https://libraries.unbxdapi.com https://d21gpk1vhmjuf5.cloudfront.net https://s3.amazonaws.com/downloads.mailchimp.com/js/goal.min.js https://cdn.optimizely.com https://rum.optimizely.com https://cdnjs.cloudflare.com https://maps.googleapis.com https://static.zip.co https://cdn.scarabresearch.com *.cloudflare.com *.dotomi.com *.googleapis.com *.newrelic.com *.unbxdapi.com *.bazaarvoice.com *.ctnsnet.com *.homehardware.com.au *.hotjar.com *.mitre10.com.au *.shophumm.com.au *.zip.co *.zipmoney.com.au d21gpk1vhmjuf5.cloudfront.net https://d3m8huu8gvuyn3.cloudfront.net/rex_template_content/unbxd_rex_template_sdk.js *.afterpay.com *.afterpay-beta.com *.clarity.ms *.contentsquare.net *.curalate.com *.googleadservices.com *.instagram.com *.p-a.io *.particularaudience.com *.pinimg.com *.pinterest.com *.qualtrics.com *.snapchat.com *.tableau.com consentag.eu dakotaram.com googletagmanager.com nexuspublications.com.au sc-static.net *.crisp.chat *.walkme.com *.humm-au.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com www.xtento.com cdn.xtento.com *.hsforms.net *.hsforms.com static.zipmoney.com.au static.zip.co zip.co https://cdn.jsdelivr.net/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com static.afterpay.com/ *.squarecdn.com *.cash.app *.sharethis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com display.ugc.bazaarvoice.com *.useinsider.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com https://*.typekit.net https://maps.googleapis.com https://libraries.unbxdapi.com *.typekit.net *.homehardware.com.au *.shophumm.com.au *.unbxdapi.com *.zip.co *.bazaarvoice.com *.fontawesome.com *.fonts.net *.mitre10.com.au assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.mitre10.com.au *.youtube.com *.globalshop.com.au https://videos.ctfassets.net https://videos.secure.ctfassets.net 'self' 'unsafe-inline'; manifest-src *.useinsider.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.afterpay.com *.squarecdn.com https://hbiq.net https://iq.afterpay-beta.com https://iq.afterpay.com *.cash.app api.lab.amplitude.com *.sharethis.com fcmregistrations.googleapis.com firebaseinstallations.googleapis.com *.google-analytics.com *.facebook.com *.facebook.net https://*.google.com *.doubleclick.net *.googlesyndication.com *.openstreetmap.org https://maps.googleapis.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.scarabresearch.com *.eservice.emarsys.net *.useinsider.com https://ipinfo.io https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com maps.googleapis.com https://search.unbxd.io https://www.instagram.com https://graph.instagram.com https://*.sandbox.afterpay.com https://api.sandbox.zipmoney.com.au https://api.zipmoney.com.au https://*.sandbox.zip.co https://*.zip.co *.googleapis.com *.nr-data.net *.typekit.net localhost www.google.co.id www.google.co.in www.google.co.nz www.google.co.za www.google.com.au www.google.com.bd www.google.com.fj www.google.com.hk www.google.com.ph www.google.com.sa www.google.com.sg www.google.de www.google.dk www.google.hu www.google.pt www.google.rs *.afterpay-beta.com *.bazaarvoice.com *.crwdcntrl.net *.ctnsnet.com *.homehardware.com.au *.shophumm.com.au *.unbxd.io *.zip.co *.zipmoney.com.au www.google.ae www.google.am www.google.at www.google.ba www.google.be www.google.bf www.google.bt www.google.by www.google.ca www.google.ch www.google.cl www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ma www.google.co.th www.google.co.tz www.google.co.ug www.google.co.uk www.google.co.uz www.google.co.ve www.google.co.vi www.google.co.zw www.google.com.ar www.google.com.br www.google.com.do www.google.com.ec www.google.com.eg www.google.com.gh www.google.com.jm www.google.com.kh www.google.com.lb www.google.com.mx www.google.com.my www.google.com.ng www.google.com.np www.google.com.pe www.google.com.pk www.google.com.qa www.google.com.sb www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.vn www.google.cz www.google.dz www.google.ee www.google.es www.google.fi www.google.fr www.google.ge www.google.gr www.google.hn www.google.hr www.google.ie www.google.it www.google.jo www.google.la www.google.lk www.google.lv www.google.mu www.google.nl www.google.no www.google.pl www.google.ro www.google.ru www.google.se www.google.sk www.google.tn www.google.tt www.google.vu www.google.ws *.alicdn.com *.clarity.ms *.contentsquare.net *.curalate.com *.googleadservices.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.mitre10.com.au *.p-a.io *.particularaudience.com *.pinterest.com *.qualtrics.com *.snapchat.com *.stbuttons.click *.unbxdapi.com www.google.al www.google.az www.google.bg www.google.bs www.google.cd www.google.ci www.google.co.ao www.google.co.bw www.google.co.ck www.google.co.cr www.google.co.il www.google.co.mz www.google.co.zm www.google.com.bh www.google.com.bn www.google.com.bz www.google.com.co www.google.com.cu www.google.com.cy www.google.com.et www.google.com.gt www.google.com.kw www.google.com.ly www.google.com.mm www.google.com.mt www.google.com.na www.google.com.om www.google.com.pa www.google.com.pg www.google.com.pr www.google.com.sv www.google.com.uy www.google.ga www.google.gm www.google.gy www.google.ht www.google.iq www.google.je www.google.kg www.google.kz www.google.lt www.google.lu www.google.md www.google.me www.google.mg www.google.mk www.google.mn www.google.mv www.google.mw www.google.nr www.google.ps www.google.rw www.google.sc www.google.si www.google.sn www.google.so www.google.sr www.google.tg www.google.tl www.google.tm www.google.to zip.co *.crisp.chat www.google.as www.google.bj www.google.cg www.google.cm www.google.co.ls www.google.com.af www.google.com.bo www.google.com.gi www.google.com.py www.google.com.vc www.google.dm www.google.im www.google.is www.google.ki www.google.ml www.google.nu www.google.pn *.walkme.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com t.elasticsuite.io *.hsforms.net *.hsforms.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.useinsider.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://87acbafe-91fb-446b-aa4c-62851bc12cb5.sansec.watch/; report-to report-endpoint; 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://ssl.google-analytics.com; style-src 'self' 'unsafe-inline'; img-src 'self' https://ssl.google-analytics.com; report-uri https://4c290d79b4ee3f2ad3fd23f362bde480.report-uri.com/r/d/csp/reportOnly; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.wesupply.xyz https://wesupplylabs.com *.sandbox.paypal.com *.paypalobjects.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.weltpixel.com *.googletagmanager.com *.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com *.swagger.io *.ftcdn.net *.behance.net *.googleapis.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com julio.com *.scene7.com *.doubleclick.net *.google.com *.google-analytics.com *.googleadservices.com *.braintreegateway.com mcusercontent.com www.google.com.co *.sharethis.com *.aplazo.mx *.api.useinsider.com *.sandbox.paypal.com *.paypalobjects.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.reddit.com *.bing.com *.clarity.ms *.googletagmanager.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.googleapis.com *.gstatic.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.facebook.net *.connect.facebook.net https://smetrics.julio.com *.julio.com *.cardinalcommerce.com unpkg.com cdn.jsdelivr.net *.magento-datasolutions.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.paypal.com *.paypalobjects.com *.bolt.com *.commerce-quick-checkout.com *.online-metrix.net *.cybersource.com *.braintreegateway.com *.sharethis.com *.pingdom.net *.hotjar.com *.zdassets.com *.useinsider.com *.usizy.es usizy.com *.cloudflare.com *.sandbox.paypal.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com *.redditstatic.com *.reddit.com *.tiktok.com *.bing.com *.clarity.ms *.doubleclick.net https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com downloads.mailchimp.com *.fontawesome.com *.paypal.com *.sandbox.paypal.com *.paypalobjects.com assets.braintreegateway.com *.tagmanager.google.com *.googletagmanager.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.amazonaws.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.googleapis.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com julio.com https://smetrics.julio.com *.demdex.net *.cardinalcommerce.com *.snplow.net *.pingdom.net *.woorank.com *.adobedc.net *.youtube.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com *.bolt.com *.magento-ds.com *.braintreegateway.com *.braintree-api.com *.sharethis.com *.zdassets.com grupojulio.zendesk.com *.usizy.es usizy.com *.hotjar.io *.api.useinsider.com *.useinsider.com *.g.doubleclick.net *.crwdcntrl.net *.sandbox.paypal.com *.paypalobjects.com www.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.bing.com *.clarity.ms *.doubleclick.net *.run.app 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src julio.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'strict-dynamic' 'nonce-iAMDpgnDrzsnasmnF+my5w==' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' oqvestir.com.br *.oqvestir.com.br wake-components.fbitsstatic.net oqvestir.fbitsstatic.net fbits.net nr-data.net newrelic.com google.com googletagmanager.com google-analytics.com facebook.net facebook.com jquery.com bootstrapcdn.com *.fbits.net *.nr-data.net *.newrelic.com *.google.com *.googletagmanager.com *.google-analytics.com *.facebook.net *.facebook.com *.jquery.com *.bootstrapcdn.com wss://signalr.fbits.net k-analytix.com *.k-analytix.com i.konduto.com *.yapay.com.br *.traycheckout.com.br h.online-metrix.net *.clearsale.com.br dzpxyxks1bfmb.cloudfront.net *.gstatic.com *.koin.com.br *.soclminer.com.br *.btg360.com.br *.socialminer.com signalrcore.fbits.net wss://signalrcore.fbits.net *.cloudfront.net *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadopago.com.br *.paypal.com *.paypalobjects.com *.fbits.store *.adyen.com *.pagar.me *.mundipagg.com *.getnet.com.br *.g.doubleclick.net *.doubleclick.net oqvestir.fbitsstatic.net *.criteo.com *.clarity.ms capig.shop2gether.com.br q.clarity.ms static.criteo.net clarity.ms sslwidget.criteo.com dynamic.criteo.com googleads.g.doubleclick.net gum.criteo.com bat.bing.com google.com.br googleadservices.com tags.creativecdn.com apigate.shop2gether.com.br o.clarity.ms *.creativecdn.com *.braintree-api.com *.braintreegateway.com *.pagseguro.com.br *.pagbank.com *.vindi.com.br *.cieloecommerce.cielo.com.br *.braspag.com.br *.pagador.com.br *.online-metrix.net bt-wake-connector.com.br *.pagaleve.com.br *.pagaleve.io wake-api.pagaleve.com.br securegtm.despegar.com api.ipify.org browser-intake-datadoghq.com *.datadoghq-browser-agent.com *.datadoghq.com n8n.icommgroup.com.br wake.koin.com.br *.icommgroup.com.br *.pinterest.com paypal-wake.s3.us-east-1.amazonaws.com *.cardinalcommerce.com *.api.useinsider.com *.useinsider.com *.secureacs.com *.crmbonus.com api.globalgetnet.com *.globalgetnet.com *.sandbox.3dsecure.io *.3dsecure.io ; img-src https: data:; style-src https: 'unsafe-inline'; font-src https: data:; frame-ancestors *.oqvestir.com.br oqvestir.com.br; report-uri https://pub-csp.fbits.net/checkout_sem_carrinho; report-to https://pub-csp.fbits.net/checkout_sem_carrinho; worker-src 'self' blob:; 1
object-src 'none';base-uri 'self';script-src 'nonce-I3lTgAHy_0xPAHsvHmdM5Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-v2uDLyjD4pgj2ti6KARW0g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
style-src-elem maps.gstatic.com maps.googleapis.com fonts.googleapis.com *.gstatic.com 'unsafe-inline' 'self' mcstaging.chopo.com.mx www.chopo.com.mx; font-src fonts.gstatic.com use.typekit.net *.fontawesome.com https://fonts.gstatic.com *.gstatic.com data: https://fonts.bunny.net https://www.google.com https://www.gstatic.com fonts.googleapis.com 'self' data: data: 'self' 'unsafe-inline'; form-action *.mercadopago.com.mx https://mercadopago.com.mx https://grupoproa.qualtrics.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.mitec.com.mx 'self' 'unsafe-inline'; frame-ancestors *.mercadopago.com.mx https://mercadopago.com.mx https://grupoproa.qualtrics.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.mitec.com.mx www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com *.mercadopago.com.mx https://mercadopago.com.mx https://grupoproa.qualtrics.com *.sharethis.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.mitec.com.mx www.google.com *.examedi.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.mercadopago.com.mx https://mercadopago.com.mx https://grupoproa.qualtrics.com *.sharethis.com *.gstatic.com *.googleapis.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com https://firebasestorage.googleapis.com *.mitec.com.mx *.bird.eu maps.gstatic.com maps.googleapis.com *.hsforms.net *.hsforms.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.magento-datasolutions.com *.magento-ds.com *.mercadopago.com.mx https://mercadopago.com.mx https://grupoproa.qualtrics.com *.sharethis.com *.googleapis.com *.gstatic.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.avada.io *.mitec.com.mx www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com maps.google.com *.examedi.com *.hsforms.net *.hsforms.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.fontawesome.com *.mercadopago.com.mx https://mercadopago.com.mx https://grupoproa.qualtrics.com *.sharethis.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com https://fonts.bunny.net *.googleapis.com *.addtoany.com *.mitec.com.mx *.google.com *.gstatic.com maps.gstatic.com maps.googleapis.com 'unsafe-inline' 'self' mcstaging.chopo.com.mx www.chopo.com.mx https://www.chopo.com.mx 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com *.sentry.io *.mercadopago.com.mx https://mercadopago.com.mx https://grupoproa.qualtrics.com *.sharethis.com *.googleapis.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com https://get.geojs.io *.avada.io http://dpm.demdex.net *.mitec.com.mx https://www.google.com https://www.gstatic.com maps.google.com *.gstatic.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'none'; report-uri /next-external/log/csp/violations; report-to csp-violations; connect-src 'self' wss://www.nordnet.dk https://www.googletagmanager.com https://analytics.nordnet.dk https://cdn.prod.nntech.io https://files.nordnet.dk https://api.prod.nntech.io https://api.test.nntech.io https://experimentation.public.prod.nntech.io https://www.google.com https://storage.googleapis.com https://www.recaptcha.net; font-src 'self' https://cdn.prod.nntech.io https://files.nordnet.dk; frame-src 'self' https://analytics.nordnet.dk https://10961666.fls.doubleclick.net https://www.youtube.com https://www.youtube-nocookie.com https://player.vimeo.com https://w.soundcloud.com https://embed.acast.com https://link.tink.com https://www.tv2.no https://checkout.trustly.com https://www.recaptcha.net https://t.email.nordnet.dk; img-src 'self' https://www.googletagmanager.com https://analytics.nordnet.dk https://cdn.prod.nntech.io https://files.nordnet.dk data: blob: https://shareville-static.s3.amazonaws.com https://shareville-media.s3.amazonaws.com https://cdn.tink.se https://images.ctfassets.net https://i.vimeocdn.com https://img.youtube.com https://www.recaptcha.net https://blog.nordnet.dk; manifest-src 'self'; media-src https://cdn.prod.nntech.io https://files.nordnet.dk https://videos.ctfassets.net; object-src 'self'; script-src 'self' 'nonce-5e6b7129-8ef7-4dd6-9d5e-1f50eb89800a' https://analytics.nordnet.dk https://cdn.prod.nntech.io https://files.nordnet.dk https://www.recaptcha.net; script-src-attr 'none'; style-src 'unsafe-inline' 'self' https://cdn.prod.nntech.io https://files.nordnet.dk; worker-src 'none'; base-uri 'none'; form-action 'self' https://www.shareville.se https://pvu.nets.no https://pvu.avtalegiro.no https://online.alandsbanken.fi https://verkkopankki.danskebank.fi https://verkkomaksu.handelsbanken.fi https://epmt.nordea.fi https://identify.nordea.com https://verkkomaksu.poppankki.fi https://verkkomaksu.saastopankki.fi https://online.s-pankki.fi https://auth.aktia.fi https://kirjaudu.aktia.fi https://ebank.aktia.fi; frame-ancestors 'self' https://app.contentful.com; 1
default-src * data: blob: 'unsafe-inline' 'unsafe-eval' 'wasm-eval'; frame-ancestors https://*.dalux.com https://*.dalux.dk; report-uri https://cspreport.dalux.dk/logreport 1
object-src 'self'; script-src 'self' https://cdnjs.cloudflare.com https://www.google.com 'unsafe-inline' https://statistiek.rijksoverheid.nl/; script-src-attr 'self'; script-src-elem 'self' 'unsafe-inline' https://statistiek.rijksoverheid.nl/matomo.js https://cdnjs.cloudflare.com https://www.google.com; style-src 'self' https://cdnjs.cloudflare.com; style-src-attr 'self'; frame-ancestors 'self' 1
default-src 'none'; script-src 'self' *.twitter.com *.google.com *.recaptcha.net *.googletagmanager.com *.google-analytics.com; img-src *; 1
object-src 'none'; block-all-mixed-content; default-src 'self'; img-src 'self' data: https://biblionix.com/ https://demonstration.biblionix.com https://secure.gravatar.com/; style-src 'self' 'unsafe-inline' https://demonstration.biblionix.com https://www.gstatic.com/ https://fonts.googleapis.com/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://demonstration.biblionix.com https://www.gstatic.com/ https://cdn.walkme.com/; font-src 'self' https://fonts.gstatic.com/ data:; report-uri https://www.biblionix.com/report/?block=0 1
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*.googleapis.com https://www.google-analytics.com https://www.googleanalytics.com https://www.googleoptimize.com https://optimize.google.com *.google.com https://*.google.com https://*.googleusercontent.com https://*.ggpht.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://*.gstatic.com https://*.googleadservices.com http://s3.amazonaws.com https://snap.licdn.com https://connect.facebook.net https://www.facebook.com https://static.hotjar.com https://script.hotjar.com http://*.tiqcdn.com https://pageimprove.io https://*.linkedin.com https://partenamut.activehosted.com https://*.tealiumiq.com https://*.youtube.com https://*.decibelinsight.net https://wurfl.io https://bat.bing.com https://*.googlesyndication.com https://*.teads.tv https://*.clarity.ms/ https://dev.visualwebsiteoptimizer.com https://tags.partenamut.be/partenamut-site/prod/utag.sync.js https://tags.partenamut.be/partenamut-site/prod/utag.js https://tags.partenamut.be https://analytics.tiktok.com https://analytics.tiktok.com/i18n/pixel/events.js https://collect.partenamut.be; style-src 'unsafe-inline' 'self' https://*.googleapis.com https://fonts.googleapis.com https://optimize.google.com https://unpkg.com https://script.hotjar.com https://static.hotjar.com https://*.gstatic.com https://fonts.bunny.net; img-src 'self' https://*.googleapis.com https://*.gstatic.com https://*.google.com *.googleusercontent.com https://*.google.be https://*.google-analytics.com https://googleads.g.doubleclick.net https://*.linkedin.com https://*.partenamut.be https://*.facebook.com https://dummyimage.com https://placehold.co https://www.googletagmanager.com http://www.w3.org/2000/svg https://*.tealiumiq.com https://s535jira.mutworld.be https://flagcdn.com https://script.hotjar.com https://static.hotjar.com https://bat.bing.com https://ad.doubleclick.net https://*.teads.tv https://dev.visualwebsiteoptimizer.com https://tags.partenamut.be/partenamut-site/prod/utag.js https://*.clarity.ms https://c.bing.com https://www.google.com/pagead/form-data https://survey-images.hotjar.com data:; frame-src 'self' https://*.google.com https://optimize.google.com https://vars.hotjar.com/ https://*.youtube.com https://*.partenamut.be https://cloud.cavai.com/ www.facebook.com https://idp.iamfas.belgium.be/ https://td.doubleclick.net/ https://*.teads.tv/ https://td.doubleclick.net.x.ccf80dde0e0820444b0b8f9038e392127391.d045232a.id.opendns.com https://10649093.fls.doubleclick.net ; font-src 'self' https://fonts.gstatic.com https://script.hotjar.com https://fonts.bunny.net; object-src 'self' data: 'unsafe-eval'; media-src 'self'; child-src 'self'; form-action 'self'; frame-ancestors 'self'; base-uri 'self'; navigate-to *; connect-src 'self' https://*.cloud.es.io https://*.googleapis.com *.google.com https://*.google.com https://*.google.com https://*.gstatic.com  https://*.google-analytics.com https://*.facebook.com https://*.linkedin.oribi.io https://*.hotjar.io https://*.hotjar.com https://pageimprove.io https://*.tealiumiq.com https://*.decibelinsight.net wss://*.hotjar.com https://*.cloud.es.io https://bat.bing.com https://*.linkedin.com https://*.googlesyndication.com wss://*.decibelinsight.net https://wurfl.io https://*.g.doubleclick.net https://*.teads.tv https://*.clarity.ms/ https://dev.visualwebsiteoptimizer.com https://adservice.google.com https://www.google.com/pagead/form-data https://google.com/ccm/form-data/1035243604 https://google.com:433/ccm/form-data/1035243604 https://*.adservice.google.com https://adservice.google.com https://analytics.tiktok.com https://*.partenamut.be data: blob:; worker-src 'self' blob:;;report-uri https://mutualit.uriports.com/reports; report-to default 1
object-src 'none';base-uri 'self';script-src 'nonce-8Lp-jreNzgQtsdGW0ghlPQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none'; script-src * 'unsafe-inline' 'unsafe-eval'; script-src-attr 'self'; base-uri 'self'; frame-ancestors 'self' https: 1
font-src https://www.googletagmanager.com *.googleapis.com *.gstatic.com *.yotpo.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com https://plumrocket.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ https://plumrocket.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.gstatic.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ tagmanager.google.com https://www.googletagmanager.com https://assets.emarsys.net https://cdn.scarabresearch.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com https://production-tailoy-repo-magento-statics.s3.us-east-2.amazonaws.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com https://www.google-analytics.com https://recommender.scarabresearch.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' dropbox.okta.com *.oktacdn.com; connect-src 'self' dropbox.okta.com dropbox-admin.okta.com *.oktacdn.com *.mixpanel.com *.mapbox.com dropbox.kerberos.okta.com dropbox.mtls.okta.com *.authenticatorlocalprod.com:8769 http://localhost:8769 http://127.0.0.1:8769 *.authenticatorlocalprod.com:65111 http://localhost:65111 http://127.0.0.1:65111 *.authenticatorlocalprod.com:65121 http://localhost:65121 http://127.0.0.1:65121 *.authenticatorlocalprod.com:65131 http://localhost:65131 http://127.0.0.1:65131 *.authenticatorlocalprod.com:65141 http://localhost:65141 http://127.0.0.1:65141 *.authenticatorlocalprod.com:65151 http://localhost:65151 http://127.0.0.1:65151 https://oinmanager.okta.com data: *.ingest.sentry.io; script-src 'unsafe-inline' 'nonce-0xtEspLI1gGK72UKs01OhA' 'unsafe-eval' 'self' 'report-sample' dropbox.okta.com *.oktacdn.com; style-src 'unsafe-inline' 'self' 'report-sample' dropbox.okta.com *.oktacdn.com; frame-src 'self' dropbox.okta.com dropbox-admin.okta.com login.okta.com *.vidyard.com com-okta-authenticator: api-37ec43d7.duosecurity.com; img-src 'self' dropbox.okta.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com *.vidyard.com data: blob:; font-src 'self' dropbox.okta.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self' https://app.dropboxer.net 1
frame-ancestors 'none'; report-uri https://13fc2e96c75baedc98bc60c37c2c93be.report-uri.com/r/d/csp/wizard; script-src 'strict-dynamic' 'nonce-v0Y1gEORNjSyDwSFJeEKjA==' 1
connect-src 'self' https://correspondent.report-uri.com https://static.cdn-decorrespondent.nl https://useruploads.cdn-decorrespondent.nl https://decorrespondent.matomo.cloud https://o206126.ingest.sentry.io; media-src 'self' https://static.cdn-decorrespondent.nl https://traffic.omny.fm https://*.mc.tritondigital.com https://useruploads.cdn-decorrespondent.nl blob:; form-action 'self' https://www.mollie.com https://pay.ideal.nl https://www.paypal.com; report-uri https://correspondent.report-uri.com/r/d/csp/reportOnly; report-to csp-report-only-endpoint 1
object-src 'none';base-uri 'self';script-src 'nonce-gl1WXyrDjHKBg_HpVhyzIw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'self' 'unsafe-eval' assets.sitescdn.net connect.cooper.edu https://cdnjs.cloudflare.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' answers-embed.cooper.edu.pagescdn.com buttons-config.sharethis.com cdn.unibuddy.co chimpstatic.com mx.technolutions.net traffic-drivers.unibuddy.co www.google-analytics.com www.googletagmanager.com www.youvisit.com www.youtube.com cooper.us10.list-manage.com s3.amazonaws.com t.sharethis.com js-agent.newrelic.com www.skynettechnologies.com assets.sitescdn.net connect.cooper.edu https://cdnjs.cloudflare.com; style-src 'self' fonts.googleapis.com https://assets.sitescdn.net https://cdnjs.cloudflare.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' cdn-images.mailchimp.com fonts.googleapis.com https://assets.sitescdn.net https://cdnjs.cloudflare.com; frame-ancestors 'self' cooper.edu; report-uri https://cooper.report-uri.com/r/d/csp/wizard 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com maxcdn.bootstrapcdn.com *.development.scalapay.com *.staging.scalapay.com *.integration.scalapay.com *.scalapay.com *.googleapis.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com x.klarnacdn.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.doubleclick.net *.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.bird.eu flagpedia.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.development.scalapay.com *.staging.scalapay.com *.integration.scalapay.com *.scalapay.com *.googleapis.com *.adobedtm.com dev.visualwebsiteoptimizer.com *.exacttarget.com google.it/pagead/1p-conversion self data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.avada.io maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.development.scalapay.com *.staging.scalapay.com *.integration.scalapay.com *.scalapay.com *.googleapis.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com *.cardinalcommerce.com *.authorize.net *.ccdc02.com *.googleadservices.com *.paypalobjects.com  *.braintreegateway.com   *.paypal.com   *.ytimg.com www.gstatic.com/recaptcha www.google.com/recaptcha *.js-agent.newrelic.com unpkg.com/@googlemaps/markerclusterer/dist/index.min.js self *.criteo.com *.yandex.com *.yandex.ru *.teads.tv *.mainadv.com *.bing.com *.clarity.ms *.pinterest.com *.tiktok.com *.amazon-adsystem.com *.quantserve.com 'sha256-g/qbQ8sW5eJ9JO8sQzRJ1OvARbUyKpJXFeof9SLw1eI=' 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.fontawesome.com maxcdn.bootstrapcdn.com assets.braintreegateway.com *.development.scalapay.com *.staging.scalapay.com *.integration.scalapay.com *.scalapay.com *.stripe.network *.stripecdn.com *.amazon.com service.force.com x.klarnacdn.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.google-analytics.com *.facebook.com *.facebook.net https://get.geojs.io *.avada.io www.gstatic.com maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.development.scalapay.com *.staging.scalapay.com *.integration.scalapay.com *.scalapay.com *.googleapis.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.adobe.com assets.adobedtm.com *.googletagmanager.com *.authorize.net *.ccdc02.com *.googleadservices.com *.paypalobjects.com  *.braintreegateway.com   *.paypal.com   *.ytimg.com *.vimeocdn.com www.gstatic.com/recaptcha www.google.com/recaptcha *.google.bg *.doubleclick.net unpkg.com/@googlemaps/markerclusterer/dist/index.min.js unpkg.com/@googlemaps/markerclusterer/dist/* self consentcdn.cookiebot.com *.googlesyndication.com dev.visualwebsiteoptimizer.com js.klarna.com na.klarnaevt.com trustpilot.com googleads.g.doubleclick.net bam.nr-data.net *.criteo.com *.yandex.com *.yandex.ru *.teads.tv *.mainadv.com *.bing.com *.clarity.ms *.pinterest.com *.tiktok.com *.amazon-adsystem.com *.quantserve.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src bam.nr-data.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com fonts.googleapis.com *.googleapis.com data: https://fonts.gstatic.com *.stape.io *.fontawesome.com https://fonts.bunny.net *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com d114hh0cykhyb0.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com google.com *.braintreegateway.com *.paypal.com *.google.com www.google.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.stape.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com *.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com superbrightleds.atlassian.net *.brevo.com sibautomation.com *.criteo.com *.criteo.net *.nr-data.net *.trustpilot.com *.pinimg.com *.pinterest.com *.licdn.com *.linkedin.com *.vwo.com *.facebook.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com maps.googleapis.com maps.gstatic.com *.googleapis.com *.trackedlink.net ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com magefan.com cm.magefan.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.doubleclick.net *.stape.io https://firebasestorage.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://redchamps.com livehelpnow.net *.livehelpnow.net *.placeholder.com *.cloudfront.net *.trustkeeper.net *.trustwave.com *.digicert.com dis.criteo.com tags.bluekai.com secure.adnxs.com sync.ad-stir.com *.yahoo.com *.360yield.com *.3lift.com *.addthis.com *.adnxs.com *.adscale.de *.advertising.com *.agkn.com *.amazon-adsystem.com *.bbb.org *.bidswitch.net *.bing.com *.casalemedia.com *.clmbtech.com *.contextweb.com *.criteo.com *.demdex.net *.dmxleo.com matching.ivitrack.com *.krxd.net *.liadm.com mcprod.superbrightleds.com *.media.net exchange.mediavine.com partner.mediawallahscript.com *.omnitagjs.com *.outbrain.com *.postrelease.com *.pubmatic.com *.revcontent.com *.rlcdn.com *.rubiconproject.com *.sharethrough.com *.smaato.net *.socdm.com *.smartadserver.com *.stickyadstv.com *.taboola.com *.tapad.com *.teads.tv ad.tpmn.co.kr *.tremorhub.com *.turn.com *.yieldlab.net *.yieldmo.com *.zonos.com *.pinimg.com *.pinterest.com *.linkedin.com *.visualwebsiteoptimizer.com id5-sync.com a.twiago.com sync.1rx.io *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.magento-ds.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.magento-datasolutions.com https://maps.googleapis.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.gstatic.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.googletagmanager.com *.doubleclick.net *.stape.io *.avada.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com superbrightleds.atlassian.net *.brevo.com sibautomation.com *.digicert.com *.criteo.net *.criteo.com *.zonos.com *.trustpilot.com *.iglobalstores.com *.mixpanel.com *.mxpnl.com *.pinimg.com *.pinterest.com *.googleoptimize.com pageimprove.io *.licdn.com *.linkedin.com *.visualwebsiteoptimizer.com *.vwo.com *.facebook.net *.livehelpnow.net *.bing.com *.maxmind.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com downloads.mailchimp.com https://fonts.googleapis.com *.googleapis.com *.googletagmanager.com *.stape.io *.fontawesome.com https://fonts.bunny.net *.stripe.network *.stripecdn.com *.amazon.com d114hh0cykhyb0.cloudfront.net http://localhost:* *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.sentry.io *.paypal.com google.com *.google.com *.magento-datasolutions.com *.magento-ds.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io https://maps.googleapis.com https://player.vimeo.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.doubleclick.net *.googlesyndication.com *.stape.io https://get.geojs.io *.avada.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.brevo.com *.criteo.com *.zonos.com *.mixpanel.com *.pinimg.com *.pinterest.com pageimprove.io *.visualwebsiteoptimizer.com *.facebook.com *.mmapiws.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.bootstrapcdn.com *.trackcmp.net *.hotjar.com *.google-analytics.com *.nr-data.net *.typeform.com *.yotpo.com *.googleapis.com *.gstatic.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.authorize.net https://plumrocket.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.google.com *.authorize.net https://plumrocket.com *.hotjar.com *.addthis.com *.libsyn.com *.locally.com *.sheerid.com *.wayin.com *.newtonsoftware.com https://recruitingbypaycor.com/ *.curalate.com *.formstack.com *.trackcmp.net *.google-analytics.com *.nr-data.net data: *.typeform.com *.pagescdn.com *.yextpages.net *.googleapis.com *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com store.paradoxlabs.com *.google.com *.mageside.com mageside.com *.bc0a.com *.curalate.com *.s3.amazonaws.com *.amazonaws.com *.leupold.com *.googleapis.com *.gstatic.com *.trackcmp.net *.hotjar.com *.google-analytics.com *.nr-data.net *.typeform.com *.b0e8.com https://img.youtube.com maps.gstatic.com *.yotpo.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com s7.addthis.com *.google.com *.gstatic.com *.authorize.net *.hotjar.com *.curalate.com *.app-us1.com *.avmws.com *.acsbapp.com acsbapp.com *.googleapis.com *.googletagmanager.com *.paypalobjects.com *.sheerid.com *.jsdelivr.net *.addthis.com *.addthisedge.com *.moatads.com *.cloudfront.net *.locally.com *.wayin.com *.activehosted.com *.newtonsoftware.com recruitingbypaycor.com *.leupold.com *.trackcmp.net *.google-analytics.com trackcmp.net *.vimeo.com *.apptrian.com *.facebook.com *.typeform.com *.sitescdn.net *.yextpages.net *.pagescdn.com *.b0e8.com *.bc0a.com *.kaptcha.com https://www.googletagmanager.com tagmanager.google.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.sheerid.com *.bootstrapcdn.com *.trackcmp.net *.hotjar.com *.google-analytics.com *.nr-data.net *.typeform.com *.sitescdn.net tagmanager.google.com *.yotpo.com *.googleapis.com dhv2ziothpgrr.cloudfront.net 'self' 'unsafe-inline'; object-src *.trackcmp.net *.hotjar.com *.google-analytics.com *.nr-data.net *.doubleclick.net *.typeform.com 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com ekr.zdassets.com/ *.authorize.net *.bc0a.com *.hotjar.com wss://*.hotjar.com *.addthis.com *.googleapis.com *.acsbapp.com *.curalate.com *.hotjar.io *.trackcmp.net *.google-analytics.com *.g.doubleclick.net *.typeform.com *.pagescdn.com *.yext.com *.yext-pixel.com *.kaptcha.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
connect-src 'self' data: https://www.motonet.fi https://graphql.datocms.com https://*.doubleclick.net https://www.instagram.com https://*.broman.group https://*.litix.io https://vimeo.com https://*.klarna.com https://*.klarnaevt.com/v1/ https://*.adyen.com/checkoutanalytics/ https://*.adyen.com/checkoutshopper/ https://api.postmarkapp.com https://www.youtube.com https://api.videoly.co https://js.testfreaks.com https://api.testfreaks.com https://reviews.testfreaks.com https://policy.app.cookieinformation.com https://consent.app.cookieinformation.com/api/consent https://api.custobar.com/js/v1/custobar.js https://*.google-analytics.com https://googleads.g.doubleclick.net/pagead/viewthroughconversion/ https://*.googlesyndication.com https://*.adform.net https://*.creativecdn.com https://connect.facebook.net https://browser-intake-datadoghq.eu https://*.broman.group https://js.playground.kustom.co https://eu.klarnaevt.com https://*.cdn.adyen.com/checkoutshopper/ https://i.ytimg.com https://www.datocms-assets.com https://stagingaksapimanagementbroman.azure-api.net https://testapimanagementbroman.azure-api.net https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com https://*.mux.com https://*.vimeocdn.com https://dapi.videoly.co https://*.facebook.com https://*.seadform.net https://*.adform.net https://*.criteo.net https://*.criteo.com https://www.googletagmanager.com/ https://ib.adnxs.com/setuid https://ib.adnxs.com/getuid https://cm.g.doubleclick.net https://dev.visualwebsiteoptimizer.com https://qr.motonet.fi https://*.googletagmanager.com https://eu.fw-cdn.com https://*.freshchat.com/ https://src.freshmarketer.eu/mas; img-src 'self' data: https://www.datocms-assets.com https://i.ytimg.com https://image.mux.com https://cdn.broman.group https://*.broman.group https://js.playground.kustom.co https://eu.klarnaevt.com https://*.cdn.adyen.com/checkoutshopper/ https://i.ytimg.com https://www.datocms-assets.com https://stagingaksapimanagementbroman.azure-api.net https://testapimanagementbroman.azure-api.net https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com https://*.mux.com https://*.vimeocdn.com https://dapi.videoly.co https://*.facebook.com https://*.seadform.net https://*.adform.net https://*.criteo.net https://*.criteo.com https://www.googletagmanager.com/ https://ib.adnxs.com/setuid https://ib.adnxs.com/getuid https://cm.g.doubleclick.net https://dev.visualwebsiteoptimizer.com https://qr.motonet.fi; frame-src 'self' https://www.youtube.com https://www.youtube-nocookie.com https://js.playground.kustom.co https://osm.klarnaservices.com/ https://*.adyen.com/ https://*.vimeo.com https://app.ecoonline.com https://www.maston.fi https://websds.volvo.com https://policy.app.cookieinformation.com/ https://*.criteo.com https://*.adform.net https://*.creativecdn.com https://www.facebook.com https://*.googletagmanager.com https://eu.fw-cdn.com https://*.freshchat.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.broman.group https://maps.googleapis.com https://js.playground.kustom.co https://js.klarna.com https://js.klarna.com/web-sdk/ https://api.videoly.co/1/quchbox/0/299/quch.js https://www.paypal.com/sdk/js https://dapi.videoly.co https://www.youtube.com https://*.vimeo.com https://policy.app.cookieinformation.com https://api.custobar.com/js/v1/custobar.js https://*.criteo.net https://*.criteo.com https://*.adform.net https://connect.facebook.net https://tags.creativecdn.com https://dev.visualwebsiteoptimizer.com https://*.googletagmanager.com https://eu.fw-cdn.com https://*.freshchat.com; object-src data:; worker-src 'self' blob:; 1
default-src 'self' blob: data: *.massport.com *.prod.acquia-sites.com ; script-src 'self' 'unsafe-inline' *.google.com *.googleapis.com *.newrelic.com bam.nr-data.net *.youtube.com *.youtube-nocookie.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.pointr.cloud *.bing.com *.pinimg.com *.facebook.net *.teads.tv *.aocadp.com; object-src 'self' *.nr-data.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com www.gstatic.com *.massport.com *.prod.acquia-sites.com; img-src 'self' 'unsafe-inline' *.gstatic.com *.massport.com data: *.prod.acquia-sites.com bos.resources.aocdms.com *.googleapis.com *.google.com *.bing.com *.teads.tv *.pinterest.com *.facebook.com *.facebook.net; media-src 'self' 'unsafe-inline' 'unsafe-eval' *.massport.com *.prod.acquia-sites.com *.youtube-nocookie.com; frame-src 'self' *.google.com *.atlassian.net *.prod.acquia-sites.com *.nr-data.net *.youtube.com *.youtube-nocookie.com *.items.aero *.pinterest.com; child-src 'self' *.massport.com *.prod.acquia-sites.com ; font-src 'self' themes.googleusercontent.com fonts.gstatic.com data: *.massport.com *.prod.acquia-sites.com; connect-src 'self' *.google-analytics.com *.googletagmanager.com analytics.google.com *.googleapis.com bam.nr-data.net mbta-proxy.bos.aocadp.com gtfs.bos.aocadp.com *.prod.acquia-sites.com *.nr-data.net *.pointr.cloud *.bing.com *.teads.tv *.pinterest.com; report-uri https://browser-intake-ddog-gov.com/api/v2/logs?dd-api-key=pubae3d9e4f547e5d8888b052206ca0205e&dd-evp-origin=content-security-policy&ddsource=csp-report; upgrade-insecure-requests 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com https://fonts.bunny.net *.merkur-static.si cdn.jsdelivr.net cdn.cnj.si omara.cdn-cnj.si ka-p.fontawesome.com media.flixfacts.com 'self' data: *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.paypal.com https://lapp.leanpay.hr https://app.leanpay.hr https://stage-app.leanpay.si https://app.leanpay.si https://stage-app.leanpay.ro https://vendor.leanpay.ro *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.paypal.com *.typekit.net *.gstatic.com https://firebasestorage.googleapis.com cdn.jsdelivr.net *.nosto.com *.merkur-static.si *.fontawesome.com img.cdn-cnj.si www.merkur-static.si thumbs.nosto.com media.flixcar.com media.flixfacts.com logo.flix360.io rt.flix360.com maps.gstatic.com *.visualwebsiteoptimizer.com *.google.si *.facebook.com *.iprom.net *.hubspot.com inpref.com 536003278.recs.igodigital.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com 'self' data: www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.typekit.net google.com *.google.com https://api.cartfox.io https://app.cartfox.io *.avada.io *.merkur-static.si cdn.jsdelivr.net unpkg.com *.pushpushgo.com *.fontawesome.com *.nosto.com *.smind.si kit.fontawesome.com inte.searchnode.io connect.nosto.com cpx.smind.si media.flixfacts.com media.flixcar.com maps.googleapis.com *.cloudfront.net *.iprom.net *.hs-scripts.com *.hs-banner.com *.hs-analytics.net *.facebook.net *.videoly.co 536003278.recs.igodigital.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.gstatic.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com https://fonts.bunny.net *.merkur-static.si cdn.jsdelivr.net media.flixcar.com assets.braintreegateway.com *.googleapis.com *.gstatic.com *.stripe.network *.stripecdn.com *.amazon.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.paypal.com google.com *.google.com https://api.cartfox.io https://app.cartfox.io https://get.geojs.io *.avada.io *.merkur-static.si *.pushpushgo.com *.nosto.com *.fontawesome.com region1.google-analytics.com kit.fontawesome.com ka-p.fontawesome.com connect.nosto.com media.flixcar.com maps.googleapis.com *.visualwebsiteoptimizer.com inpref.com *.doubleclick.net *.iprom.net 536003278.recs.igodigital.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google-analytics.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src media.flixcar.com rt.flix360.com 536003278.recs.igodigital.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; child-src 'self'; connect-src 'self' *.sharethis.com; font-src 'self' *.typekit.net *.fontawesome.com *.gstatic.com; img-src 'self' *.sharethis.com *.knightlab.com; script-src 'self' *.sharethis.com cdn.jsdelivr.net cdnjs.cloudflare.com https://cdn.ckeditor.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://moderate.cleantalk.org https://unpkg.com https://use.fontawesome.com mdbootstrap.com stackpath.bootstrapcdn.com; script-src-attr 'self'; script-src-elem 'self' 'unsafe-inline' *.googletagmanager.com *.googleapis.com *.sharethis.com *.typekit.net *.knightlab.com cdn.jsdelivr.net cdnjs.cloudflare.com https://cdn.ckeditor.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://moderate.cleantalk.org https://unpkg.com https://use.fontawesome.com mdbootstrap.com stackpath.bootstrapcdn.com; style-src 'self' cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com mdbootstrap.com stackpath.bootstrapcdn.com use.fontawesome.com use.typekit.net; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' *.typekit.net *.knightlab.com cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com mdbootstrap.com stackpath.bootstrapcdn.com use.fontawesome.com use.typekit.net; webrtc 'block'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; report-uri http://air.org/log-report-uri/reportOnly; block-all-mixed-content; trusted-types 'none' 1
default-src 'self' https:; object-src 'none'; connect-src 'self' https: https://www.google-analytics.com https://www.googletagmanager.com; frame-src 'self' https: https://www.googletagmanager.com; img-src 'self' https: https://www.googletagmanager.com https://www.google-analytics.com https://ssl.gstatic.com https://www.gstatic.com data:; style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https: https://fonts.gstatic.com data:; script-src 'self' https: 'unsafe-eval' 'nonce-Pyhu0Midd/9tkQ+3XBgs3A=='; report-uri /csp_violations 1
script-src 'unsafe-inline' 'unsafe-eval' https:; style-src * 'unsafe-inline' 'unsafe-eval'; object-src 'none'; base-uri 'none'; worker-src 'self' blob:; frame-ancestors 'self'; report-to br.loccitaneaubresil.com; 1
default-src 'self'; script-src 'self' https://www.google-analytics.com https://www.googletagmanager.com 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://*; font-src 'self'; frame-ancestors 'self'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com static.klaviyo.com *.klevu.com *.ksearchnet.com *.fontawesome.com https://fonts.bunny.net *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com webpay3g.transbank.cl webpay3gint.transbank.cl *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.twitter.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.weltpixel.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.twitter.com *.googletagmanager.com *.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net data: *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com https://firebasestorage.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.cloudfront.net *.facebook.com *.reddit.com *.googletagmanager.com *.doubleclick.net *.google.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.googleapis.com *.gstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.googletagmanager.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com unpkg.com *.doubleclick.net https://js.klevu.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://static.klaviyo.com *.klevu.com *.ksearchnet.com *.fontawesome.com https://fonts.bunny.net assets.braintreegateway.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.tagmanager.google.com *.googletagmanager.com https://statsjs.klevu.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.googleapis.com *.yango.com *.clarity.ms *.gorgias.chat www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.cloudflare.com *.twitter.com *.twimg.com *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.doubleclick.net *.run.app 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
default-src 'self' data: https://*.e-i.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: *.google.com *.googleusercontent.com https://*.awin1.com https://*.e-i.com https://*.ggpht.com https://*.googleapis.com https://*.gstatic.com https://*.linkedin.com https://*.zenaps.com https://bat.bing.com https://cdn.tagcommander.com https://connect.facebook.net https://googleads.g.doubleclick.net https://lantern.roeyecdn.com https://pagead2.googlesyndication.com https://platform.linkedin.com https://snap.licdn.com https://tag.aticdn.net https://the.sciencebehindecommerce.com https://www.dwin1.com https://www.facebook.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.youtube.com; style-src 'self' 'unsafe-inline' data: https://*.e-i.com https://fonts.googleapis.com; img-src 'self' blob: data: *.awin1.com *.google.com *.googleusercontent.com *.zenaps.com https://*.e-i.com https://*.ggpht.com https://*.googleapis.com https://*.gstatic.com https://*.linkedin.com https://ad.doubleclick.net https://bat.bing.com https://bat.bing.net https://connect.facebook.net https://googleads.g.doubleclick.net https://i.ytimg.com https://img.youtube.com https://manager.tagcommander.com https://pubads.g.doubleclick.net https://wat.beobank.be https://www.facebook.com https://www.google.be https://www.google.com https://www.google.fr https://www.googletagmanager.com; font-src 'self' data: https://*.e-i.com https://fonts.gstatic.com; base-uri 'none'; form-action 'self' https://www.facebook.com https://www.linkedin.com digipin-aff1.europ3c.fr digipin-aff2.europ3c.fr digipin-aff3.europ3c.fr digipin-aff4.europ3c.fr https://api.partena-professional.be/contentgeneration-zoomit/api/v1/download https://app2.sdworx.com/dsp/documentpage.aspx https://doccle-dsp-adapter.codabox.cloud/api/v1/document/download https://dsp.unifiedpost.com/services/view https://smartpinlive.oberthur.com https://www.engie.be/protected/zoomitdsp/document.res https://www.myworkandme.com/dsp/documentpage.aspx https://www.partner-dsp.com/zoomitweb/DecryptURL https://zoomit.belgacom.be/DSP/getDoc; frame-ancestors 'self'; child-src 'self' blob: data: *.awin1.com *.google.com *.zenaps.com https://*.e-i.com https://*.fls.doubleclick.net https://api.linkedin.com https://bid.g.doubleclick.net https://lantern.roeye.com https://maps.google.fr https://td.doubleclick.net https://www.facebook.com https://www.googletagmanager.com https://www.linkedin.com https://www.youtube-nocookie.com https://www.youtube.com digipin-aff1.europ3c.fr digipin-aff2.europ3c.fr digipin-aff3.europ3c.fr digipin-aff4.europ3c.fr https://smartpinlive.oberthur.com; connect-src 'self' blob: data: *.commander1.com *.google.com https://*.e-i.com https://*.googleapis.com https://*.googlesyndication.com https://*.gstatic.com https://*.linkedin.com https://*.wepowerconnections.com https://ad.doubleclick.net https://adservice.google.com https://bat.bing.com https://bat.bing.net https://google.com https://googleads.g.doubleclick.net https://logs1412.xiti.com https://stats.g.doubleclick.net https://the.sciencebehindecommerce.com https://wat.beobank.be https://www.facebook.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://zkkwkzt.pa-cd.com; report-uri https://report.e-i.com/csp-reporting.html 1
default-src https://*.s4c.cymru https://s4c.cymru; img-src 'self' data: https://*.s4c.cymru https://s4c.cymru https://cdn-cookieyes.com https://i.ytimg.com https://*.google.com/cse https://clients1.google.com https://*.gstatic.com; font-src 'self' data: https://*.s4c.cymru https://s4c.cymru https://fonts.gstatic.com https://cloud.typography.com; form-action 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn-cookieyes.com https://*.googletagmanager.com https://*.google.com/cse https://*.hotjar.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cloud.typography.com https://*.s4c.cymru https://s4c.cymru https://*.google.com/cse; connect-src https://*.s4c.cymru https://s4c.cymru https://cdn-cookieyes.com https://log.cookieyes.com https://*.google-analytics.com; object-src 'none'; frame-ancestors 'none'; frame-src 'self' https:; report-uri https://csp.s4c.cymru/report; report-to csp-endpoint; 1
base-uri 'none'; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http: 'nonce-YFwUjP1AoKVGIgYnWa3qbA==' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagservices.com *.googleadservices.com *.cdnwebcloud.com https://apis.google.com https://www.googleoptimize.com https://connect.facebook.net https://www.gstatic.com *.google-analytics.com https://ajax.googleapis.com https://gstatic.com https://www.googletagmanager.com *.womtp.com https://api.ipify.org https://maps.googleapis.com *.google.com *.vo.msecnd.net https://static.criteo.net https://bucket.cdnwebcloud.com *.doubleclick.net https://static.hotjar.com https://ws.walmeric.com https://sslwidget.criteo.com https://script.hotjar.com https://pagead2.googlesyndication.com https://neural29.cdnwebcloud.com https://sb.scorecardresearch.com https://ads.profilemkt.com https://snap.licdn.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com gstatic.com *.womtp.com *.walmeric.com *.google.com; img-src 'self' data: *.azureedge.net *.gstatic.com *.googleapis.com *.gstatic.com *.doubleclick.net *.google-analytics.com *.womtp.com *.walmeric.com https://magazine.solvia.es *.blob.core.windows.net https://plataforma-des.infosolvia.es https://imagenes.solvia.es *.google.com https://www.google.es https://sb.scorecardresearch.com https://ceres-tk3f2sxfca-ey.a.run.app *.doubleclick.net https://www.facebook.com https://t.womtp.com https://pagead2.googlesyndication.com *.cdnwebcloud.com https://px.ads.linkedin.com *.googletagmanager.com; font-src 'self' *.googleapis.com *.gstatic.com; connect-src 'self' *.solvia.es https://dc.services.visualstudio.com *.hotjar.com *.linkedin.com *.cdnwebcloud.com *.google.com *.googleapis.com *.googlesyndication.com *.indigitall.com *.doubleclick.net *.google-analytics.com; object-src 'self' https://www.google.com; frame-ancestors 'none'; form-action 'self' https://www.facebook.com 1
default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src https://* 'self' epichttp:;script-src 'nonce-375bde628d58479cb1033c8e1ade4f9d' https://www.mylghealth.org/mychart 'self';img-src https://* 'self' blob: data:;style-src https://www.mylghealth.org/mychart 'self' 'unsafe-inline';worker-src 'self' blob:;child-src 'self' blob:;form-action 'self';media-src https://* 'self' blob:; 1
default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com *.myheritage.se https://www.myheritage.se  'unsafe-eval' 'nonce-435dd94fd20e8121e2aff2d57cdc7d75' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com https://www.google.com/ccm/collect https://cdn.builder.io *.myheritage.se;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self' https://builder.io;img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=report&canonical_page_id=/company/home/ 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://fonts.gstatic.com *.fontawesome.com https://www.google.com https://www.gstatic.com *.cloudflare.com *.trustedshops.com *.bootstrapcdn.com https://display.ugc.bazaarvoice.com 'self' data: *.vortexoptics.com https://vortexoptics.com/static https://*.userway.org/ *.yotpo.com *.googleapis.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.google.com https://www.facebook.com/tr/ https://mcstaging.vortexoptics.com/ https://mcstaging.vortexgolf.com/ https://vortexoptics.com/ https://vortexgolf.com/ https://*.userway.org/ *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com www.google.com amc.demdex.net https://w.soundcloud.com https://www.google.com https://vars.hotjar.com https://amc.demdex.net/ https://www.facebook.com/ https://*.doubleclick.net/ https://*.userway.org/ *.weltpixel.com www.xtento.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net http://amcglobal.sc.omtrdc.net/ widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net data: *.googleapis.com *.meetanshi.com https://mcstaging.vortexoptics.com/ *.cloudflare.com https://cdn.klarna.com *.ytimg.com *.usercentrics.eu https://www.google.com/ https://facebook.com/  https://cm.everesttech.net/ https://dpm.demdex.net/ https://www.facebook.com/ https://connect.facebook.net/ *.bazaarvoice.com/ https://contentorigin.bazaarvoice.com/ https://vortexoptics.widen.net/ *.gettopple.com/ https://bam.nr-data.net/ *.kaltura.com/ https://*.userway.org/ https://yotpo-media-temporary.s3.amazonaws.com/ www.xtento.com cdn.xtento.com *.yotpo.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeocdn.com www.vimeo.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.cloudflare.com *.trustedshops.com *.usercentrics.eu https://chimpstatic.com *.zdassets.com https://www.google.com https://www.gstatic.com https://geoip.nekudo.com https://static.hotjar.com https://script.hotjar.com https://www.googletagmanager.com https://connect.facebook.net/ https://widget-mediator.zopim.com https://googleads.g.doubleclick.net/ *.gettopple.com/ https://mpsnare.iesnare.com/ *.vortexoptics.com https://vortexoptics.com/static/ https://klear.com/ https://cdnapisec.kaltura.com/ https://*.userway.org/ wss://pod-13-sunco-ws.zendesk.com *.maxmind.com www.xtento.com cdn.xtento.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com fonts.googleapis.com/ *.cloudflare.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.bazaarvoice.com *.bootstrapcdn.com *.vortexoptics.com https://vortexoptics.com/static https://*.userway.org/ https://cdn.jsdelivr.net/npm/select2@4.1.0-rc.0/dist/css/select2.min.css *.yotpo.com dhv2ziothpgrr.cloudfront.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com https://mpsnare.iesnare.com/ https://*.userway.org/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io *.googleapis.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com *.meetanshi.com *.gstatic.com *.cloudflare.com *.zdassets.com *.zendesk.com wss://widget-mediator.zopim.com https://widget-mediator.zopim.com https://in.hotjar.com http://amcglobal.sc.omtrdc.net/ https://stats.g.doubleclick.net/ https://www.google-analytics.com/ https://dpm.demdex.net/ https://www.facebook.com/ https://*.hotjar.com https://maps.googleapis.com *.bazaarvoice.com wss://*.hotjar.com https://*.hotjar.io wss://mpsnare.iesnare.com/star wss://pod-13-sunco-ws.zendesk.com https://*.googlesyndication.com *.vortexoptics.com https://vortexoptics.com/static https://insights.algolia.io https://klear.com/ https://*.userway.org/ *.mmapiws.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.cloudflare.com *.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.twitter.com *.authorize.net *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.facebook.com *.twitter.com *.authorize.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.cloudflare.com *.cloudfront.net *.baen.com *.twitter.com *.twimg.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.cloudflare.com *.twitter.com *.twimg.com *.fontawesome.com *.facebook.net *.authorize.net *.simpli.fi js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.cloudflare.com *.fontawesome.com *.bootstrapcdn.com *.gstatic.com *.twitter.com *.twimg.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.cloudflare.com *.authorize.net *.google-analytics.com *.doubleclick.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src d.digsgogo.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-o8LfZ0QmP16KsOFlnxmZUA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-ufRjtSFo9CwX2EBnLdHk4Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self';  style-src 'self' 'unsafe-inline' ; img-src data: *; media-src data: blob: *; font-src data: *; worker-src blob: ; child-src 'self' youtube.com *.youtube.com yastatic.net mc.yandex.ru mc.yandex.com yandex.md *.yandex.md; script-src 'self'  'unsafe-inline' 'unsafe-eval' *.ru09.ru yandex.ru *.yandex.ru yastatic.net; script-src-attr 'unsafe-inline'; connect-src 'self' yandex.com *.yandex.com yandex.ru *.yandex.ru yandex.net *.yandex.net yandexmetrica.com ymetrica1.com http//:127.0.0.1:* yandexmetrica.com:* yandex.md *.yandex.md ;report-uri /ajax.php?do=csp_report 1
frame-ancestors 'self'; report-uri https://www.ntnews.com.au/csp-reports 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com *.googleapis.com *.bootstrapcdn.com *.paypalobjects.com *.gladly.com https://www.google.com https://www.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com https://plumrocket.com *.facebook.com *.facebook.net *.yotpo.com *.listrakbi.com *.tilebar-vis.com *.byondxr.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com https://plumrocket.com *.weltpixel.com *.facebook.com *.paypalobjects.com *.yotpo.com *.cardknox.com *.vimeo.com vimeo.com *.googletagmanager.com *.xtento.com *.doubleclick.net *.gladly.com *.optimizely.com *.creativecdn.com *.pinterest.com *.listrakbi.com *.tilebar-vis.com *.byondxr.com sketchfab.com https://cdn.cardknox.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * speedsize.com *.speedsize.com www.xtento.com 'self' 'unsafe-inline'; img-src *.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.paypal.com *.typekit.net *.gstatic.com www.apptrian.com *.googleadservices.com *.facebook.com *.yotpo.com *.cdninstagram.com *.google-analytics.com *.google.com *.google.com.vn *.google.co.il *.google.com.sg *.google.co.uk *.google.de *.magentocommerce.com *.paypalobjects.com *.ytimg.com *.web-view.net *.googleapis.com *.nagich.co.il vimeo.com *.vimeo.com *.tilebar.com *.zdassets.com *.pxlecdn.com *.cloudfront.net *.roomvo.com *.tilebar-vis.com *.byondxr.com *.searchspring.net *.gladly.com *.edgecastcdn.net *.doubleclick.net *.bing.com *.pinterest.com *.optimizely.com *.adnxs.com *.pubmatic.com *.adingo.jp *.adingo.com *.creativecdn.com *.yahoo.com *.yahoo.net *.33across.com *.mobon.net *.seedtag.com *.clarity.ms *.brcdn.com *.brsrvr.com *.listrakbi.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://redchamps.com speedsize.com *.speedsize.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com *.dxpapi.com *.fontawesome.com *.googleapis.com *.gstatic.com *.google-analytics.com apis.google.com *.googleadservices.com *.googletagmanager.com *.facebook.net *.doubleclick.net *.analytics.com *.rawgit.com *.nagich.co.il *.luckyorange.com *.xtento.com *.paypal.com *.paypalobjects.com *.forsixty.com *.criteo.com *.searchspring.io *.searchspring.net *.roomvo.io *.roomvo.com *.cloudflareinsights.com *.optimizely.com *.turnto.com *.pixlee.com *.pxlecdn.com *.tilebar-vis.com *.byondxr.com *.cloudflare.com *.gladly.com *.smooch.io *.bing.com *.creativecdn.com *.pinimg.com *.particularaudience.com *.googletagservices.com *.googlesyndication.com cnstrc.com getrockerbox.com/ *.adnxs.com *.adingo.jp *.adingo.com *.cnstrc.com *.tilebar.com *.pinterest.com *.callrail.com *.clarity.ms *.algoliaradar.com *.brcdn.com *.listrakbi.com https://cdn.cardknox.com/ifields/2.15.2405.1601/ifields.min.js js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com speedsize.com *.speedsize.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com *.googleapis.com *.bootstrapcdn.com *.cloudflare.com *.turnto.com *.gladly.com *.brcdn.com *.listrakbi.com *.google.com *.gstatic.com *.typekit.net unsafe-inline assets.braintreegateway.com speedsize.com *.speedsize.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com speedsize.com *.speedsize.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com www.apptrian.com *.dxpapi.com *.doubleclick.net *.analytics.com *.facebook.com *.google-analytics.com *.nagich.co.il player.vimeo.com *.luckyorange.com *.googleapis.com *.visitors.live *.zdassets.com *.searchspring.io *.searchspring.net *.roomvo.io *.roomvo.com cloudflareinsights.com *.cloudflareinsights.com *.optimizely.com *.turnto.com *.tilebar-vis.com *.byondxr.com unpkg.com *.unpkg.com *.gladly.com *.smooch.io *.creativecdn.com *.pinimg.com *.particularaudience.com *.googletagservices.com *.googlesyndication.com *.pinterest.com *.cnstrc.com *.cardknox.com *.clarity.ms *.pixlee.com *.algolia.io *.listrakbi.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com speedsize.com *.speedsize.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src speedsize.com *.speedsize.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri /bnews/csp/report; report-to report-endpoint; 1
font-src fonts.gstatic.com *.kueskipay.com *.gstatic.com *.zotabox.com https://*.tawk.to *.fontawesome.com https://fonts.gstatic.com maxcdn.bootstrapcdn.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com *.kueskipay.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.kueskipay.com https://hotjar.com https://fast.amc.demdex.net https://secure.authorize.net https://static.addtoany.com https://www.googletagmanager.com https://td.doubleclick.net https://*.creativecdn.com https://*.mercadopago.com https://*.mercadopago.com.mx *.google.com/ *.mercadolibre.com *.sandbox.paypal.com *.paypalobjects.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://www.magezon.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.feedoptimise.com cdn.feedoptimise.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.kueskipay.com *.google.com *.google.com.mx *.facebook.com *.zotabox.com *.mercadolibre.com *.mercadolivre.com *.swagger.io *.akamai.net *.dico.com.mx https://bat.bing.com https://*.tawk.to https://www.googletagmanager.com https://*.mercadopago.com.mx *.mlstatic.com *.mercadopago.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.sandbox.paypal.com *.paypalobjects.com *.hsforms.net *.hsforms.com 'self' data: *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://cdn.ampproject.org raw.githubusercontent.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com https://chimpstatic.com downloads.mailchimp.com *.list-manage.com *.facebook.com https://connect.facebook.net graph.facebook.com https://business.facebook.com www.feedoptimise.com cdn.feedoptimise.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.kueskipay.com *.googletagmanager.com *.mxpnl.com *.addtoany.com https://*.hotjar.com https://*.zotabox.com *.facebook.net *.tawk.to *.mailchimp.com *.pinterest.com *.tumblr.com *.tumblr.cb1 *.doubleclick.net https://dpm.demdex.net https://amcglobal.sc.omtrdc.net https://geostag.cardinalcommerce.com https://geo.cardinalcommerce.com https://1eafstag.cardinalcommerce.com https://1eaf.cardinalcommerce.com https://centinelapistag.cardinalcommerce.com https://centinelapi.cardinalcommerce.com https://pilot-payflowlink.paypal.com https://api.braintreegateway.com https://api.sandbox.braintreegateway.com https://client-analytics.braintreegateway.com https://client-analytics.sandbox.braintreegateway.com https://*.braintree-api.com https://*.paypal.com https://graph.facebook.com https://*.kueskipay.com https://*.doubleclick.net https://*.tawk.to https://*.hotjar.io https://*.mercadolibre.com https://*.google-analytics.com https://*.hsforms.com https://*.dico.com.mx *.google.com https://*.mercadopago.com https://*.sandbox.paypal.com *.paypalobjects.com https://t.elasticsuite.io https://*.hsforms.net https://*.creativecdn.com https://bat.bing.com https://analytics.tiktok.com https://www.googleoptimize.com *.mlstatic.com *.mercadopago.com *.sandbox.paypal.com *.hsforms.net *.hsforms.com *.gstatic.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com unsafe-inline downloads.mailchimp.com https://static.klaviyo.com *.kueskipay.com *.googletagmanager.com *.mxpnl.com *.googleapis.com *.tawk.to *.fontawesome.com *.addtoany.com maxcdn.bootstrapcdn.com *.paypal.com *.sandbox.paypal.com *.paypalobjects.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net https://amcglobal.sc.omtrdc.net www.google-analytics.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://cdn.ampproject.org api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com www.facebook.com https://connect.facebook.net graph.facebook.com https://business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.kueskipay.com *.doubleclick.net https://dpm.demdex.net https://geostag.cardinalcommerce.com https://geo.cardinalcommerce.com https://1eafstag.cardinalcommerce.com https://1eaf.cardinalcommerce.com https://centinelapistag.cardinalcommerce.com https://centinelapi.cardinalcommerce.com https://pilot-payflowlink.paypal.com https://api.braintreegateway.com https://api.sandbox.braintreegateway.com https://client-analytics.braintreegateway.com https://client-analytics.sandbox.braintreegateway.com https://*.braintree-api.com https://*.paypal.com https://graph.facebook.com https://*.kueskipay.com https://*.doubleclick.net https://*.tawk.to https://*.hotjar.com https://*.hotjar.io https://*.zotabox.com https://*.mercadolibre.com *.google-analytics.com https://*.hsforms.com https://*.dico.com.mx https://*.google.com https://*.mercadopago.com https://*.sandbox.paypal.com *.paypalobjects.com t.elasticsuite.io https://*.hsforms.net wss://*.tawk.to https://*.creativecdn.com https://analytics.tiktok.com https://google.com http://dpm.demdex.net *.mercadopago.com *.mercadolibre.com *.sandbox.paypal.com *.hsforms.net *.hsforms.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net data: *.fontawesome.com *.kueskipay.com fonts.googleapis.com maxcdn.bootstrapcdn.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.kueskipay.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self' 'unsafe-inline'; frame-ancestors *.magerocket.com *.gocuotas.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com cdn.dnky.co amc.demdex.net www.google.com www.facebook.com youtube.com *.magerocket.com *.izipay.pe *.kueskipay.com *.gocuotas.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com ui-elements.loyalsys.io 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net maps.gstatic.com maps.googleapis.com accounts.google.com www.facebook.com *.magerocket.com *.kueskipay.com *.google.com *.gocuotas.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self' data: pe.todomoda.com storage.googleapis.com intelistyle-misc.s3.eu-west-1.amazonaws.com www.google.com.ar mx.isadoraonline.com mx.todomoda.com cl.isadoraonline.com cl.todomoda.com ar.isadoraonline.com ar.todomoda.com pe.isadoraonline.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com commerce.adobedtm.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com cdn.dnky.co r1-t.trackedlink.net www.gstatic.com js-agent.newrelic.com bam.nr-data.net maps.googleapis.com connect.facebook.net player.vimeo.com *.magerocket.com *.google.com https://maps.googleapis.com *.izipay.pe *.kueskipay.com *.googletagmanager.com *.mxpnl.com *.gocuotas.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.gstatic.com ar.todomoda.com ar.isadoraonline.com cl.todomoda.com pe.todomoda.com mx.todomoda.com cl.isadoraonline.com mx.isadoraonline.com pe.isadoraonline.com intelistyle-scripts.s3-eu-west-1.amazonaws.com storage.googleapis.com go.botmaker.com polyfill.io intelistyle-misc.s3.eu-west-1.amazonaws.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cdn.dnky.co *.fontawesome.com *.kueskipay.com *.googletagmanager.com *.mxpnl.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com maxcdn.bootstrapcdn.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com storage.googleapis.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com commerce.adobedtm.com commerce.adobedc.net *.snplow.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com maps.googleapis.com api.comapi.com bam.nr-data.net *.magerocket.com *.izipay.pe *.kueskipay.com *.doubleclick.net *.gocuotas.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.google-analytics.com contact-exaccess.loyalsys.io webchannel-content.eservice.emarsys.net recommender.scarabresearch.com go.botmaker.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com data: *.fontawesome.com *.mediakazar.com *.fonts.googleapis.com *.cloudflare.com *.klarnacdn.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.adyen.com pay.google.com payments-eu.amazon.com *.amazon.de www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.adyen.com pay.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com *.awin1.com *.zenaps.com *.fls.doubleclick.net *.mediakazar.com *.cloudflarestream.com *.addthis.com *.pinterest.com *.klarna.com https://plumrocket.com www.googletagmanager.com youtube.com sandbox.cardinalcommerce.com www.cardinalcommerce.com www.mainadv.com gum.criteo.com fledge.criteo.com td.doubleclick.net pudofinder.dpd.com.pl static.criteo.net *.criteo.net youtube-nocookie.com hotjar.com dynamic.criteo.com sslwidget.criteo.com klarna.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.adyen.com pay.google.com *.payments-amazon.com *.media-amazon.com *.paypalobjects.com *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.awin1.com *.zenaps.com *.wepowerconnections.com cdn.flbx.io *.cloudfront.net *.mediakazar.com *.cloudflare.com https://cdn.klarna.com https://s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.fpdbs.sandbox.paypal.com *.addthis.com *.pinterest.com *.cdninstagram.com *.klarna.com *.klarnaevt.com *.klarnacdn.net *.inpost.pl *.tile.openstreetmap.org geowidget.easypack24.net *.disqus.com paypo.pl media.kartexpress.com fpbds.sandbox.paypal.com *.doubleclick.net z-maps.com cdn.klarna.com app.revhunter.tech rev.owltrack.com bat.bing.net klarnaevt.com klarna.net cdninstagram.com cloudflare.com graph.instagram.com openstreetmap.org media-amazon.com tile.openstreetmap.org addthis.com wepowerconnections.com www.google.pl criteo-partners.tremorhub.com rtb-csync.smartadserver.com x.bidswitch.net r.casalemedia.com gum.criteo.com id5-sync.com ad.360yield.com contextual.media.net exchange.mediavine.com jadserve.postrelease.com sync.outbrain.com simage2.pubmatic.com pixel.rubiconproject.com sync-t1.taboola.com criteo-sync.teads.tv eb2.3lift.com ad.yieldlab.net sync.1rx.io sync.targeting.unrulymedia.com aa.agkn.com c.clarity.ms c.bing.com ade.googlesyndication.com public-prod-dspcookiematching.dmxleo.com dmp.adform.net *.blazingcdn.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.googleapis.com *.gstatic.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.awin1.com *.dwin1.com *.zenaps.com *.wepowerconnections.com https://the.sciencebehindecommerce.com lantern.roeyecdn.com *.getflowbox.com *.mediakazar.com *.addthis.com *.moatads.com *.addthisedge.com *.pinterest.com *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.disqus.com www.gstatic.com z-maps.com cdn.jsdelivr.net sherlock.ecdp.cloud dynamic.criteo.com rev.owltrack.com sslwidget.criteo.com s.pinimg.com bat.bing.com kazar.daktela.com analytics.tiktok.com www.clarity.ms cdn.flbx.io cdninstagram.com *.cloudflare.com typekit.net validator.swagger.io *.media-amazon.com *.paypalobjects.com addthis.com klarnaevt.com klarna.com cloudfront.net tile.openstreetmap.org tags.creativecdn.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com *.mediakazar.com *.googleapis.com *.klarnacdn.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.adyen.com payments-eu.amazon.com *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.wepowerconnections.com https://the.sciencebehindecommerce.com *.getflowbox.com *.mediakazar.com *.cloudflare.com *.addthis.com *.cardinalcommerce.com https://graph.instagram.com *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net api-pl-points.easypack24.net *.klarnaservices.com *.klarna.com *.googlesyndication.com *.google-analytics.com t.paypal.com in.hotjar.com api-eu.payments.easypack24.net rev.owltrack.com measurement-api.criteo.com q.clarity.ms ct.pinterest.com analytics.tiktok.com bat.bing.net ad.doubleclick.net *.doubleclick.net graph.instagram.com cloudflare.com mediakazar.com getflowbox.com paypalobjects.com payments-amazon.com gstatic.com facebook.com cdninstagram.com kazar.daktela.com s.clarity.ms sherlock.ecdp.cloud j.clarity.ms/collect *.clarity.ms *.tiktokw.us ams.creativecdn.com 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.googleapis.com fonts.gstatic.com *.googleapis.com *.gstatic.com data: *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.easypack24.net *.klarnacdn.net *.fontawesome.com maxcdn.bootstrapcdn.com https://*.accessiblyapp.com https://*.accessibly.app https://*.dnafactory.it https://*.dnalab.online https://*.feedaty.com https://*.cloudflare.com https://*.scalapay.com https://*.oct8ne.com https://*.channelize.io data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://*.dnafactory.it https://*.dnalab.online https://*.feedaty.com https://*.cloudflare.com https://*.scalapay.com https://*.channelize.io *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com https://api.clerk.io https://cdn.clerk.io 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com https://www.googletagmanager.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.klarna.com https://*.accessiblyapp.com https://*.accessibly.app https://*.dnafactory.it https://*.dnalab.online https://*.feedaty.com https://*.cloudflare.com https://*.scalapay.com https://*.channelize.io c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com maps.googleapis.com maps.gstatic.com *.gstatic.com *.googleapis.com https://cdn.clerk.io *.feedaty.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.development.scalapay.com *.staging.scalapay.com *.scalapay.com cdn.doofinder.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.easypack24.net *.inpost.pl *.inpost.com *.openstreetmap.org *.klarna.com *.klarnaevt.com *.klarnacdn.net https://*.accessiblyapp.com https://*.accessibly.app https://*.dnafactory.it https://*.dnalab.online https://*.feedaty.com https://*.cloudflare.com https://*.clarity.ms https://*.bing.com https://*.awin1.com https://*.scalapay.com https://*.anticafarmaciaorlandi.it https://*.oct8ne.com https://*.google.it https://*.channelize.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com www.gstatic.com pay.google.com google.com/pay ecomms2s.sella.it sandbox.gestpay.net img.riskified.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.gstatic.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.channelize.io https://api.clerk.io https://cdn.clerk.io *.feedaty.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.development.scalapay.com *.staging.scalapay.com *.scalapay.com cdn.doofinder.com chimpstatic.com downloads.mailchimp.com *.list-manage.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.inpost.pl *.inpost.it *.easypack24.net *.klarna.com *.klarnacdn.net *.klarnaservices.com *.avada.io https://*.clerk.io https://*.accessiblyapp.com https://*.accessibly.app https://*.dnafactory.it https://*.dnalab.online https://*.facebook.net https://*.feedaty.com https://*.cloudflare.com https://*.clarity.com https://*.clarity.ms https://*.outbrain.com https://*.onesignal.com https://*.dwin1.com https://*.gestpay.net https://*.scalapay.com https://*.iubenda.com https://*.oct8ne.com https://*.getblue.io https://*.channelize.io https://*.bing.com https://*.connectif.cloud https://*.cookieless-data.com https://*.sddan.com https://*.airtable.com https://*.awin1.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com www.google.com www.gstatic.com beacon.riskified.com tracking.trovaprezzi.it www.trovaprezzi.it tps.trovaprezzi.it 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://api.clerk.io https://cdn.clerk.io *.feedaty.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.googleapis.com *.gstatic.com *.doofinder.com downloads.mailchimp.com geowidget.easypack24.net *.klarnacdn.net *.fontawesome.com maxcdn.bootstrapcdn.com https://*.accessiblyapp.com https://*.accessibly.app https://*.dnafactory.it https://*.dnalab.online https://*.feedaty.com https://*.cloudflare.com https://*.scalapay.com https://*.channelize.io unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://*.accessiblyapp.com https://*.accessibly.app https://*.dnafactory.it https://*.dnalab.online https://*.feedaty.com https://*.cloudflare.com https://*.scalapay.com https://*.channelize.io 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.channelize.io *.feedaty.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.doofinder.com wss://*.doofinder.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.inpost.pl *.inpost.it *.easypack24.net *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com https://get.geojs.io *.avada.io *.paypal.com https://*.accessiblyapp.com https://*.accessibly.app https://*.dnafactory.it https://*.dnalab.online https://*.google.com https://google.com https://*.google-analytics.com https://*.feedaty.com https://*.cloudflare.com https://*.outbrain.com https://*.clarity.ms https://*.amplitude.com https://*.bing.com https://*.scalapay.com https://*.iubenda.com https://*.oct8ne.com https://*.channelize.io https://*.connectif.cloud https://*.wepowerconnections.com https://*.sciencebehindecommerce.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com www.google.com www.gstatic.com pay.google.com google.com/pay ecomms2s.sella.it sandbox.gestpay.net c.riskified.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src https://* 'self' epichttp:;script-src 'nonce-40b4d792fa70425c91d24c20e35f96ce' https://portal.mydh.org 'self';img-src https://* 'self' blob: data:;style-src https://portal.mydh.org 'self' 'unsafe-inline';worker-src 'self' blob:;child-src 'self' blob:;form-action https://central.mychart.org/MyChart/ 'self';media-src https://* 'self' blob:; 1
default-src 'self' https://*.appreciatehub.com *.google-analytics.com *.cloudflare.com https://*.googleapis.com https://*.pendo.io https://*.alamoapp.octanner.io https://*.api.octanner.net https://*.salesforce.com *.cloudinary.com https://s3.amazonaws.com/oc-images-api/* *.doubleclick.net *.octanner.net *.gstatic.com *.jwpcdn.com *.recaptcha.net https://www.gstatic.com/recaptcha/releases/*  wss://*.fathomvoice.com *.fathomvoice.com *.fonticons.com *.fortawesome.com 'unsafe-inline' 'unsafe-eval' data:; frame-src 'self' www.google.com www.recaptcha.net https://res.cloudinary.com; 1
default-src 'self' https:; connect-src 'self' https: wss:; script-src 'unsafe-inline' 'self' https:; worker-src blob:; style-src 'unsafe-inline' 'self' https:; object-src 'none'; img-src 'self' data: https:; frame-ancestors 'self' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.taiwanmobile.com *.taiwanmobile.com.tw *.myfone.com.tw www.google-analytics.com www.googletagmanager.com stats.g.doubleclick.net analytics.google.com; connect-src 'self' 'unsafe-inline' 'unsafe-eval' *.taiwanmobile.com *.taiwanmobile.com.tw *.myfone.com.tw www.google-analytics.com www.googletagmanager.com stats.g.doubleclick.net analytics.google.com; img-src *; font-src * data: fonts.googleapis.com fonts.gstatic.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com; frame-ancestors 'none'; report-to csp-endpoint 1
connect-src 'self' *.google.com *.google.cz *.leady.com *.google-analytics.com *.facebook.net connect.facebook.net https://cdn.jsdelivr.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net; script-src 'self' 'nonce-MDhkNDE3NzlhZmM2NmVhZQ==' *.google.com *.google.cz *.leady.com *.google-analytics.com *.facebook.net connect.facebook.net https://cdn.jsdelivr.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net 'sha256-Ry5VVOTX8NJGEP4t9KtV/jWVgiv7ZcNmtZxCQScUTlk=' 'sha256-8iiJTU1Hf/vwORdni3nM30l8Ko0NMb8bqvTfGeIbIA4='; font-src 'self' https://fonts.gstatic.com https://cdnjs.cloudflare.com; img-src 'self' 'self' https://*.google-analytics.com https://*.googletagmanager.com https://www.facebook.com/ https://*.google.cz/ https://*.googleusercontent.com https://ct.leady.com; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; report-uri https://www.expats.cz/csp-report 1
default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com *.myheritage.pl https://www.myheritage.pl  'unsafe-eval' 'nonce-7e57fab971f320b4d7c08d3e0527470d' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com https://www.google.com/ccm/collect https://cdn.builder.io *.myheritage.pl;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self' https://builder.io;img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=report&canonical_page_id=/company/home/ 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.googletagmanager.com https://*.google-analytics.com https://*.linkedin.com https://*.pardot.com https://*.mouseflow.com https://*.6sc.co https://js.adsrvr.org https://snap.licdn.com https://app.enzuzo.com https://chat-snippet.terminusplatform.com https://scout-cdn.salesloft.com https://www2.hazelcast.com https://static.ads-twitter.com https://ws.zoominfo.com https://connect.facebook.net https://trk.techtarget.com https://code.jquery.com https://dev.visualwebsiteoptimizer.com https://secure.pass8heal.com https://www.google.com https://www.gstatic.com https://player.vimeo.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.rawgit.com https://cdn.jsdelivr.net; img-src 'self' data: blob: https://*.linkedin.com https://*.google-analytics.com https://*.pardot.com https://*.mouseflow.com https://*.6sc.co https://static.scarf.sh https://di3c8wks3odob.cloudfront.net https://www.dandb.com https://www.facebook.com https://t.co https://analytics.twitter.com https://dev.visualwebsiteoptimizer.com https://www.googletagmanager.com; font-src 'self' https://fonts.gstatic.com data:; connect-src 'self' https://*.linkedin.com https://*.google-analytics.com https://*.pardot.com https://*.mouseflow.com https://*.6sc.co https://js.adsrvr.org https://insight.adsrvr.org https://app.enzuzo.com https://chat-team-management.terminus.services https://chat-visitor-info.terminus.services https://iotas.terminus.services https://ws.zoominfo.com wss://*.iot.us-east-1.amazonaws.com https://ibc-flow.techtarget.com https://epsilon.6sense.com https://static.ads-twitter.com https://dev.visualwebsiteoptimizer.com https://r5.visualwebsiteoptimizer.com; frame-src 'self' https://*.linkedin.com https://*.pardot.com https://js.adsrvr.org https://insight.adsrvr.org https://player.vimeo.com https://www.google.com; object-src 'none'; base-uri 'self'; form-action 'self'; worker-src 'self' blob:; report-to csp-endpoint; 1
frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=website-grader-ui/static-1.6244/html/public-en.html&cfRay=95d5513afbc5ebed-IAD 1
font-src fonts.gstatic.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://www.google.com/recaptcha/ www.facebook.com www.paypal.com www.sandbox.paypal.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * api.razorpay.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.facebook.com *.googletagmanager.com *.google.co.in www.paypal.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com cdn.razorpay.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ connect.facebook.net tpc.googlesyndication.com www.google.com www.google.co.in www.paypal.com www.sandbox.paypal.com www.paypalobjects.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com checkout.razorpay.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.facebook.com stats.g.doubleclick.net www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com lumberjack.razorpay.com lumberjack-metrics.razorpay.com lumberjack-cx.razorpay.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-src 'self' td.doubleclick.net youtube.com *.youtube.com oneconnect.opendigitaleducation.com google.com www.google.com *.doubleclick.net www.googletagmanager.com; report-to /infra/monitoring/csp 1
font-src fonts.googleapis.com fonts.gstatic.com *.googleapis.com *.gstatic.com data: *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action *.googlesyndication.com *.clarity.ms *.google.com *.facebook.com  'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ bid.g.doubleclick.net *.youtube-nocookie.com www.google.com consentcdn.cookiebot.com *.google.ro *.facebook.com *.weltpixel.com  https://*.sameday.ro *.googletagmanager.com *.doubleclick.net 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: *.vimeocdn.com i.ytimg.com *.youtube.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com maps.googleapis.com maps.gstatic.com *.gstatic.com *.googleapis.com https://images.unsplash.com *.tbicp.com imgsct.cookiebot.com *.google.ro *.clarity.ms *.bing.com https://a.tile.openstreetmap.org https://b.tile.openstreetmap.org https://c.tile.openstreetmap.org https://www.selfawb.ro https://firebasestorage.googleapis.com flagpedia.net t.themarketer.com cdn1.themarketer.com *.facebook.com *.reddit.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com data: 'self' 'unsafe-inline'; script-src s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.gstatic.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://maps.googleapis.com *.tbicp.com consentcdn.cookiebot.com *.cookiebot.com *.google.ro *.clarity.ms *.avada.io t.themarketer.com cdn1.themarketer.com https://*.sameday.ro *.googletagmanager.com *.googleadservices.com *.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com unpkg.com *.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com *.google.ro *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.gstatic.com t.themarketer.com cdn1.themarketer.com https://*.sameday.ro *.tagmanager.google.com *.googletagmanager.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.google.ro *.google.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com https://maps.googleapis.com https://player.vimeo.com consentcdn.cookiebot.com *.googlesyndication.com *.clarity.ms *.google.com google.com *.facebook.com https://ecommerce.fancourier.ro https://nominatim.openstreetmap.org https://api.fancourier.ro https://get.geojs.io *.avada.io www.gstatic.com t.themarketer.com cdn1.themarketer.com  *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.doubleclick.net *.run.app 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://251703a9-46ab-4e4f-ab25-1de6ee452399.sansec.watch/; report-to report-endpoint; 1
default-src 'self'; script-src 'report-sample' 'self' 'sha256-BiNyGbGZEG1ZcMWhdKvmZ1DwYSpvZ8xcAxRrIag59sQ=' 'sha256-p96cet82gMKBOah5xqTlTC1NImfgmfwp9xhnLYsv45Q=' 'sha256-K7F5t+0jCUOcvI0w5XCLORVrRe6Cl7fcvsyOhpNlvRA=' 'sha256-osJOIDsvZzKR6jjDkmJzOK/lCl+6P59lwiMwf2WwwX0=' 'sha256-ech7dK56PGMmo3zLhyCe9XpUu/4+pGU11bUeBEpq56o=' 'sha256-5aTBNtoMSFGD0AJ9+0YPRibd5APCDzFjjKtA16wQik8=' 'sha256-hV1mihBfiWqmXQxPNANChEuUWIOIlte4D1DUOfqSY2Y=' 'sha256-DHkQzQeawSI3bMDJPOulIinzX/ih38goNk2cvBZsgPM=' 'sha256-LjOYZt74qQlHixQckZ1K+NyxwGO8jPc/zUDhd43i7qY=' 'sha256-C6r1Uv+2BkE8Qjrq+iYLyfsjck3nrA/PhDEE1u7CHtk=' 'sha256-hV1mihBfiWqmXQxPNANChEuUWIOIlte4D1DUOfqSY2Y=' 'sha256-BxUWVs1+UwaUImPFWmLpOCjBDGTFuFcwcXgQwKyVSYU=' https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.google-analytics.com/analytics.js https://www.googleadservices.com/pagead/conversion_async.js https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/ https://googleads.g.doubleclick.net/pagead/viewthroughconversion/976618339/ https://a.clickcertain.com/px/smart/a/ https://a.remarketstats.com/px/smart/; style-src 'report-sample' 'self' 'unsafe-inline'; object-src 'none'; base-uri 'self'; connect-src 'self' https://stats.g.doubleclick.net https://www.google-analytics.com; font-src 'self'; frame-src 'self' https://www.google.com https://a.clickcertain.com/; img-src 'self' https://www.google-analytics.com https://www.google.com https://www.google.pl; manifest-src 'self'; media-src 'self'; worker-src 'none'; 1
font-src fonts.gstatic.com use.typekit.net https://fonts.gstatic.com/ https://fonts.googleapis.com/ https://*.frizbit.com/ https://*.googleapis.com/ *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com self https://*.frizbit.com/ https://*.googleapis.com/ *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com *.bitrix24.es *.facebook.net 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com https://*.doubleclick.net/ https://*.frizbit.com/ https://*.googleapis.com/ https://rum-static.pingdom.net/ https://11469910.fls.doubleclick.net/ https://www.google.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.facebook.com *.bitrix24.es *.facebook.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net https://kalicr.com https://www.google.co.cr/ https://*.frizbit.com/ https://*.googleapis.com/ https://11469910.fls.doubleclick.net/ *.google.com *.facebook.com https://connect.facebook.net/ https://www.tiendasekono.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.syteapi.com *.facebook.net *.google.co.cr *.bitrix24.es *.tiendasekono.com *.doubleclick.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com https://googletagmanager.com/ https://www.googletagmanager.com/ data: https://cdn.frizbit.com/ https://*.frizbit.com/ https://*.googleapis.com/ https://rum-static.pingdom.net/ *.smartlook.com/ *.facebook.com https://www.gstatic.com/ https://www.google.com/ https://bam.nr-data.net/ https://js-agent.newrelic.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.syteapi.com *.bitrix24.es *.pingdom.net *.facebook.net *.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com https://fonts.gstatic.com/ https://fonts.googleapis.com/ https://googletagmanager.com/ https://www.googletagmanager.com/ data: https://*.frizbit.com/ https://*.googleapis.com/ *.fontawesome.com unsafe-inline assets.braintreegateway.com *.bitrix24.es 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.bolt.com *.magento-datasolutions.com *.magento-ds.com *.sentry.io https://googletagmanager.com/ https://www.googletagmanager.com/ https://*.doubleclick.net/ data: https://*.frizbit.com/ https://*.googleapis.com/ https://manager.eu.smartlook.cloud/ https://rum-collector-2.pingdom.net/ https://analytics.google.com/ https://www.yotpo.com/ https://bam.nr-data.net/ https://stats.g.doubleclick.net/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com syteapi.com *.syteapi.com *.facebook.com *.pingdom.net *.bitrix24.es *.facebook.net *.googlesyndication.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'unsafe-inline' 'unsafe-eval' cdn2.hubspot.net *.hubspot.com *.hubspotusercontent10.net js.hscollectedforms.net js.hsleadflows.net js.hs-scripts.com js.hsadspixel.net js.hs-analytics.net js.hs-banner.com js.hs-banner.net *.hsforms.net *.hsforms.com static.hsappstatic.net js.hubspotfeedback.com feedback.hubapi.com js.usemessages.com *.vidyard.com cdnjs.cloudflare.com cdnjs.cloudflare.com 10921146.fls.doubleclick.net plausible.io *.hotjar.com *.hotjar.io *.qualified.com bttrack.com *.googletagmanager.com *.force.com *.thycotic.com *.centrify.com *.bidr.io *.rlcdn.cm t.co *.twitter.com burly.io *.clickagy.com *.doubleclck.net *.zoominfo.com lltrck.com facebook.com *.facebook.net *.redditstatic.com *.linkedin.com *.licdn.com *.demandbase.com *.zoominfo.com 'strict-dynamic' 'nonce-h1EcseGoN2Y/lp1nDUSJ9Q==' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' plenitudedistribuidora.com.br *.plenitudedistribuidora.com.br wake-components.fbitsstatic.net plenitudedistribuidora.fbitsstatic.net fbits.net nr-data.net newrelic.com google.com googletagmanager.com google-analytics.com facebook.net facebook.com jquery.com bootstrapcdn.com *.fbits.net *.nr-data.net *.newrelic.com *.google.com *.googletagmanager.com *.google-analytics.com *.facebook.net *.facebook.com *.jquery.com *.bootstrapcdn.com wss://signalr.fbits.net *.googleadservices.com *.tawk.to k-analytix.com *.k-analytix.com i.konduto.com *.yapay.com.br *.traycheckout.com.br h.online-metrix.net *.ebit.com.br *.cartstack.com wss://vsb31.tawk.to *.cartstack.com.br *.smarthint.co app.cartstack.com.br *.datafrete.app *.getblue.io *.targeting.voxus.com.br cdn.targeting.voxus.com.br googleads.g.doubleclick.net *.g.doubleclick.net *.voxus.tv *.voxus.com.br *.loggly.com targeting.voxus.com.br *.clearsale.com.br accounts.google.com *.facebook.net connect.facebook.net *.facebook.com facebook.com *.conectiva.io *.sunset.systems *app.cartstack.com *.performa.ai *.cupom.social *.conectiva.app conectiva.app api.performa.ai valid.performa.ai cartstack.com.br api.cartstack.com.br sunset.systems api.sunset.systems cupom.social app.cupom.social cdn.performa.ai *.google.com.br *.google.com *.googletagmanager.com translate.googleapis.com google.com *.trustvox.com.br rate.trustvox.com.br *.google-analytics.com apis.google.com app.cartstack.com dzpxyxks1bfmb.cloudfront.net *.gstatic.com conectiva.io trustvox.com.br *.goadopt.io googletagmanager.com google-analytics.com gstatic.com *.koin.com.br *.soclminer.com.br *.btg360.com.br *.socialminer.com *.tiktok.com signalrcore.fbits.net wss://signalrcore.fbits.net *.cloudfront.net *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadopago.com.br *.paypal.com *.paypalobjects.com td.doubleclick.net *.doubleclick.net integration-hub.mailclick.me *.fbits.store *.adyen.com google.co.jp google.com.bo google.co.uk google.com.uy google.pt google.com.py google.es google.it google.fr google.al google.nl google.be *.pagar.me *.mundipagg.com *.rdstation.com.br *.getnet.com.br *.clarity.ms *.stape.co sa.stape.co clarity.ms *.braintree-api.com *.braintreegateway.com *.pagseguro.com.br *.pagbank.com *.google.pt *.vindi.com.br *.cieloecommerce.cielo.com.br *.braspag.com.br *.pagador.com.br *.online-metrix.net bt-wake-connector.com.br *.pagaleve.com.br *.pagaleve.io wake-api.pagaleve.com.br securegtm.despegar.com api.ipify.org browser-intake-datadoghq.com *.datadoghq-browser-agent.com *.datadoghq.com wake.koin.com.br *.monitfy.com cdn.monitfy.com *.fpcs-monitor.com.br web.fpcs-monitor.com.br paypal-wake.s3.us-east-1.amazonaws.com newimgebit-a.akamaihd.net youtube.com yampi-vitrine-digital-prod.s3.us-east-1.amazonaws.com *.cardinalcommerce.com *.secureacs.com api.globalgetnet.com *.globalgetnet.com *.sandbox.3dsecure.io *.mailbiz.one *.jsdelivr.net *.3dsecure.io ; img-src https: data:; style-src https: 'unsafe-inline'; font-src https: data:; frame-ancestors *.plenitudedistribuidora.com.br plenitudedistribuidora.com.br; report-uri https://pub-csp.fbits.net/checkout_sem_carrinho; report-to https://pub-csp.fbits.net/checkout_sem_carrinho; worker-src 'self' blob:; 1
report-uri https://testgallito.free.beeceptor.com; report-to default; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com https://www.googletagmanager.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.paypal.com *.typekit.net *.gstatic.com api.mundipagg.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com commerce.adobe.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.commerce-payment-services.com *.magento-datasolutions.com *.magento-ds.com *.typekit.net google.com *.google.com api.mundipagg.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com *.fontawesome.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.magento-datasolutions.com *.magento-ds.com *.paypal.com google.com *.google.com api.mundipagg.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' https://code.jquery.com https://www.googletagmanager.com https://pxl-csumbedu.terminalfour.net https://static.hotjar.com https://script.hotjar.com https://cbe.capturehighered.net https://s.adroll.com https://d.adroll.com https://www.google.com https://cse.google.com https://www.gstatic.com https://siteimproveanalytics.com 'unsafe-inline'; style-src 'self' https://fonts.googleapis.com https://pxl-csumbedu.terminalfour.net https://www.google.com https://www.csuci.edu 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com https://pxl-csumbedu.terminalfour.net data:; img-src 'self' https://www.csuci.edu https://pxl-csumbedu.terminalfour.net https://40230.global.siteimproveanalytics.io data:; media-src 'self' https://player.vimeo.com https://vimeocdn.com https://download-video-ak.vimeocdn.com; connect-src 'self' https://region1.google-analytics.com https://content.hotjar.io wss://ws.hotjar.com https://vc.hotjar.io; frame-src 'self' https://www.google.com; frame-ancestors 'self'; object-src 'none'; base-uri 'none'; 1
font-src fonts.gstatic.com data: likeme.com.co *.likeme.com.co maxcdn.bootstrapcdn.com s3.amazonaws.com *.fontawesome.com *.gstatic.com 'self' data: https://maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.mercadopago.com *.mlstatic.com *.nosto.com *.nos.to https://www.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.mercadopago.com *.mlstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com cdn.dnky.co amc.demdex.net www.google.com www.facebook.com youtube.com gum.criteo.com connect.facebook.net graph.facebook.com business.facebook.com likeme.com.co *.likeme.com.co *.criteo.com fledge.criteo.com app.zinrelo.com www.youtube.com *.addi.com td.doubleclick.net *.mercadolibre.com *.blob.core.windows.net/* *.mercadopago.com *.mlstatic.com *.nosto.com *.nos.to https://ibang-webviews.ibang.ai https://app.zinrelo.com https://vars.hotjar.com https://static.criteo.net http://static.criteo.net https://td.doubleclick.net https://fledge.us.criteo.com https://fledge.eu.criteo.com 'self' 'unsafe-inline'; img-src https://assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io maps.gstatic.com maps.googleapis.com accounts.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.likeme.com.co *.cloudfront.net www.google.cl www.google.com.uy www.google.com.ar www.google.com.co dis.criteo.com criteo-sync.teads.tv criteo-partners.tremorhub.com d1qbqkkh49kht1.cloudfront.net zinrelo-notification-images.s3.amazonaws.com *.addi.com *.clarity.ms *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.mercadolivre.com *.nosto.com *.nos.to 'self' data: https://ibangblob.blob.core.windows.net www.mercadolivre.com http://imgmp.mlstatic.com https://cdn.stickyadstv.com https://www.google.com.ar https://www.mercadopago.com.co http://img.mlstatic.com https://pixel.rubiconproject.com https://likeme.com.co https://*.g.doubleclick.net https://*.smartadserver.com https://*.cloudfront.net https://sync.outbrain.com https://contextual.media.net https://ad.360yield.com https://r.casalemedia.com https://cm.adform.net https://x.bidswitch.net https://match.sharethrough.com https://ads.stickyadstv.com https://exchange.mediavine.com https://sync-t1.taboola.com https://sync-criteo.ads.yieldmo.com https://c.bing.com https://e1.emxdgt.com https://s.ad.smaato.net https://i.liadm.com https://ads.yahoo.com https://ups.analytics.yahoo.com https://secure.adnxs.com https://ib.adnxs.com https://sp.analytics.yahoo.com https://dis.criteo.com https://i6.liadm.com https://simage2.pubmatic.com https://eb2.3lift.com https://jadserve.postrelease.com https://www.google.com.co https://criteo-sync.teads.tv https://tg.socdm.com https://visitor.omnitagjs.com https://gum.criteo.com https://matching.ivitrack.com https://trends.revcontent.com https://ade.clmbtech.com https://idsync.rlcdn.com https://tags.bluekai.com https://s3.amazonaws.com https://criteo-partners.tremorhub.com https://hb.yahoo.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.dnky.co r1-t.trackedlink.net www.gstatic.com js-agent.newrelic.com bam.nr-data.net maps.googleapis.com connect.facebook.net player.vimeo.com dynamic.c static.criteo.net dynamic.criteo.com sslwidget.criteo.com fast.amc.demdex.net widget.eu.criteo.com www.facebook.com graph.facebook.com business.facebook.com likeme.com.co *.likeme.com.co *.cloudfront.net *.zinrelo.com cdnjs.cloudflare.com www.googleoptimize.com www.clarity.ms analytics.tiktok.com *.embluemail.com s3.amazonaws.com cdn.addi.com www.youtube.com static.doubleclick.net www.google.com ajax.googleapis.com connect.nosto.com *.taboola.com *.hotjar.com *.mlstatic.com *.mercadopago.com *.google.com https://maps.googleapis.com *.blob.core.windows.net/* *.nosto.com *.nos.to *.gstatic.com https://www.google.com https://cdn.zinrelo.com http://cdn.zinrelo.com https://www.wheelofpopups.com https://*.cloudfront.net https://app.zinrelo.com https://www.googleoptimize.com https://cdn.embluemail.com https://widgets-static.embluemail.com https://script.hotjar.com https://static.hotjar.com https://cdnjs.cloudflare.com https://*.g.doubleclick.net https://*.mailmunch.com https://widgets-api.embluemail.com https://analytics.tiktok.com https://www.clarity.ms 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cdn.dnky.co likeme.com.co *.likeme.com.co use.fontawesome.com *.cloudfront.net maxcdn.bootstrapcdn.com www.youtube.com *.fontawesome.com *.mercadopago.com *.mlstatic.com *.nosto.com *.nos.to *.googleapis.com *.gstatic.com https://trazosvisuales.com https://trazosvisuales.info https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.comapi.com bam.nr-data.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com likeme.com.co *.likeme.com.co maxcdn.bootstrapcdn.com gum.criteo.com s.clarity.ms app.zinrelo.com www.youtube.com channels-public-api.addi.com www.google.cl www.google.com.uy www.google.com.ar www.google.com.co *.google.com *.clarity.ms mug.criteo.com connect.nosto.com googleads.g.doubleclick.net jnn-pa.googleapis.com *.mercadopago.com *.mercadolibre.com *.sistecredito.com/* *.blob.core.windows.net/* *.mlstatic.com *.nosto.com *.nos.to *.google-analytics.com https://www.google-analytics.com https://*.g.doubleclick.net https://trazosvisuales.info https://maxcdn.bootstrapcdn.com https://trazosvisuales.com https://measurement-api.criteo.com/ https://analytics.tiktok.com/ https://v.clarity.ms https://pagead2.googlesyndication.com/ https://cdnjs.cloudflare.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src bam.nr-data.net s.clarity.ms *.google.com www.google-analytics.com analytics.tiktok.com likeme.com.co *.likeme.com.co *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-uaslqDvlfq2m2H9iB1ykBA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-li7tqPhwbI2Q98maokVV7A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com data: *.fontawesome.com maxcdn.bootstrapcdn.com 'self' data: https://www.surviocdn.com/ *.survicate.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.paypal.com *.googletagmanager.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com cdn.dnky.co amc.demdex.net www.google.com www.facebook.com youtube.com *.mercadolibre.com mldp.mercadopago.com www.mercadolibre.com https://www.survio.com/ *.doubleclick.net *.pinterest.com *.getblue.io *.groovinads.com *.online-metrix.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net maps.gstatic.com maps.googleapis.com accounts.google.com www.facebook.com imgmp.mlstatic.com *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar 'self' data: www.mercadolibre.com www.mercadolibre.com.mx www.mercadolibre.com.ar www.mercadolibre.com.br a248.e.akamai.net mercadolivre.com.br www.mercadolivre.com.br www.mercadolivre.com.mx www.mercadolivre.com.ar www.mercadopago.com secure.mlstatic.com *.google.com.ar *.doubleclick.net *.mercadolivre.com www.mailing.somosrex.com *.clarity.ms *.groovinads.com *.bing.com *.online-metrix.net img.survicate.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com cdn.dnky.co r1-t.trackedlink.net www.gstatic.com js-agent.newrelic.com bam.nr-data.net maps.googleapis.com connect.facebook.net player.vimeo.com *.braindw.com https://live.decidir.com *.mlstatic.com https://www.google.com *.gstatic.com http2.mlstatic.com secure.mlstatic.com https://maps.googleapis.com https://merchants.playdigital.com.ar/ https://merchants.preprod.playdigital.com.ar/ https://ecommerce-modal.modo.com.ar/ https://ecommerce-modal.preprod.modo.com.ar/ *.convertexperiments.com *.wcx.cloud *.pinimg.com *.survicate.com *.clarity.ms *.mathtag.com *.tiktok.com *.getblue.io *.groovinads.com *.wcentrix.com *.cloudfront.net *.pinterest.com *.icommarketing.com *.decidir.com *.mercadopago.com *.online-metrix.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cdn.dnky.co *.fontawesome.com maxcdn.bootstrapcdn.com *.googleapis.com *.gstatic.com https://ecommerce-modal.modo.com.ar/ https://ecommerce-modal.preprod.modo.com.ar/ *.survicate.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com maps.googleapis.com api.comapi.com bam.nr-data.net *.braindw.com https://developers.decidir.com/ *.mercadopago.com *.google-analytics.com api.mercadopago.com events.mercadopago.com www.mercadolibre.com https://merchants.playdigital.com.ar/ https://merchants.preprod.playdigital.com.ar/ https://ecommerce-modal.modo.com.ar/ https://ecommerce-modal.preprod.modo.com.ar/ *.doubleclick.net notifications-icommkt.com track-icommkt.com *.clarity.ms *.pinterest.com *.tiktok.com *.convertexperiments.com *.decidir.com *.online-metrix.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self' localhost  *.nexpart.com nexpart.com *.pacecomputer.com *.lordco.com prostockautoparts.com *.shopcontroller.com *.lankar.com lankar-customer-sandbox.azurewebsites.net *.nexpartqa.com nexpartqa.com *.nexpartuat.com nexpartuat.com www.davesmith.com s1.ariba.com acdelco-catalog.dstcloud.com nexcat.com www.nexcat.com usglobalautomotive.com deets.feedreader.com *.networktoolcat.com; report-uri https://www.nexpart.com/csp_violation.php  1
img-src *.force.com https://content.instrumentation.getconga.com slack-imgs-mil-dev.com https://www.linkedin.com 'self' https://stats.g.doubleclick.net https://img.youtube.com https://payments.salesforce.com/icons/ https://cdn.cookielaw.org https://login.salesforce.com/icons/ *.my-salesforce-cms.com https://acquia--full--c.sandbox.vf.force.com https://*.springcm.com http://adn.acquia.com https://www.gstatic.com https://status.widen.com *.slack-edge-gov.com *.my-salesforce.com https://feeds.feedburner.com *.cloudinary.com https://dev-adn.acquia.com https://app.launchdarkly.com https://services.congamerge.com https://d3mvpbun2t0ap6.cloudfront.net https://calendar.google.com https://usa326.sfdc-yfeipo.salesforce.com/icons/ *.amazonaws.com blob: slack-imgs.com slack-gov-dev.com *.sfdcstatic.com https://data.instrumentation.getconga.com *.widencollective.com https://ssl.gstatic.com *.twimg.com https://agent.acquia.net https://api.mixpanel.com *.slack.com https://www.paypal.com *.slack-imgs.com slack-imgs-gov.com https://i.ytimg.com https://cdn.content.aws-dev2-uswest2.aws.sfdc.cl/icons/ https://dev-agent.acquia.net *.salesforce-experience.com https://acquia.file.force.com https://fonts.gstatic.com slack-imgs-gov-dev.com https://acquia.my.site.com *.slack-edge.com https://aq112111s.searchunify.com https://aq142201p.searchunify.com https://cdn.content.aws-prod1-useast1.aws.sfdc.cl/icons/ slack-mil-dev.com https://tagmanager.google.com https://acquia.my.salesforce.com https://www.gstatic.com/recaptcha/ https://geolocation.onetrust.com https://*.congamerge.com https://sfapi-sandbox.formstack.io https://status.acquia.com https://embed.widencdn.net https://www.google.com/recaptcha/ *.slack-edge.mil https://www.sandbox.paypal.com https://www.acquia.com https://acquia.widen.net https://i.vimeocdn.com https://www.googletagmanager.com https://www.equusoft.com https://www.widen.com https://d1z9ryalr1cz6s.cloudfront.net https://www.google-analytics.com *.salesforce.com https://*.adyen.com https://widen.widen.net slack-imgs.mil https://sfapi.formstack.io data:; report-to sfdc-csp-ep; report-uri https://acquia.lightning.force.com/_/ContentDomainCSPNoAuth?tenantId=00D6g000003vCaM&networkId=0DM6g000000eGOT&type=communities 1
object-src 'none';base-uri 'self';script-src 'nonce-SdgRGrpQXw6K49CCmSLDyg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://www.googletagmanager.com *.googleapis.com *.klarnacdn.net *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.development.scalapay.com *.staging.scalapay.com *.integration.scalapay.com *.scalapay.com *.klaviyo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com https://api.clerk.io https://cdn.clerk.io 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.awin1.com *.zenaps.com *.fls.doubleclick.net *.klarna.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * sibautomation.com *.criteo.com *.gelproximity.com *.trustpilot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.awin1.com *.zenaps.com *.wepowerconnections.com https://cdn.clerk.io *.feedaty.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klarna.com *.klarnaevt.com *.klarnacdn.net https://firebasestorage.googleapis.com flagpedia.net https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.development.scalapay.com *.staging.scalapay.com *.integration.scalapay.com *.scalapay.com *.googleapis.com *.elfsight.com *.elfsightcdn.com *.trustpilot.com *.trustpilot.net *.doofinder.com *.google.com *.google.it *.bidswitch.net *.doubleclick.net *.adnxs.com *.media.net *.rubiconproject.com *.sharethrough.com *.smartadserver.com *.taboola.com *.teads.tv eb2.3lift.com *.yahoo.com *.adform.net *.criteo.com *.popupsmart.com *.onesignal.com upstream.heidipay.com sbx-upstream.heidipay.io *.casalemedia.com id5-sync.com *.360yield.com *.mediavine.com *.postrelease.com *.outbrain.com *.pubmatic.com *.tremorhub.com *.yieldlab.net *.1rx.io *.agkn.com *.unrulymedia.com www.gstatic.com pay.google.com google.com/pay ecomms2s.sella.it sandbox.gestpay.net img.riskified.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com https://maps.googleapis.com tagmanager.google.com https://www.googletagmanager.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.awin1.com *.dwin1.com *.zenaps.com *.wepowerconnections.com https://the.sciencebehindecommerce.com lantern.roeyecdn.com https://api.clerk.io https://cdn.clerk.io *.feedaty.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.avada.io *.gstatic.com maps.googleapis.com js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.development.scalapay.com *.staging.scalapay.com *.integration.scalapay.com *.scalapay.com *.googleapis.com *.elfsight.com *.doofinder.com sibautomation.com *.iubenda.com *.popupsmart.com *.criteo.com *.onesignal.com onesignal.com *.gelproximity.com *.clerk.io *.hotjar.com www.google.com www.gstatic.com beacon.riskified.com tracking.trovaprezzi.it tps.trovaprezzi.it www.trovaprezzi.it *.trustpilot.com https://www.dwin1.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com https://api.clerk.io https://cdn.clerk.io *.feedaty.com https://static.klaviyo.com *.klarnacdn.net *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.gstatic.com assets.braintreegateway.com *.development.scalapay.com *.staging.scalapay.com *.integration.scalapay.com *.scalapay.com *.doofinder.com onesignal.com *.popupsmart.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com https://maps.googleapis.com https://player.vimeo.com https://www.google-analytics.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.wepowerconnections.com https://the.sciencebehindecommerce.com *.feedaty.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com https://get.geojs.io *.avada.io www.gstatic.com maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.development.scalapay.com *.staging.scalapay.com *.integration.scalapay.com *.scalapay.com *.googleapis.com *.gstatic.com *.onesignal.com onesignal.com *.popupsmart.com *.elfsight.com *.doofinder.com wss://*.doofinder.com *.brevo.com *.iubenda.com *.doubleclick.net *.criteo.com *.google-analytics.com www.google.com pay.google.com google.com/pay ecomms2s.sella.it sandbox.gestpay.net c.riskified.com 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'self' 'nonce-IOJBYfqesh7QDMhGd4oN50BHCWHhc2udFXvdpzBal3Y=' 'strict-dynamic' 'wasm-unsafe-eval';object-src 'none';base-uri 'self';report-uri https://o4507537122852864.ingest.de.sentry.io/api/4507764299726928/security/?sentry_key=2e67b3fa9c193f38db8ea33933d09ffa&sentry_environment=production&sentry_release=sprint24; 1
default-src https: wss: blob:; connect-src https: wss: blob:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' blob:; img-src https: data: blob:; font-src https: data: blob:; object-src https: data:; media-src https: data: blob:; frame-ancestors 'none'; report-uri /security/csp_violations 1
base-uri 'self'; block-all-mixed-content; default-src 'self'; form-action 'self'; frame-ancestors 'self'; plugin-types 'none'; script-src 'self' 'report-sample' 'unsafe-inline'; style-src 'self' 'report-sample' 'unsafe-inline'; object-src 'none'; worker-src 'none'; report-uri https://prod.ap.batic.cudasvc.com/xenios/api/v1/error/report??paid=151&spid=437&v=v1.0&payload=rJeyhteK1R4ehvX19W96lNbaCGhFOwYEfK03vVIAbGSAqTMkAdvym88TbB6ZcVIk3BKtzXIrOm_KBfeoBaCjF_jdrbs9DGZ9XL2ooi2itMl5_EH8E286zJBqtiyroBEzSIptExBJ9x0vslEf5QIgJlTJMP3gRyALCmOokpLxz7vuylhEvPM24-napUDCYWCxSP1oCeiZ8UOjp3ZBFtDKLA==; 1
font-src *.typekit.net fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.zopim.com *.fontawesome.com *.amasty.com *.vimeo.com *.paypal.com *.dotdigital-pages.com *.dotdigital.com *.adidas.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com *.amasty.com *.paypal.com *.dotdigital-pages.com *.dotdigital.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.livechatinc.com cdn.dnky.co youtube.com www.youtube.com *.hotjar.com *.google.com www.facebook.com *.trustpilot.com *.amasty.com *.vimeo.com *.paypal.com *.dotdigital-pages.com *.dotdigital.com *.yieldify.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io magefan.com cm.magefan.com *.livechatinc.com www.google.com www.google.nl connect.onlinesucces.nl px.ads.linkedin.com stats.g.doubleclick.net *.googleapis.com *.gstatic.com www.linkedin.com linkedin.com www.googletagmanager.com googletagmanager.com gallery.mailchimp.com *.trustedshops.com www.facebook.com *.zopim.com cdn.jsdelivr.net *.amasty.com *.vimeo.com *.paypal.com *.dotdigital-pages.com *.dotdigital.com *.adidas.com *.assets.adidas.com *.trackedlink.net *.disqus.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com *.livechatinc.com google.com www.google.com gstatic.com www.gstatic.com *.googleapis.com cdn.dnky.co api.comapi.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.dotdigital.com snap.licdn.com chimpstatic.com checkout.buckaroo.nl *.adyen.com *.zopim.com *.hotjar.com *.zdassets.com *.sendcloud.sc *.mailchimp.com *.trustedshops.com *.fontawesome.com connect.facebook.net www.feedbackcompany.com *.trustpilot.com *.newrelic.com *.nr-data.net cdn.jsdelivr.net *.amasty.com *.paypal.com *.avada.io *.yotpo.com *.queue-it.net *.cloudflareinsights.com *.yieldify.com *.ddlnk.net debug-tracking.dotdigital.internal *.disqus.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.typekit.net *.googleapis.com cdn.dnky.co checkout.buckaroo.nl *.fontawesome.com *.mailchimp.com *.trustpilot.com cdn.jsdelivr.net *.amasty.com *.vimeo.com *.paypal.com *.dotdigital-pages.com *.dotdigital.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zopim.com *.amasty.com *.vimeo.com *.paypal.com *.dotdigital-pages.com *.dotdigital.com *.assets.adidas.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com ws: *.livechatinc.com commerce.adobedc.net api.comapi.com www.google-analytics.com stats.g.doubleclick.net *.zdassets.com *.hotjar.com *.hotjar.io *.zopim.com wss://*.zopim.com www.feedbackcompany.com *.zendesk.com *.nr-data.net *.amasty.com *.vimeo.com *.paypal.com *.dotdigital-pages.com *.dotdigital.com *.trackedlink.net *.trackedweb.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-NyOf40xClPFcLaAiS-gFKw' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All 1
connect-src *; frame-src *; img-src https: data: blob: about: safari-extension: safari-resource: chrome-extension:; worker-src blob: https: 'unsafe-eval' 'unsafe-inline'; script-src https: 'unsafe-eval' 'unsafe-inline'; report-uri https://portfolio.ccpsx.com/api/v1/errors/csp 1
default-src 'unsafe-inline' 'self'; img-src 'self' https://www.careersinfood.com data:; script-src 'unsafe-inline' 'self' https://jquery.com  https://cdn.speedcurve.com https://ajax.googleapis.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://code.jquery.com; script-src-elem 'unsafe-inline' 'self'  https://jquery.com  https://cdn.speedcurve.com https://ajax.googleapis.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://code.jquery.com; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com https://ajax.googleapis.com https://cdn.jsdelivr.net https://code.jquery.com; font-src 'self' data: https://fonts.gstatic.com https://cdn.jsdelivr.net; 1
object-src 'none';base-uri 'self';script-src 'nonce-MzszQcWe-Po_x22VBhFBaA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
frame-ancestors 'none'; default-src 'self'; script-src 'self' 'nonce-ZTExZDExNmEtNmNlYS00ZjI0LWE5NzQtM2M1YTVkZDhiOWJh' https://status.livepix.gg https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://js.intercomcdn.com https://widget.intercom.io https://www.youtube.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com https://fonts.intercomcdn.com; img-src 'self' https://static.livepix.gg https://cdn.livepix.gg https://www.googletagmanager.com https://downloads.intercomcdn.com https://static.intercomassets.com https://js.intercomcdn.com https://messenger-apps.intercom.io https://i.ytimg.com; frame-src 'self' https://checkout.livepix.gg https://rlgrjlrv2czy.statuspage.io https://www.googletagmanager.com https://intercom-sheets.com https://www.google.com https://www.youtube.com; connect-src 'self' https://webservice.livepix.gg https://unleash.livepix.gg https://fingerprint.livepix.gg https://fp.livepix.gg https://livia.livepix.gg https://www.google.com https://www.google-analytics.com https://api-iam.intercom.io wss://nexus-websocket-a.intercom.io https://o4508013286391808.ingest.us.sentry.io; manifest-src 'self' https://static.livepix.gg; media-src 'self' blob: https://static.livepix.gg https://js.intercomcdn.com 1
default-src 'self'; img-src 'self' *.taiko-p.jp data: https://www.googletagmanager.com/ https://www.google.co.jp/ https://cdn-au.onetrust.com/; style-src 'self' 'unsafe-inline'; script-src 'self' 'nonce-6870650f434d2' */gtm.js https://www.googletagmanager.com/ https://cdn-au.onetrust.com/; connect-src */ajax/ https://stats.g.doubleclick.net/ https://cdn-au.onetrust.com/ https://www.google-analytics.com https://geolocation.onetrust.com/ https://privacyportal-au.onetrust.com/ https://analytics.google.com/ https://www.google.co.jp/; report-uri csp_report.php; 1
font-src www.searchanise.com *.searchserverapi.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.searchanise.com *.searchserverapi.com *.twitter.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com www.searchanise.com *.searchserverapi.com *.twitter.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.twitter.com *.twimg.com www.google.ru www.searchanise.com *.searchserverapi.com s3.amazonaws.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.pagar.me searchanise-ef84.kxcdn.com s3.amazonaws.com ajax.aspnetcdn.com www.searchanise.com *.searchserverapi.com *.searchanise.com api.amplitude.com *.twitter.com *.twimg.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com www.searchanise.com *.searchserverapi.com searchanise-ef84.kxcdn.com s3.amazonaws.com *.twitter.com ton.twimg.com *.fontawesome.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.pagar.me https://viacep.com.br https://www.viacep.com.br api.amplitude.com stats.g.doubleclick.net https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net self data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com pay.google.com payments-eu.amazon.com *.amazon.de https://store.plumrocket.com pal-test.adyen.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.adyen.com pay.google.com *.paypal.com self *.doubleclick.net *.criteo.com *.easydmp.net *.snapchat.com https://store.plumrocket.com https://accounts.google.com checkoutshopper-test.adyen.com pal-test.adyen.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.adyen.com pay.google.com *.payments-amazon.com *.media-amazon.com *.paypalobjects.com self *.bing.com *.paypal.com *.google.fr *.electrodepot.fr *.electrodepot.be *.electrodepot.es *.cookielaw.org *.snapchat.com checkoutshopper-test.adyen.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com self sc-static.net *.abtasty.com *.jsdelivr.net *.gstatic.com *.facebook.net *.tiktok.com *.googleapis.com *.easydmp.net *.vzbl.eu *.aticdn.net *.m1by1.com *.woosmap.com *.doubleclick.net *.cookielaw.org *.snapchat.com *.valiuz.com *.mediarithmics.com *.prediggo.services https://accounts.google.com checkoutshopper-test.adyen.com 'self' 'unsafe-eval' 'nonce-ZHpzOW54aWhnem54M3pwNmlrYmc0Z3pubTRtMmgwNHk=' 'sha256-W5akSSK6LD5BjIlNICMcXaUObQSRAaj6bs7JHADURBA=' 'sha256-3qVqeAdyxxTdPkkRzqapjGkAUYLahxSrB7Mdup+GPQ0=' 'sha256-2rvfFrggTCtyF5WOiTri1gDS8Boibj4Njn0e+VCBmDI=' 'sha256-p8MCfMHqrovsjRYU9z0bU17dd0z81k/fVbGrtBBiM9g=' 'sha256-0pk2s4oXwBELlC6IBVb3nNaM2PjfjwI2N6OGIX5lx8Y=' 'sha256-nkEZknO0IxNxY/CkTMBhjNhwPvglpYumjx31B4fjkY8='; style-src *.adobe.com fonts.googleapis.com self *.gstatic.com *.electrodepot.fr *.electrodepot.be *.electrodepot.es *.snapchat.com https://accounts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.adyen.com *.google.com google.com payments-eu.amazon.com *.paypal.com self *.snapchat.com *.cookielaw.org *.abtasty.com *.googleapis.com *.vzbl.eu *.criteo.com *.easydmp.net *.xiti.com *.valiuz.com *.doubleclick.net *.mediarithmics.com https://accounts.google.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.electrodepot.fr *.electrodepot.be *.electrodepot.es *.bing.com *.criteo.net *.snapchat.com *.netvigie.com *.xiti.com *.valiuz.com *.googletagmanager.com *.google.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.fontawesome.com www.searchanise.com *.searchserverapi.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.searchanise.com *.searchserverapi.com *.twitter.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com www.searchanise.com *.searchserverapi.com *.twitter.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com p.typekit.net www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de https://cdn.mundipagg.com https://api.pagar.me *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.twitter.com *.twimg.com www.google.com www.google.ru www.searchanise.com *.searchserverapi.com s3.amazonaws.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net www.paypalobjects.com js.braintreegateway.com www.paypal.com unpkg.com commerce.adobedtm.com commerce.adobe.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://ws-sandbox.bellunopag.com.br https://api.belluno.digital https://i.k-analytix.com https://i.konduto.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com *.avada.io *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com searchanise-ef84.kxcdn.com s3.amazonaws.com ajax.aspnetcdn.com www.searchanise.com *.searchserverapi.com *.searchanise.com api.amplitude.com *.twitter.com *.twimg.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com cdn.dnky.co webchat.dotdigital.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com unsafe-inline www.searchanise.com *.searchserverapi.com searchanise-ef84.kxcdn.com s3.amazonaws.com *.twitter.com ton.twimg.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com *.adobe.io performance.typekit.net commerce.adobedtm.com commerce.adobedc.net api.magento.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de https://api.mundipagg.com https://api.pagar.me https://viacep.com.br https://www.viacep.com.br *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com https://get.geojs.io *.avada.io *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com api.amplitude.com stats.g.doubleclick.net *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com data: cdn.jsdelivr.net *.obi.si 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.adyen.com https://lapp.leanpay.hr https://app.leanpay.hr https://stage-app.leanpay.si https://app.leanpay.si https://stage-app.leanpay.ro https://vendor.leanpay.ro *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.adyen.com www.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.paypal.com *.typekit.net *.gstatic.com *.adyen.com *.googleapis.com *.bing.com *.doubleclick.net *.facebook.com *.google.si cdn.jsdelivr.net *.obi.si www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.hsforms.net *.hsforms.com 'self' data: www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.commerce-payment-services.com *.magento-datasolutions.com *.magento-ds.com *.typekit.net google.com *.google.com *.adyen.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.bing.com *.doubleclick.net *.facebook.net *.googletagmanager.com *.hotjar.com cdn.jsdelivr.net *.obi.si unpkg.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com cdn.jsdelivr.net *.obi.si assets.braintreegateway.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com *.sentry.io *.paypal.com google.com *.google.com *.adyen.com *.googleapis.com *.doubleclick.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com *.fontawesome.com https://fonts.bunny.net *.simonetti.com.br *.chernobyl.pentagrama:8001 *.smarthint.co https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2 https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/fontawesome-webfont.woff https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/fontawesome-webfont.ttf data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors https://h.online-metrix.net 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com https://h.online-metrix.net *.cardinalcommerce.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com * *.simonetti.com.br *.chernobyl.pentagrama:8001 *.smarthint.co *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.googleapis.com https://h.online-metrix.net *.d.aa.online-metrix.net https://firebasestorage.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.simonetti.com.br *.chernobyl.pentagrama:8001 *.smarthint.co *.confi.com.vc *.clarity.ms *.google.com *.google.com.br *.bing.com *.yandex.ru yandex.ru *.g.doubleclick.net *.yads.tech *.yango.com *.facebook.com maps.gstatic.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.googleapis.com *.gstatic.com https://h.online-metrix.net *.cardinalcommerce.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.simonetti.com.br *.chernobyl.pentagrama:8001 *.smarthint.co *.confi.com.vc bam.nr-data.net *.facebook.net *.getblue.io *.azureedge.net *.clarity.ms *.yads.tech maps.googleapis.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com https://fonts.bunny.net assets.braintreegateway.com *.simonetti.com.br *.chernobyl.pentagrama:8001 *.smarthint.co https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2 https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/fontawesome-webfont.woff https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/fontawesome-webfont.ttf *.confi.com.vc tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.simonetti.com.br *.chernobyl.pentagrama:8001 *.smarthint.co *.confi.com.vc 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.googleapis.com https://h.online-metrix.net https://mpisandbox.braspag.com.br/v2/3ds/validate https://writer.cardinalcommerce.com/stag/log https://mpisandbox.braspag.com.br/v2/3ds/enroll https://centinelapistag.cardinalcommerce.com/V1/Order/JWT/Continue *.amazonaws.com *.braspag.com.br https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.simonetti.com.br *.chernobyl.pentagrama:8001 *.smarthint.co *.confi.com.vc bam.nr-data.net *.sae.stape.io *.clarity.ms *.yandex.ru *.yango.com *.g.doubleclick.net *.google-analytics.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce--6fmsYI5DBrNZa7F0mDgSQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-UFMSOgPsIbS96Gs-urIdzQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
img-src 'self' data:;default-src 'self';font-src fonts.gstatic.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://emotivecdn.io *.dev-emotive.com https://www.googletagmanager.com;style-src 'self' 'unsafe-inline' https://emotivecdn.io *.dev-emotive.com fonts.googleapis.com;frame-ancestors 'self' *.dev-emotive.com https://setup-shop.emotiveapp.co *.myshopify.com;connect-src ;frame-src 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com fonts.googleapis.com *.fontawesome.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.mercadolibre.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.mercadolivre.com maps.googleapis.com maps.gstatic.com 'self' data: gpsfarma.com www.afip.gob.ar www.google.com.ar https://firebasestorage.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.mlstatic.com *.mercadopago.com maps.googleapis.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com fonts.gstatic.com *.fontawesome.com https://fonts.bunny.net assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.mercadopago.com *.mercadolibre.com maps.googleapis.com stats.g.doubleclick.net https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-src 'none' 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.klarnacdn.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de https://plumrocket.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com https://cdn.consentmanager.net https://delivery.consentmanager.net *.weltpixel.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.awin1.com *.zenaps.com *.fls.doubleclick.net *.klarna.com https://plumrocket.com landofcoder.com *.googletagmanager.com *.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.bw-online-shop.com lantern.roeye.com https://cdn.consentmanager.net https://delivery.consentmanager.net https://a.delivery.consentmanager.net https://b.delivery.consentmanager.net https://c.delivery.consentmanager.net https://d.delivery.consentmanager.net d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com *.awin1.com *.zenaps.com *.wepowerconnections.com *.klarna.com *.klarnaevt.com *.klarnacdn.net *.facebook.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.clickcease.com https://cdn.consentmanager.net https://delivery.consentmanager.net https://a.delivery.consentmanager.net https://b.delivery.consentmanager.net https://c.delivery.consentmanager.net https://d.delivery.consentmanager.net *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.awin1.com *.dwin1.com *.zenaps.com *.wepowerconnections.com https://the.sciencebehindecommerce.com lantern.roeyecdn.com *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com landofcoder.com *.googletagmanager.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.clarity.ms *.klaviyo.com unpkg.com *.doubleclick.net https://www.dwin1.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.klarnacdn.net *.tagmanager.google.com *.googletagmanager.com 'self' 'unsafe-inline'; object-src https://cdn.consentmanager.net https://delivery.consentmanager.net landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com https://cdn.consentmanager.net https://delivery.consentmanager.net https://a.delivery.consentmanager.net https://b.delivery.consentmanager.net https://c.delivery.consentmanager.net https://d.delivery.consentmanager.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.youpilot.org api.batteryincluded.io https://cdn.consentmanager.net https://delivery.consentmanager.net *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.wepowerconnections.com https://the.sciencebehindecommerce.com *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com landofcoder.com *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.doubleclick.net *.run.app 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com http: https: blob: 'self' 'unsafe-inline'; default-src https://cdn.consentmanager.net https://delivery.consentmanager.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; font-src 'self' data: https://vercel.live https://assets.vercel.com https://fonts.gstatic.com https://static.octopuscdn.com https://fonts.heyflow.cloud https://widget.moin.ai; style-src 'self' 'unsafe-inline' https://vercel.live https://static.octopuscdn.com https://assets.prd.heyflow.com https://fonts.heyflow.cloud https://widget.moin.ai; connect-src 'self' blob: https: https://browser-intake-datadoghq.eu; img-src 'self' data: blob: https://assets.prd.heyflow.com https://static.octopuscdn.com https://a.storyblok.com https://vercel.live https://vercel.com https://d.delivery.consentmanager.net https://cdn.consentmanager.net https://www.facebook.com https://px.ads.linkedin.com https://www.google.de https://trck.spoteffects.net https://gbskwe.joingsg.com https://www.google.com https://bat.bing.net https://googleads.g.doubleclick.net https://www.googletagmanager.com https://ad.doubleclick.net https://media.moin.ai https://bat.bing.com https://amt.octopusenergy.de https://connect.facebook.net https://tr.outbrain.com https://paid.outbrain.com https://assets.website-files.com https://cdn.oeg-kraken.energy https://pagead2.googlesyndication.com https://analytics.tiktok.com https://paid.outbrain.com https://translate.google.com https://uploads-ssl.webflow.com https://fonts.gstatic.com https://stats.g.doubleclick.net https://px.ads.linkedin.com; media-src 'self'; object-src 'none'; worker-src 'self' blob:; child-src 'self' blob:; manifest-src 'self'; base-uri 'none'; form-action 'self'; frame-ancestors https://app.storyblok.com https://octopusenergy.de; script-src 'self' 'unsafe-inline' 'wasm-unsafe-eval' https://octopusenergy.de https://analytics.tiktok.com https://cdn.consentmanager.net https://www.googletagmanager.com https://d.delivery.consentmanager.net https://widget.moin.ai https://googleads.g.doubleclick.net https://trck.spoteffects.net https://static.hotjar.com https://amt.octopusenergy.de https://bat.bing.com https://connect.facebook.net https://trc.taboola.com https://s.pinimg.com https://wave.outbrain.com https://amplify.outbrain.com https://cdn.taboola.com https://snap.licdn.com https://script.hotjar.com https://sc-static.net https://tr.snapchat.com https://tr.outbrain.com https://ct.pinterest.com https://www.googleadservices.com https://www.google.com https://www.google.de https://www.youtube.com https://vercel.live https://app.storyblok.com https://assets.prd.heyflow.com; frame-src https://www.googletagmanager.com https://td.doubleclick.net https://tr.snapchat.com https://ct.pinterest.com https://14621715.fls.doubleclick.net https://www.youtube.com https://form.typeform.com https://www.aboalarm.de https://vercel.live https://gateway.zscloud.net; report-uri https://browser-intake-datadoghq.eu/api/v2/logs?dd-api-key=pub762440a98682fa749d0e92ae3ebb1043&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=service%3AOEDE_Consumer_Site%2Cenv%3AOEDE_production 1
default-src 'self' *.gstatic.com; img-src 'self' * data:; frame-src 'self' *.retargetly.com *.doubleclick.net; font-src 'self' data: fonts.gstatic.com fonts.googleapis.com; connect-src 'self' *.hypera.com.br http://cdn.evgnet.com/beacon/hyperapharma/hypera/scripts/evergage.min.js https://hyperapharma.us-4.evergage.com https://banner-geolocalizacao.hypera-pharma-s-account.workers.dev https://mapa-gripe.hypera-pharma-s-account.workers.dev *.viacep.com.br *.google-analytics.com *.google.com *.clarity.ms *.hypera.com.br *.retargetly.com *.doubleclick.net; script-src 'self' 'nonce-a9f8efbf1bcb58eaca003c7ff01f8a54' 'nonce-b0d5fee76a0621e54ddbf831efa5a9ba8a4cf33d' *.googletagmanager.com *.viacep.com.br *.google.com *.gtm.js https://www.googletagmanager.com *.google-analytics.com *.retargetly.com *.navdmp.com *.gstatic.com *.facebook.net *.clarity.ms *.cloudfront.net cdn.jsdelivr.net *.hypera.com.br api.hypera.com.br hypera.com.br http://cdn.evgnet.com/beacon/hyperapharma/hypera/scripts/evergage.min.js https://hyperapharma.us-4.evergage.com; style-src 'self' 'unsafe-inline' fonts.gstatic.com fonts.googleapis.com *.hypera.com.br 1
script-src 'none'; script-src-elem 'none'; script-src-attr 'none'; report-uri https://csp-report.apptrana.com/csp/report/11447 1
script-src 'self' https://cloud.typography.com/7315076/7256812/css/fonts.css siteimproveanalytics.com ; object-src 'none'; img-src *.siteimproveanalytics.io 1
object-src 'none';base-uri 'self';script-src 'nonce-yoWQlK4H1CmJAYcRZbSoWw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' 'unsafe-inline' data: *.marianatek.com *.cookielaw.org *.chilipiper.com *.googletagmanager.com *.google.com *.gstatic.com *.cloudflare.com *.youtube.com *.youtube-nocookie.com *.vimeo.com *.licdn.com *.facebook.net *.clarity.ms *.google-analytics.com *.hs-scripts.com *.doubleclick.net;upgrade-insecure-requests; 1
default-src 'self'; report-uri https://arcules.report-uri.com/r/t/csp/wizard 1
default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src https://* 'self' epichttp:;script-src 'nonce-76970419a3c543438cb8b57dedabd3fc' https://www.maisa.fi 'self' https://apomato.maisa.fi/matomo/matomo.js;img-src https://* 'self' blob: data:;connect-src 'self' https://apomato.maisa.fi/matomo/matomo.js https://apomato.maisa.fi/matomo/matomo.php;style-src https://www.maisa.fi 'self' 'unsafe-inline';worker-src 'self' blob:;child-src 'self' blob:;form-action 'self' https://testi.apro.tunnistus.fi https://tunnistautuminen.suomi.fi https://www.terveyskyla.fi;media-src https://* 'self' blob:; 1
font-src https://fonts.gstatic.com/ https://fonts.googleapis.com/ https://www.google.com/ https://www.gstatic.com/ https://maps.googleapis.com/ https://www.google-analytics.com/ https://static.cloudflareinsights.com/ data: *.core.windows.net https://maps.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com self *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * secure.nmi.com secure.networkmerchants.com collectcheckout.com  'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://*.doubleclick.net/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * secure.nmi.com secure.networkmerchants.com collectcheckout.com  'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://kalicr.com https://www.google.co.cr/ https://www.facebook.com/ https://almaceneselrey.com/ https://www.google.com/ https://www.gstatic.com/ https://maps.googleapis.com/ https://www.google-analytics.com/ https://static.cloudflareinsights.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.core.windows.net https://maps.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://googletagmanager.com/ https://www.googletagmanager.com/ data: https://connect.facebook.net/ https://applepay.cdn-apple.com https://www.google.com/ https://www.gstatic.com/ https://maps.googleapis.com/ https://www.google-analytics.com/ https://static.cloudflareinsights.com/ s7.addthis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.core.windows.net https://maps.gstatic.com secure.nmi.com secure.networkmerchants.com collectcheckout.com  'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://credomatic.compassmerchantsolutions.com/ https://fonts.gstatic.com/ https://fonts.googleapis.com/ https://googletagmanager.com/ https://www.googletagmanager.com/ data: https://secure.networkmerchants.com/ https://www.google.com/ https://www.gstatic.com/ https://maps.googleapis.com/ https://www.google-analytics.com/ https://static.cloudflareinsights.com/ unsafe-inline assets.braintreegateway.com *.core.windows.net https://maps.gstatic.com secure.nmi.com  'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.core.windows.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://credomatic.compassmerchantsolutions.com/ https://googletagmanager.com/ https://www.googletagmanager.com/ https://*.doubleclick.net/ data: https://www.facebook.com/ https://places.googleapis.com/ https://www.google.co.cr https://www.google.com/ https://www.gstatic.com/ https://maps.googleapis.com/ https://www.google-analytics.com/ https://static.cloudflareinsights.com/ ekr.zdassets.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.core.windows.net https://maps.gstatic.com secure.nmi.com secure.networkmerchants.com collectcheckout.com  'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline'; script-src https: 'self' 'unsafe-inline' 'unsafe-eval'; style-src https: 'self' 'unsafe-inline'; 1
default-src 'self' https:; object-src 'none'; connect-src 'self' https: https://www.google-analytics.com https://www.googletagmanager.com; frame-src 'self' https: https://www.googletagmanager.com; img-src 'self' https: https://www.googletagmanager.com https://www.google-analytics.com https://ssl.gstatic.com https://www.gstatic.com data:; style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https: https://fonts.gstatic.com data:; script-src 'self' https: 'unsafe-eval' 'nonce-7HVUR1m1fbkKyUw2fWFj8Q=='; report-uri /csp_violations 1
default-src 'self' https: *.motive.co; font-src 'self' https: data:; img-src 'self' data: https: http://localhost:* http://127.0.0.1:*; script-src 'self' https: 'unsafe-inline'; style-src 'self' https: 'unsafe-inline' 1
font-src fonts.gstatic.com use.typekit.net chrome-extension data: login.libproxy.library.unt.edu login.myaccess.library.utoronto.ca cdn.shopify.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com *.googleapis.com *.gstatic.com *.fontawesome.com dhv2ziothpgrr.cloudfront.net https://use.typekit.net https://maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de payflowlink.paypal.com www.facebook.com *.yotpo.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://pilot-payflowlink.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.sharethis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de app-ab04.marketo.com assets.pinterest.com payflowlink.paypal.com vars.hotjar.com www-google-com.libproxy.library.unt.edu www.facebook.com www.youtube.com *.weltpixel.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.wesupply.xyz https://wesupplylabs.com https://cdn.jst.ai https://rgray-springerpub.formtitan.com https://www.google.com https://pilot-payflowlink.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.ftcdn.net *.behance.net *.sharethis.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com a.rfihub.com aa.agkn.com adadvisor.net ads.avocet.io ads.scorecardresearch.com ads.yahoo.com app-ab04.marketo.com assets.crossref.org b1img.com bcp.crwdcntrl.net beacon.krxd.net beacon.walmart.com cm.adgrx.com cm.g.doubleclick.net cms.analytics.yahoo.com connect.facebook.net csyn-r.cxense.com d.adroll.com d.agkn.com d.turn.com d.xp1.ru4.com deviceid.trueleadid.com dmp.adform.net dmp.truoptik.com ds.reson8.com dsp.adfarm1.adition.com dsum-sec.casalemedia.com e.nexac.com eb2.3lift.com ei.rlcdn.com epiv.cardlytics.com fcmatch.google.com fcmatch.youtube.com google.com gpush.cogocast.net gum.criteo.com gwiq-v3.globalwebindex.net h.parrable.com i.liadm.com iad02-login-ds.dotomi.com iad03-login-ds.dotomi.com ib.adnxs.com idsync.reson8.com idsync.rlcdn.com idx.listrakbi.com image2.pubmatic.com img.webmd.com lghttp.48653.nexcesscdn.net live.rezync.com liveramp2waycm-atl.netmng.com loadm.exelator.com log.pinterest.com login-ds.dotomi.com login.dotomi.com lrp.mxptint.net lrpush.apxlv.com magnetic.t.domdex.com match.adsrvr.org match.prod.bidr.io ml314.com nexus.entitytag.co.uk odr.mookie1.com p.adsymptotic.com p.rfihub.com pippio.com pixel.advanseads.com pixel.advertising.com pixel.mathtag.com pixel.rubiconproject.com pixel.sitescout.com pixel.spotify.com platform.rtbiq.com pm.w55c.net presentation-hkg1.turn.com prod.y-medialink.com pt.ispot.tv px.ads.linkedin.com px.surveywall-api.survata.com rc.rlcdn.com rtb.adentifi.com s.acxiomapac.com s.amazon-adsystem.com secure-gl.imrworldwide.com secure.insightexpressai.com seg.sharethis.com segments.company-target.com simage2.pubmatic.com *.springerpub.com srv4j.net ssum.casalemedia.com stags.bluekai.com subscription.omnithrottle.com sync-tm.everesttech.net sync.ipredictive.com sync.mathtag.com sync.outbrain.com sync.placelocal.com sync.srv.stackadapt.com sync.taboola.com sync.tidaltv.com sync.vmweb.net tag.apxlv.com tag.cogocast.net tag.yieldoptimizer.com tags.bluekai.com tags.rd.linksynergy.com testgvbgjbhjb.com tg.socdm.com thrtle.com token.rubiconproject.com tr.snapchat.com uipglob.semasio.net um.simpli.fi upload.wikimedia.org ups.analytics.yahoo.com us-u.openx.net usermatch.krxd.net usersync.videoamp.com widget.criteo.com www.entitytag.co.uk www.facebook.com www.google.at www.google.be www.google.ca www.google.ch www.google.cl www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.nz www.google.co.uk www.google.co.za www.google.com.ar www.google.com.au www.google.com.co www.google.com.hk www.google.com.mx www.google.com.ng www.google.com.ph www.google.com.pr www.google.com.sa www.google.com.tr www.google.com.tw www.google.de www.google.es www.google.fi www.google.ie www.google.it www.google.lt www.google.ml www.google.nl www.google.ru www.google.se www.google.ua www.gstatic.com www.linkedin.com www.vitalsource.com x.bidswitch.net zdbb.net perf-na1.hsforms.com forms.hsforms.com bat.bing.com alb.reddit.com *.hubspot.com pixel.tapad.com x.adroll.com *.yotpo.com *.klarna.com *.klarnaevt.com *.klarnacdn.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.gstatic.com *.gstatic.com dhv2ziothpgrr.cloudfront.net https://d2ldlvi1yef00y.cloudfront.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.sharethis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de app-ab04.marketo.com assets.pinterest.com connect.facebook.net d.adroll.com d.adroll.mgr.consensu.org mtvwa3.d2sri.com pippio.com s.adroll.com s.dca0.com script.hotjar.com sn.dca0.com snap.licdn.com static.hotjar.com tools.justuno.com widgets.pinterest.com www-google-com.libproxy.library.unt.edu www.hoexoxg.site www.redditstatic.com bat.bing.com js.hs-scripts.com analytics.tiktok.com koi-3rzzxo5vo4.marketingautomation.services static.cloudflareinsights.com js.hsadspixel.net js.hubspot.com js.hs-analytics.net js.hscollectedforms.net js.hs-banner.com js.usemessages.com tag.perfectaudience.com pixel-geo.prfct.co aly.jst.ai service.force.com js-agent.newrelic.com *.salesforceliveagent.com *.enzuzo.com *.kaptcha.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com x.klarnacdn.net *.klarnaservices.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net https://munchkin.marketo.net https://cdn.jst.ai https://my.jst.ai https://analytics.jst.ai https://z.moatads.com https://graph.facebook.com https://d3v0iqf1i1i9dg.cloudfront.net https://www.google.com https://www.gstatic.com https://vk.com https://static.hotjar.com https://livesearch-metrics.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.sharethis.com app-ab04.marketo.com cdn.jst.ai *.yotpo.com *.googleapis.com *.klarnacdn.net *.fontawesome.com assets.braintreegateway.com tagmanager.google.com dhv2ziothpgrr.cloudfront.net https://use.typekit.net https://p.typekit.net https://maxcdn.bootstrapcdn.com https://static.hotjar.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.sharethis.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de 'self' 512-tee-232.mktoutil.com in.hotjar.com *.dca0.com my.jst.ai stats.g.doubleclick.net t.dca0.com vc.hotjar.io www.facebook.com *.springerpub.com bam.nr-data.net *.enzuzo.com px.ads.linkedin.com *.hubspot.com api.hubapi.com pixel-config.reddit.com www.redditstatic.com conversions-config.reddit.com forms.hscollectedforms.net js.klarna.com *.kaptcha.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com x.klarnacdn.net *.klarnaservices.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com maps.googleapis.com https://www.google-analytics.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com https://analytics.jst.ai https://512-tee-232.mktoresp.com https://*.hotjar.io wss://ws.hotjar.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://springercsp.report-uri.com/r/d/csp/wizard; report-to report-endpoint; 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=show&source%5Bapp%5D=ShopifyAppStore&source%5Bcontroller%5D=merchant%2Fapp_details&source%5Buuid%5D=f8980a92-3698-4493-ba0d-2c948abf4c0e-1752203976; report-to shopify-csp 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=show&source%5Bapp%5D=ShopifyAppStore&source%5Bcontroller%5D=merchant%2Fapp_details&source%5Buuid%5D=f201be9e-8353-425d-b489-ad14fde5bd32-1752204059; report-to shopify-csp 1
default-src 'self' aipoweredmarketer.okta.com login.goacoustic.com *.oktacdn.com www.acoustic.com app.goacoustic.com consent.trustarc.com; connect-src 'self' aipoweredmarketer.okta.com aipoweredmarketer-admin.okta.com login.goacoustic.com *.oktacdn.com *.mixpanel.com *.mapbox.com aipoweredmarketer.kerberos.okta.com aipoweredmarketer.mtls.okta.com https://oinmanager.okta.com data: www.acoustic.com app.goacoustic.com consent.trustarc.com *.ingest.sentry.io; script-src 'unsafe-inline' 'unsafe-eval' 'self' 'report-sample' aipoweredmarketer.okta.com login.goacoustic.com *.oktacdn.com www.acoustic.com app.goacoustic.com consent.trustarc.com; style-src 'unsafe-inline' 'self' 'report-sample' aipoweredmarketer.okta.com login.goacoustic.com *.oktacdn.com www.acoustic.com app.goacoustic.com consent.trustarc.com; frame-src 'self' aipoweredmarketer.okta.com aipoweredmarketer-admin.okta.com login.goacoustic.com login.okta.com *.vidyard.com www.acoustic.com app.goacoustic.com consent.trustarc.com; img-src 'self' aipoweredmarketer.okta.com login.goacoustic.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com *.vidyard.com data: www.acoustic.com app.goacoustic.com consent.trustarc.com blob:; font-src 'self' aipoweredmarketer.okta.com login.goacoustic.com data: *.oktacdn.com fonts.gstatic.com www.acoustic.com app.goacoustic.com consent.trustarc.com; frame-ancestors 'self' 1
object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-Wuf9F0OHYpxgnqjiqDhXQQ' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All 1
default-src 'self' data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.googletagmanager.com *.google-analytics.com https://cdn.jsdelivr.net https://kit.fontawesome.com https://www.google.com/recaptcha/api.js https://www.google.com https://www.gstatic.com/recaptcha https://www.gstatic.com https://foodstandards.gov.au  https://connect.facebook.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net; img-src 'self' data: https://www.googletagmanager.com  https://foodstandards.gov.au  https://foodstandards.govt.nz data:; media-src 'self' data:; frame-src 'self' https://www.youtube.com https://www.google.com; font-src *.fonts.googleapis.com *.fontawesome.com https://fonts.gstatic.com https://fonts.googleapis.com https://cdn.jsdelivr.net 'self'; connect-src 'self' https://ka-p.fontawesome.com https://kit.fontawesome.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
report-uri https://opensociety.report-uri.com/r/d/csp/reportOnly;base-uri 'self';connect-src 'self' https://log.cookieyes.com https://*.cookieyes.com https://translate.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.ingest.sentry.io https://cdn.matomo.cloud https://theideasletter.matomo.cloud https://cdn.plyr.io https://cdn-cookieyes.com;default-src 'self';form-action 'self';img-src 'self' data: https: https://www.gstatic.com https://*.googletagmanager.com https://theideasletter.matomo.cloud https://*.google-analytics.com https://opensocietyfoundations.imgix.net https://i.ytimg.com;object-src 'self' https://video.ted.com;script-src 'self' 'unsafe-eval' https://translate.googleapis.com https://cdn.plyr.io/3.4.4/plyr.polyfilled.js https://cdnjs.cloudflare.com/ajax/libs/picturefill/3.0.2/picturefill.min.js https://*.google-analytics.com https://*.googletagmanager.com https://www.googletagmanager.com https://www.youtube.com https://www2.osfound.org/shorten https://*.ingest.sentry.io https://cdn.matomo.cloud https://theideasletter.matomo.cloud https://cdncache-a.akamaihd.net https://connect.facebook.net https://public.flourish.studio https://cdn-cookieyes.com 'sha256-6cF9Ywiz6qk2WZRDoFzd0YpRXdxiyGW2ZWo3RNSjlY4=' 'sha256-hcXMpFtYkVL5u4KUMnE+k7z2UwPrc91qeu7d6BAD2wg=' 'sha256-6vmNTbfgubexXPiaZdcqfKCk+vKBe9cfsKsAciXQtMg=' 'sha256-r1aYSsDn5Btub+zo7XZr6P3ZhmNyYTvHf/yjmzIpxT8=' 'sha256-aqdvQaQU9tkorRhtgHldablGaB5SI/SwbLemAOKE7Yo=' 'sha256-Vxv+qm8gMYYzbp7hSMakF5Q81e7GDj/Z5HZYT4ekhho=' 'sha256-uBpmtDakUPHISUCFtaVC869LxTI53EPQREvqhqlxGVU=' 'sha256-h8bC9y2R69GO3nntfTAfOohrJdzeOS7slDdbOSULEJo=' 'sha256-isqZ0Q9pUWxBIyLN3u9Y3hy3MuWSJMoiNKT/nB5AbP8=' 'sha256-E+9KuTkZkFIuiN69g5Y/rS1KDaDR2Wsfoq7Eetly00k=' 'sha256-4A71+eBTUzk+eqeYnEVcDQgmfqADEcilqeQIAiwyPj8=' 'sha256-IQuu99eybyUVQl8tdKPujuMVZMAtiHk2XPu15i9EH4A=' 'sha256-Ft85708B4GnIXzdTu8nxvQbyFHRn0yYy/8Sa3eDtv38=' 'sha256-Rr2cOcZ0xb7Hj5zQ+dbiMS1utknUKamWG8MpHMGpkM8=' 'sha256-FhudaH+D1DhcOfC3dGgEcvkNWiujsnNBXvpOnYT+asw' 'sha256-DqrJErZI/7pog0A9GesbTSM9ARg5dFwEiTotQt+PXns=' 'nonce-8YXpVrMl134IKuSeTogPtbEohaxT4BKK';style-src 'self' 'unsafe-inline' https:;frame-src 'self' https://www.youtube.com https://w.soundcloud.com https://www.facebook.com https://player.vimeo.com https://flo.uri.sh;font-src 'self' https: data:;media-src 'self' https:;manifest-src 'self';worker-src 'none' 1
object-src 'none';base-uri 'self';script-src 'nonce-jaMD4uIhtt3qs1fx85QLIg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-vxgLGm33icaiK3qwGi3uGg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-qmbv5pGVc13z2oBi5c-7Vw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
base-uri 'self'; style-src https: 'self' 'unsafe-inline' *.googletagmanager.com *.tagmanager.google.com *.fonts.googleapis.com; script-src https: 'nonce-68iOSrFWW5FREts27fVnmCNMS0A=' 'strict-dynamic'; form-action 'self'; frame-ancestors 'self' https://www.slipcase.com https://marketplace.marsh.com; frame-src 'self' view.ceros.com *.company-target.com *.google.com *.googletagmanager.com *.doubleclick.net *.g.doubleclick.net; report-to csp-endpoint; report-uri https://axaxl.com/api/CSP; font-src 'self' fonts.gstatic.com data:; img-src 'self' * data:; connect-src 'self' browser-intake-datadoghq.com *.googleadservices.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net www.google.com www.google.co.uk www.google.com.sg *.google.com *.googlesyndication.com *.company-target.com *.linkedin.com *.licdn.com *.brightcove.com *.brightcove.net *.brightcovecdn.com *.demandbase.com *.boltdns.net *.akamaihd.net *.nr-data.net *.en25.com; manifest-src 'self'; media-src blob: *.brightcovecdn.com *.boltdns.net *.media.brightcove.com *.akamaihd.net *.cf.brightcove.com; default-src 'self' mailto: tel: www.google.com www.google.co.uk *.google.com *.googletagmanager.com www.googletagmanager.com *.company-target.com *.linkedin.com *.licdn.com *.eloqua.com *.brightcove.com *.brightcove.net *.rlcdn.com *.boltdns.net *.demandbase.com *.akamaihd.net *.axaxl.com *.doubleclick.net *.en25.com www.google.com.sg; 1
font-src fonts.gstatic.com use.typekit.net data: *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com *.gstatic.com 'self' data: https://media.flixcar.com/ https://media.flixfacts.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://www.facebook.com/tr/ https://content.jwplatform.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com cdn.dnky.co amc.demdex.net www.google.com youtube.com *.hotjar.com https://www.facebook.com/tr/ https://static.addtoany.com/ https://static.zdassets.com/ https://script.hotjar.com *.googlesyndication.com *.googletagmanager.com *.doubleclick.net *.google 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net *.vimeocdn.com i.ytimg.com *.youtube.com *.ftcdn.net *.behance.net data: www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com maps.gstatic.com maps.googleapis.com accounts.google.com https://googleads.g.doubleclick.net https://www.google.com.ar https://www.google.com.do https://www.googletagmanager.com https://www.m.casacuesta.com https://connect.facebook.net logo.flixfacts.co.uk https://widgets.magentocommerce.com/ https://media.flixcar.com/ *.flix360.com notifications-icommkt.website *.googlesyndication.com *.zdassets.com/ekr/snippet.js *.googletagmanager.com *.simpleanalyticscdn.com *.flixcar.com *.ocularsolution.com *.amazonaws.com *.syndigo.cloud *.baidu.com *.cloudfront.net *.syndigo.com *.google data: 'self' 'unsafe-inline'; script-src https://assets.adobedtm.com/ *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net commerce.adobe.net unpkg.com commerce.adobedtm.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com cdn.dnky.co r1-t.trackedlink.net www.gstatic.com js-agent.newrelic.com bam.nr-data.net maps.googleapis.com player.vimeo.com *.googleapis.com *.google.com *.gstatic.com *.avada.io *.hotjar.com *.hotjar.io https://static.hotjar.com/c/hotjar- https://static.hotjar.com https://script.hotjar.com https://www.google-analytics.com https://www.google-analytics.com/u/analytics_debug.js https://stats.g.doubleclick.net http://www.google.com/recaptcha/api.js https://static.zdassets.com/ https://d12zyq17vm1xwx.cloudfront.net/v2/wpn.min.js https://static.cloudflareinsights.com/ https://externalassets.icommarketing.com/icomMkt_tracking_jquery.min.js intent://arvr.google.com https://static.addtoany.com/menu/page.js https://static.addtoany.com/ https://static.zdassets.com/ekr/snippet.js *.flixfacts.com/ *.flixcar.com/ https://media.flixfacts.com/js/loader.js https://media.flixcar.com/delivery/static/tracking/tracking.js https://samsungxr.s3.amazonaws.com/js/ar_casacuesta.js https://cdn.jsdelivr.net/gh/Wruczek/Bootstrap-Cookie-Alert@gh-pages/cookiealert.js https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/1AZgzF1o3OlP73CVr69UmL65/recaptcha__es.js *.googlesyndication.com *.googletagmanager.com *.singular.net *.icommkt.online *.syndigo.com *.flixfacts.com *.ocularsolution.com *.syndigo.cloud *.zdassets.com *.zopim.com *.flix360.io *.adobedtm.com *.google/sodar/sodar2.js *.gbqofs.com *.gbqofs.io *.doubleclick.net *.gbss.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cdn.dnky.co *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com https://media.flixfacts.com/ https://media.flixcar.com/ 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.youtube.com https://static.zdassets.com/ https://media.flixcar.com/ https://media.flixfacts.com/ https://media.flixsyndication.net/ https://assets-jpcust.jwpsrv.com/ https://ssl.p.jwpcdn.com/ *.cloudfront.net/ https://d3nkfb7815bs43.cloudfront.net/ https://d2m3ikv8mpgiy8.cloudfront.net/ https://media.pointandplace.com/ https://player.pointandplace.com/ https://t.pointandplace.com/ *.pointandplace.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.adobe.io performance.typekit.net vimeo.com api.magento.com commerce.adobedtm.com commerce.adobedc.net commerce.adobe.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com api.comapi.com bam.nr-data.net http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io t.elasticsuite.io *.google-analytics.com *.hotjar.com *.hotjar.io https://www.google-analytics.com https://stats.g.doubleclick.net https://www.facebook.com/tr/ http://ccnecommerce.com/ https://notifications-icommkt.com/ https://track-icommkt.com/ https://casacuesta.zendesk.com/ https://ekr.zdassets.com/ wss://widget-mediator.zopim.com/ *.youtube.com https://prod.flixgvid.flix360.io https://t.flix360.com https://syndication.flix360.com *.flix360.com *.amazonaws.com *.flixcar.com *.googlesyndication.com *.syndigo.com *.ocularsolution.com *.simpleanalitycscdn.com *.casacuesta.com *.simpleanalyticscdn.com *.singular.net *.baidu.com *.google *.gbqofs.io *.gstatic.com *.google.com.do/ads/ga-audiences wss://ws.hotjar.com/api/v2/client/ws *.doubleclick.net *.syndigo.cloud *.googleapis.com *.gbss.io *.gbqofs.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self';script-src 'self' 'unsafe-inline' 'nonce-Hhfz8BEQ1By7CmaIGxGu41qU' 'unsafe-eval' https://pixel.byspotify.com *.travcorpservices.com https://www.google.com https://www.google-analytics.com https://www.googleoptimize.com https://www.googletagmanager.com https://ajax.googleapis.com https://www.gstatic.com https://googleads.g.doubleclick.net https://api.feefo.com https://register.feefo.com https://bat.bing.com https://cdn.evgnet.com https://connect.facebook.net https://i.clarity.ms https://static-ssl.responsetap.com *.hotjar.com https://tag.simpli.fi https://unpkg.com https://www.bugherd.com https://www.datadoghq-browser-agent.com https://assetscdn.stackla.com/media/js https://vjs.zencdn.net https://cdn.amplitude.com/libs https://sdk.joinsherpa.io https://apps.mypurecloud.com https://consentcdn.cookiebot.com https://cdnjs.cloudflare.com https://ttc-contiki.entry.promo https://cdn.optimizely.com https://www.riddle.com;style-src 'self' 'unsafe-inline' https://assetscdn.stackla.com/media/components/stackla-uikit/dist https://fonts.googleapis.com https://p.typekit.net https://use.typekit.net https://vjs.zencdn.net https://apps.mypurecloud.com;img-src 'self' https://bat.bing.com https://c.clarity.ms https://i.ytimg.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.uplift-platform.com data:;frame-src 'self' https://10006172.fls.doubleclick.net https://uplift-cdn-stg.uplift.com https://vars.hotjar.com https://widget.stackla.com https://www.google.com https://apps.joinsherpa.io https://www.googletagmanager.com https://a25408250069.cdn.optimizely.com;font-src 'self' https://assetscdn.stackla.com https://fonts.gstatic.com https://use.typekit.net https://vjs.zencdn.net https://apps.mypurecloud.com;connect-src 'self' *.travcorpservices.com *.travcorp.com *.corp.ttc:7443 https://api.feefo.com https://bat.bing.com https://in.hotjar.com https://ws11.hotjar.com/api https://l.clarity.ms https://metrics.responsetap.com/infinity https://noembed.com https://pm-mrkt.prodgw.uplift-platform.com https://rum.browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://ttctravel.germany-2.evergage.com https://www.facebook.com https://www.google-analytics.com https://logx.optimizely.com https://region1.analytics.google.com https://ttc.contiki.com 1
default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' ws: *.nexiuslearning.com *.google-analytics.com *.etitan.hu *.googletagmanager.com *.googleapis.com *.gstatic.com  *.google.com *.bootstrapcdn.com *.extremenet.hu stats.g.doubleclick.net www.youtube-nocookie.com; report-uri https://etitancsp.azurewebsites.net/api/eTitanCSP; 1
object-src 'none';base-uri 'self';script-src 'nonce-iZW75fDM5nqTAQFmfBywYg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-rtGEkeJObWDNDAJ5COIb5g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src  'none'; connect-src 'self' *.evilangel.com cognito-identity.us-east-1.amazonaws.com backend.getbeamer.com *.comm100.io *.algolia.net insights.algolia.io *.algolianet.com *.gammaapis.com *.gammacdn.com analytics.google.com *.google-analytics.com adservice.google.com *.analytics.google.com *.doubleclick.net *.pubnub.com *.lovense.com *.handyfeeling.com www.gammaentertainment.com *.tiypa.com *.recombee.us dasasoveekepl.cloudfront.net capture.trackjs.com ws: jlduihq7lrcdxgw4vrndhdfcsq.appsync-api.us-east-1.amazonaws.com tcs4u525zrg5hnnoe5kzndxuaq.appsync-api.us-east-1.amazonaws.com xtnzefcqrb.execute-api.us-east-1.amazonaws.com 2aed6ghjsb4436qtebuqk3gfzq0xeauy.lambda-url.us-east-1.on.aws lzzos7clo5.execute-api.us-east-1.amazonaws.com *.izooto.com www.idealgasm.com 3tt0xhv5u7.execute-api.us-east-1.amazonaws.com; form-action 'self' *.evilangel.com join.gammasecure.com; script-src 'self' *.evilangel.com app.getbeamer.com static.getbeamer.com blob: vue.comm100.com standby.comm100vue.com *.gammacdn.com www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com code.jquery.com d3a3ewgd1iewwz.cloudfront.net cdn.izooto.com 'unsafe-eval' 'unsafe-inline'; frame-src 'self' *.evilangel.com push.getbeamer.com app.getbeamer.com www.google.com *.doubleclick.net cdn.izooto.com *.banhq.com; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub787d5a6164b329b26f2e4f7956bbed10&dd-evp-origin=content-security-policy&ddsource=csp-prod&ddtags=CSP-Prod; 1
object-src 'none';base-uri 'self';script-src 'nonce-0CC7tfUesjiksc8MuzP5wQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
base-uri 'none'; connect-src https://c.increment.com https://c.stripe.dev https://c.stripe.global https://c.stripe.partners blob: https://b.stripecdn.com https://climate.stripe.com https://errors.stripe.com https://ext.stripe.com https://r.stripe.com https://sales-live-chat.stripe.com https://stripe-images.s3.us-west-1.amazonaws.com https://stripe.com https://y4pfttj91h-1.algolianet.com/1/indexes/mkt_partners/query https://y4pfttj91h-2.algolianet.com/1/indexes/mkt_partners/query https://y4pfttj91h-3.algolianet.com/1/indexes/mkt_partners/query https://y4pfttj91h-dsn.algolia.net/1/indexes/mkt_partners/query https://tax-connectors.stripe.com 'self'; default-src 'none'; font-src https://b.stripecdn.com 'self'; form-action https://climate.stripe.com https://stripe.com 'self'; frame-ancestors https://app.contentful.com 'self'; frame-src https://checkout.stripe.dev https://support-conversations.stripe.com https://b.stripecdn.com https://checkout.stripe.com https://crypto-js.stripe.com https://js.stripe.com https://sales-live-chat.stripe.com 'self'; img-src data: https://assets.ctfassets.net https://assets.stripeassets.com https://b.stripecdn.com https://images.ctfassets.net https://images.stripeassets.com https://q.stripe.com https://stripe-camo.global.ssl.fastly.net 'self'; media-src https://assets.ctfassets.net https://assets.stripeassets.com https://b.stripecdn.com https://videos.ctfassets.net https://videos.stripeassets.com 'self'; script-src https://b.stripecdn.com https://crypto-js.stripe.com https://js.stripe.com 'self' 'sha256-3aWvb9tRBjmz1OjR3n7mwiTm94+s4iki4mMZF82asmc=' 'sha256-5LtzXhT7UFn+GqP5pKEMGL08UNZsrzANHFEBW/mQHGw=' 'sha256-beLzNcen8LrazzSCRjAapoIMTgJI0osPWGNSX7aK6lc=' 'sha256-cCM0Z4lzGkzQnmbdVw+ouz0JRawyaKcZ4yiqzqYS7ek=' 'sha256-vTifGUJH6hJYTvstw4xJ4xfr/vE0ELkOV4GpCumyqfg=' 'sha256-KxhSaxKB5RFTQsqfRwp+zG7iLjvMrTAySqnSvWlqct0=' 'report-sample'; style-src https://b.stripecdn.com 'self' 'unsafe-inline'; report-uri https://q.stripe.com/csp-violation?q=UeVbBm8s8GtUhifu5Ck2ksklV7kS-FJsZnKTqxoTCAawdVQ7w6vFqrDJVcjXQ-A%3D 1
default-src 'none'; report-uri /next-external/log/csp/violations; report-to csp-violations; connect-src 'self' wss://www.nordnet.se https://www.googletagmanager.com https://analytics.nordnet.se https://cdn.prod.nntech.io https://files.nordnet.se https://api.prod.nntech.io https://api.test.nntech.io https://experimentation.public.prod.nntech.io https://www.google.com https://storage.googleapis.com https://www.recaptcha.net; font-src 'self' https://cdn.prod.nntech.io https://files.nordnet.se; frame-src 'self' https://analytics.nordnet.se https://10961666.fls.doubleclick.net https://www.youtube.com https://www.youtube-nocookie.com https://player.vimeo.com https://w.soundcloud.com https://embed.acast.com https://link.tink.com https://www.tv2.no https://checkout.trustly.com https://www.recaptcha.net https://t.email.nordnet.se; img-src 'self' https://www.googletagmanager.com https://analytics.nordnet.se https://cdn.prod.nntech.io https://files.nordnet.se data: blob: https://shareville-static.s3.amazonaws.com https://shareville-media.s3.amazonaws.com https://cdn.tink.se https://images.ctfassets.net https://i.vimeocdn.com https://img.youtube.com https://www.recaptcha.net https://blogg.nordnet.se; manifest-src 'self'; media-src https://cdn.prod.nntech.io https://files.nordnet.se https://videos.ctfassets.net; object-src 'self'; script-src 'self' 'nonce-1fbf0f33-d3ab-48bd-a8e1-8d1d4dd2e42f' https://analytics.nordnet.se https://cdn.prod.nntech.io https://files.nordnet.se https://www.recaptcha.net; script-src-attr 'none'; style-src 'unsafe-inline' 'self' https://cdn.prod.nntech.io https://files.nordnet.se; worker-src 'none'; base-uri 'none'; form-action 'self' https://www.shareville.se https://pvu.nets.no https://pvu.avtalegiro.no https://online.alandsbanken.fi https://verkkopankki.danskebank.fi https://verkkomaksu.handelsbanken.fi https://epmt.nordea.fi https://identify.nordea.com https://verkkomaksu.poppankki.fi https://verkkomaksu.saastopankki.fi https://online.s-pankki.fi https://auth.aktia.fi https://kirjaudu.aktia.fi https://ebank.aktia.fi; frame-ancestors 'self' https://app.contentful.com https://app.sigmastocks.com; 1
default-src 'self'; img-src 'self' data: https://tile.openstreetmap.org; object-src 'none'; script-src 'self' 'nonce-dU42cEVybTJhNldQM1NoVWRsVmdDRw=='; style-src 'self' 'unsafe-inline'; report-to csp; report-uri /csp-report?parent_request_id=0018b4lchi0cob7qa560&parent_request_id_hmac=caaefc3f9071876c58fd58fb1af7cc586ebf00e5 1
default-src 'self'; connect-src 'self' https://t.segger.com; font-src 'self' 'unsafe-inline' data: ; style-src 'self' 'unsafe-inline' data: ; img-src 'self' data: blob:  https://t.segger.com; script-src 'self' 'unsafe-inline'  https://t.segger.com; frame-src https://www.youtube-nocookie.com 'self'; object-src 'none'; media-src 'self'; object-src 'self' data: blob:; report-uri https://sentry.marketing-factory.de/api/19/security/?sentry_key=32e6efadeec7ea76a7a8dd08b365824d 1
object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-d210PCBG9zRa4cHIVHfw6g' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All 1
object-src 'none'; script-src 'self' https://api.mapbox.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com unpkg.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem * 'unsafe-inline'; style-src 'self' cdnjs.cloudflare.com https://api.mapbox.com https://cdnjs.cloudflare.com https://unpkg.com unpkg.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem * 'unsafe-inline'; frame-ancestors 'self' 1
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; 1
object-src 'none';base-uri 'self';script-src 'nonce-WuU00_yH8ge6uNzUCa1eoQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
base-uri 'none'; connect-src https://c.increment.com https://c.stripe.dev https://c.stripe.global https://c.stripe.partners blob: https://b.stripecdn.com https://climate.stripe.com https://errors.stripe.com https://ext.stripe.com https://r.stripe.com https://sales-live-chat.stripe.com https://stripe-images.s3.us-west-1.amazonaws.com https://stripe.com https://y4pfttj91h-1.algolianet.com/1/indexes/mkt_partners/query https://y4pfttj91h-2.algolianet.com/1/indexes/mkt_partners/query https://y4pfttj91h-3.algolianet.com/1/indexes/mkt_partners/query https://y4pfttj91h-dsn.algolia.net/1/indexes/mkt_partners/query https://tax-connectors.stripe.com 'self'; default-src 'none'; font-src https://b.stripecdn.com 'self'; form-action https://climate.stripe.com https://stripe.com 'self'; frame-ancestors https://app.contentful.com 'self'; frame-src https://checkout.stripe.dev https://support-conversations.stripe.com https://b.stripecdn.com https://checkout.stripe.com https://crypto-js.stripe.com https://js.stripe.com https://sales-live-chat.stripe.com 'self'; img-src data: https://assets.ctfassets.net https://assets.stripeassets.com https://b.stripecdn.com https://images.ctfassets.net https://images.stripeassets.com https://q.stripe.com https://stripe-camo.global.ssl.fastly.net 'self'; media-src https://assets.ctfassets.net https://assets.stripeassets.com https://b.stripecdn.com https://videos.ctfassets.net https://videos.stripeassets.com 'self'; script-src https://b.stripecdn.com https://crypto-js.stripe.com https://js.stripe.com 'self' 'sha256-3aWvb9tRBjmz1OjR3n7mwiTm94+s4iki4mMZF82asmc=' 'sha256-5LtzXhT7UFn+GqP5pKEMGL08UNZsrzANHFEBW/mQHGw=' 'sha256-beLzNcen8LrazzSCRjAapoIMTgJI0osPWGNSX7aK6lc=' 'sha256-cCM0Z4lzGkzQnmbdVw+ouz0JRawyaKcZ4yiqzqYS7ek=' 'sha256-vTifGUJH6hJYTvstw4xJ4xfr/vE0ELkOV4GpCumyqfg=' 'sha256-KxhSaxKB5RFTQsqfRwp+zG7iLjvMrTAySqnSvWlqct0=' 'report-sample'; style-src https://b.stripecdn.com 'self' 'unsafe-inline'; report-uri https://q.stripe.com/csp-violation?q=X7yMckCwtEFsEhSwNM_M1MxuvgyKql5PPBkzzHXwP3ZhmHdKO1GRveEs5-286HU%3D 1
worker-src blob:; font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.googleapis.com *.fontawesome.com *.reviews.io assets.bounceexchange.com www.wed2b.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.adyen.com pay.google.com payments-eu.amazon.com *.amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.twitter.com *.facebook.com *.ometria.com 'self' https: api.bounceexchange.com dev.bounceexchange.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * www.wed2b.com 'self' 'unsafe-inline'; frame-ancestors *.widget.reviews.co.uk https://widget.reviews.co.uk *.reviews.co.uk https://www.pingdom.com http://www.pingdom.com https://www.reviews.io *.pingdom.com *.wed2b.co.uk *.fls.doubleclick.net *.ladesk.com 'self' https: www.wed2b.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com/ *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com https://secure5.arcot.com/ pay.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com account.fetchify.com https://widget.reviews.co.uk *.twitter.com *.fls.doubleclick.net *.ladesk.com *.typeform.com *.facebook.com *.reviews.co.uk https://a.pgtb.me https://tpc.googlesyndication.com/ *.pinterest.com https://checkoutshopper-live.adyen.com *.adyen.com https://secure4.arcot.com/ *.arcot.com https://3ds-secure.cardcomplete.com/ https://ecclients.btrl.ro/ http://bofp.erstebank.hu/ http://www.clicksafe.lloydstsb.com/ https://pay.activa-card.com/ https://3dsecure-1.wirecard.com/ https://3dsecure-2.wirecard.com/ https://acssv.otpbank.hu/ https://acs.sia.eu/ https://idcheck.acs.touchtechpayments.com/ https://sicher-bezahlen.sparkasse.at/ https://www.securesuite.co.uk/ http://bred.wlp-acs.com/ http://bnpp-3ds.wlp-acs.com/ dash.bounceexchange.com dash-staging.bounceexchange.com assets.bounceexchange.com https://consentcdn.cookiebot.com c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com * *.weltpixel.com www.wed2b.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.adyen.com pay.google.com *.payments-amazon.com *.media-amazon.com *.paypalobjects.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.google.co.uk *.google.com *.facebook.com *.g.doubleclick.net *.pinterest.com *.maps.gstatic.com *.googleapis.com https://trk.ometria.com/ *.adalyser.com *.postcodeanywhere.co.uk *.googletagmanager.com *.contentsquare.net *.reviews.io *.fls.doubleclick.net *.google.cz *.google.be *.google.nl *.google.de *.google.fr *.google.es *.google.gr *.reviews.co.uk *.instagram.com *.google.com.sg *.google.co.id 'self' https: events.bouncex.net assets.bounceexchange.com http://imgsct.cookiebot.com *.ometria.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com www.wed2b.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.googletagmanager.com *.adnxs.com *.facebook.net *.ladesk.com *.adalyser.com *.g.doubleclick.net *.pinterest.com *.reviews.co.uk *.maps.googleapis.com https://maps.googleapis.com *.ometria.com https://cdn.polyfill.io/ *.pcapredict.com *.postcodeanywhere.co.uk *.ccdc02.com https://t.contentsquare.net https://d1m2uzvk8r2fcn.cloudfront.net/ https://d2xcq4qphg1ge9.cloudfront.net/ https://tpc.googlesyndication.com/ *.tiktok.com *.pinimg.com https://form.jotform.com https://tags.srv.stackadapt.com https://widget.reviews.io *.cookiebot.com *.bing.com tag.wknd.ai tag.bounceexchange.com assets.bounceexchange.com api.bounceexchange.com dev.bounceexchange.com dash.bounceexchange.com dash-staging.bounceexchange.com *.consent.cookiebot.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com www.wed2b.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cc-cdn.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.postcodeanywhere.co.uk *.reviews.io data: *.jotfor.ms/ *.stackadapt.com assets.bounceexchange.com assets.braintreegateway.com tagmanager.google.com www.wed2b.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://cdn.wed2b.com www.wed2b.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.adyen.com payments-eu.amazon.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk *.cloudflare.com *.twitter.com *.twimg.com *.reviews.co.uk https://www.pingdom.com *.google-analytics.com https://stats.g.doubleclick.net http://www.googletagmanager.com/ *.facebook.com *.braintree-api.com *.braintreegateway.com *.postcodeanywhere.co.uk *.contentsquare.net/ https://api.reviews.io *.instagram.com *.googleapis.com *.tiktok.com *.pinterest.com 'self' https: events.bouncex.net coupons.bounceexchange.com *.cdnwidget.com *.cdnbasket.net https://consent.cookiebot.com https://consentcdn.cookiebot.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.facebook.net *.ometria.com www.wed2b.com 'self' 'unsafe-inline'; child-src blob: assets.bounceexchange.com assets.braintreegateway.com c.paypal.com *.paypal.com www.wed2b.com http: https: blob: 'self' 'unsafe-inline'; default-src www.wed2b.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.wed2b.com/csp-violations.php; report-to report-endpoint; 1
default-src 'self' https:; font-src 'self' https: data:; img-src 'self' https: data: blob: *.googleapis.com *.gstatic.com *.google.com *.s3.amazonaws.com *.cdn-apple.com; object-src 'none'; style-src 'self' https: 'unsafe-inline' *.googleapis.com; connect-src 'self' https: *.googleapis.com *.cdn-apple.com wss://nexus-websocket-a.intercom.io *.hotjar.com wss://*.hotjar.com; worker-src 'self' blob: *.landlease.estately.com; script-src 'self' 'unsafe-eval' *.google.com *.googleapis.com *.facebook.net *.recaptcha.net *.gstatic.com *.pagespeed-mod.com *.cdn-apple.com *.intercomcdn.com *.intercom.io *.landlease.estately.com *.hotjar.com *.ws.hotjar.com https://www.googletagmanager.com https://script.hotjar.com https://static.hotjar.com cdn.ckeditor.com code.listtrac.com 'nonce-aKa7ZW/Jp6KDs5Wo24IiNA=='; script-src-elem 'self' 'unsafe-eval' *.google.com *.googleapis.com *.facebook.net *.recaptcha.net *.gstatic.com *.pagespeed-mod.com *.cdn-apple.com *.intercomcdn.com *.intercom.io *.landlease.estately.com *.hotjar.com *.ws.hotjar.com https://www.googletagmanager.com https://script.hotjar.com https://static.hotjar.com cdn.ckeditor.com code.listtrac.com 'nonce-aKa7ZW/Jp6KDs5Wo24IiNA=='; report-uri /csp-violation-report-endpoint 1
object-src 'none';base-uri 'self';script-src 'nonce-Jxf_i79BKzYIEYh9W0C5wg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'none'; connect-src googleads.g.doubleclick.net our.umbraco.com stats.g.doubleclick.net www.google-analytics.com www.google.com cdn.linkedin.oribi.io region1.analytics.google.com iwfsecurity.report-uri.com consentcdn.cookiebot.com translate.googleapis.com 'self';  font-src fonts.gstatic.com use.typekit.net 'self'; manifest-src 'self'; object-src 'self'; frame-src vimeo.com donorbox.org www.buzzsprout.com player.vimeo.com www.googletagmanager.com www.youtube.com consentcdn.cookiebot.com www.google.com indd.adobe.com 'self'; frame-ancestors 'self'; img-src data: t.co analytics.twitter.com fonts.gstatic.com www.google.co.uk our.umbraco.com www.gravatar.com www.googletagmanager.com www.linkedin.com www.facebook.com px4.ads.linkedin.com www.google-analytics.com px.ads.linkedin.com gtranslate.net p.typekit.net www.gstatic.com dashboard.umbraco.com i.vimeocdn.com www.google.com translate.googleapis.com translate.google.com bat.bing.com *.cookiebot.com 'self'; media-src data: 'self' vimeo.com player.vimeo.com *.akamaized.net; script-src 'self' 'unsafe-eval' bat.bing.com static.ads-twitter.com vimeo.com www.vimeo.com ajax.aspnetcdn.com www.google.com connect.facebook.net www.googleadservices.com www.gstatic.com www.google-analytics.com snap.licdn.com translate-pa.googleapis.com consent.cookiebot.com use.typekit.net translate.google.com translate.googleapis.com consentcdn.cookiebot.com use.typekit.net dev.iwf.org.uk www.googletagmanager.com *.iwf.org.uk *.cookiebot.com *.typekit.net inline: 'unsafe-inline' 'unsafe-eval' 'self'; style-src translate.googleapis.com  www.gstatic.com inline: 'self' 'unsafe-inline'; report-uri https://iwfsecurity.report-uri.com/r/d/csp/enforce; 1
frame-ancestors 'self'; report-uri https://www.bestrecipes.com.au/csp-reports 1
object-src 'none';base-uri 'self';script-src 'nonce-KMwQo_0VYNmpeH2-y0yTvw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'none'; script-src-elem 'none'; script-src-attr 'none'; report-uri https://csp-report.apptrana.com/csp/report/16074 1
default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com *.myheritage.fi https://www.myheritage.fi  'unsafe-eval' 'nonce-b577e308aeb9b12a393523bbef932d77' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com https://www.google.com/ccm/collect https://cdn.builder.io *.myheritage.fi;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self' https://builder.io;img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=report&canonical_page_id=/company/home/ 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://api-sogecommerce.societegenerale.eu/static/ *.fontawesome.com *.googleapis.com *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.zopim.com *.zopim.io *.bushboard.co.uk *.cookiebot.com *.chatbeacon.io *.jquery.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com https://sogecommerce.societegenerale.eu/vads-payment/ https://api-sogecommerce.societegenerale.eu/api-payment/ https://api-sogecommerce.societegenerale.eu/static/ *.authorize.net *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.twitter.com *.wilsonart.com 'self' 'unsafe-inline'; frame-ancestors *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com https://sogecommerce.societegenerale.eu/vads-payment/ https://api-sogecommerce.societegenerale.eu/static/ *.authorize.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * https://www.youtube.com http://www.sandbox.paypal.com *.twitter.com *.wilsonart.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net https://sogecommerce.societegenerale.eu/static/latest/images/type-carte/ https://api-sogecommerce.societegenerale.eu/static/ https://sogecommerce.societegenerale.eu/vads-payment/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://maps.gstatic.com/ *.cloudflare.com *.google.com *.twitter.com *.twimg.com *.google.co.in *.ytimg.com *.googleadservices.com *.fontawesome.com *.mastercard.com *.bushboard.co.uk *.cookiebot.com *.chatbeacon.io *.hotjar.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com https://api-sogecommerce.societegenerale.eu/api-payment/ https://api-sogecommerce.societegenerale.eu/static/ https://static-sogecommerce.societegenerale.eu/static/ *.fontawesome.com *.googleapis.com *.gstatic.com *.authorize.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://maps.googleapis.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.bing.com *.zopim.com *.zdassets.com *.bushboard.co.uk *.cookiebot.com *.chatbeacon.io *.jquery.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://api-sogecommerce.societegenerale.eu/static/ https://static-sogecommerce.societegenerale.eu/static/ *.fontawesome.com assets.braintreegateway.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.bing.com *.bushboard.co.uk *.cookiebot.com *.chatbeacon.io *.jquery.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zopim.com *.zopim.io *.wilsonart.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com https://sogecommerce.societegenerale.eu/vads-payment/ https://api-sogecommerce.societegenerale.eu/api-payment/ *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com https://maps.googleapis.com www.google-analytics.com *.cloudflare.com *.twitter.com *.twimg.com *.zdassets.com *.zopim.com *.zopim.io wss://widget-mediator.zopim.com *.g.doubleclick.net *.bushboard.co.uk *.cookiebot.com *.chatbeacon.io *.jquery.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src https://sogecommerce.societegenerale.eu/vads-payment/ https://api-sogecommerce.societegenerale.eu/api-payment/ https://api-sogecommerce.societegenerale.eu/static/ 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-E_J1nzV8fiCHL7R7Ze1pjA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com maxcdn.bootstrapcdn.com www.manoloblahnik.com *.hotjar.com *.bglobale.com *.global-e.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com pay.google.com payments-eu.amazon.com *.amazon.de *.cybersource.com www.facebook.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com *.facebook.com *.facebook.net 'self' 'unsafe-inline'; frame-ancestors *.certcapture.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com *.adyen.com pay.google.com *.paypal.com www.google.com *.hotjar.com *.cybersource.com www.facebook.com www.youtube-nocookie.com the-restory.app authentication.cardinalcommerce.com *.issuu.com *.online-metrix.net *.bglobale.com *.global-e.com *.certcapture.com testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com *.weltpixel.com *.facebook.com *.facebook.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com validator.swagger.io t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.adyen.com pay.google.com *.payments-amazon.com *.media-amazon.com *.paypalobjects.com blob *.alekseon-test.eu media-akam.licdn.com www.facebook.com maps.googleapis.com *.clarity.ms *.bing.com *.google.com *.googletagmanager.com *.manoloblahnik.com *.doubleclick.net.com ozplayer.global.ssl.fastly.net mcusercontent.com *.nr-data.net *.google.com.mx *.google.co.uk *.google.com.br *.google.co.in *.google.de *.google.com.tr *.google.co.il *.google.ca *.google.ro *.google.nl *.google.fr *.google.es *.google.ie *.google.com.pr *.google.it *.google.com.au *.google.com.ec *.google.com.ph *.google.com.sg *.google.com.pk *.google.at *.google.no *.google.cl *.google.co.kr *.google.se *.google.co.jp *.google.com.pe *.google.com.my *.google.co.th *.google.co.za *.google.com.ua *.google.sk *.google.com.ng *.google.pl *.google.be *.google.fi *.google.ae *.google.com.co *.google.co.id *.google.co.ve *.google.com.hk *.google.com.eg *.google.com.uy *.google.com.ar *.google.ch *.google.ru *.google.co.ke *.google.pt *.google.mu *.google.com.sa *.google.com.vn *.google.com.tw *.google.gr *.google.com.bd *.google.dk *.google.com.py *.google.ee *.google.co.nz *.google.co.ma *.google.cz *.google.lk *.google.bg *.google.rs *.google.com.do *.google.hu *.google.iq *.google.co.cr *.google.al *.google.jo *.google.hr *.google.com.pa *.google.com.cy *.google.com.gh *.google.lt *.google.kz *.google.com.np *.google.by *.google.dz *.google.com.sv *.google.hn *.google.com.kw *.google.com.et *.google.mk *.google.ge *.google.cn *.google.com.jm *.google.si *.google.co.ug *.google.lv *.google.md *.google.co.mz *.google.lu *.google.am *.bglobale.com *.global-e.com *.certcapture.com https://images.unsplash.com *.facebook.com *.facebook.net *.gstatic.com maps.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com www.google.com www.gstatic.com maps.googleapis.com chimpstatic.com connect.facebook.net *.forter.com h.online-metrix.net cdnjs.cloudflare.com *.zdassets.com widget-mediator.zopim.com *.newrelic.com *.hotjar.com *.bing.com *.clarity.ms *.nr-data.net *.cardinalcommerce.com www.youtube.com *.online-metrix.net *.bglobale.com *.global-e.com polyfill.io *.certcapture.com testflex.cybersource.com flex.cybersource.com songbirdstag.cardinalcommerce.com *.facebook.com *.facebook.net https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fonts.net fonts.googleapis.com *.bootstrapcdn.com *.bglobale.com *.global-e.com *.certcapture.com *.fontawesome.com maxcdn.bootstrapcdn.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com manolo.alekseon-test.eu www.manoloblahnik.com *.zdassets.com *.g.doubleclick.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.google.com www.google.com payments-eu.amazon.com *.paypal.com *.forter.com *.cloudfront.net wss://cdn0.forter.com manoloblahnikhelp.zendesk.com *.zdassets.com *.widget-mediator.zopim.com widget-mediator.zopim.com wss://widget-mediator.zopim.com *.clarity.ms *.nr-data.net *.hotjar.com *.hotjar.io wss://*.hotjar.com *.googleapis.com *.bing.com stats.g.doubleclick.net www.facebook.com *.cardinalcommerce.com kg668dbov0.execute-api.us-east-1.amazonaws.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.certcapture.com *.facebook.com *.facebook.net https://www.google-analytics.com maps.googleapis.com 'self' 'unsafe-inline'; child-src *.certcapture.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://88c35bdd-2909-4aaa-90d0-66a99905c97c.sansec.watch/; report-to report-endpoint; 1
default-src 'self'; script-src *; script-src-elem *; script-src-attr *; style-src 'self'; style-src-elem 'self'; style-src-attr 'self'; img-src *; font-src *; connect-src *; media-src *; object-src 'none'; prefetch-src *; child-src *; frame-src *; frame-ancestors 'self'; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri https://www.styria.com https://stage.styria.com; manifest-src 'self'; report-uri https://cspreport.smd-digital.at 1
script-src 'none'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=dUMJKvzIrX149GTsgELCSdp7lzPhcXDB6wecLPnIQ_8-1752200959-1.0.1.1-jFnKnL4sM4SZRsVQ3DulBCT_LN_Kb..VBL8ZIFvDsgDS7pYa.j_11eANdzUoj9ckIsKtAhvXDqyZ0prqX_CcSFZZJH1eRGeLSixu5Wq7LLcnQcTS.C.ZM4wK.Ac6TewcJAnA3MDiG5xiVdsU6n_xnt_XzTT.rl6Q0B2IP85KuOk; report-to cf-csp-endpoint 1
default-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes' http://*.uqtr.uquebec.ca http://*.uqtr.ca data: https: blob:; base-uri 'self' http://*.uqtr.ca; form-action 'self' https: javascript: inline:; report-to csp-endpoint; report-uri https://webservice.uqtr.ca/prod/nginx/csp_api/report 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com data: https://api.systempay.fr/static/ https://cdnjs.cloudflare.com *.googleusercontent.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com https://paiement.systempay.fr/vads-payment/ https://api.systempay.fr/api-payment/ https://api.systempay.fr/static/ *.hsforms.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com https://paiement.systempay.fr/vads-payment/ https://api.systempay.fr/static/ https://www.googletagmanager.com/ *.hs-sites.com *.hsforms.com *.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.googleapis.com https://paiement.systempay.fr/static/latest/images/type-carte/ https://api.systempay.fr/static/ https://paiement.systempay.fr/vads-payment/ http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://maps.googleapis.com https://maps.gstatic.com https://www.google.fr https://api.mapbox.com *.tile.openstreetmap.org *.axept.io *.google.com *.googletagmanager.com *.googleusercontent.com *.hsforms.com *.hubspot.com *.imgix.net *.openstreetmap.org data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://api.systempay.fr/api-payment/ https://api.systempay.fr/static/ http://www.googletagmanager.com/ https://www.googletagmanager.com/ https://cdnjs.cloudflare.com https://maps.googleapis.com *.axept.io *.facebook.net *.googletagmanager.com *.hotjar.com *.hs-analytics.net *.hs-banner.com *.hs-scripts.com *.hscollectedforms.net *.hsforms.net *.hubspot.com *.bing.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://api.systempay.fr/static/ https://fonts.googleapis.com https://cdnjs.cloudflare.com *.fontawesome.com *.googletagmanager.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.googleapis.com https://paiement.systempay.fr/vads-payment/ https://api.systempay.fr/api-payment/ http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://maps.googleapis.com https://nominatim.openstreetmap.org *.axept.io *.axeptio.tech *.google-analytics.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com *.hsforms.com *.hscollectedforms.net *.hubspot.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src https://paiement.systempay.fr/vads-payment/ https://api.systempay.fr/api-payment/ https://api.systempay.fr/static/ 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://76c33e6e-b3ed-47af-8820-21ea80415831.sansec.watch/; report-to report-endpoint; 1
script-src 'self' 'nonce-xEK7P6M4pt1sONf1IfbyMFgtDn4K8zcuI7eo9bL1xeE=' 'strict-dynamic' 'wasm-unsafe-eval';object-src 'none';base-uri 'self';report-uri https://o4507537122852864.ingest.de.sentry.io/api/4507764299726928/security/?sentry_key=2e67b3fa9c193f38db8ea33933d09ffa&sentry_environment=production&sentry_release=sprint24; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.zohocdn.com *.zohopublic.eu *.zohostatic.eu *.cloudflare.com *.amasty.com *.facebook.com facebook.com *.cdnfonts.com fonts.googleapis.com *.googleapis.com data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.adyen.com revolut.com *.revolut.com *.arcot.com *.facebook.com facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.adyen.com www.google.com *.doubleclick.net *.googletagmanager.com *.amasty.com youtube.com revolut.com *.revolut.com *.arcot.com *.facebook.com facebook.com *.zohopublic.eu js.stripe.com *.google.com/ https://www.youtube.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.adyen.com https://images.unsplash.com https: *.linkedin.com *.facebook.net *.facebook.com facebook.com *.visualwebsiteoptimizer.com *.bing.com *.bing.net *.zohopublic.eu *.clarity.com *.clarity.ms *.cloudflare.com *.google.com *.google.by *.google.de *.google.pl *.amasty.com *.zohocdn.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.co.uk *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp maps.googleapis.com maps.gstatic.com *.googleapis.com https://www.magezon.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.adyen.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.googletagmanager.com googletagmanager.com *.paypal.com *.licdn.com *.facebook.net *.facebook.com facebook.com adobe.com *.adobedtm.com *.vimeo.com *.googleapi.com *.doubleclick.net *.gstatic.com *.cardinalcommerce.com *.visualwebsiteoptimizer.com *.tiktok.com *.bing.com *.clarity.com *.clarity.ms *.zoho.eu *.zohostatic.eu *.zohocdn.com *.zohopublic.eu *.cloudflare.com *.jsdelivr.net *.matomo.cloud *.amasty.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js pastebin.com js.stripe.com *.google.com/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.zohocdn.com *.zohopublic.eu *.cloudflare.com *.amasty.com *.facebook.com facebook.com *.zohostatic.eu pastebin.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zohocdn.com *.facebook.com facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.adyen.com https: *.linkedin.com *.gstatic.com *.facebook.com facebook.com *.visualwebsiteoptimizer.com *.clarity.com *.clarity.ms *.zohopublic.eu *.zohocdn.com vts.zohopublic.eu wss://vts.zohopublic.eu *.cloudflare.com *.tiktok.com *.jsdelivr.net *.tiktokw.us *.matomo.cloud *.bing.net *.amasty.com *.doubleclick.net *.google-analytics.com *.googlesyndication.com *.bing.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com pastebin.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.zohocdn.com *.facebook.com facebook.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none'; script-src 'self' 'report-sample' cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://www.recaptcha.net maps.googleapis.com; style-src 'self' 'report-sample' cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; webrtc 'block'; worker-src 'self'; base-uri 'self'; form-action 'self'; frame-ancestors 'self' 1
default-src 'self'; script-src 'unsafe-inline' 'self' 'unsafe-eval' blob: bat.bing.net *.speedcurve.com network-eu.bazaarvoice.com api.bazaarvoice.com www.googleadservices.com *.cdn.parcellab.com  www.mczbf.com googleads.g.doubleclick.net t.contentsquare.net analytics-static.ugc.bazaarvoice.com x.klarnacdn.net www.paypal.com static-eu.payments-amazon.com cdn-ukwest.onetrust.com om.ordergroove.com stg.api.bazaarvoice.com display-stg.ugc.bazaarvoice.com display.ugc.bazaarvoice.com services.postcodeanywhere.co.uk c.zmags.com maps.googleapis.com pagead2.googlesyndication.com www.googleadservices.com cdn.ometria.com ct.pinterest.com api.bounceexchange.com js.smct.io d.impactradius-event.com script.hotjar.com js.adsrvr.org static.ads-twitter.com ad.doubleclick.net smct.co platform.twitter.com analytics.tiktok.com static.hotjar.com bat.bing.com s.pinimg.com assets.bounceexchange.com cdn.parcellab.com intentclientscriptslon.s3.eu-west-2.amazonaws.com unpkg.com tag.wknd.ai unpkg.com cdn.particularaudience.com intentclientscriptslon.s3.eu-west-2.amazonaws.com unpkg.com cdn.cookielaw.org cdn.jsdelivr.net www.google-analytics.com e.cquotient.com p.cquotient.com static.ordergroove.com cdn.cquotient.com www.gstatic.com hotelchocolat.whoson.com cas.zma.gs hotel11113.pcapredict.com cdn-ukwest.onetrust.com www.googletagmanager.com www.google.com try.abtasty.com js.klarna.com; font-src data: x.klarnacdn.net fonts.gstatic.com smc-fonts.s3-eu-west-1.amazonaws.com images.getfastr.com maxcdn.bootstrapcdn.com c.zmags.com; style-src 'self' 'unsafe-inline' hotelchocolat.whoson.com *.cdn.parcellab.com display.ugc.bazaarvoice.com assets.bounceexchange.com x.klarnacdn.net styledisplay.ugc.bazaarvoice.com smc-fonts.s3-eu-west-1.amazonaws.com cdn.parcellab.com icons.parcellab.com services.postcodeanywhere.co.uk c.zmags.com fonts.googleapis.com maxcdn.bootstrapcdn.com cas.zma.gs; connect-src 'self' *.speedcurve.com *.algolianet.com *.contentsquare.net ad.doubleclick.net *.algolia.net wss://*.hotjar.com *.hotjar.com bat.bing.net *.hotjar.io *.ometria.com google.com www.paypal.com region1.google-analytics.com cdn-ukwest.onetrust.com region1.analytics.google.com www.mczbf.com q-aeu1.contentsquare.net www.pinterest.com api.parcellab.com events.bouncex.net storage.googleapis.com srm.ba.contentsquare.net k-aeu1.contentsquare.net adservice.google.com cognito-identity.eu-west-1.amazonaws.com ids.cdnwidget.com pd.cdnwidget.com view.cdnbasket.net page.cdnbasket.net data.cdnbasket.net js.smct.io stats.g.doubleclick.net analytics.google.com ssgtm.hotelchocolat.com c.contentsquare.net ad.doubleclick.net dcinfos-cache.abtasty.com geolocation.onetrust.com eu.playground.klarnaevt.com www.sandbox.paypal.com payments-eu.amazon.com om.ordergroove.com restapi.ordergroove.com services.postcodeanywhere.co.uk privacyportal-uk.onetrust.com na.klarnaevt.com insights.algolia.io stfgatlncw-dsn.algolia.net c.zmags.com pagead2.googlesyndication.com maps.googleapis.com googleads4.g.doubleclick.net www.googleadservices.com insight.adsrvr.org bat.bing.com www.google.com firehose.eu-west-1.amazonaws.com ep.smct.co ct.pinterest.com analytics.tiktok.com ct.pinterest.com ct.pinterest.com ipl.smct.io main.inference.madewithintent.ai recs-us-e1a.particularaudience.com cdn.cookielaw.org googleads4.g.doubleclick.net insight.adsrvr.org eu.klarnaevt.com cdn-ukwest.onetrust.com js.klarna.com try.abtasty.com cas.zma.gs www.google-analytics.com ariane.abtasty.com; img-src 'self' *.speedcurve.com data: www.googleadservices.com icons.parcellab.com www.google.co.uk bat.bing.net cj.dotomi.com tbs.tradedoubler.com www.emjcd.com googleads.g.doubleclick.net match.adsrvr.org insight.adsrvr.org api.bounceexchange.com network-eu-stg-a.bazaarvoice.com network-eu.bazaarvoice.com hotelchocolat.whoson.com events.smct.co www.google-analytics.com assets.bounceexchange.com l.contentsquare.net www.google.com trk.ometria.com c.contentsquare.net ad.doubleclick.net network-eu-stg.bazaarvoice.com static-eu.payments-amazon.com www.hotelchocolat.com m.media-amazon.com www.paypalobjects.com om.ordergroove.com blog.hotelchocolat.com services.postcodeanywhere.co.uk images.creator-prod.zmags.com www.googletagmanager.com maps.gstatic.com maps.googleapis.com *.cdnwidget.com events.bouncex.net bat.bing.com analytics.twitter.com t.co cdn.cookielaw.org images.getfastr.com img.creator-prod.zmags.com cdn-ukwest.onetrust.com; frame-src 'self' 6933631.fls.doubleclick.net  13586967.fls.doubleclick.net https://online.flippingbook.com match.adsrvr.org ssgtm.hotelchocolat.com td.doubleclick.net cnc-api.zmags.com www.sandbox.paypal.com www.paypal.com testsecureacceptance.cybersource.com www.google.com www.youtube.com ls.smct.io d2d7do8qaecbru.cloudfront.net www.googleadservices.com assets.bounceexchange.com ct.pinterest.com insight.adsrvr.org www.googletagmanager.com www.google.co.uk 1
default-src https://*.rsync.net:443 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: 1
frame-ancestors 'none'; report-uri /csp_logger/; 1
object-src 'none';base-uri 'self';script-src 'nonce-x5hdISOAxW3Kgc_j765pfw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src https: wss://ws.tsarvar.com wss://wst.tsarvar.com wss://wst2.tsarvar.com; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data: 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=show&source%5Bapp%5D=ShopifyAppStore&source%5Bcontroller%5D=merchant%2Fapp_details&source%5Buuid%5D=3a15ac2d-9092-40d0-89e7-535f0c7c0798-1752198935; report-to shopify-csp 1
default-src 'none'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=48VK87Yeih10DEeQJ_edvLZx5SlWrsDs540NrYbkoRA-1752199102-1.0.1.1-V1OmDYb7DFpyfRNYlNidQDV9.4E8FG1SIpvwAn1Qm0frf6hYQ.PsLVBiUg0ys83_i.8uSIjJLjzpHRUh7ryEfIKyzzlR_hepKOw3jXb3b0PsrQUNCjYwy55PDgA76Z3IDmkVbDK7wTNbK4_xaARaT6KIkAd5inUihwnZIlwsqjVGylKItt0s7QJJWeEfvsIsq5lG_Jm9yDUBjTS6hZGu.A; report-to cf-fpisbpgpqsqlwjiw 1
base-uri 'self'; block-all-mixed-content; child-src 'self' blob:; default-src 'self'; form-action 'self'; frame-ancestors 'self'; object-src 'none'; report-to csp-endpoint; report-uri https://sentry.nadapada.net/api/136/security/?sentry_key=7d3cea7bc0a6a8fb9a3fc5fe14a1ee02&sentry_environment=production; worker-src 'self' blob:; connect-src 'self' blob: data: https://analytics.google.com https://analytics.talentbrew.io https://content.hotjar.io https://google-analytics.com https://maps.googleapis.com https://overbridgenet.com https://pagead2.googlesyndication.com https://region1.analytics.google.com https://region1.google-analytics.com https://sentry.nadapada.net/api/136/ https://stats.g.doubleclick.net https://www.google-analytics.com https://www.google.ae https://www.google.al https://www.google.at https://www.google.ba https://www.google.be https://www.google.bg https://www.google.ca https://www.google.ch https://www.google.co.cr https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.kr https://www.google.co.ma https://www.google.co.nz https://www.google.co.th https://www.google.co.uk https://www.google.co.uz https://www.google.co.za https://www.google.co.zq https://www.google.com https://www.google.com.au https://www.google.com.br https://www.google.com.co https://www.google.com.do https://www.google.com.eg https://www.google.com.gt https://www.google.com.hk https://www.google.com.mt https://www.google.com.mx https://www.google.com.np https://www.google.com.om https://www.google.com.pe https://www.google.com.pk https://www.google.com.sa https://www.google.com.sg https://www.google.com.tr https://www.google.com.tw https://www.google.cz https://www.google.de https://www.google.dk https://www.google.es https://www.google.fi https://www.google.fr https://www.google.gh https://www.google.gh https://www.google.gr https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.iq https://www.google.it https://www.google.kg https://www.google.lk https://www.google.lt https://www.google.me https://www.google.nl https://www.google.no https://www.google.ph https://www.google.pl https://www.google.pt https://www.google.ro https://www.google.se https://www.google.si https://www.google.sk https://www.google.sr https://www.google.tn https://www.googleadservices.com wss://ws.hotjar.com ; font-src 'self' data: https://fonts.gstatic.com https://use.typekit.net/af/494550/0000000000000000774b907b/30/ ; frame-src 'self' https://c1.adform.net https://links.intractive.app https://track.adform.net https://web.intractive.app https://www.google.com https://www.googletagmanager.com https://www.youtube.com ; img-src 'self' data: blob: https://analytics.talentbrew.io https://fonts.gstatic.com https://i.ytimg.com https://maps.googleapis.com https://maps.gstatic.com https://media.werkenbijdefensie.nl https://pagead2.googlesyndication.com https://server.seadform.net https://stats.g.doubleclick.net https://translate.google.com https://www.google-analytics.com https://www.google.ae/ads/ https://www.google.al/ads/ https://www.google.at/ads/ https://www.google.ba/ads/ https://www.google.be/ads/ https://www.google.bg/ads/ https://www.google.ca/ads/ https://www.google.ch/ads/ https://www.google.co.cr/ads/ https://www.google.co.id/ads/ https://www.google.co.il/ads/ https://www.google.co.in/ads/ https://www.google.co.jp/ads/ https://www.google.co.ke/ads/ https://www.google.co.kr/ads/ https://www.google.co.ma/ads/ https://www.google.co.nz/ads/ https://www.google.co.th/ads/ https://www.google.co.uk/ads/ https://www.google.co.uz/ads/ https://www.google.co.za/ads/ https://www.google.co.zw/ads/ https://www.google.com.au/ads/ https://www.google.com.br/ads/ https://www.google.com.co/ads/ https://www.google.com.do/ads/ https://www.google.com.eg/ads/ https://www.google.com.gt/ads/ https://www.google.com.hk/ads/ https://www.google.com.mt/ads/ https://www.google.com.mx/ads/ https://www.google.com.np/ads/ https://www.google.com.om/ads/ https://www.google.com.pe/ads/ https://www.google.com.pk/ads/ https://www.google.com.sa/ads/ https://www.google.com.sg/ads/ https://www.google.com.tr/ads/ https://www.google.com.tw/ads/ https://www.google.com/ads/ https://www.google.com/ccm/collect https://www.google.com/pagead/ https://www.google.cz/ads/ https://www.google.de/ads/ https://www.google.dk/ads/ https://www.google.es/ads/ https://www.google.fi/ads/ https://www.google.fr/ads/ https://www.google.gh/ads/ https://www.google.gr/ads/ https://www.google.hr/ads/ https://www.google.hu/ads/ https://www.google.ie/ads/ https://www.google.iq/ads/ https://www.google.it/ads/ https://www.google.kg/ads/ https://www.google.lk/ads/ https://www.google.lt/ads/ https://www.google.me/ads/ https://www.google.nl/ads/ https://www.google.no/ads/ https://www.google.ph/ads/ https://www.google.pl/ads/ https://www.google.pt/ads/ https://www.google.ro/ads/ https://www.google.se/ads/ https://www.google.si/ads/ https://www.google.sk/ads/ https://www.google.sr/ads/ https://www.google.tn/ads/ https://www.googleadservices.com https://www.googletagmanager.com ; media-src 'self' https://media.werkenbijdefensie.nl ; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/libs/jquery/3.7.1/jquery.min.js https://apply.talentbrew.io https://cdn.jsdelivr.net/npm/sockjs-client@1.4.0/dist/sockjs.min.js https://connect.facebook.net https://maps.googleapis.com/$rpc/ https://maps.googleapis.com/maps-api-v3/ https://maps.googleapis.com/maps/ https://s2.adform.net https://sc-static.net/webview-autofill.min.js https://sentry.nadapada.net https://track.adform.net https://www.google-analytics.com/analytics.js https://www.google.com/recaptcha/ https://www.googletagmanager.com https://www.gstatic.com/recaptcha/ https://www.youtube.com/iframe_api https://www.youtube.com/s/player/ ; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' blob: https://ajax.googleapis.com/ajax/libs/jquery/3.7.1/jquery.min.js https://apply.talentbrew.io https://cdn.jsdelivr.net/npm/sockjs-client@1.4.0/dist/sockjs.min.js https://connect.facebook.net https://embed.intractive.app https://maps.googleapis.com/$rpc/ https://maps.googleapis.com/maps-api-v3/ https://maps.googleapis.com/maps/ https://s2.adform.net https://sc-static.net/webview-autofill.min.js https://script.hotjar.com https://sentry.nadapada.net https://static.hotjar.com https://track.adform.net https://use.typekit.net/rmg6mik.css https://www.google-analytics.com/analytics.js https://www.google.com/recaptcha/ https://www.googletagmanager.com https://www.gstatic.com/recaptcha/ https://www.youtube.com/iframe_api https://www.youtube.com/s/player/ ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://p.typekit.net/p.css https://use.typekit.net/rmg6mik.css https://www.googletagmanager.com https://www.gstatic.com ; 1
script-src 'nonce-knoACgO-IAYd8-jNusP69w' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.klevu.com *.ksearchnet.com https://www.gstatic.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.affirm.com *.affirm.ca c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * www.xtento.com https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.addthis.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.affirm.com *.affirm.ca *.b0e8.com https://images.unsplash.com *.disqus.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.klevu.com *.ksearchnet.com www.xtento.com cdn.xtento.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.typekit.net google.com *.google.com *.cdn-apple.com *.affirm.com *.affirm.ca *.b0e8.com *.bc0a.com *.disqus.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com js.klevu.com *.ksearchnet.com www.xtento.com cdn.xtento.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.addthis.com https://z.moatads.com https://v1.addthisedge.com https://cdn.jsdelivr.net *.googletagmanager.com tagmanager.google.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com https://h64.online-metrix.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com assets.braintreegateway.com *.klevu.com *.ksearchnet.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com https://cdn.jsdelivr.net tagmanager.google.com fonts.google.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net *.sentry.io *.paypal.com google.com *.google.com qa-api.magedevteam.com *.affirm.com *.affirm.ca api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.klevu.com *.ksearchnet.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http: 'nonce-'; base-uri 'none'; frame-ancestors 'self' 1
object-src 'none';base-uri 'self';script-src 'nonce-f7DfLlEGem-LrhvN0-_dhQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/maps-tactile 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: wss://ws.salecycle.com; object-src 'none'; style-src 'self' https: 'unsafe-hashes' 'unsafe-inline' https://*.aircaraibes.com https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' data: https:; media-src 'self'; frame-src 'self' https://*.aircaraibes.com https://aircaraibes.qualifioapp.com https://www.googletagmanager.com/ https://*.salecycle.com https://*.pinterest.com https://*.criteo.com https://*.cloudfront.net; frame-ancestors 'self' https://www.liligo.com https://www.liligo.fr https://checkin.si.amadeus.net https://*.aircaraibes.com; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com https://*.finchatbot.com; connect-src 'self' https: wss://ws.salecycle.com; upgrade-insecure-requests 1
child-src 'self' bid.g.doubleclick.net *.bitexen.com www.google.com;  connect-src 'self' *.bitexen.com firebase.googleapis.com firebaseinstallations.googleapis.com salesiq.zoho.com salesiq.zohopublic.com sdkapi.netmera.com stats.g.doubleclick.net www.google-analytics.com api.intotheblock.com desk.zoho.com vts.zohopublic.com www.tradingview.com app.adjust.com app.adjust.net.in app.adjust.world fonts.gstatic.com koinbulteni.com region1.google-analytics.com wasm.regulaforensics.com;  font-src 'self' css.zohocdn.com fonts.gstatic.com css.zohocdn.com css.zohostatic.com;  form-action 'self' *.bitexen.com;  frame-ancestors 'self';  frame-src 'self' bid.g.doubleclick.net pixel.sitescout.com s.tradingview.com *.hcaptcha.com *.geetest.com *.bitexen.com www.google.com;  img-src 'self' data: *.bitexen.com pixel.sitescout.com salesiq.zohopublic.com sdkapi.netmera.com www.facebook.com www.google.com www.google.com.tr accounts.zoho.com googleads.g.doubleclick.net koinbulteni.com s3.eu-west-1.amazonaws.com ssl.google-analytics.com web.facebook.com www.google-analytics.com region1.google-analytics.com static.geetest.com static.geevisit.com www.gstatic.com *.hcaptcha.com www.googletagmanager.com;  manifest-src 'self';  script-src-attr 'unsafe-inline';  script-src-elem 'self' 'unsafe-inline' cdn.jsdelivr.net cdn.netmera-web.com connect.facebook.net firebasestorage.googleapis.com googleads.g.doubleclick.net js.zohocdn.com salesiq.zoho.com secure.adnxs.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.gstatic.com app.intotheblock.com code.jquery.com js-agent.newrelic.com js.zohostatic.com ntm.netmera-web.com s3.tradingview.com ssl.google-analytics.com d17nz991552y2g.cloudfront.net *.geetest.com *.geevisit.com;  script-src 'self' 'unsafe-eval' cdn.netmera-web.com js-agent.newrelic.com g792337344.co connect.facebook.net *.hcaptcha.com app.intotheblock.com firebasestorage.googleapis.com googleads.g.doubleclick.net js.zohocdn.com js.zohostatic.com ntm.netmera-web.com s3.tradingview.com salesiq.zoho.com secure.adnxs.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.gstatic.com *.geetest.com *.hcaptcha.com;  style-src-attr 'unsafe-inline';  style-src-elem 'self' 'unsafe-inline' data: cdn.datatables.net cdn.jsdelivr.net cdnjs.cloudflare.com css.zohocdn.com fonts.googleapis.com use.fontawesome.com css.zohostatic.com *.geetest.com *.hcaptcha.com;  style-src 'unsafe-eval' data: cdnjs.cloudflare.com css.zohocdn.com css.zohostatic.com fonts.googleapis.com *.hcaptcha.com *.geetest.com *.bitexen.com;  worker-src *.bitexen.com;  object-src 'none';  report-uri https://reporturi.bitexen.com/r/d/csp/wizard 1
default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://code.jquery.com/ui/ https://src.mastercard.com/srci/integration/components/ https://cdn.jsdelivr.net/npm/intl-tel-input@25.3.1/build/css/intlTelInput.css; script-src 'self' 'unsafe-eval' 'nonce-+3R3ZWRUuDncf82dPy3z9A==' https://js.stripe.com/ https://g.stripe.com/ https://hosted.paysafe.com/request/ https://ajax.cloudflare.com https://cdnjs.cloudflare.com/ajax/libs/moment.js/ https://cdn.webrtc-experiment.com/DetectRTC.min.js https://code.jquery.com/ui/ https://maps.googleapis.com/maps/api/ https://www.google.com/recaptcha/api.js https://www.datadoghq-browser-agent.com/datadog-logs-us.js https://www.datadoghq-browser-agent.com/datadog-rum-us.js https://www.datadoghq-browser-agent.com/datadog-rum-v4.js http://stats.pusher.com/timeline/v2/jsonp/ https://cdn.onesignal.com/ https://onesignal.com/api/v1/sync/ https://cdn.jsdelivr.net/npm/intl-tel-input@25.3.1/build/js/intlTelInputWithUtils.min.js https://src.mastercard.com/ https://secure.checkout.visa.com/checkout-widget/resources/js/ https://qwww.aexp-static.com/akamai/remotecommerce/scripts/ https://webapp.src.discover.com/websdk/ https://content.discovercard.com/ https://js.verygoodvault.com/vgs-collect/ https://www.datadoghq-browser-agent.com/datadog-logs-v4.js; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: https://img.gotab.io/ https://static.gotab.io/ https://s3.amazonaws.com/gotabpublic/ https://s3.amazonaws.com/gotabpublic/ https://maps.gstatic.com/ https://maps.googleapis.com/maps/ https://i.vimeocdn.com/video/ https://src.mastercard.com/srci/integration/ https://content.discovercard.com/ https://cdn.jsdelivr.net/npm/intl-tel-input@25.3.1/build/img/ https://*.untappd.com/ https://checkoutshopper-live.adyen.com/checkoutshopper/images/ https://checkoutshopper-live-us.adyen.com/ https://*.googleapis.com https://gotabpublic.s3.amazonaws.com/; media-src 'self' data: https://s3.amazonaws.com/gotabpublic/ https://gotabpublic.s3.amazonaws.com/; frame-src 'self' https://js.stripe.com/ https://metabase.gotab.io/ https://report.gotab.io/ https://www.google.com/ https://js.verygoodvault.com/vgs-collect/ https://content.discovercard.com/ https://src.mastercard.com/ https://srcdcf.americanexpress.com/ https://secure.checkout.visa.com/checkout-widget/ https://checkoutshopper-live.adyen.com/ https://checkoutshopper-live-us.adyen.com/ https://chat.gotab.io/ https://app.opsi.io/; connect-src 'self' https://*.gotab.io/ wss://stats.gotab.io/ https://hosted.paysafe.com/request/api/ https://api.paysafe.com/request/api/ https://api.paysafe.com/request/api/v1/ https://checkoutshopper-live.adyen.com/checkoutshopper/ https://checkoutshopper-live-us.adyen.com/ https://*.logs.datadoghq.com/ https://*.browser-intake-datadoghq.com/ *.verygoodvault.com *.verygoodproxy.com https://maps.googleapis.com/maps/api/ https://cloud.handpoint.io/ ws://ws-mt1.pusher.com/app/ https://vimeo.com/api/ https://vgs-collect-keeper.apps.verygood.systems/vgs https://*.mastercard.com/ https://*.aexp-static.com/ https://*.americanexpress.com/ https://*.visa.com/ https://*.staticv.me/ https://*.discover.com/ https://*.discovercard.com/ https://content.discovercard.com/ https://src.apis.discover.com/sdk/ https://www.google.com/maps/conversion/collect https://*.googleapis.com; worker-src 'self' blob:; report-to csp-report 1
base-uri 'self'; default-src 'self' https: wss: ws:; script-src 'self' 'unsafe-eval' https://cdn.jsdelivr.net/npm/cross-storage@1.0.0/dist/hub.min.js https://og-frontend.stg-east.frontend.public.atl-paas.net/assets/ https://*.services.atlassian.com https://code.jquery.com/jquery-3.6.0.min.js https://remote-app-switcher.stg-east.frontend.public.atl-paas.net https://translate.googleapis.com/_/translate_http/_/js/ https://ajax.googleapis.com/ajax/libs/jqueryui/1.13.2/jquery-ui.min.js https://ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js https://js.intercomcdn.com https://widget.intercom.io/widget/ https://www.gstatic.com/recaptcha/releases/ https://www.google.com/recaptcha/ https://js.stripe.com https://meet.jit.si https://bam.nr-data.net 'sha256-u8Qc9T1x0D5Z/CHTQ498yO/+i2ySExBMOwf4RL2t4WI=' 'sha256-FV4wGfcn2NrqSJwtGQUWZ2Ie5XrIVKqtnc6g2gmRRco=' 'sha256-6wRdeNJzEHNIsDAMAdKbdVLWIqu8b6+Bs+xVNZqplQw=' 'sha256-N6H1UNp6u4dhUx+FZUQMMcXz17KIEWQw+ZVCPp4d3Zo=' 'sha256-qyYeb40S0YW7zrzwvSX5SEThkjXxwfWSwDp+FlCY0ic=' 'sha256-XHhqFY/vlAF49XCJL4Eg+ttSAnGAobln30utBWOcPhU=' 'sha256-L8u6aiCFdh23FnTLOjO9T7p6zkSJPTaOzZoZUz9OnVQ=' 'sha256-ZMCyrJrkz95Pmv4GzcpT7uihWvUib4x2CFIKGfMsuYU=' 'sha256-ffGUIypjdVM8v7ybOzYmI52fKI8S9IVsUI1OqyrUw8Q=' 'sha256-4qVpzn2Bx0qK9KtIsF/n3VVomtjXD/qPqKpKFNRrMWY=' 'sha256-eETIIu3VZ7EA7inGoTk/IDe2GZACdmowaBuJOhm6Bik=' 'nonce-a887768d47503c9afb7eaa25077a222d'; style-src 'self' 'unsafe-inline' https://*.opsgeni.us https://og-frontend.stg-east.frontend.public.atl-paas.net/assets/ https://fonts.googleapis.com/css2 data:; img-src 'self' data: https:; font-src 'self' https://og-frontend.stg-east.frontend.public.atl-paas.net/assets/ https://fonts.intercomcdn.com https://fonts.gstatic.com data:; frame-ancestors 'self' https://*.app.opsgeni.us https://*.opsgeni.us; form-action 'self'; report-uri https://web-security-reports.services.atlassian.com/csp-report/og-frontend; report-to csp-default-endpoint; connect-src 'self' https: wss: ws:; object-src 'none'; frame-src 'self' https://*.opsgeni.us https://intercom-sheets.com https://*.atlassian.com https://*.opsgenie.com https://js.stripe.com https://reporting.opsgenie.com https://www.google.com 1
default-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline' data:; frame-ancestors 'none'; worker-src blob:; connect-src * 'unsafe-inline'; img-src * blob: data: 'unsafe-inline'; object-src 'self' blob:; report-uri /cspapi/report/CspReport; 1
default-src 'self'; connect-src 'self' https://px.ads.linkedin.com https://*.linkedin.com https://*.zi-scripts.com https://ws.zoominfo.com https://*.hsforms.com https://cta-service-cms2.hubspot.com https://*.wistia.com https://*.wistia.net https://*.litix.io https://analytics.google.com https://*.analytics.google.com https://www.google-analytics.com https://stats.g.doubleclick.net https://o936403.ingest.sentry.io https://o936403.ingest.us.sentry.io https://hubspot-forms-static-embed.s3.amazonaws.com https://*.execute-api.us-west-2.amazonaws.com https://*.us-west-2.amazonaws.com; font-src 'self' data: https://fonts.gstatic.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://cdn.jsdelivr.net https://*.wistia.com https://*.wistia.net; frame-ancestors 'self'; frame-src 'self' blob: https://464431.hs-sites.com https://*.hsforms.com https://*.livechatinc.com; img-src 'self' data: https://www.googletagmanager.com https://*.linkedin.com https://cdn.livechat-static.com https://cdn.livechat-files.com https://cdn.files-text.com https://*.hsforms.com https://*.hubspot.com https://static.hsappstatic.net https://*.wistia.com https://*.wistia.net https://cdnjs.cloudflare.com; media-src 'self' blob:; object-src 'self'; script-src 'strict-dynamic' 'nonce-lIzM1LRbuIUKLMWV5iJrgw=='; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://cdn.jsdelivr.net; report-uri https://hesoedxbb6.execute-api.us-west-2.amazonaws.com/prod/report 1
object-src 'none';base-uri 'self';script-src 'nonce-bvUYlSip8aObl_10Ohp2kA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none'; script-src 'nonce-noUcLaSjD_bWlCu8y5Z_wscD' 'strict-dynamic' http: https:; base-uri 'none'; 1
object-src 'none';base-uri 'self';script-src 'nonce-6-37FDwuqxcMxFG7orUv1A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net *.squarecdn.com s.gr-assets.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.auspost.zone *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com widgets.sandbox.afterpay.com *.cash.app td.doubleclick.net platform.twitter.com securepubads.g.doubleclick.net static.addtoany.com placement-api.afterpay.com www.goodreads.com *.auspost.zone c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * landofcoder.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com *.googletagmanager.com *.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.afterpay.com/ *.cash.app sq-trk.gammaplatform.com www.facebook.com bat.bing.com www.google.co.in *.adobe.io *.sandbox.afterpay.com *.afterpay.com *.auspost.net.au www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com *.facebook.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.com *.clarity.ms *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com *.adobe.io *.magento-ds.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com *.squarecdn.com https://hbiq.net *.cash.app dymocks.api.useinsider.com bat.bing.com d16fk4ms6rqz1v.cloudfront.net static.zdassets.com connect.facebook.net utt.impactcdn.com unpkg.com www.clarity.ms js-agent.newrelic.com cdn.scarabresearch.com static.scarabresearch.com platform.twitter.com securepubads.g.doubleclick.net c.amazon-adsystem.com config.aps.amazon-adsystem.com static.addtoany.com js.squarecdn.com cdn.jsdelivr.net placement-api.afterpay.com s.gr-assets.com m.media-amazon.com graph.facebook.com *.sandbox.afterpay.com *.afterpay.com *.auspost.net.au *.auspost.zone js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com landofcoder.com *.cloudflare.com *.googletagmanager.com *.googleadservices.com *.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.clarity.ms *.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com static.afterpay.com/ *.squarecdn.com *.cash.app s.gr-assets.com *.sandbox.afterpay.com *.afterpay.com *.auspost.net.au *.googleapis.com *.addtoany.com assets.braintreegateway.com *.tagmanager.google.com *.googletagmanager.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.magento-datasolutions.com *.magento-ds.com *.afterpay.com *.squarecdn.com https://hbiq.net https://iq.afterpay-beta.com https://iq.afterpay.com *.cash.app api.lab.amplitude.com fcmregistrations.googleapis.com firebaseinstallations.googleapis.com ekr.zdassets.com stats.g.doubleclick.net o.clarity.ms dymockshelp.zendesk.com recommender.scarabresearch.com webchannel-content.eservice.emarsys.net bam.nr-data.net c.amazon-adsystem.com syndication.twitter.com *.cardinalcommerce.com *.paypal.com *.google.com *.auspost.net.au *.sandbox.afterpay.com http://dpm.demdex.net *.auspost.zone api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com google.com landofcoder.com *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.clarity.ms *.doubleclick.net *.run.app 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com www.googleadservices.com bat.bing.com commerce.adobedc.net o.clarity.ms www.google.com unagi.amazon.com securepubads.g.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' 'strict-dynamic' 'nonce-52b0411f-2164-47c8-bbb1-f56707805324'  *.aaui-879784980514.s3.us-east-2.amazonaws.com *.aauicdnva7.azureedge.net *.adform.net *.app.launchdarkly.com *.awaascicdprodva7.blob.core.windows.net *.d30ln29764hddd.cloudfront.net *.doubleclick.net *.euroland.com *.eurolandir.com *.googletagmanager.com *.jquery.com *.leaddesk.com *.linkedin.com *.omniture.com *.omtrdc.net *.services.adobe.com *.youtube.com http://maps.google.com/maps-api-v3/api/ http://maps.google.com/maps/api/ http://maps.googleapis.com/maps/api/ https://*.aptrinsic.com https://*.flockler.com https://adminconsole.adobe.com https://adobe.com https://adobe.io https://adobe.net https://adobeid-na1.services.adobe.com https://ajax.googleapis.com https://analytics-eu.clickdimensions.com https://api.emea01.idio.episerver.net https://app.powerbi.com https://assets.adobedtm.com https://assets.adobedtm.com https://assets2.adobe.com https://az416426.vo.msecnd.net/scripts/a/ai.0.js https://cdn.cookielaw.org https://cdn.jsdelivr.net/npm/ https://cdnjs.cloudflare.com/ajax/libs/popper.js/ https://cloudui-emea01.profilestore.episerver.net https://connect.facebook.net https://cookie-cdn.cookiepro.com https://d1igp3oop3iho5.cloudfront.net/v2/YTCU__QFgA3N4sqa5K5xQA-eu1/zaius-min.js https://d1igp3oop3iho5.cloudfront.net/v2/buA6R3hGThUwo2b3jMhdjQ-eu1/zaius-min.js https://dl.episerver.net https://fl-cdn.scdn1.secure.raxcdn.com https://geolocation.onetrust.com https://googleads.g.doubleclick.net https://js.monitor.azure.com/scripts/ https://kuula.co https://ld-webchat.s3.eu-north-1.amazonaws.com https://login.microsoftonline.com https://maps.googleapis.com https://maxcdn.bootstrapcdn.com/bootstrap/ https://research.innolink.fi https://s.emea01.idio.episerver.net/ https://snap.licdn.com https://sstats.adobe.com https://static.ads-twitter.com https://tpc.googlesyndication.com https://videolle.viewin360.co https://www.google.com https://www.google.com/recaptcha/ https://www.googleadservices.com https://www.gstatic.com/recaptcha/ https://youtube.com https://metsa-virtual-exhibition.netlify.app https://metsa-virtual-exhibition-two.netlify.app  https://cxppusa1formui01cdnsa01-endpoint.azureedge.net/  https://static.hotjar.com/ https://script.hotjar.com/ https://cxppeur1rdrect01sa02cdn.blob.core.windows.net/;  report-uri https://www.metsagroup.com/api/reporting/;  report-to csp-endpoint; 1
connect-src 'self' https://*.analytics.google.com https://*.aptrinsic.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://*.sentry.io https://api.ipgeolocation.io https://api.triptease.io https://bat.bing.com https://bat.bing.net https://consent.cookiebot.com https://consentcdn.cookiebot.com https://content.hotjar.io https://data.flip.to https://dc.services.visualstudio.com https://fonts.googleapis.com https://google.com https://googleads.g.doubleclick.net https://maps.googleapis.com https://mc.yandex.com https://mc.yandex.ru https://messages.guest-experience.triptease.io https://metrics.corinthia.com https://metrics.hotjar.io https://onboard.triptease.io https://p.relay-t.io https://region1.analytics.google.com https://sa.flip.to https://scripts.affilired.com https://sleeknotestaticcontent.sleeknote.com https://static-meta.triptease.io https://stats.g.doubleclick.net https://sync.srv.stackadapt.com https://tags.srv.stackadapt.com https://vc.hotjar.io https://wl-suppliers.app.cvent.com https://www.dripuploads.com https://www.facebook.com https://www.google.ae https://www.google.co.uk https://www.google.com https://www.menumodo.com https://www.thehotelsnetwork.com wss://ws.hotjar.com; default-src 'self' https://*.adform.net https://*.adnxs.com https://*.sentry.io https://cdn.jsdelivr.net/npm/bootstrap@4.6.2/; font-src 'self' data: https://*.cloudfront.net/graphik/ https://*.cloudfront.net/lato/ https://fonts.googleapis.com https://fonts.gstatic.com https://fonts.gstatic.com/s/barlow/ https://fonts.gstatic.com/s/lato/ https://fonts.gstatic.com/s/roboto/ https://static.tacdn.com https://use.typekit.net https://www.menumodo.com; frame-src 'self' https://*.adsrvr.org https://*.fls.doubleclick.net https://*.speedrfp.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://customs.affilired.com https://mc.yandex.com https://mc.yandex.ru https://onboard.triptease.io https://targeted-messages.triptease.io https://td.doubleclick.net https://www.facebook.com https://www.google.com https://www.googletagmanager.com https://www.opentable.co.uk https://www.thehotelsnetwork.com https://www.youtube-nocookie.com; img-src 'self' blob: data: *.ggpht.com *.googleapis.com *.linkedin.com https://*.adform.net https://*.adnxs.com https://*.adsrvr.org https://*.analytics.google.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://*.sojern.com https://*.speedrfp.com https://*.youtube.com https://ad.doubleclick.net https://bat.bing.com https://cdnjs.cloudflare.com/ajax/libs/intl-tel-input/17.0.19/ https://cm.g.doubleclick.net/pixel https://cms.analytics.yahoo.com https://d1cmxvrarpztze.cloudfront.net https://dpm.demdex.net https://googletagmanager.com https://i.ytimg.com https://imgsct.cookiebot.com https://mc.yandex.com https://mc.yandex.ru https://metrics.corinthia.com https://pubads.g.doubleclick.net https://region1.analytics.google.com https://ssl.gstatic.com https://stackadapt.com https://static.tacdn.com https://stats.g.doubleclick.net https://storage.ghadiscovery.com https://sync.srv.stackadapt.com https://tags.srv.stackadapt.com https://tags.w55c.net https://www.facebook.com https://www.google.ae https://www.google.co.uk https://www.google.com https://www.gstatic.com https://www.menumodo.com https://www.pages04.net https://www.tripadvisor.co.uk maps.gstatic.com; manifest-src 'self'; media-src 'self'; script-src-elem 'self' 'unsafe-inline' *.licdn.com https://*.adsrvr.org https://*.aptrinsic.com https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://*.sojern.com https://*.speedrfp.com https://*.youtube.com https://ajax.googleapis.com https://api.getdrip.com https://bat.bing.com https://browser.sentry-cdn.com https://cdn.denomatic.com https://cdn.flip.to https://cdn.jsdelivr.net https://cdn.jsdelivr.net/npm/bootstrap@4.6.2/ https://cdn.jsdelivr.net/npm/bootstrap@5.0.0-beta2/ https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/ https://cdn.jsdelivr.net/npm/bootstrap@5.2.3/ https://cdn.jsdelivr.net/npm/feather-icons/ https://cdn.jsdelivr.net/npm/ip-geolocation-api-jquery-sdk@1.0.6/ https://cdn.jsdelivr.net/npm/jquery@3.5.1/ https://cdn.jsdelivr.net/npm/jquery@3.6.4/ https://cdn.jsdelivr.net/npm/popper.js@1.16.1/ https://cdn.otstatic.com https://cdnjs.cloudflare.com/ajax/libs/intl-tel-input/17.0.19/ https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/ https://code.jquery.com/jquery-3.2.1.slim.min.js https://components.flip.to https://connect.facebook.net https://consent.cookiebot.com https://consentcdn.cookiebot.com https://contentz.mkt941.com https://customs.affilired.com https://d16fk4ms6rqz1v.cloudfront.net https://googleads.g.doubleclick.net https://integration.flip.to https://js.monitor.azure.com https://js.sentry-cdn.com https://maps.googleapis.com https://maps.googleapis.com/maps/api/* https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/ https://mc.yandex.com https://mc.yandex.ru https://navigator.ink-global.com https://onboard.triptease.io https://p.relay-t.io https://script.crazyegg.com https://script.hotjar.com https://sleeknotecustomerscripts.sleeknote.com https://sleeknotestaticcontent.s3.eu-west-1.amazonaws.com https://sleeknotestaticcontent.sleeknote.com https://static-meta.triptease.io https://static.hotjar.com https://static.tacdn.com https://static.x-channel.triptease.io https://tag.getdrip.com https://tag.yieldoptimizer.com https://tagmanager.google.com https://tags.srv.stackadapt.com/events.js https://targeted-messages.triptease.io https://www.googletagmanager.com https://www.gstatic.com/recaptcha/ https://www.jscache.com https://www.menumodo.com https://www.opentable.co.uk https://www.thehotelsnetwork.com https://www.tripadvisor.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.adsrvr.org https://*.aptrinsic.com https://*.google-analytics.com https://*.googletagmanager.com https://*.gstatic.com https://*.sojern.com https://*.speedrfp.com https://*.youtube.com https://ajax.googleapis.com https://api.getdrip.com https://bat.bing.com https://browser.sentry-cdn.com https://cdn.denomatic.com https://cdn.flip.to https://cdn.jsdelivr.net/npm/bootstrap@4.6.2/ https://cdn.jsdelivr.net/npm/bootstrap@5.0.0-beta2/ https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/ https://cdn.jsdelivr.net/npm/bootstrap@5.2.3/ https://cdn.jsdelivr.net/npm/feather-icons@4.29.0/ https://cdn.jsdelivr.net/npm/feather-icons/ https://cdn.jsdelivr.net/npm/ip-geolocation-api-jquery-sdk@1.0.6/ https://cdn.jsdelivr.net/npm/jquery@3.5.1/ https://cdn.jsdelivr.net/npm/jquery@3.6.4/ https://cdn.jsdelivr.net/npm/popper.js@1.16.1/ https://cdn.otstatic.com https://cdnjs.cloudflare.com/ajax/libs/intl-tel-input/17.0.19/ https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/ https://code.jquery.com/jquery-3.2.1.slim.min.js https://components.flip.to https://connect.facebook.net https://consent.cookiebot.com https://consentcdn.cookiebot.com https://contentz.mkt941.com https://customs.affilired.com https://d16fk4ms6rqz1v.cloudfront.net https://googleads.g.doubleclick.net https://googletagmanager.com https://integration.flip.to https://js.monitor.azure.com https://js.sentry-cdn.com https://maps.googleapis.com https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/ https://mc.yandex.com https://mc.yandex.ru https://navigator.ink-global.com https://onboard.triptease.io https://p.relay-t.io https://script.crazyegg.com https://script.hotjar.com https://sleeknotecustomerscripts.sleeknote.com https://sleeknotestaticcontent.s3.eu-west-1.amazonaws.com https://sleeknotestaticcontent.sleeknote.com https://static-meta.triptease.io https://static.hotjar.com https://static.tacdn.com https://tag.getdrip.com https://tag.yieldoptimizer.com https://tagmanager.google.com https://tags.srv.stackadapt.com https://targeted-messages.triptease.io https://wl-suppliers.app.cvent.com https://www.google.com https://www.gstatic.com/recaptcha/ https://www.jscache.com https://www.opentable.co.uk https://www.thehotelsnetwork.com https://www.tripadvisor.co.uk https://www.tripadvisor.com; style-src-elem 'self' 'unsafe-inline' https://cdn.jsdelivr.net/npm/bootstrap@5.2.3/dist/css/bootstrap.min.css https://p.typekit.net https://tags.srv.stackadapt.com/sa.css https://use.typekit.net https://www.menumodo.com; style-src 'self' 'unsafe-inline' data: https://*.aptrinsic.com https://*.googletagmanager.com https://cdn.jsdelivr.net/npm/bootstrap@4.6.2/ https://cdn.jsdelivr.net/npm/bootstrap@5.0.0-beta2/ https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/ https://cdn.jsdelivr.net/npm/bootstrap@5.2.3/ https://cdnjs.cloudflare.com/ajax/libs/intl-tel-input/17.0.19/ https://fonts.googleapis.com https://googletagmanager.com https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/ https://p.typekit.net https://static.tacdn.com https://tagmanager.google.com https://use.typekit.net https://www.menumodo.com; script-src-attr https://www.menumodo.com; 1
object-src 'none';base-uri 'self';script-src 'nonce-w0BqezGqwU3dy24FYi4PVw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-hRAmnQVQNnm04LySzWB70g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src 'self' fonts.googleapis.com fonts.gstatic.com fonts.soundestlink.com data:;style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com fonts.soundestlink.com assets.mxapis.com *.cloudfront.net www.gstatic.com;style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com fonts.soundestlink.com www.gstatic.com assets.mxapis.com *.cloudfront.net;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.cookiebot.com *.google-analytics.com *.googleapis.com *.google.com *.google.lt *.google.lv *.googleadservices.com *.googlesyndication.com *.facebook.net *.bing.com *.cloudflare.com *.hotjar.com *.cloudflare.com *.doubleclick.net static.cloudflareinsights.com *.clarity.ms *.nosto.com omnisnippet1.com *.rackcdn.com *.equalweb.com *.mxapis.com *.ladesk.com cdn.dot.vu tags.creativecdn.com analytics.tiktok.com chimpstatic.com *.mailchimp.com *.list-manage.com *.cloudfront.net static.cloudflareinsights.com *.adform.net *.googleapis.com;script-src-elem 'self' 'unsafe-inline' cdn.datatables.net static.cloudflareinsights.com *.clarity.ms *.googletagmanager.com *.cookiebot.com *.google-analytics.com *.googleapis.com *.google.com *.google.lt *.google.lv *.googleadservices.com *.googlesyndication.com *.facebook.net *.bing.com *.cloudflare.com *.cloudflare.com *.doubleclick.net www.youtube.com pagead2.googlesyndication.com *.nosto.com omnisnippet1.com *.rackcdn.com *.equalweb.com *.mxapis.com *.ladesk.com cdn.dot.vu tags.creativecdn.com analytics.tiktok.com chimpstatic.com *.mailchimp.com *.list-manage.com *.cloudfront.net static.cloudflareinsights.com *.adform.net;connect-src 'self' https://api.e-menessaptieka.lv *.nordcode.io *.google-analytics.com *.doubleclick.net *.google.com *.cookiebot.com *.bing.com *.googlesyndication.com *.clarity.ms *.facebook.com adservice.google.com graph.facebook.com www.googleadservices.com www.google.com www.google.lt www.google.lv googleadservices.com google.com google.lt google.lv wt.omnisendlink.com pagead2.googlesyndication.com *.nosto.com *.sentry.io *.googleapis.com *.equalweb.com *.soundestlink.com *.dot.vu ams.creativecdn.com analytics.tiktok.com *.e-menessaptieka.lv *.moonmart.lt *.mxapis.com *.tiktokw.us;frame-src 'self' *.cookiebot.com *.doubleclick.net *.youtube.com accounts.google.com *.ladesk.com live.dot.vu ams.creativecdn.com cdn.mxapis.com;img-src 'self' data: https://api.e-menessaptieka.lv https://images.e-menessaptieka.lv *.klix.app *.cookiebot.com *.google-analytics.com *.doubleclick.net *.googlesyndication.com *.googletagmanager.com *.google.com *.google.lt *.google.lv *.cloudflare.com *.tawk.to tawk.link *.hotjar.com *.soundestlink.com *.googleapis.com *.gstatic.com *.facebook.com *.youtube.com *.doubleclick.net *.dmxleo.com *.hotjar.com *.omnisendlink.com *.bing.com *.adform.net *.criteo.com *.clarity.ms *.demdex.net x.bidswitch.net ib.adnxs.com rtb-csync.smartadserver.com sync-t1.taboola.com visitor.omnitagjs.com r.casalemedia.com ad.360yield.com matching.ivitrack.com contextual.media.net exchange.mediavine.com jadserve.postrelease.com sync.outbrain.com simage2.pubmatic.com pixel.rubiconproject.com match.sharethrough.com criteo-sync.teads.tv criteo-partners.tremorhub.com eb2.3lift.com ad.yieldlab.net sync-criteo.ads.yieldmo.com e1.emxdgt.com googleads.g.doubleclick.net omnisnippet1.com csm.fr3.eu.criteo.net id5-sync.com ade.googlesyndication.com *.nosto.com *.appspot.com serve.mxapis.com *.e-menessaptieka.lv *.moonmart.lt www.googleadservices.com *.creativecdn.com static.salidzini.lv ema.ladesk.com;default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://api.e-menessaptieka.lv https://images.e-menessaptieka.lv;report-uri https://api.e-menessaptieka.lv/csp/report 1
object-src 'none';base-uri 'self';script-src 'nonce-NlxeXMF_pXABBMc10hKE8g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-YcN8_moLOUnBsFOnRXQNXA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-rybyoIqoUjij68PVgePCew' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All 1
object-src 'none';base-uri 'self';script-src 'nonce-aHKZdMhde1sTGQlaewxuIw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'none'; form-action 'none'; frame-ancestors 'none'; connect-src privacyportal.onetrust.com; img-src 'self'; font-src 'self'; report-uri https://233122823c47f119af0143cbea7853d6.report-uri.com/r/d/csp/wizard; 1
default-src 'report-sample' 'self' 'unsafe-inline' data: blob: *.skeb.jp *.imgix.net challenges.cloudflare.com *.pay.jp *.s3.ap-northeast-1.amazonaws.com misskey.io *.misskeyusercontent.jp www.gravatar.com *.twimg.com t.co static.ads-twitter.com analytics.twitter.com analytics.google.com *.gstatic.com *.gstatic.cn fonts.googleapis.com www.googletagmanager.com www.google-analytics.com *.doubleclick.net www.recaptcha.net *.sentry.io *.algolia.net *.algolianet.com cdn.plyr.io *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat;report-to csp-violation-report 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.afterpay.com/ *.afterpaycdn.com *.squarecdn.com *.cash.app 'self' data: *.doubleclick.net *.facebook.com *.getfastr.com *.zmags.com *.klarnacdn.net *.klevu.com *.ksearchnet.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.afterpay.com *.afterpaycdn.com *.squarecdn.com *.cash.app *.doubleclick.net *.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.klarna.com www.facebook.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com p.typekit.net *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.afterpay.com/ *.afterpaycdn.com *.squarecdn.com *.cash.app 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.rlcdn.com *.googleapis.com *.linksynergy.com *.getfastr.com *.zmags.com *.unityclient.com *.listrakbi.com magefan.com cm.magefan.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.klarna.com *.klarnaevt.com *.klarnacdn.net *.klevu.com *.ksearchnet.com *.disqus.com https://img.youtube.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.magento-ds.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.magento-datasolutions.com *.afterpay.com *.afterpaycdn.com *.squarecdn.com *.cash.app *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.pcapredict.com *.addressy.com *.zmags.com *.zma.gs *.googleapis.com *.unityclient.com *.listrakbi.com *.thrive.today recruitingbypaycor.com maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klevu.com *.ksearchnet.com *.disqus.com cdn.ampproject.org connect.facebook.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.afterpay.com/ *.afterpaycdn.com *.squarecdn.com *.cash.app *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.addressy.com *.zmags.com *.zma.gs *.unityclient.com *.listrakbi.com assets.braintreegateway.com *.klarnacdn.net *.klevu.com *.ksearchnet.com maxcdn.bootstrapcdn.com https://statsjs.klevu.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com *.adobe.io performance.typekit.net commerce.adobe.io *.sentry.io *.paypal.com google.com *.google.com *.magento-datasolutions.com *.magento-ds.com *.afterpay.com *.afterpay-beta.com *.afterpaycdn.com *.squarecdn.com *.cash.app api.lab.amplitude.com *.google-analytics.com *.facebook.com *.facebook.net *.doubleclick.net *.addressy.com *.zmags.workers.dev *.zmags.com *.zma.gs *.googleapis.com *.unityclient.com *.listrakbi.com maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com *.klevu.com *.ksearchnet.com cdn.ampproject.org 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src *; img-src * 'self' data: https: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://checkoutshopper-test.adyen.com/ https://checkoutshopper-live.adyen.com/checkoutshopper/sdk/4.7.2/adyen.js https://checkoutshopper-test.adyen.com/checkoutshopper/v1/analytics/log https://checkoutshopper-live.adyen.com/  https://www.paypal.com/ https://www.espares.co.uk/ https://www.espares.ie/ https://dev.visualwebsiteoptimizer.com/ https://www.googletagmanager.com/ https://www.googletagmanager.com/gtm.js https://bat.bing.com/ https://ajax.aspnetcdn.com/ https://assets.empathybroker.com/ https://widget.trustpilot.com/bootstrap/ https://www.dwin1.com/ https://script.hotjar.com/ https://static.hotjar.com/ https://www.googlecommerce.com/trustedstores/api/js https://*.cloudfront.net/ https://cdnjs.cloudflare.com/ajax/libs/ouibounce/ https://www.google.com https://apis.google.com/ https://spareparts.whoson.com https://webchat.mitel.io/ https://www.googleadservices.com/pagead/ https://app.yieldify.com/yieldify/ https://td.yieldify.com/yieldify/ https://googleads.g.doubleclick.net https://platform.twitter.com/ https://connect.facebook.net/ https://www.google-analytics.com/ https://connectdistribution.whoson.com/ https://webchat.mitel.io/ https://tag.perfectaudience.com/serve/ https://www.zenaps.com/ https://tracker.marinsm.com/ https://www.awin1.com/ https://tpc.googlesyndication.com/ wss://am.freshrelevance.com/ https://tracker.departapp.com/ https://cdn-ads.google-analytics.com/ https://www.gstatic.com/recaptcha/ https://imasdk.googleapis.com/ https://adservice.google.com/ https://api.microsofttranslator.com/ https://www.microsofttranslator.com/ https://translate.googleapis.com/ https://tagmanager.google.com/ https://tagmanager.google.com/debug https://tagmanager.google.com/debug/api/vtinfo https://tagmanager.google.com/debug/debuguiApp-bundle.js https://orbitvu.co/ https://cdn.orbitvu.co https://ui.powerreviews.com/ https://display.powerreviews.com/ https://static.powerreviews.com/ https://writeservices.powerreviews.com/ https://form.jotform.com/; style-src 'self' 'unsafe-inline' *; 1
font-src *.gstatic.com data: *.googleapis.com cdnjs.cloudflare.com js-agent.newrelic.com api.map.baidu.com *.baidu.com *.bdimg.com *.mtcaptcha.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://secure-test.worldpay.com/shopper/3ds/ddc.html 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com maisongoyard--staging.sandbox.my.salesforce-sites.com maisongoyard.my.salesforce-sites.com *.mtcaptcha.com *.smartpixels.fr c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://pay.google.com https://secure-test.worldpay.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com maps.googleapis.com maps.gstatic.com *.baidu.com *.bdimg.com sdk.privacy-center.org *.mtcaptcha.com goyard-marquage-webconf.smartpixels.fr ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.goyard.com *.smartpixels.fr goyard-marquage-test-we-appservice-webconf.azurewebsites.net sprint-7onpvba-jccxky3s5ebcw.us-a1.magentosite.cloud www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.cloudflare.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.gstatic.com cdnjs.cloudflare.com bam.nr-data.net mcstaging.goyard.com mcprod.goyard.com goyard.com js-agent.newrelic.com api.map.baidu.com *.baidu.com *.bdimg.com sdk.privacy-center.org *.mtcaptcha.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.goyard.com payments.worldpay.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.google.com/recaptcha/api.js *.cloudflare.com https://pay.google.com/gp/p/js/pay.js https://applepay.cdn-apple.com/jsapi/v1/apple-pay-sdk.js *.payments.worldpay.com/resources/cse/js/worldpay-cse-1.0.2.min.js https://d35p4vvdul393k.cloudfront.net/sdk_library/us/stg/ops/pc_gsmpi_web_sdk.js https://d16i99j5zwwv51.cloudfront.net/sdk_library/us/prd/ops/pc_gsmpi_web_sdk.js https://payments.worldpay.com/resources/hpp/integrations/embedded/js/hpp-embedded-integration-library.js https://cdn-scripts.signifyd.com https://imgs.signifyd.com https://h64.online-metrix.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cdnjs.cloudflare.com *.googleapis.com *.baidu.com *.bdimg.com *.mtcaptcha.com downloads.mailchimp.com unsafe-inline assets.braintreegateway.com *.cloudflare.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.goyard.com *.goyard.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com api.map.baidu.com *.baidu.com *.bdimg.com api.privacy-center.org *.mtcaptcha.com *.goyard.com *.nr-data.net *.smartpixels.fr api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src maisongoyard--staging.sandbox.my.salesforce-sites.com maisongoyard.my.salesforce-sites.com *.mtcaptcha.com *.goyard.com *.nr-data.net *.smartpixels.fr payments.worldpay.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' https://agrilife.org; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://agrilife.org; 1
default-src 'self'; script-src 'self' https://analytics.tiktok.com https://bat.bing.com https://cdn-3.convertexperiments.com https://cdn-4.convertexperiments.com https://cdn.cookielaw.org https://cdn.debugbear.com https://cdn.ometria.com https://cobrowsing-ha.iadvize.com https://code.jquery.com https://connect.facebook.net https://googleads.g.doubleclick.net https://halc.iadvize.com https://p.teads.tv https://s.pinimg.com https://script.hotjar.com https://static.hotjar.com https://unpkg.com https://widget.trustpilot.com https://www.bing.com https://js.klarna.com https://payments.worldpay.com https://rum-static.pingdom.net https://www.awin1.com https://www.dwin1.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://app.convert.com https://ct.pinterest.com https://no-cdn.convertexperiments.com https://r.bing.com https://apis.google.com https://js.playground.klarna.com https://translate-pa.googleapis.com https://translate.google.com https://translate.googleapis.com https://www.google-analytics.com https://pagead2.googlesyndication.com https://*.ssl.ak.dynamic.tiles.virtualearth.net https://www.flyingflowers.co.uk https://www.interflora.ie https://www.interflora.co.uk; style-src-elem 'self' 'unsafe-inline' https://halc.iadvize.com https://r.bing.com https://static.iadvize.com https://www.bing.com https://www.googletagmanager.com https://x.klarnacdn.net https://js.klarna.com https://www.flyingflowers.co.uk https://www.interflora.ie https://www.interflora.co.uk; style-src-elem 'self' 'unsafe-inline' https://halc.iadvize.com https://r.bing.com https://static.iadvize.com https://www.bing.com https://www.googletagmanager.com https://x.klarnacdn.net https://js.klarna.com https://www.flyingflowers.co.uk https://www.interflora.ie; img-src 'self' data: https://www.interflora.co.uk https://media.interflora.co.uk https://ad.doubleclick.net https://analytics.tiktok.com https://bat.bing.com https://cdn.cookielaw.org https://cm.teads.tv https://connect.facebook.net https://googleads.g.doubleclick.net https://l.teads.tv https://r.bing.com static.iadvize.com https://stats.g.doubleclick.net https://t.teads.tv https://trk.ometria.com https://www.awin1.com https://www.bing.com https://www.facebook.com https://logs.convertexperiments.com https://adservice.google.com https://media.flyingflowers.co.uk https://translate.google.com https://www.flyingflowers.co.uk https://www.googletagmanager.com https://t.ssl.ak.dynamic.tiles.virtualearth.net https://interflora.a.bigcontent.io https://ade.googlesyndication.com https://www.wepowerconnections.com https://eu.fareye.co https://cdn.media.amplience.net https://media.interflora.ie https://www.interflora.ie https://fonts.gstatic.com https://www.google.co.uk https://www.google.com; font-src 'self' https://script.hotjar.com https://static.iadvize.com https://x.klarnacdn.net https://www.interflora.co.uk https://www.interflora.ie https://www.flyingflowers.co.uk https://atlas.microsoft.com https://pagead2.googlesyndication.com; connect-src 'self' https://hpp.worldpay.com https://*.metrics.convertexperiments.com https://ad.doubleclick.net https://analytics.tiktok.com https://api.iadvize.com https://ask.hotjar.io https://bat.bing.com https://cdn-3.convertexperiments.com https://cdn.cookielaw.org https://cdn.debugbear.com https://cm.teads.tv https://content.hotjar.io https://ct.pinterest.com https://data.debugbear.com https://googleads.g.doubleclick.net https://halc.iadvize.com https://in.hotjar.com https://insights.algolia.io https://l.teads.tv https://logs.convertexperiments.com https://metrics.hotjar.io https://msn7pvpzhu-1.algolianet.com https://msn7pvpzhu-2.algolianet.com https://msn7pvpzhu-3.algolianet.com https://msn7pvpzhu-dsn.algolia.net https://static.iadvize.com https://stats.g.doubleclick.net https://surveystats.hotjar.io https://t.teads.tv https://trk.ometria.com https://unpkg.com https://vc.hotjar.io https://widget.trustpilot.com wss://ws.hotjar.com https://www.bing.com https://www.facebook.com https://media.interflora.co.uk https://apis.google.com https://cdn.ometria.com https://geolocation.onetrust.com https://payments.worldpay.com https://privacyportal-eu.onetrust.com https://rum-collector-2.pingdom.net https://rum-static.pingdom.net https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://uksouth-0.in.applicationinsights.azure.com https://region1.google-analytics.com https://pagead2.googlesyndication.com https://o4506853695881216.ingest.us.sentry.io https://*.playground.klarnaevt.com https://adservice.google.com https://cdn-4.convertexperiments.com https://connect.facebook.net https://js.klarna.com https://js.playground.klarna.com https://oc.klarnaevt.com https://eu.klarnaevt.com https://region1.analytics.google.com https://analytics.google.com https://api.edq.com https://bat.bing.net https://dev.virtualearth.net https://translate.googleapis.com https://translate-pa.googleapis.com https://www.google.co.uk https://na.klarnaevt.com https://atlas.microsoft.com https://na.klarnaevt.com https://www.interflora.ie https://www.flyingflowers.co.uk https://dc.services.visualstudio.com https://www.awin1.com https://www.googleadservices.com https://wepowerconnections.com wss://cobrowsing-ha.iadvize.com https://xmpp-ha-alb.iadvize.com https://fonts.gstatic.com; frame-src 'self' https://*.fls.doubleclick.net https://ct.pinterest.com https://hpp.worldpay.com https://js.klarna.com https://payments.worldpay.com https://td.doubleclick.net https://widget.trustpilot.com https://www.awin1.com https://www.facebook.com https://js.klarna.com https://pay.klarna.com; media-src 'self' http://media.interflora.co.uk www.bing.com http://cdn.static.amplience.net; report-uri https://interflorauk.report-uri.com/r/t/csp/reportOnly; report-to {"group":"csp-endpoint","max_age":10884600,"endpoints":[{"url":"https://interflorauk.report-uri.com/r/t/csp/reportOnly"}]} 1
frame-src 'self' https://www.google.com  https://www.youtube.com https://vars.hotjar.com www.googletagmanager.com e.issuu.com *.recaptcha.net td.doubleclick.net; base-uri 'self'; object-src 'none'; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http: 'report-sample' *.gosh.nhs.uk www.gosh.nhs.uk feeds.trac.jobs *.googletagmanager.com www.cqc.org.uk e.issuu.com 'nonce-YxE4Hhgy5lxC9CpacCi+fQ=='; manifest-src 'self' *.gosh.nhs.uk; default-src 'self' *.gosh.nhs.uk; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.doubleclick.net www.google.co.uk https://analytics.google.com https://vc.hotjar.io https://in.hotjar.com https://content.hotjar.io https://csmetrics.hotjar.com metrics.hotjar.io wss://ws.hotjar.com surveystats.hotjar.io https://feeds.trac.jobs sentry.issuu.com stats.g.doubleclick.net translate.googleapis.com *.onetrust.com cdn-ukwest.onetrust.com adservice.google.com www.google.com www.google.ad www.google.ae www.google.com.af www.google.com.ag www.google.com.ai www.google.al www.google.am www.google.co.ao www.google.com.ar www.google.as www.google.at www.google.com.au www.google.az www.google.ba www.google.com.bd www.google.be www.google.bf www.google.bg www.google.com.bh www.google.bi www.google.bj www.google.com.bn www.google.com.bo www.google.com.br www.google.bs www.google.bt www.google.co.bw www.google.by www.google.com.bz www.google.ca www.google.cd www.google.cf www.google.cg www.google.ch www.google.ci www.google.co.ck www.google.cl www.google.cm www.google.cn www.google.com.co www.google.co.cr www.google.com.cu www.google.cv www.google.com.cy www.google.cz www.google.de www.google.dj www.google.dk www.google.dm www.google.com.do www.google.dz www.google.com.ec www.google.ee www.google.com.eg www.google.es www.google.com.et www.google.fi www.google.com.fj www.google.fm www.google.fr www.google.ga www.google.ge www.google.gg www.google.com.gh www.google.com.gi www.google.gl www.google.gm www.google.gr www.google.com.gt www.google.gy www.google.com.hk www.google.hn www.google.hr www.google.ht www.google.hu www.google.co.id www.google.ie www.google.co.il www.google.im www.google.co.in www.google.iq www.google.is www.google.it www.google.je www.google.com.jm www.google.jo www.google.co.jp www.google.co.ke www.google.com.kh www.google.ki www.google.kg www.google.co.kr www.google.com.kw www.google.kz www.google.la www.google.com.lb www.google.li www.google.lk www.google.co.ls www.google.lt www.google.lu www.google.lv www.google.com.ly www.google.co.ma www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.com.mm www.google.mn www.google.ms www.google.com.mt www.google.mu www.google.mv www.google.mw www.google.com.mx www.google.com.my www.google.co.mz www.google.com.na www.google.com.ng www.google.com.ni www.google.ne www.google.nl www.google.no www.google.com.np www.google.nr www.google.nu www.google.co.nz www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.pl www.google.pn www.google.com.pr www.google.ps www.google.pt www.google.com.py www.google.com.qa www.google.ro www.google.ru www.google.rw www.google.com.sa www.google.com.sb www.google.sc www.google.se www.google.com.sg www.google.sh www.google.si www.google.sk www.google.com.sl www.google.sn www.google.so www.google.sm www.google.sr www.google.st www.google.com.sv www.google.td www.google.tg www.google.co.th www.google.com.tj www.google.tl www.google.tm www.google.tn www.google.to www.google.com.tr www.google.tt www.google.com.tw www.google.co.tz www.google.com.ua www.google.co.ug www.google.co.uk www.google.com.uy www.google.co.uz www.google.com.vc www.google.co.ve www.google.vg www.google.co.vi www.google.com.vn www.google.vu www.google.ws www.google.rs www.google.co.za www.google.co.zm www.google.co.zw www.google.cat; font-src 'self' https://fonts.gstatic.com  script.hotjar.com https://fonts.googleapis.com data:; media-src 'self' gosh.shorthandstories.com cdn.plyr.io data: media.gosh.nhs.uk ssl.gstatic.com *.s3.amazonaws.com; style-src 'self' 'report-sample' 'unsafe-inline' services.postcodeanywhere.co.uk fonts.googleapis.com feeds.trac.jobs www.cqc.org.uk www.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http: 'report-sample' https://www.googletagmanager.com https://www.google.co.uk https://www.google.com https://feeds.trac.jobs feeds.trac.jobs 'nonce-YxE4Hhgy5lxC9CpacCi+fQ=='; img-src 'self' data: *.gosh.nhs.uk *.google-analytics.com *.googletagmanager.com i.ytimg.com *.cqc.org.uk *.gstatic.com *.google.com stats.g.doubleclick.net feeds.trac.jobs https://static.trac.jobs static.trac.jobs healthjobsuk.com services.postcodeanywhere.co.uk dx4nr741tfc02.cloudfront.net www.healthjobsuk.com 'sha384-YephmBv2489Q13yLaARSHqhDtSlHeIs5DEiq8I1fyh4aQcG+nRoz5Y6eWndd5cVz' *.onetrust.com cdn-ukwest.onetrust.com script.hotjar.com www.google.com www.google.ad www.google.ae www.google.com.af www.google.com.ag www.google.com.ai www.google.al www.google.am www.google.co.ao www.google.com.ar www.google.as www.google.at www.google.com.au www.google.az www.google.ba www.google.com.bd www.google.be www.google.bf www.google.bg www.google.com.bh www.google.bi www.google.bj www.google.com.bn www.google.com.bo www.google.com.br www.google.bs www.google.bt www.google.co.bw www.google.by www.google.com.bz www.google.ca www.google.cd www.google.cf www.google.cg www.google.ch www.google.ci www.google.co.ck www.google.cl www.google.cm www.google.cn www.google.com.co www.google.co.cr www.google.com.cu www.google.cv www.google.com.cy www.google.cz www.google.de www.google.dj www.google.dk www.google.dm www.google.com.do www.google.dz www.google.com.ec www.google.ee www.google.com.eg www.google.es www.google.com.et www.google.fi www.google.com.fj www.google.fm www.google.fr www.google.ga www.google.ge www.google.gg www.google.com.gh www.google.com.gi www.google.gl www.google.gm www.google.gr www.google.com.gt www.google.gy www.google.com.hk www.google.hn www.google.hr www.google.ht www.google.hu www.google.co.id www.google.ie www.google.co.il www.google.im www.google.co.in www.google.iq www.google.is www.google.it www.google.je www.google.com.jm www.google.jo www.google.co.jp www.google.co.ke www.google.com.kh www.google.ki www.google.kg www.google.co.kr www.google.com.kw www.google.kz www.google.la www.google.com.lb www.google.li www.google.lk www.google.co.ls www.google.lt www.google.lu www.google.lv www.google.com.ly www.google.co.ma www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.com.mm www.google.mn www.google.ms www.google.com.mt www.google.mu www.google.mv www.google.mw www.google.com.mx www.google.com.my www.google.co.mz www.google.com.na www.google.com.ng www.google.com.ni www.google.ne www.google.nl www.google.no www.google.com.np www.google.nr www.google.nu www.google.co.nz www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.pl www.google.pn www.google.com.pr www.google.ps www.google.pt www.google.com.py www.google.com.qa www.google.ro www.google.ru www.google.rw www.google.com.sa www.google.com.sb www.google.sc www.google.se www.google.com.sg www.google.sh www.google.si www.google.sk www.google.com.sl www.google.sn www.google.so www.google.sm www.google.sr www.google.st www.google.com.sv www.google.td www.google.tg www.google.co.th www.google.com.tj www.google.tl www.google.tm www.google.tn www.google.to www.google.com.tr www.google.tt www.google.com.tw www.google.co.tz www.google.com.ua www.google.co.ug www.google.co.uk www.google.com.uy www.google.co.uz www.google.com.vc www.google.co.ve www.google.vg www.google.co.vi www.google.com.vn www.google.vu www.google.ws www.google.rs www.google.co.za www.google.co.zm www.google.co.zw www.google.cat; report-uri https://o516378.ingest.sentry.io/api/5622733/security/?sentry_key=c5f8a650e74b48a889ccadeaa5014261&sentry_environment=production 1
font-src maxcdn.bootstrapcdn.com *.klevu.com *.ksearchnet.com *.gstatic.com *.yotpo.com *.googleapis.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.meetanshi.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.weltpixel.com *.google.com/ *.meetanshi.com *.trustpilot.com 'self' data: cmp.osano.com td.doubleclick.net *.criteo.com www.googletagmanager.com static.criteo.net 23345742.hs-sites.com 'unsafe-inline' data: securemyrx.com creatives.attn.tv api.quizell.com app.quizell.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com https://images.unsplash.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://www.magezon.com https://redchamps.com *.klevu.com *.ksearchnet.com https://img.youtube.com *.meetanshi.com *.gstatic.com www.google.co.in *.hubspot.com perf-na1.hsforms.com forms.hsforms.com www.facebook.com sync.1rx.io rtb-csync.smartadserver.com x.bidswitch.net cm.g.doubleclick.net ib.adnxs.com tg.socdm.com r.casalemedia.com cs.adingo.jp ads.stickyadstv.com ad.360yield.com idsync.rlcdn.com *.bing.com public-prod-dspcookiematching.dmxleo.com contextual.media.net *.criteo.com sync.outbrain.com simage2.pubmatic.com pixel.rubiconproject.com sync-t1.taboola.com criteo-sync.teads.tv ade.clmbtech.com eb2.3lift.com dis.criteo.com aa.agkn.com cm.adgrx.com sync.targeting.unrulymedia.com sca1.listrakbi.com seal-utah.bbb.org s1.listrakbi.com *.pubmatic.com sync.ipredictive.com pixel-sync.sitescout.com sync.crwdcntrl.net pixel.tapad.com jelly.mdhv.io 1f2e7.v.fwmrm.net match.prod.bidr.io pr-bh.ybp.yahoo.com match.adsrvr.org pm.w55c.net et.resellerratings.com api.purechat.com *.purechat.com recs.listrakbi.com static.hsappstatic.net partner.mediawallahscript.com ap.lijit.com *.liadm.com exchange.mediavine.com jadserve.postrelease.com trends.revcontent.com tapestry.tapad.com criteo-partners.tremorhub.com ad.tpmn.io px.ads.linkedin.com d.turn.com secure.adnxs.com i.liadm.com idsync.reson8.com match.deepintent.com ad.tpmn.co.kr thrtle.com *.analytics.yahoo.com obgpm76tt0a0sgogzhdfe.redinuid.imrworldwide.com sync.mathtag.com *.tribalfusion.com events.attentivemobile.com live.rezync.com pippio.com data.adsrvr.org ce.lijit.com c1.adform.com um.simpli.fi mid.rkdms.com b1sync.outbrain.com b1sync.zemanta.com sync.srv.stackadapt.com ws.rqtrk.eu *.yotpo.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.attn.tv events.attentivemobile.com s7.addthis.com https://z.moatads.com https://cdn.jsdelivr.net cdn.jsdelivr.net js.klevu.com *.ksearchnet.com *.google.com/ *.meetanshi.com *.trustpilot.com https://www.googletagmanager.com tagmanager.google.com 'unsafe-inline' data: js-agent.newrelic.com z.moatads.com cdn.listrakbi.com z.moatads.co bat.bing.com www.dwin1.com acsbapp.co cmp.osano.com app.purechat.com js.hs-scripts.com js.usemessages.com js.hs-banner.com js.hscollectedforms.net js.hubspot.com js.hs-analytics.net ajax.googleapis.com *.listrakbi.com services.listrak.com prod.purechatcdn.com acsbapp.com 23345742.hs-sites.com www.resellerratings.com *.lunio.ai *.criteo.com player.vimeo.com cdn.noibu.com catpq.vitalitymedical.com static.cloudflareinsights.com conversionteam.s3.amazonaws.com api.quizell.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline https://cdn.jsdelivr.net cdn.jsdelivr.net maxcdn.bootstrapcdn.com *.klevu.com *.ksearchnet.com *.trustpilot.com tagmanager.google.com cdn.listrakbi.com api.quizell.com *.yotpo.com *.googleapis.com dhv2ziothpgrr.cloudfront.net https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.attn.tv events.attentivemobile.com ekr.zdassets.com/ *.klevu.com *.ksearchnet.com *.meetanshi.com https://www.google-analytics.com 'self' data: bam.nr-data.net cdn.acsbapp.com cmp.osano.com *.google.com *.purechat.com api.hubspot.com cta-service-cms2.hubspot.com forms.hscollectedforms.net recs.listrakbi.com measurement-api.criteo.com tattle.api.osano.com stats.g.doubleclick.net consent.api.osano.com invitejs.trustpilot.com www.resellerratings.com conversions.lunio.ai google.com *.noibu.com catpq.vitalitymedical.com cloudflareinsights.com wss://input.noibu.com/ api.quizell.com bat.bing.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' https: data: blob: wss: 'unsafe-eval' 'unsafe-inline'; script-src 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' *.%2A.civiccomputing.com *.civiccomputing.com *.clarity.ms *.cloudflare.com *.googletagmanager.com *.jsdelivr.net *.library.wales; style-src-attr 'unsafe-inline' 'report-sample'; img-src 'self' data: *.ytimg.com *.vimeocdn.com *.youtube.com *.gstatic.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.ad *.google.ae *.google.al *.google.am *.google.as *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cat *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com.af *.google.com.ag *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gr *.google.gy *.google.hn *.google.hr *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kg *.google.ki *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.pn *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vu *.google.ws *.library.wales *.llgc.org.uk *.staticflickr.com *.ticketsource.co.uk fonts.gstatic.com play.google.com syndication.twitter.com translate.google.com; base-uri 'self'; frame-src 'self' *.youtube-nocookie.com *.youtube.com *.vimeo.com *.doubleclick.net *.googletagmanager.com *.google.com *.libanswers.com *.library.wales *.llyfrgell.cymru *.lyfrgell.cymru *.twitter.com div.show hwb.gov.wales sketchfab.com www.canva.com; style-src-elem 'report-sample' 'self' 'unsafe-inline' *.clarity.ms *.fontawesome.com *.libanswers.com *.library.wales connect.facebook.net fonts.googleapis.com; style-src 'self' https: data: blob: wss: *.googleapis.com 'inline' 'report-sample'; connect-src 'self' https: data: blob: wss: *.googleapis.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.google.com *.google.ad *.google.ae *.google.al *.google.am *.google.as *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cat *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com.af *.google.com.ag *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gr *.google.gy *.google.hn *.google.hr *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kg *.google.ki *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.pn *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vu *.google.ws; script-src-elem 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' *.%2A.civiccomputing.com *.civiccomputing.com *.clarity.ms *.cloudflare.com *.googletagmanager.com *.jsdelivr.net *.library.wales *.%2A.v2.scr.kaspersky-labs.com *.flickr.com *.libanswers.com adblockers.opera-mini.net connect.facebook.net s3.amazonaws.com wusote.hirizasune.com; report-uri https://www.library.wales/@http-reporting?csp=report&requestTime=1752196647736448&requestHash=8ad5380e6de3e2d5246090f9b4677c4fe37fd14c 1
default-src 'self' https://*.ototoy.jp; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.ototoy.jp https://bccks.jp https://cdnjs.cloudflare.com/ajax/libs/jquery.bootstrapvalidator/ https://connect.facebook.net https://platform.instagram.com https://www.instagram.com https://code.jquery.com https://scdn.line-apps.com https://d.line-scdn.net https://embed.nicovideo.jp https://platform.twitter.com https://syndication.twitter.com https://player.vimeo.com https://platform.vine.co https://static-fe.payments-amazon.com https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.ggpht.com https://*.googleusercontent.com https://*.google-analytics.com https://*.googletagmanager.com; style-src 'self' 'unsafe-inline' https://*.ototoy.jp https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cdnjs.cloudflare.com/ajax/libs/jquery.bootstrapvalidator/ https://fonts.googleapis.com; img-src 'self' data: blob: *; font-src 'self' data: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://fonts.gstatic.com; connect-src 'self' data: blob: https://*.ototoy.jp https://payments-fe.amazon.com https://api3.veritrans.co.jp https://*.googleapis.com https://*.gstatic.com https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat; frame-src 'self' https://bandcamp.com https://m.facebook.com https://mobile.facebook.com https://web.facebook.com https://www.facebook.com https://www.instagram.com https://social-plugins.line.me https://embed.nicovideo.jp https://w.soundcloud.com https://open.spotify.com https://platform.twitter.com https://syndication.twitter.com https://player.vimeo.com https://www.youtube.com https://secure2.arcot.com https://secure4.arcot.com https://dig-acs2.cafis-paynet.jp https://dig3ds.cafis-paynet.jp https://geoissuer.cardinalcommerce.com https://acs-jcn.dnp-cdms.jp https://api.veritrans.co.jp https://*.google.com https://td.doubleclick.net; report-uri /csp-report.php?v=3 1
object-src 'none'; script-src 'self' 'unsafe-eval' fonts.googleapis translate.google.com translate.googleapis.com translate-pa.googleapis.com *.gstatic.com siteimproveanalytics.com *.siteimprove.com svc.webspellchecker.net js-agent.newrelic.com bam.nr-data.net cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdn.siteimprove.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://rebilly.github.io https://static.addtoany.com https://unpkg.com maps.googleapis.com platform.instagram.com platform.twitter.com; script-src-attr 'self'; script-src-elem 'self' fonts.googleapis translate.google.com translate.googleapis.com translate-pa.googleapis.com *.gstatic.com siteimproveanalytics.com *.siteimprove.com svc.webspellchecker.net js-agent.newrelic.com bam.nr-data.net cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdn.siteimprove.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://rebilly.github.io https://static.addtoany.com https://unpkg.com maps.googleapis.com platform.instagram.com platform.twitter.com; style-src 'self' fonts.googleapis translate.google.com translate.googleapis.com translate-pa.googleapis.com *.gstatic.com siteimproveanalytics.com *.siteimprove.com svc.webspellchecker.net js-agent.newrelic.com bam.nr-data.net cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://use.fontawesome.com; style-src-attr 'self'; frame-ancestors 'self' 1
object-src 'none';base-uri 'self';script-src 'nonce-u4_5pXqL_6cOvINWueOhIQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
report-uri https://endpoint2.collection.us2.sumologic.com/receiver/v1/http/ZaVnC4dhaV2u2GjwMA9q_eiqKg5HCQ6WqgWnyE_O8O5rs_5vhjwTVHSzKUOOo6KznuzliyG76vE5uwlKAGy0C9uQWbsWBt1dP5ppWyVV03wAuGxliL4Qrg== ; block-all-mixed-content ; default-src 'none' ; script-src 'report-sample' 'unsafe-eval' 'unsafe-inline' https: 'nonce-NONCEPLACEHOLDER' 'strict-dynamic' ; base-uri 'report-sample' 'self' ; img-src 'report-sample' 'self' https: data: ; connect-src 'report-sample' 'self' https://www.facebook.com https://api.rollbar.com https://api.segment.io https://api.amplitude.com https://bar.stunning.co https://rs.fullstory.com https://stats.g.doubleclick.net https://www.google-analytics.com https://bam.nr-data.net ; style-src 'report-sample' https://font.typeform.com 'unsafe-inline' ; font-src 'report-sample' https://font.typeform.com https://fonts.gstatic.com data: ; frame-src 'report-sample' https://www.google.com https://www.facebook.com https://tpc.googlesyndication.com ; 1
default-src https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.paa-reporting-advertising.amazon https://*.twitch.tv https://*.newworld.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://sentry.amazongames.com https://dqzvgunkova5o.cloudfront.net; script-src 'nonce-3fa5fc2fbbc849439501aa5e4dc4366d'  https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.paa-reporting-advertising.amazon https://*.twitch.tv https://*.newworld.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://sentry.amazongames.com https://dqzvgunkova5o.cloudfront.net; style-src 'self' 'nonce-3fa5fc2fbbc849439501aa5e4dc4366d'  https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.paa-reporting-advertising.amazon https://*.twitch.tv https://*.newworld.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://sentry.amazongames.com https://dqzvgunkova5o.cloudfront.net; img-src 'self' data:  https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.paa-reporting-advertising.amazon https://*.twitch.tv https://*.newworld.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://sentry.amazongames.com https://dqzvgunkova5o.cloudfront.net https://*.twimg.com https://player.twitch.tv/ https://*.ytimg.com; media-src 'self' data:  https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.paa-reporting-advertising.amazon https://*.twitch.tv https://*.newworld.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://sentry.amazongames.com https://dqzvgunkova5o.cloudfront.net https://*.twimg.com https://player.twitch.tv/ https://www.youtube.com https://youtube.com https://*.googlevideo.com; frame-src https://www.youtube.com https://youtube.com https://*.googlevideo.com https://*.twimg.com https://player.twitch.tv/  https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.paa-reporting-advertising.amazon https://*.twitch.tv https://*.newworld.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://sentry.amazongames.com https://dqzvgunkova5o.cloudfront.net; report-uri https://www.amazon.com/1/batch/2/OE/mid=ATVPDKIKX0DER:sid=132-1255373-0203302:rid=D459966318F14592B4B2:sn=www.newworld.com 1
default-src 'self'; script-src 'report-sample' 'self' https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/CHIHFAf1bjFPOjwwi5Xa4cWR/recaptcha__en.js; style-src 'report-sample' 'unsafe-inline' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://min-api.cryptocompare.com wss://relay.walletconnect.com https://explorer-api.walletconnect.com https://rpc.walletconnect.com https://rpc.flashbots.net ; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://www.google.com https://verify.walletconnect.org https://verify.walletconnect.com; img-src 'self' https://explorer-api.walletconnect.com; manifest-src 'self'; media-src 'self'; worker-src 'none'; frame-ancestors 'self'; 1
object-src 'none';base-uri 'self';script-src 'nonce-WSdjc5zwu2JdNqQQ_vgv6w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'strict-dynamic' 'nonce-2AsQ7QGirXVKKamJX7xR0A==' 1
object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-XRiiSWES-rISMBJTgRDDXA' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All 1
default-src 'self' https://api.propbackend.com https://www.googletagmanager.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fgrprt.myfundedfutures.com https://*.checkout.com https://accounts.google.com https://www.google.com https://www.gstatic.com https://www.recaptcha.net https://googleads.g.doubleclick.net https://*.googletageservices.com https://www.googletagmanager.com https://*.googletagmanager.com https://widget.intercom.io https://js.intercomcdn.com https://cdnjs.cloudflare.com https://risk.sandbox.checkout.com https://onesignal.com https://cdn.onesignal.com https://cdn.safecharge.com https://www.clarity.ms https://js.appboycdn.com https://va.vercel-scripts.com https://*.plaid.com https://main.dashboard.datashopper.com https://static.sumsub.com; style-src 'self' 'unsafe-inline' https://widget.intercom.io https://fonts.googleapis.com https://accounts.google.com https://*.fontawesome.com https://onesignal.com; font-src 'self' data: https://fonts.intercomcdn.com https://fonts.gstatic.com; img-src 'self' data: https://www.google.com https://c.clarity.ms https://ui-avatars.com https://www.googletagmanager.com https://*.googletagmanager.com https://*.intercomcdn.com https://www.clarity.ms https://res.cloudinary.com https://img.onesignal.com https://static.intercomassets.com https://*.doubleclick.net; connect-src 'self' https://api.myfundedfutures.com https://api.propbackend.com wss://api.propbackend.com https://fgrprt.myfundedfutures.com https://*.segment.com https://*.segment.io https://*.intercom.io wss://*.intercom.io https://api-iam.intercom.io https://*.analytics.google.com https://www.google.com https://risk.sandbox.checkout.com https://*.checkout.com https://onesignal.com https://www.clarity.ms https://*.clarity.ms https://*.googletagmanager.com https://*.g.doubleclick.net https://stats.g.doubleclick.net https://*.google-analytics.com https://analytics.google.com https://pagead2.googlesyndication.com https://google.com https://app.fundedcms.com https://api.simplesvg.com https://api.iconify.design https://sdk.iad-07.braze.com https://api.unisvg.com; frame-src 'self' https://www.google.com https://www.youtube.com https://dxfeed.myfundedfutures.com https://tv.myfundedfutures.com https://webapp.volumetricatrading.com https://d-myfundedfutures.volumetricatrading.com https://staging-tradingview.omniaprop.cloud https://staging-webapp.volumetricatrading.com https://api.sumsub.com https://www.recaptcha.net https://*.checkout.com https://*.googletageservices.com https://*.doubleclick.net https://www.googletagmanager.com https://*.googletagmanager.com https://*.plaid.com; object-src 'none'; base-uri 'self'; frame-ancestors 'self'; upgrade-insecure-requests; report-uri https://myfundedfutures.report-uri.com/r/d/csp/reportOnly; 1
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:;     script-src * 'unsafe-inline' 'unsafe-eval' data: blob:;     connect-src * 'unsafe-inline' 'unsafe-eval' data: blob:;     frame-ancestors *; 1
object-src 'none';base-uri 'self';script-src 'nonce-l8_Mq1dWstD6r0xxn4S9zw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' *.simyo.es *.typekit.net *.sumup.com *.opentech.com *.consorsbank.de *.bkm.com.tr *.micb.md *.capitecbank.co.za *.asseco-see.hr *.ing.com *.privatbank.ua *.n26.com *.six-group.com *.seglan.com *.monext.fr *.rsa3dsauth.com *.papara.com *.sibs.pt *.bpcbt.com *.capitalone.com *.bpcprocessing.com *.kapital24.uz *.alignet.io *.revolut.com *.wlp-acs.com *.mycardplace.com *.emlpayments.com *.abanca.com *.viseca.ch *.edb.com *.arca.am *.modirum.com *.redsys.es *.marqeta.com *.vinea.es *.cardinalcommerce.com;  script-src-elem 'self' 'unsafe-inline' *.redsys.es *.cardinalcommerce.com *.googleapis.com *.pinterest.com bat.bing.com *.gstatic.com *.googletagmanager.com *.doubleclick.net *.amazon-adsystem.com *.pinimg.com *.taboola.com amplify.outbrain.com jgb8.simyo.es analytics.tiktok.com *.weborama.fr connect.facebook.net foodin.site sc-static.net *.hotjar.com *.mathtag.com *.appboycdn.com *.google-analytics.com *.useinsider.com *.criteo.com *.jsdelivr.net *.cardinalcommerce.com *.google.com www.google.com/recaptcha *.xizumubama.com *.thetto.com *.roterf.com *.snapchat.com *.appsflyer.com *.bazaarvoice.com *.bimien.com;  script-src 'self' 'unsafe-inline' https: 'unsafe-eval' *.typekit.net *.redsys.es *.cardinalcommerce.com *.googletagmanager.com bat.bing.com *.googleapis.com *.gstatic.com *.google.com *.ggpht.com *.googleusercontent.com *.yandex.net yastatic.net blob:;  img-src 'self' *.redsys.es *.simyo.es *.google.es *.doubleclick.net *.weborama.fr *.facebook.com *.cardinalcommerce.com bat.bing.com *.google-analytics.com analytics.tiktok.com *.typekit.net *.googletagmanager.com *.googleapis.com *.gstatic.com *.google.com  *.googleusercontent.com *.vimeocdn.com data: *.360yield.com *.doubleclick.net *.stickyadstv.com *.yieldmo.com *.bing.com blob: bttrack.com *.shoppiday.es *.goin.cloud *.honey.io *.media.net *.camarabilbao.com *.adxcel-ec2.com *.mediavine.com *.weborama.fr *.criteo.com *.liadm.com *.adnxs.com *.rlcdn.com *.postrelease.com *.roeye.com *.ggpht.com *.sharethrough.com *.yandex.ru *.veritone-ce.com *.mediawallahscript.com *.rubiconproject.com *.casalemedia.com *.smartadserver.com *.pubmatic.com *.yahoo.com *.igstatic.com *.taboola.com *.1rx.io *.outbrain.com *.revcontent.com *.omnitagjs.com webkit-masked-url://hidden *.facebook.com *.google.ad *.google.al *.google.at *.google.be *.google.bg *.google.by *.google.ca *.google.ch *.google.cl *.google.cn *.google.co.cr *.google.co.id *.google.co.in *.google.co.jp *.google.co.kr *.google.co.ma *.google.co.th *.google.co.uk *.google.co.ve *.google.co.za *.google.com *.google.com.ar *.google.com.au *.google.com.br *.google.com.co *.google.com.do *.google.com.ec *.google.ba *.google.co.uz *.google.bf *.google.ci *.google.com.gi *.google.com.gt *.google.com.ni *.google.com.np *.google.com.eg *.google.com.hk *.google.com.mt *.google.com.mx *.google.com.my *.google.com.pe *.google.com.py *.google.com.qa *.google.com.sg *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vn *.google.com.gh *.google.cz *.google.de *.google.dk *.google.ee *.google.es *.google.co.ao *.google.co.il *.google.co.ug *.google.com.bo *.google.com.bz *.google.com.na *.google.com.sv *.google.md *.google.mw *.google.iq *.google.am *.google.fi *.google.cv *.google.dz *.google.ge *.google.hn *.google.kz *.google.lk *.google.lv *.google.rs *.google.sn *.google.fr *.google.gr *.google.hr *.google.hu *.google.ie *.google.is *.google.it *.google.lt *.google.lu *.google.ae *.google.mu *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.ru *.google.se *.google.si *.google.sk *.google.cm *.google.co.ke *.google.co.nz *.google.com.pa *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.sa *.google.me *.google.mv *.google.tn *.bidswitch.net *.groovinads.com *.clarity.ms *.ytimg.com mikkiload.com *.prfrm-ads.com *.charleskeith.co.th *.barclays.co.uk *.snapchat.com *.adentifi.com *.amazonaws.com *.discordapp.com *.yandex.com *.productfruits.com *.discordapp.net *.profileengine.com *.phncdn.com *.leanlibrary.app *.ibb.co *.facebook.net *.css-tricks.com *.ipredictive.com *.line.me *.reskyt.com *.marca.com *.baidu.com *.huffingtonpost.es *.eficads.net;  frame-src *.simyo.es *.redsys.es simyospain.speedtestcustom.com *.weborama.fr buybutwhere.com hipodi.com *.awin1.com *.googleapis.com cookieaquila.com *.mycardplace.com *.cardinalcommerce.com bat.bing.com *.pinterest.com *.amazon-adsystem.com *.doubleclick.net mapacob.aptica.es *.google.com *.socialmediaserver.es *.vimeo.com *.n26.com *.abanca.com *.borica.bg *.emlpayments.com *.nexigroup.com *.sebkort.com *.vinea.es *.cardcenter.ch 3dsecure-vrp.de acestream.tv *.modirum.com *.3dsecure.no *.apata.io *.edb.com *.bpcbt.com *.revolut.com *.targobank.de *.modirum.com acs2.arca.am *.bgpb.by *.marqeta.com *.wlp-acs.com *.opendns.com bnext.areq.mpts.modirum.com:9702 *.icard.com ebanking1.ccb.com.cn emet.live emet.news gateway.zscaler.net gateway.zscalertwo.net gateway.zscloud.net *.criteo.com *.rsa3dsauth.com *.moz.com sas.mc.redsys.es:9731 *.dkb.de *.arcot.com * *.criteo.net tdschded.monext.fr visa2.acs.cmbchina.com *.facebook.com *.googletagmanager.com *.pluscard.de *.pkobp.pl *.sia.eu *.alignet.io *.bpcprocessing.com *.sibs.pt *.swedbank.se *.useinsider.com *.boc.cn *.cloudfront.net *.kaspersky-labs.com *.micb.md *.merck.com *.zscalerthree.net *.secureacs.com *.bankserv.co.za *.gpesecure.com *.adsrvr.org *.ing.de *.viseca.ch *.icbc.com.cn *.netsgroup.com *.jysanbank.kz *.ukrsibbank.com *.monzo.com *.securesuite.net *.capitalone.com *.mtbank.by:8043 *.hitrust.com:9750 *.ajgirona.org *.creditagricole.ma *.mycardsecure.com *.google.com skytraf.xyz acs.hitrust-us.com:9750 securegw1.micb.md:6444 *.groovinads.com *.danskebank.com *.seglan.com *.useinsider.com div.show *.consorsbank.de *.co.uk *.indra-netplus.com *.firstdata.de *.snapchat.com *.sparkasse.at securesuite.net *.wibmo.com *.citibank.com *.zscaler.com *.bog.ge noop.style *.3dsacs.net *.bunq.com *.cihbank.ma *.ukrgasbank.com *.acdcproc.com *.privatbank.ua *.csi-processing.com *.placetopay.com *.s-id-check-sparkassen.de *.eewosecure.com *.cm-cic.com *.gc.ge *.sinnad.com.bh *.mercurypaymentservices.it ;  font-src 'self' *.simyo.es *.redsys.es *.affilitizer.com *.escribelo.ai *.cdnfonts.com *.googleusercontent.com *.bootstrapcdn.com *.cardinalcommerce.com *.fontawesome.com fonts.gstatic.com *.typekit.net *.goin.cloud *.scite.ai *.cloudflare.com *.windows.net *.migaku.com *.slant.co *.alicdn.com *.faceworks.nl *.zohocdn.com yastatic.net ray.st chrome-extension moz-extension ms-browser-extension data:;  connect-src 'self' *.adblockertool.com *.adfreevision.com *.amcreativemedia.com *.bttrack.com *.blackcrow.ai *.yimg.com *.browsekeeper.com *.creativecdn.com *.mczbf.com *.highdataanalytics.com *.uniswap.org *.kaspersky-labs.com infragrid.v.network *.dbankcloud.cn *.overbridgenet.com *.googlesyndication.com *.facebook.com *.simyo.es *.redsys.es ara.paa-reporting-advertising.amazon *.cardinalcommerce.com bat.bing.com *.taboola.com analytics.tiktok.com *.amazon-adsystem.com *.google-analytics.com *.doubleclick.net *.pinterest.com *.googleapis.com *.google.com *.google.com.ar *.google.com.co *.google.com.do *.google.com.mx *.google.com.pe *.google.com.tr *.google.com.uy *.google.de *.google.es *.google.fr *.google.ie *.google.it *.google.lt *.google.pt *.google.kz *.google.ro *.google.ae *.google.at *.google.ca *.google.ch *.google.cl *.google.co.ma *.google.co.uk *.google.co.ve  *.google.be *.google.cm *.google.co.jp *.google.co.nz *.google.com.br *.google.cz *.google.fi *.google.com.pk *.google.com.pr *.google.com.sg *.google.com.gi *.google.ad *.google.by *.google.ba *.google.gr *.google.hu *.google.nl *.google.no *.google.rs *.google.sk *.google.se *.google.ru *.google.sn *.google.tn *.google.co.il *.google.com.pa *.google.com.qa *.google.dk *.google.me *.google.com.au *.google.com.gt *.google.com.hk *.google.co.cr *.gstatic.com *.googleadservices.com *.mplxtms.com *.yandex.ru *.cdn77.org *.adtonus.com *.fbanalytics.org *.mkmediaworks.com *.ultimateaderaser.com *.zendesk.com *.jquery.com *.zdassets.com meetlookup.com *.amazonaws.com rbtds.net *.clarity.ms zone1-services-cdn.com *.socialsolutionapp.com *.awesomeblocker.com *.global-data-lab.com *.range-offer.com *.report-uri.com *.pangle-ads.com *.adblocking247.com *.blocksly.org *.crystal-blocker.com *.datacloudstat.com *.software-downloading.com cubox.pro *.vimeocdn.com *.typekit.net *.vimeo.com *.reskyt.com *.braze.com *.criteo.com *.snapchat.com *.yandex.net *.yandex.com *.productfruits.com *.hotjar.io *.appsflyer.com *.onelink.me *.googletagmanager.com ya.ru *.socialmediaserver.es data: blob:;  style-src-elem 'self' 'unsafe-inline' *.typekit.net *.googleapis.com *.scriptcdn.net *.tiktok.com *.webgains.io *.bing.com blob: bttrack.com *.amazon-adsystem.com *.taboola.com *.trackmytarget.com *.facebook.net *.weborama.fr *.pinterest.com *.eligrop.com *.hicloud.com *.kaspersky-labs.com *.doubleclick.net infimv.com *.blackcrow.ai *.simyo.es *.roeyecdn.com *.yandex.ru *.acestream.net *.pinimg.com *.yimg.com *.mplxtms.com *.criteo.net *.creativecdn.com *.dwin1.com *.google.com *.googleadservices.com *.googletagmanager.com *.mczbf.com *.opera-mini.net *.honey.io *.gstatic.com *.groovinads.com *.cloudflare.com  *.useinsider.com *.line-scdn.net *.vulapo.com *.cloudfront.net *.mediarithmics.com hublosk.com *.adsrvr.org jullyambery.net *.adguard.org mikkiload.com *.prfrm-ads.com *.zdassets.com *.charleskeith.co.th *.eficads.net *.artfut.com *.clarity.ms *.reskyt.com *.bootstrapcdn.com *.fontawesome.com lonelyfix.com data:;  style-src-attr 'unsafe-inline' *.typekit.net;  style-src 'self' 'unsafe-inline' *.typekit.net *.googleapis.com *.google.com *.reskyt.com *.gstatic.com *.googleadservices.com;  media-src data:;  worker-src blob:; 1
object-src 'none';base-uri 'self';script-src 'nonce-_D2WnnAEX93DbNXCLaHHng' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com fonts.googleapis.com *.slant.co *.userway.org eadn-wc05-14712294.nxedge.io *.fontawesome.com *.klevu.com *.ksearchnet.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com https://static.addtoany.com/ *.instagram.com *.weltpixel.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * https://td.doubleclick.net widget.usersnap.com *.googletagmanager.com *.doubleclick.net https://plumrocket.com landofcoder.com *.google.com/ *.wesupply.xyz https://wesupplylabs.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.cdninstagram.com maps.googleapis.com maps.gstatic.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.agkn.com *.doubleclick.net *.facebook.com *.google.com *.nexcesscdn.net *.pricespider.com *.sitescout.com *.userway.org *.pixel.ad eadn-wc05-14712294.nxedge.io *.reddit.com *.google-analytics.com *.googletagmanager.com *.klevu.com *.ksearchnet.com https://firebasestorage.googleapis.com https://www.magezon.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com https://static.addtoany.com/ *.instagram.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com chimpstatic.com downloads.mailchimp.com *.list-manage.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.addthis.com *.crazyegg.com *.doubleclick.net *.elfsight.com *.facebook.net *.google-analytics.com *.googletagmanager.com *.klevu.com *.mapbox.com *.noibu.com *.pricespider.com *.userway.org d31qbv1cthcecs.cloudfront.net *.krxd.net *.pixel.ad *.sitescout.com *.owneriq.net eadn-wc05-14712294.nxedge.io widget.usersnap.com resources.usersnap.com *.googleadservices.com *.redditstatic.com *.reddit.com *.tiktok.com unpkg.com https://browser.sentry-cdn.com js.klevu.com *.ksearchnet.com https://ajax.cloudflare.com *.kaptcha.com landofcoder.com *.avada.io *.google.com/ *.cloudflare.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com downloads.mailchimp.com assets.braintreegateway.com *.mapbox.com *.pricespider.com *.userway.org eadn-wc05-14712294.nxedge.io *.tagmanager.google.com *.googletagmanager.com *.fontawesome.com *.klevu.com *.ksearchnet.com https://fonts.bunny.net https://js.klevu.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com https://stats.addtoany.com/menu api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.addthis.com *.crazyegg.com *.doubleclick.net *.facebook.com *.google-analytics.com *.googleapis.com *.mapbox.com *.noibu.com wss://input.noibu.com *.pricespider.com *.userway.org *.pixel.ad *.agkn.com *.sitescout.com *.owneriq.net *.elfsight.com eadn-wc05-14712294.nxedge.io widget.usersnap.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.run.app https://*.ingest.sentry.io *.klevu.com *.ksearchnet.com *.kaptcha.com landofcoder.com https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://86c8b4f9-cefc-4184-9926-360586b833fe.sansec.watch/; report-to report-endpoint; 1
font-src *.googleapis.com *.gstatic.com data: 'self' data: *.doubleclick.net *.facebook.com *.alicdn.com *.cloudflare.com *.faceworks.nl *.font.im ncspublicasset.s3.eu-west-3.amazonaws.com *.typekit.net data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; form-action *.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.sharethis.com www.google.com *.google.com *.doubleclick.net *.facebook.com *.multisafepay.com https://pay.google.com www.paypal.com www.sandbox.paypal.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.googletagmanager.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.sharethis.com *.gstatic.com *.googleapis.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.multisafepay.com www.paypal.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.alicdn.com *.bing.com *.bing.net *.cookiebot.com europe-west1-maxlead-dwh-test.cloudfunctions.net *.googleadservices.com *.google-analytics.com www.google.ad www.google.ae www.google.al www.google.am www.google.at www.google.az www.google.ba www.google.be www.google.bf www.google.bi www.google.bj www.google.bs www.google.bt www.google.by www.google.ca www.google.cd www.google.cg www.google.ch www.google.ci www.google.cl www.google.cm www.google.co.ao www.google.co.bw www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ls www.google.co.ma www.google.com.af www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bh www.google.com.bn www.google.com.bo www.google.com.br www.google.com.bz www.google.com.co www.google.com.cu www.google.com.cy www.google.com.do www.google.com.ec www.google.com.eg www.google.com.et www.google.com.fj www.google.com.gh www.google.com.gi www.google.com.gt www.google.com.hk www.google.com.jm www.google.com.kh www.google.com.kw www.google.com.lb www.google.com.ly www.google.com.mm www.google.com.mt www.google.com.mx www.google.com.my www.google.com.na www.google.com.ng www.google.com.ni www.google.com.np www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.com.pr www.google.com.py www.google.com.qa www.google.com.sa www.google.com.sb www.google.com.sg www.google.com.sl www.google.com.sv www.google.com.tj www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vc www.google.com.vn www.google.co.mz www.google.co.nz www.google.co.th www.google.co.tz www.google.co.ug www.google.co.uk www.google.co.uz www.google.co.ve www.google.co.za www.google.co.zm www.google.co.zw www.google.cv www.google.cz www.google.de www.google.dj www.google.dk www.google.dz www.google.ee www.google.es www.google.fi www.google.fr www.google.ga www.google.ge www.google.gg www.google.gm www.google.gr www.google.gy www.google.hn www.google.hr www.google.hu www.google.ie www.google.im www.google.iq www.google.is www.google.it www.google.je www.google.jo www.google.kg www.google.kz www.google.la www.google.li www.google.lk www.google.lt www.google.lu www.google.lv www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.mn www.google.mu www.google.mv www.google.mw www.google.ne www.google.nl www.google.no www.google.pl www.google.ps www.google.pt www.google.ro www.google.rs www.google.ru www.google.rw www.google.sc www.google.se www.google.si www.google.sk www.google.sm www.google.sn www.google.so www.google.sr www.google.td www.google.tg www.google.tl www.google.tn www.google.tt google.com *.googlesyndication.com *.linkedin.com *.magento.cloud *.mailplus.nl s3.amazonaws.com data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.sharethis.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.multisafepay.com https://pay.google.com m17.mailplus.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com 9292.nl *.bing.com *.clarity.ms *.cloudflare.com *.cookiebot.com *.cookiebot.eu *.googleadservices.com *.googlesyndication.com *.hotjar.com *.ipify.org *.licdn.com *.mailplus.nl *.marker.io *.oribi.io *.pinimg.com *.pinterest.com *.thinglink.me *.vimeo.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; style-src *.adobe.com *.sharethis.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.multisafepay.com unsafe-inline assets.braintreegateway.com *.mailplus.nl *.vimeocdn.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.gstatic.com *.vimeocdn.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com *.sharethis.com *.googleapis.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.multisafepay.com www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com t.elasticsuite.io 9292.nl *.alicdn.com *.bing.com *.bing.net *.clarity.ms *.cookiebot.com *.doubleclick.net *.googleadservices.com www.google.ad www.google.ae www.google.al www.google.am www.google.at www.google.az www.google.ba www.google.be www.google.bf www.google.bg www.google.bj www.google.by www.google.ca www.google.cd www.google.cg www.google.ch www.google.ci www.google.cl www.google.cm www.google.co.ao www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ma www.google.com.af www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bh www.google.com.bn www.google.com.bo www.google.com.br www.google.com.co www.google.com.cu www.google.com.cy www.google.com.do www.google.com.ec www.google.com.eg www.google.com.et www.google.com.fj www.google.com.gh www.google.com.gi www.google.com.gt www.google.com.hk www.google.com.jm www.google.com.kh www.google.com.kw www.google.com.lb www.google.com.ly www.google.com.mm www.google.com.mt www.google.com.mx www.google.com.my www.google.com.na www.google.com.ng www.google.com.ni www.google.com.np www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.com.py www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.sl www.google.com.sv www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vc www.google.com.vn www.google.co.mz www.google.co.nz www.google.co.th www.google.co.tz www.google.co.ug www.google.co.uk www.google.co.uz www.google.co.ve www.google.co.za www.google.co.zm www.google.cv www.google.cz www.google.de www.google.dk www.google.dz www.google.ee www.google.es www.google.fi www.google.fr www.google.ga www.google.ge www.google.gg www.google.gr www.google.gy www.google.hn www.google.hr www.google.hu www.google.ie www.google.im www.google.iq www.google.is www.google.it www.google.jo www.google.kz www.google.la www.google.li www.google.lk www.google.lt www.google.lu www.google.lv www.google.md www.google.me www.google.mg www.google.mk www.google.mn www.google.mu www.google.mw www.google.nl www.google.no www.google.pl www.google.ps www.google.pt www.google.ro www.google.rs www.google.ru www.google.rw www.google.se www.google.si www.google.sk www.google.sr www.google.tg www.google.tn www.google.tt *.googlesyndication.com *.gstatic.com *.hotjar.com *.hotjar.io *.jquery.com *.linkedin.com *.marker.io *.pinterest.com s3.eu-west-1.amazonaws.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://95b39a76-7377-449c-a715-7f75d8431eb4.sansec.watch/; report-to report-endpoint; 1
frame-ancestors 'self';img-src 'self' data: https://pixel.wp.com  http://esc.vn  https://secure.trust-provider.com  https://www.facebook.com  https://www.google.com.vn  https://www.google.com.my  https://c.clarity.ms  https://www.googletagmanager.com  https://en.wordpress.com  https://www.google.com.sg  https://www.gstatic.com  https://www.google.com.kh  https://fonts.gstatic.com  https://vietit.vn  https://www.google.be  https://vnnic.vn  https://www.google.de  https://www.google.com.tw  https://www.google.nl  https://stats.g.doubleclick.net  https://i-sohoa.vnecdn.net  https://smarttrain.edu.vn  https://www.google.bs  https://www.google.co.jp  https://encrypted-tbn0.gstatic.com  https://cafefcdn.com  https://www.google.com.au  https://image.thanhnien.vn  https://c.bing.com  https://www.google.com.et  https://www.google.co.za  https://png.pngtree.com  https://www.paypalobjects.com  https://t.paypal.com  https://www.google.com.hk  https://www.google.com.pk  https://i.ytimg.com  https://translate.google.com  https://ws.com.vn  https://www.google.co.zw  https://cdn.24h.com.vn  https://woocommerce.com  https://updates.themepunch-ext-b.tools  https://www.google.co.uk  https://storage.googleapis.com  https://s3.envato.com  https://really-simple-ssl.com  https://anhsangvacuocsong.vn  https://vneconomy.mediacdn.vn  https://www.google.at  https://www.google.la  https://www.google.co.kr  https://www.google.com.tr  https://www.google.ch  https://www.google.com.ph  https://www.google.no  https://www.google.com.ng  https://www.google.com.br  https://www.google.co.in  https://googleads.g.doubleclick.net  https://www.google.ie  https://baovemoitruong.org.vn  https://tenmien.vn  https://adservice.google.com  https://www.google.cz  https://new.esc.vn  blob:  https://www.google.fr  https://www.google.ru  https://static-images.vnncdn.net  https://www.google.se  https://www.google.hu  https://translate.googleapis.com  https://vtv1.mediacdn.vn  https://pos.baidu.com  file  https://www.google.ca  https://www.google.co.uz  https://www.google.ae  https://www.google.al  https://d5nxst8fruw4z.cloudfront.net  https://www.google.iq  https://www.google.co.id  https://ictvietnam.mediacdn.vn  https://www.activesearchresults.com  https://www.google-analytics.com  https://www.google.co.ma  https://www.google.pl  https://cafebiz.cafebizcdn.vn  https://www.google.fi  https://www.google.dk  https://www.google.com.mm  https://connect.facebook.net  https://secure.gravatar.com https://ts.w.org https://s.w.org https://ps.w.org ; default-src 'self'; script-src 'self' 'unsafe-inline' https://stats.wp.com  https://yoast.com  https://secure.trust-provider.com  https://s0.wp.com  https://www.googletagmanager.com  https://connect.facebook.net  https://www.clarity.ms  https://cdnjs.cloudflare.com  https://maps.googleapis.com  https://www.portotheme.com  https://translate.google.com  https://widgets.wp.com  https://www.paypal.com  https://translate.googleapis.com  blob:  https://www.youtube.com  https://translate-pa.googleapis.com  https://infirc.com  https://d31qbv1cthcecs.cloudfront.net  http://code.jquery.com  https://gc.kis.v2.scr.kaspersky-labs.com  https://abfc-extension.com  https://cdn.mxpnl.com  https://player.vimeo.com  https://googleads.g.doubleclick.net  http://ajax.googleapis.com  https://ff.kis.v2.scr.kaspersky-labs.com  https://me.kis.v2.scr.kaspersky-labs.com  https://cdn.onesignal.com  'unsafe-eval'; script-src-elem 'self' 'unsafe-inline' https://stats.wp.com  https://yoast.com  https://secure.trust-provider.com  https://s0.wp.com  https://www.googletagmanager.com  https://connect.facebook.net  https://www.clarity.ms  https://cdnjs.cloudflare.com  https://maps.googleapis.com  https://www.portotheme.com  https://translate.google.com  https://widgets.wp.com  https://www.paypal.com  https://translate.googleapis.com  blob:  https://www.youtube.com  https://translate-pa.googleapis.com  https://infirc.com  https://d31qbv1cthcecs.cloudfront.net  http://code.jquery.com  https://gc.kis.v2.scr.kaspersky-labs.com  https://abfc-extension.com  https://cdn.mxpnl.com  https://player.vimeo.com  https://googleads.g.doubleclick.net  http://ajax.googleapis.com  https://ff.kis.v2.scr.kaspersky-labs.com  https://me.kis.v2.scr.kaspersky-labs.com  https://cdn.onesignal.com ; style-src 'self' 'unsafe-inline' https://use.fontawesome.com  https://fonts.googleapis.com  https://s0.wp.com  https://gc.kis.v2.scr.kaspersky-labs.com  http://fonts.googleapis.com  https://www.gstatic.com  https://widgets.wp.com  https://me.kis.v2.scr.kaspersky-labs.com  https://ff.kis.v2.scr.kaspersky-labs.com  http://netdna.bootstrapcdn.com ; style-src-elem 'self' 'unsafe-inline' https://use.fontawesome.com  https://fonts.googleapis.com  https://s0.wp.com  https://gc.kis.v2.scr.kaspersky-labs.com  http://fonts.googleapis.com  https://www.gstatic.com  https://widgets.wp.com  https://me.kis.v2.scr.kaspersky-labs.com  https://ff.kis.v2.scr.kaspersky-labs.com  http://netdna.bootstrapcdn.com ; font-src 'self' https://fonts.gstatic.com  https://use.fontawesome.com  https://s0.wp.com  https://s1.wp.com  chrome-extension  http://fonts.gstatic.com  null  data:; frame-src 'self' https://widgets.wp.com  https://wordpress.com  https://www.facebook.com  https://m.facebook.com  https://www.youtube.com  https://td.doubleclick.net  https://maps.google.com  https://web.facebook.com  https://www.google.com  null  https://www.paypal.com  https://mozbar.moz.com  https://app.stylar.com  https://www.youtube-nocookie.com  data:  https://www.googletagmanager.com  wvjbscheme://__wvjb_queue_message__  https://auth.ztsa-iag-int.trendmicro.com  https://gateway.zscalerthree.net  blob:; connect-src 'self' https://f.clarity.ms  https://analytics.google.com  https://o.clarity.ms  https://adservice.google.com  https://q.clarity.ms  https://stats.g.doubleclick.net  https://t.clarity.ms  https://translate.googleapis.com  https://w.clarity.ms  https://maps.googleapis.com  https://r.clarity.ms  https://z.clarity.ms  https://x.clarity.ms  https://www.google.com.vn  https://l.clarity.ms  https://e.clarity.ms  https://www.googleadservices.com  https://u.clarity.ms  https://p.clarity.ms  https://h.clarity.ms  https://s.clarity.ms  https://v.clarity.ms  https://www.facebook.com  https://b.clarity.ms  https://i.clarity.ms  https://www.google.com.hk  https://d.clarity.ms  https://a.clarity.ms  https://region1.analytics.google.com  https://m.clarity.ms  https://www.clarity.ms  https://www.google-analytics.com  https://www.google.com.sg  https://j.clarity.ms  https://www.google.com.kh  https://yoast.com  wss://gc.kis.v2.scr.kaspersky-labs.com  https://y.clarity.ms  https://infragrid.v.network  https://www.google.de  https://www.google.com.au  https://www.paypal.com  https://widgets.wp.com  https://overbridgenet.com  https://k.clarity.ms  properties  https://n.clarity.ms  https://www.google.co.jp  https://gc.kis.v2.scr.kaspersky-labs.com  https://api-js.mixpanel.com  https://me.kis.v2.scr.kaspersky-labs.com  https://woocommerce.com  https://www.google.co.uk  http://localhost  https://www.google.com.ph  https://www.google.co.kr  https://www.google.com.tw  data:  https://www.google.fr  https://www.google.ru  wss://me.kis.v2.scr.kaspersky-labs.com  https://translate-pa.googleapis.com  https://api.blocksly.org  http://ad.doubleclick.net  https://www.google.co.id  https://www.google.ca  https://ff.kis.v2.scr.kaspersky-labs.com  https://www.google.co.ma  https://www.google.se  https://www.google.co.in  wss://ff.kis.v2.scr.kaspersky-labs.com  ws://localhost;  media-src 'self' https://sw-themes.com  data:  https://updates.themepunch-ext-b.tools;  worker-src 'self' blob:;  report-uri https://esc.vn/wp-json/rsssl/v1/csp?rsssl_apitoken=293818460; 1
default-src 'self'; script-src 'self' https://cdnjs.cloudflare.com/ https://*.pricehubble.com/ https://maps.googleapis.com/ https://www.whofinance.de/ https://*.mlp.de/ https://*.usercentrics.eu https://www.googletagmanager.com https://*.google-analytics.com https://*.google.com https://*.hotjar.com https://connect.facebook.net https://lite.ekomiapps.de/ 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://ad.doubleclick.net/ https://maps.googleapis.com/ https://*.hotjar.io/ https://pagead2.googlesyndication.com/ wss://ws.hotjar.com/ https://*.mlp.de/ https://*.usercentrics.eu https://www.googletagmanager.com https://*.google-analytics.com https://*.google.com https://*.hotjar.com https://connect.facebook.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://www.whofinance.de/ https://*.mlp.de/ https://lite.ekomiapps.de/; font-src 'self' https://www.whofinance.de/ https://*.mlp.de/ https://fonts.gstatic.com; media-src 'self' https://*.mlp.de/ https://www.youtube-nocookie.com; frame-src 'self' https://*.mlp.de https://www.google.com  https://charts3.equitystory.com https://*.usercentrics.eu https://*.doubleclick.net/ https://www.googletagmanager.com https://www.ehyp.de/ https://www.youtube-nocookie.com/ https://*.pricehubble.com/; img-src 'self' data: https://*; 1
object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-Yxc5al1a43SO5X6bnIo70Q' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All 1
default-src 'self';         script-src 'self' 'unsafe-inline' 'unsafe-eval' https://altinea.fr https://cdn.astra.com https://static.elfsight.com https://core.service.elfsight.com https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com/recaptcha/api.js;         style-src 'self' 'unsafe-inline' https://altinea.fr https://cdn.astra.com https://fonts.googleapis.com https://use.fontawesome.com/releases/v6.6.0/css/v4-shims.css https://use.fontawesome.com/releases/v6.6.0/css/all.css https://use.typekit.net/gme6kbk.css https://p.typekit.net/gme6kbk.css;         img-src 'self' https://altinea.fr data: *.webp;         font-src 'self' https://altinea.fr/wp-content/ https://fonts.gstatic.com https://use.fontawesome.com/releases/v6.6.0/fonts/ https://use.typekit.net/fonts/ data:;         connect-src 'self' https://altinea.fr https://core.service.elfsight.com https://www.google.com;         media-src 'self' https://altinea.fr;         frame-src 'self' https://altinea.fr https://www.google.com;         object-src 'none';         base-uri 'self';         form-action 'self';         upgrade-insecure-requests;         report-uri https://votreservice.report-uri.com/r/d/csp/reportOnly; 1
font-src fonts.gstatic.com use.typekit.net https://fonts.gstatic.com *.cdnfonts.com *.cloudflare.com *.gstatic.com *.klaviyo.com *.slant.co *.yotpo.com *.zip.co sc-static.net *.zdassets.com *.zendesk.com tryme.directory *.hotjar.com *.klarnacdn.net *.klevu.com *.ksearchnet.com *.googleapis.com dhv2ziothpgrr.cloudfront.net www.sportrx.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.yotpo.com www.sportrx.com 'self' 'unsafe-inline'; frame-ancestors www.sportrx.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com bytedance: sslocal: www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.googletagmanager.com *.zdassets.com *.zendesk.com *.hotjar.com *.klarna.com *.yotpo.com www.sportrx.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net p.typekit.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com https://helloextend-static-assets.s3.amazonaws.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.adsrvr.org *.avantlink.com *.bing.com *.bing.net *.cloudflare.com *.criteo.com *.criteo.net *.doubleclick.net *.facebook.com *.google-analytics.com *.google.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gravatar.com *.gstatic.com *.klevu.com *.linksynergy.com *.liquifire.com *.pushcrew.com *.rlcdn.com *.sharethis.com *.sportrx.com *.teamusa.org *.visualwebsiteoptimizer.com *.wileyxrx.com *.xg4ken.com *.yotpo.com *.youtube.com cdn-cookieyes.com d10lpsik1i8c69.cloudfront.net *d3k81ch9hvuctc.cloudfront.net extendcoreoffersprod-offersthemelogobucketeb21afa-1lr7le13dvgtp.s3.amazonaws.com s3.amazonaws.com *.zdassets.com *.zendesk.com *.hotjar.com *.klarna.com *.klarnaevt.com *.klarnacdn.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.ksearchnet.com dhv2ziothpgrr.cloudfront.net www.sportrx.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com www.googletagmanager.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com *.attn.tv events.attentivemobile.com https://*.helloextend.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.zendesk.com wss://api.smooch.io *.luckyorange.net *.luckyorange.com *.googleapis.com *.pushcrew.com *.addthis.com *.addthisedge.com *.adobedtm.com *.adsrvr.org *.bing.com *.braintreegateway.com *.cloudflare.com d10lpsik1i8c69.cloudfront.net d3k81ch9hvuctc.cloudfront.net *.criteo.com *.criteo.net *.doubleclick.net *.facebook.net *.google-analytics.com *.google.com *.googlesyndication.com *.googletagmanager.com *.invoca.net *.invocacdn.com *.klaviyo.com *.klevu.com *.linksynergy.com *.moatads.com *.noibu.com input.noibu.com wss://input.noibu.com *.sharethis.com *.tiktok.com *.visualwebsiteoptimizer.com *.xg4ken.com *.yotpo.com *.youtube.com *.zdassets.com acsbapp.com cdn.acsbapp.com *.acsbapp.com cdn-cookieyes.com google-analytics.com tryme.directory *.newrelic.com *.rakuten.com *.rlcdn.com *.hotjar.com cdn.avmws.com/1016937/ *.smooch.io *.liquifire.com *.klarnacdn.net *.klarna.com *.glasseson.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klarnaservices.com js.klevu.com *.ksearchnet.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net www.sportrx.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com https://fonts.googleapis.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.klaviyo.com *.klevu.com *.pushcrew.com *.yotpo.com *.zdassets.com *.zendesk.com *.hotjar.com https://static.klaviyo.com *.klarnacdn.net *.ksearchnet.com dhv2ziothpgrr.cloudfront.net www.sportrx.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com *.bing.com *.googleapis.com *.gstatic.com *.zdassets.com *.zendesk.com *.hotjar.com *.glasseson.com *.cloudfront.net www.sportrx.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.snplow.net commerce.adobedc.net api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com *.sentry.io www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com *.attn.tv events.attentivemobile.com https://*.helloextend.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.zendesk.com wss://api.smooch.io *.googleapis.com *.addthis.com *.adsrvr.org *.bing.com *.bing.net *.cloudflare.com *.criteo.com *.criteo.net *.datadome.co *.doubleclick.net *.facebook.com *.google-analytics.com *.googlesyndication.com *.googletagmanager.com *.gravatar.com *.gstatic.com *.invoca.net *.invocacdn.com *.klaviyo.com *.linksynergy.com *.luckyorange.net *.luckyorange.com *.noibu.com input.noibu.com wss://input.noibu.com *.nr-data.net *.pushcrew.com *.rlcdn.com *.samsung.com *.sharethis.com *.teamusa.org *.tiktok.com *.visualwebsiteoptimizer.com *.youtube.com *.zdassets.com acsbapp.com cdn.acsbapp.com *.acsbapp.com cdn-cookieyes.com *.cookieyes.com google-analytics.com tryme.directory d10lpsik1i8c69.cloudfront.net d3k81ch9hvuctc.cloudfront.net *.hotjar.com *.klarnaevt.com *.glasseson.com *.mixpanel.com *.cloudfront.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klarnacdn.net *.klarna.com *.klarnaservices.com *.klevu.com *.ksearchnet.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com www.sportrx.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com www.sportrx.com http: https: blob: wss: 'self' 'unsafe-inline'; default-src *.glasseson.com *.cloudfront.net www.sportrx.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://f67b9549-76ff-40d0-b57c-93081e358fa4.sansec.watch/; report-to report-endpoint; 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=show&source%5Bapp%5D=ShopifyAppStore&source%5Bcontroller%5D=merchant%2Fapp_details&source%5Buuid%5D=0a72a333-51d1-4656-a2d6-b98d4ffd4cea-1752196019; report-to shopify-csp 1
font-src fonts.gstatic.com use.typekit.net https://cdnjs.cloudflare.com *.theblockshop.com.au theblockshop.resultspage.com assets.resultspage.com *.resultspage.com static.zdassets.com *.instant.one *.yotpo.com *.googleapis.com *.gstatic.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.sharethis.com www.google.com *.limepay.com.au www.xtento.com *.instant.one c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.wesupply.xyz https://wesupplylabs.com guarantee-cdn.com *.weltpixel.com *.googletagmanager.com *.doubleclick.net *.yotpo.com zip.co static.zip.co sandbox.zip.co zipmoney.com.au sandbox.zipmoney.com.au checkout.gb.zip.co checkout.quadpay.com checkout-sandbox.quadpay.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.sharethis.com https://widgets.dev.optty.com https://widgets.optty.com www.xtento.com cdn.xtento.com *.theblockshop.com.au theblockshop.resultspage.com assets.resultspage.com *.resultspage.com *.facebook.com *.facebook.net *.cardinalcommerce.com includestest.ccdc02.com *.authorize.net *.braintreegateway.com s.ytimg.com assets.adobedtm.com *.magento-ds.com *.plugins.emarsys.net *.scarabresearch.com *.limepay.com.au *.zdassets.com *.instant.one *.paypal.com *.google.com *.cloudflare.com *.yotpo.com *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net *.zipmoney.com.au *.zip.co *.hotjar.com *.hotjar.io *.googletagservices.com *.buildgift.net *.pinimg.com *.pinterest.com *.clarity.ms *.zendesk.com *.google.co.in *.zopim.com *.doubleclick.net *.criteo.com theblockshop.api.useinsider.com *.sli-spark.com *.newrelic.com *.amazonaws.com bam.nr-data.net wss://widget-mediator.zopim.com pagead2.googlesyndication.com public-prod-dspcookiematching.dmxleo.com static.secure-afterpay.com.au *.afterpay.com *.gstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com guarantee-cdn.com *.reddit.com *.google-analytics.com *.googletagmanager.com dhv2ziothpgrr.cloudfront.net t.zip.co static.zipmoney.com.au static.zip.co data: 'self' 'unsafe-inline'; script-src geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net https://api.addressfinder.io *.sharethis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.plugins.emarsys.net *.scarabresearch.com *.limepay.com.au https://widgets.dev.optty.com https://widgets.optty.com www.xtento.com cdn.xtento.com *.theblockshop.com.au theblockshop.resultspage.com assets.resultspage.com *.resultspage.com *.facebook.com *.facebook.net *.cardinalcommerce.com *.authorize.net *.braintreegateway.com *.zdassets.com *.instant.one *.paypal.com *.google.com *.cloudflare.com *.yotpo.com *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net *.zipmoney.com.au *.zip.co *.hotjar.com *.hotjar.io *.googletagservices.com *.buildgift.net *.pinimg.com *.pinterest.com *.clarity.ms *.zendesk.com *.google.co.in *.zopim.com *.doubleclick.net *.criteo.com theblockshop.api.useinsider.com *.sli-spark.com *.newrelic.com *.amazonaws.com bam.nr-data.net wss://widget-mediator.zopim.com pagead2.googlesyndication.com public-prod-dspcookiematching.dmxleo.com static.secure-afterpay.com.au *.afterpay.com *.gstatic.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com guarantee-cdn.com *.googletagmanager.com *.googleadservices.com *.redditstatic.com *.reddit.com *.tiktok.com unpkg.com dhv2ziothpgrr.cloudfront.net static.zipmoney.com.au static.zip.co zip.co 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com https://api.addressfinder.io *.sharethis.com https://cdnjs.cloudflare.com *.theblockshop.com.au theblockshop.resultspage.com assets.resultspage.com *.resultspage.com *.facebook.com *.facebook.net *.cardinalcommerce.com includestest.ccdc02.com *.authorize.net *.braintreegateway.com s.ytimg.com *.vimeocdn.com assets.adobedtm.com *.magento-ds.com *.plugins.emarsys.net *.scarabresearch.com *.limepay.com.au cdn.xtento.com *.zdassets.com *.instant.one *.paypal.com *.google.com *.cloudflare.com *.yotpo.com *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net *.zipmoney.com.au *.zip.co *.hotjar.com *.hotjar.io *.googletagservices.com *.buildgift.net *.pinimg.com *.pinterest.com *.clarity.ms *.zendesk.com *.google.co.in *.zopim.com *.doubleclick.net *.criteo.com theblockshop.api.useinsider.com *.sli-spark.com *.newrelic.com *.amazonaws.com bam.nr-data.net wss://widget-mediator.zopim.com pagead2.googlesyndication.com public-prod-dspcookiematching.dmxleo.com static.secure-afterpay.com.au *.afterpay.com *.gstatic.com unsafe-inline assets.braintreegateway.com *.tagmanager.google.com *.googletagmanager.com *.googleapis.com dhv2ziothpgrr.cloudfront.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.theblockshop.com.au theblockshop.resultspage.com assets.resultspage.com *.resultspage.com static.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io https://api.addressfinder.io *.sharethis.com *.scarabresearch.com *.eservice.emarsys.net https://api.dev.optty.com https://api.optty.com *.theblockshop.com.au theblockshop.resultspage.com assets.resultspage.com *.resultspage.com *.facebook.com *.facebook.net *.cardinalcommerce.com includestest.ccdc02.com *.authorize.net *.braintreegateway.com s.ytimg.com *.vimeocdn.com assets.adobedtm.com *.magento-ds.com *.plugins.emarsys.net *.limepay.com.au cdn.xtento.com *.zdassets.com *.instant.one *.paypal.com *.google.com *.cloudflare.com *.yotpo.com *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net *.zipmoney.com.au *.zip.co *.hotjar.com *.hotjar.io *.googletagservices.com *.buildgift.net *.pinimg.com *.pinterest.com *.clarity.ms *.zendesk.com *.google.co.in *.zopim.com *.doubleclick.net *.criteo.com theblockshop.api.useinsider.com *.sli-spark.com *.newrelic.com *.amazonaws.com bam.nr-data.net wss://widget-mediator.zopim.com pagead2.googlesyndication.com public-prod-dspcookiematching.dmxleo.com static.secure-afterpay.com.au *.afterpay.com *.gstatic.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com google.com *.google-analytics.com *.analytics.google.com *.redditstatic.com *.reddit.com *.tiktok.com *.run.app dhv2ziothpgrr.cloudfront.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.instant.one 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.googleapis.com *.gstatic.com *.fontawesome.com static.klaviyo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com  *.mobilpay.ro secure.mobilpay.ro 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.innoship.ro https://www.googletagmanager.com/  www.xtento.com *.cookiebot.com *.doubleclick.net *.creativecdn.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.googleapis.com *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.tbicp.com *.tile.openstreetmap.org *.openstreetmap.org https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.xtento.com cdn.xtento.com https://redchamps.com *.cookiebot.com *.google.ro *.sportguru.ro blob: *.creativecdn.com *.onesignal.com onesignal.com *.cloudfront.net *.zopim.io bat.bing.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.tbicp.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io www.xtento.com cdn.xtento.com *.cookiebot.com *.onesignal.com *.tiktok.com *.zopim.com *.hotjar.com *.zdassets.com onesignal.com *.creativecdn.com bat.bing.com www.clarity.ms 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://static.klaviyo.com *.fontawesome.com *.onesignal.com onesignal.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://get.geojs.io *.avada.io  *.google-analytics.com region1.analytics.google.com *.google.com google.com stats.g.doubleclick.net googleads.g.doubleclick.net *.tiktok.com *.cookiebot.com *.zdassets.com *.zendesk.com wss://widget-mediator.zopim.com *.creativecdn.com *.googlesyndication.com *.onesignal.com onesignal.com *.tbibank.ro tbibank.ro u.clarity.ms 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
base-uri 'self';connect-src https://*.go-mpulse.net https://*.akstat.io 'self' https: *.sentry.io *.amplitude.com *.care.com *.carezen.net *.signalfx.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net font.google.com analytics.google.com tagmanager.google.com www.google.com https://*.hotjar.com https://vc.hotjar.io https://content.hotjar.io https://events.hotjar.io https://surveystats.hotjar.io wss://*.hotjar.com https://geolocation.onetrust.com;default-src 'self' wss://*.care.com *.care.com *.careapis.com *.carezen.net *.cdn-care.com care.com cdn-care.com www.gstatic.com www.google.com *.googlesyndication.com tags.tiqcdn.com tags-eu.tiqcdn.com tk.getwork.com tr.snapchat.com shareasale.com *.doubleclick.net apps.rokt.com bid.g.doubleclick.net tags.w55c.net *.linkedin.com www.pinterest.com carecom.sjv.io staging-pt.ispot.tv ct.pinterest.com;font-src 'self' data: https://www.care.com https://www.dev.carezen.net https://www.stg.carezen.net fonts.gstatic.com https://script.hotjar.com;frame-ancestors 'self';img-src data: blob: *;object-src 'none';script-src https://*.go-mpulse.net 'nonce-2213c13c3a29f53558d190472f9e8058' 'self' *.akamaihd.net *.care.com *.careapis.com *.carezen.net *.cdn-care.com *.cloudfront.net *.googlesyndication.com *.sift.com *.monetate.net acsbapp.com analytics.tiktok.com apps.rokt.com bat.bing.com care.com cdn-care.com cdn.pdst.fm connect.facebook.net d.impactradius-event.com googleads.g.doubleclick.net maps.googleapis.com s.pinimg.com ssl.google-analytics.com tags-eu.tiqcdn.com tags.tiqcdn.com wss://*.care.com www.emjcd.com www.google-analytics.com www.google.com www.googleadservices.com *.googletagmanager.com www.gstatic.com tr.outbrain.com tags.w55c.net clarity.ms staging-pt.ispot.tv tracker.mnixdata.com *.mountain.com tagmanager.google.com s.go-mpulse.net collector-12308.tvsquared.com js.adsrvr.org https://static.hotjar.com https://script.hotjar.com https://cdn.cookielaw.org https://dev.visualwebsiteoptimizer.com 'nonce-5bba70209d8bb7db1158521cfa39322d' 'strict-dynamic';frame-src 'self' alchemy.veriff.com www.google.com recaptcha.google.com bid.g.doubleclick.net 12355078.fls.doubleclick.net s.go-mpulse.net carecom.sjv.io apps.rokt.com tr.snapchat.com 3239339.fls.doubleclick.net https://vars.hotjar.com insight.adsrvr.org https://www.youtube.com/ https://ots2-qa.learningcaregroup.com/ScheduleATour/ https://ots2.learningcaregroup.com/ScheduleATour/ td.doubleclick.net;style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.google.com https://static.hotjar.com https://script.hotjar.com https://cdn.cookielaw.org 'nonce-5bba70209d8bb7db1158521cfa39322d';style-src-attr 'self' 'unsafe-inline' tags.tiqcdn.com tags-eu.tiqcdn.com bat.bing.com;upgrade-insecure-requests;report-uri https://o466311.ingest.sentry.io/api/6004104/security/?sentry_key=2c284ff228ac4d0e8b8ad9ea17497eee&sentry_release=hp-vhp-mfe%401.336.1&sentry_environment=prod 1
default-src 'self'; script-src 'self' 'report-sample' 'strict-dynamic' https://ajax.googleapis.com/ https://api.tiles.mapbox.com/ https://cdn.nolt.io/ https://cdn.statuspage.io/ https://cdn.tiny.cloud/ https://cdnjs.cloudflare.com/ https://code.jquery.com/ https://j1h014tryv29.statuspage.io/ https://static.zdassets.com/ https://www.googletagmanager.com/ 'nonce-YUhCamZmVnZTdmVhUmlXUTc3QldWZ0FBQUJZ'; object-src 'none'; style-src 'self' 'report-sample' 'strict-dynamic' https://api.tiles.mapbox.com https://cdnjs.cloudflare.com https://fonts.googleapis.com 'nonce-YUhCamZmVnZTdmVhUmlXUTc3QldWZ0FBQUJZ'; font-src 'self' https://fonts.gstatic.com; form-action 'self'; frame-ancestors 'none'; base-uri 'self'; img-src 'self' data: https://sp.tinymce.com https://api.tiles.mapbox.com; frame-src 'self' https://j1h014tryv29.statuspage.io; media-src 'self' https://static.zdassets.com; connect-src 'self' https://ekr.zdassets.com https://omnilert.zendesk.com wss://widget-mediator.zopim.com; report-uri https://afiwlxkn53.execute-api.us-east-1.amazonaws.com/latest/csp_reports; report-to https://afiwlxkn53.execute-api.us-east-1.amazonaws.com/latest/csp_reports; 1
frame-ancestors 'self'; report-uri https://www.gq.com.au/csp-reports 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com https://www.awin1.com https://lantern.roeyecdn.com https://tagmanager.google.com https://cdn.trustcommander.net https://www.dwin1.com https://www.googletagmanager.com https://maps.googleapis.com https://www.google-analytics.com https://www.googleadservices.com https://bat.bing.com https://*.doubleclick.net https://www.axa-video.de *.visualwebsiteoptimizer.com app.vwo.com https://www.google.com https://platform.commandersact.com https://connect.facebook.net https://*.aklamio.com blob: https://ct.pinterest.com https://s.pinimg.com https://acdn.adnxs.com https://ib.adnxs.com;   ;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com https://googletagmanager.com https://www.googletagmanager.com   ;frame-src https://www.awin1.com app.vwo.com *.visualwebsiteoptimizer.com https://entry.axa-de.intraxa/ https://entry.axa.de https://www.axa-video.de https://www.axa.de https://inte.axa.de https://*.doubleclick.net https://cdn.trustcommander.net https://www.dwin1.com https://connect.facebook.net https://www.facebook.com https://td.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com https://ct.pinterest.com https://googletagmanager.com https://insight.adsrvr.org 'self' https://www.googletagmanager.com;base-uri 'self';object-src 'none';img-src 'self' data: *.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com https://track.adform.net https://ad.doubleclick.net https://www.facebook.com https://bat.bing.com https://www.google.com https://www.google.de https://www.google-analytics.com https://www.google https://www.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://googleads.g.doubleclick.net https://i.ytimg.com https://maps.gstatic.com https://maps.googleapis.com https://www.financeads.net https://www.aklamio.com/ https://ct.pinterest.com https://ib.adnxs.com;form-action 'self';default-src 'self' blob: data:;connect-src 'self' ad.doubleclick.net *.visualwebsiteoptimizer.com app.vwo.com https://*.googlesyndication.com https://*.google.com https://*.google-analytics.com https://*.analytics.google.com https://www.google.com https://www.googleanalytics.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://bat.bing.com https://privacy.trustcommander.net https://privacy.commander1.net https://privacy.commander1.com https://www.googletagmanager.com https://maps.googleapis.com https://fonts.googleapis.com https://*.axa.de https://cloud.service.aerzteversicherung.de https://mcdyr4395tgnrcnr8bt5wsrgh-11.pub.sfmc-content.com https://*.aklamio.com https://www.googleadservices.com https://ct.pinterest.com https://ib.adnxs.com https://acdn.adnxs.com https://google.com;;report-uri /site/axa-de/cspReportOnly 1
font-src fonts.gstatic.com use.typekit.net *.google.com www.google-analytics.com www.googleadservices.com *.googleapis.com map.googleapis.com maps.googleapis.com *.googletagmanager.com *.google.com.ua *.google.ca *.google.co.in *.adobe.com *.adobedtm.com *.crazyegg.com *.licdn.com *.facebook.net *.facebook.com *.zoominfo.com *.adsrvr.org *.cloudfront.net js.authorize.net *.authorize.net 'self' * *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.google.com www.google-analytics.com www.googleadservices.com *.googleapis.com map.googleapis.com maps.googleapis.com *.googletagmanager.com *.google.com.ua *.google.ca *.google.co.in *.adobedtm.com *.crazyegg.com *.licdn.com *.facebook.net *.facebook.com *.zoominfo.com *.adsrvr.org *.doubleclick.net *.hubspot.com *.cloudfront.net js.authorize.net *.authorize.net *.4over.com 'self' 'self' 'unsafe-inline'; img-src *.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.google.com *.googleapis.com map.googleapis.com maps.googleapis.com *.googletagmanager.com *.google.com.ua *.google.ca *.google.co.in *.crazyegg.com *.licdn.com *.facebook.net *.facebook.com *.zoominfo.com *.adsrvr.org *.cloudfront.net js.authorize.net *.authorize.net 'self' * *.hsforms.net *.hsforms.com 'self' data: data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.google.com *.googleapis.com map.googleapis.com maps.googleapis.com *.googletagmanager.com *.google.com.ua *.google.ca *.google.co.in *.crazyegg.com *.licdn.com *.facebook.net *.facebook.com *.zoominfo.com *.clickagy.com *.adsrvr.org *.hs-scripts.com *.hsleadflows.net *.hs-banner.com *.hsadspixel.net *.hs-analytics.net *.usemessages.com *.hubspotfeedback.com *.cloudfront.net js.authorize.net *.authorize.net *.4over.com 'self' *.hsforms.net *.hsforms.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.google.com www.google-analytics.com www.googleadservices.com *.googleapis.com map.googleapis.com maps.googleapis.com *.googletagmanager.com *.google.com.ua *.google.ca *.google.co.in *.adobedtm.com *.crazyegg.com *.licdn.com *.facebook.net *.facebook.com *.zoominfo.com *.adsrvr.org *.cloudfront.net js.authorize.net *.authorize.net 'self' * *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.google.com www.google-analytics.com www.googleadservices.com *.googleapis.com map.googleapis.com maps.googleapis.com *.googletagmanager.com *.google.com.ua *.google.ca *.google.co.in *.adobedtm.com *.crazyegg.com *.licdn.com *.facebook.net *.facebook.com *.zoominfo.com *.adsrvr.org *.cloudfront.net js.authorize.net *.authorize.net 'self' * 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.google.com *.google-analytics.com *.googleapis.com map.googleapis.com maps.googleapis.com *.googletagmanager.com *.google.com.ua *.google.ca *.google.co.in *.adobe.com *.adobedtm.com *.crazyegg.com *.licdn.com *.facebook.net *.facebook.com *.zoominfo.com *.clickagy.com *.adsrvr.org *.linkedin.com *.hubspot.com *.hubapi.com *.trustpilot.com *.cloudfront.net js.authorize.net *.authorize.net *.4over.com 'self' t.elasticsuite.io *.hsforms.net *.hsforms.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.authorize.net *.google.com cdnjs.cloudflare.com cdn.rawgit.com maps.googleapis.com rw1.marchex.io connect.facebook.net googleads.g.doubleclick.net *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.gstatic.com cdn.jsdelivr.net *.youtube.com *.vimeo.com s.ytimg.com *.googlesyndication.com *.hotjar.com unpkg.com *.googleapis.com investors.danaher.com cdn.cookielaw.org *.onetrust.com *.marketingcloudfx.com *.leadmanagerfx.com *.usefathom.com *.decibelinsight.net *.decibel.com *.medallia.com; object-src *.oembed.com *.vimeo.com *.youtube.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com tagmanager.google.com *.gstatic.com *.typekit.net *.jsdelivr.net maxcdn.bootstrapcdn.com investors.danaher.com *.onetrust.com; img-src 'self' 'unsafe-inline' data: maps.googleapis.com px.marchex.io *.facebook.com *.google.com *.gstatic.com cdn.rawgit.com raw.githubusercontent.com *.g.doubleclick.net *.google-analytics.com *.googletagmanager.com zensource-salisbury.s3.amazonaws.com chat.mcsoftware.com *.timevaluecalculators.com *.ytimg.com cdn.cookielaw.org *.vimeocdn.com *.usefathom.com; media-src *.vimeo.com *.youtube.com *.spotify.com *.vimeocdn.com 'self'; frame-src 'self' 'unsafe-inline' *.doubleclick.net *.google.com players.brightcove.net *.youtube.com *.googletagmanager.com vars.hotjar.com *.spotify.com *.vimeo.com player.vimeo.com; font-src data: 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com use.typekit.net maxcdn.bootstrapcdn.com cdnjs.cloudflare.com *.onetrust.com; connect-src 'self' 'unsafe-inline' *.authorize.net *.facebook.com *.onetrust.com stats.addtoany.com *.google-analytics.com cdn.cookielaw.org *.hotjar.com:* *.hotjar.com:* vc.hotjar.io:* wss://*.hotjar.com stats.g.doubleclick.net *.clarity.ms privacyportal-de.onetrust.com *.marketingcloudfx.com  *.leadmanagerfx.com *.decibelinsight.net *.decibel.com *.medallia.com; report-uri /report-csp-violation 1
object-src 'none';base-uri 'self';script-src 'nonce-wqONay2rjlPZeXZxvQgiYA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' https://*.brandhub.codered.net https://*.powertrain.codered.net;         media-src 'self' blob:;         script-src 'self' https://mb.etrackingserver.de https://*.scene7.com https://app.usercentrics.eu 'unsafe-inline' 'unsafe-eval' blob:;         style-src 'self' 'unsafe-inline' https://*.scene7.com;         img-src 'self' https://js.api.here.com https://*.scene7.com https://*.usercentrics.eu https://dev.day.com blob: data:;         connect-src 'self' https://*.usercentrics.eu https://mb.etrackingserver.de https://*.scene7.com https://*.mercedes-benz-trucks.net https://*.hereapi.com https://*.api.here.com blob:;         font-src 'self' https://js.api.here.com data:; 1
default-src 'none' ; img-src 'self' data: https://blob.userflow.com https://cdn.userflow.com https://js.userflow.com https://storage.googleapis.com/studio1-prod-blob/ * ; connect-src 'self' https://browser-intake-datadoghq.eu https://rum.browser-intake-datadoghq.eu https://logs.browser-intake-datadoghq.eu https://session-replay.browser-intake-datadoghq.eu https://api.analytics.pigment.app https://cdn.analytics.pigment.app https://auth.pigment.app https://staging-login.pigment.app wss://pigment.app wss://e.userflow.com https://cdn.userflow.com https://e.userflow.com https://js.userflow.com https://rs.fullstory.com wss://rs.fullstory.com https://edge.fullstory.com https://global.oktacdn.com https://api.segment.io https://cdn.segment.com https://api.maptiler.com https://api.vitally-eu.io https://app.vitally-eu.io https://use.typekit.net https://fonts.googleapis.com https://fonts.gstatic.com ; script-src 'self' cdn.analytics.pigment.app edge.fullstory.com rs.fullstory.com js.userflow.com cdn.userflow.com cdn.announcekit.app cdn.segment.com cdn.vitally-eu.io ; frame-src announcekit.co auth.pigment.app staging-login.pigment.app https://fast.wistia.net ; style-src 'self' 'unsafe-inline' js.userflow.com cdn.userflow.com fonts.googleapis.com cdn.announcekit.co https://use.typekit.net https://p.typekit.net ; worker-src blob: ; font-src 'self' https://use.typekit.net fonts.gstatic.com data: ; manifest-src 'self' ; object-src 'none' ; media-src https://blob.userflow.com https://cdn.userflow.com https://storage.googleapis.com/studio1-prod-blob/ ; frame-ancestors https://pigment7-dev-ed.develop.lightning.force.com/ https://pigment7-dev-ed--c.develop.vf.force.com/ https://wiki.klarna.net/ ; base-uri 'self' ; form-action https://announcekit.co ; report-uri https://pigment.uriports.com/reports/report ; report-to report ; 1
object-src 'none';base-uri 'self';script-src 'nonce-fW_sBdfrtFZyxNTKx_rirQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-zpI8q5WTAZE62Bjm_ikwYA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net https://*.gstatic.com data: *.sodatech.com *.sodatech.net *.gstatic.com *.typekit.net cdn.livechatinc.com mediacdn.espssl.com viewer.byondxr.com use.fontawesome.com 'self' data: https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com api.bazaarvoice.com stg.api.bazaarvoice.com pal-test.adyen.com www.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.pinterest.com https://ghirardelli.slgnt.us 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.adyen.com *.sharethis.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.ehappify.com www.xtento.com *.vimeo.com *.jsctool.com *.pinterest.com *.mmcagentur.at *.doubleclick.net *.facebook.com *.facebook.net *.google.com *.demdex.net *.authorize.net *.paypal.com *.googletagmanager.com *.xtento.com *.app-wallee.com *.waltpixel.com *.equitystory.com offer.slgnt.us vars.hotjar.com *.pepperjamnetwork.com services.listrak.com *.serverdata.net *.livechatinc.com *.lindtusa.com *.russellstover.com *.ghirardelli.com https://*.ordergroove.com app-wallee.com www.jsctool.com static.ogmystyle.com static2.ogmystyle.com www.mystyleplatform.com *.weltpixel.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.trustpilot.com geowidget.inpost.pl sandbox-easy-geowidget-sdk.easypack24.net widget.packeta.com https://ghirardelli.slgnt.us https://www.paypalobjects.com https://lindtusa.rlvs.co.uk https://optmize.google.com https://www.google.com/ https://ct.pinterest.com/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com https://*.gstatic.com *.sharethis.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com *.cloudfront.net *.amazonaws.com www.xtento.com cdn.xtento.com blob: lindt.test *.lindt.test maps.googleapis.com *.pinterest.com *.postcodeanywhere.co.uk *.klarna.com *.invibes.com *.b26net.com https://www.google-analytics.com *.googletagmanager.com *.teads.tv *.videostep.com *.facebook.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.taboola.com *.doubleclick.net *.outbrain.com *.adobedtm.com *.omtrdc.net *.demdex.net *.everesttech.net *.magentocommerce.com *.sodatech.com *.sodatech.net api.official-deals.co.uk api.official-coupons.com *.adsymptotic.com cdn.livechat-files.com cp.official-coupons.com cookie-cdn.cookiepro.com cp.official-deals.co.uk site-azp.slgnt.us ct.pinterest.com *.ads.linkedin.com cdn.polyfill.io offer.slgnt.us *.blob.core.windows.net s.pinimg.com snap.licdn.com mediacdn.espssl.com *.clarity.ms *.bing.com *.serverdata.net lindtna.test *.lindtna.test *.livechatinc.com mageside.com app-wallee.com d.ratepay.com viewer.byondxr.com s3.us-west-2.amazonaws.com showroom-media.byondxr.com media-optimization-service.byondxr.com *.byondxr.com *.listrakbi.com www.mystyleplatform.com static.mystyleplatform.com static2.mystyleplatform.com static2.ogmystyle.com mystyleplatform.s3.us-west-2.amazonaws.com maps.gstatic.com maps.google.com *.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com https://redchamps.com 'self' data: geowidget.inpost.pl sandbox-easy-geowidget-sdk.easypack24.net widget.packeta.com https://www.upsellit.com https://mediacdn.espssl.com/2824/Shared/Modal/chocolate.png https://www.linkedin.com https://*.linkedin.com/ https://px.ads.linkedin.com *.googleadservices.com *.russellstover.com https://www.google-anaytics.com https://www.googletagmanager.com https://optimize.google.com https://bam.nr-data.net *.bazaarvoice.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com *.adyen.com *.sharethis.com *.googleapis.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com widget.freshworks.com m2epro.freshdesk.com www.xtento.com cdn.xtento.com *.pcapredict.com lindt.slgnt.eu maps.googleapis.com *.pinterest.com *.postcodeanywhere.co.uk *.ratepay.com *.cloudflare.com *.teads.tv *.r66net.com *.facebook.net *.googleadservices.com *.doubleclick.net *.cookiepro.com *.cloudfront.net *.videostep.com *.mfgroup.ch *.taboola.com *.outbrain.com *.adobedtm.com *.authorize.net *.unpkg.com *.fontawesome.com *.sodatech.net *.sodatech.com www.clarity.ms bat.bing.com *.b2c.com bt.fraud0.com container.pepperjam.com www.googleoptimize.com *.hotjar.com *.pepperjamnetwork.com *.revlifter.io site-azp.slgnt.us ct.pinterest.com *.ads.linkedin.com cdn.polyfill.io offer.slgnt.us *.blob.core.windows.net s.pinimg.com snap.licdn.com acsbapp.com cdn.noibu.com www.youtube.com *.upsellit.com *.livechatinc.com *.serverdata.net *.tiktok.com *.ordergroove.com app-wallee.com d.ratepay.com www.jsctool.com byondxr-viewer.byondxr.com web-apps.byondxr.com *.listrakbi.com *.listrak.com mystyleplatform.com www.mystyleplatform.com static.ogmystyle.com static2.ogmystyle.com d203yb14zlmxwn.cloudfront.net cdnjs.cloudflare.com cdn.jsdelivr.net use.fontawesome.com *.mczbf.com maps.google.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com *.google.com *.gstatic.com *.trustpilot.com geowidget.inpost.pl sandbox-easy-geowidget-sdk.easypack24.net widget.packeta.com https://www.youtube.com https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com 'unsafe-inline' https://optimize.google.com 'unsafe-inline' https://www.lindt-spruengli.com/* https://www.lindt-spruengli.com/media/target/VAPI.min.js https://www.lindt-spruengli.com/media/target/at.js https://click2cart.com https://ghirardelli.mycontactcenter.net/ https://pop1-apps.mycontactcenter.net/ https://form.jotform.com https://ghirardelli-pages.vercel.app https://form.jotform.com/jsform/250416509718156 https://form.jotform.com/250695600740152 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com https://fonts.googleapis.com/ *.sharethis.com display.ugc.bazaarvoice.com *.amazonaws.com widget.freshworks.com m2epro.freshdesk.com *.fonts.net *.postcodeanywhere.co.uk *.cloudfront.net *.cloudflare.com *.sodatech.com *.sodatech.net *.googleapis.com *.getfirebug.com cloud.typography.com *.serverdata.net *.myfonts.net *.russellstover.com d.ratepay.com *.listrakbi.com *.listrak.com use.fontawesome.com www.mystyleplatform.com static.ogmystyle.com static2.ogmystyle.com unsafe-inline assets.braintreegateway.com tagmanager.google.com *.gstatic.com *.trustpilot.com geowidget.inpost.pl widget.packeta.com https://cloud.typography.com 'unsafe-inline' https://optimize.google.com https://fonts.googleapis.com 'unsafe-inline' 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cloudfront.net *.serverdata.net *.livechatinc.com *.listrakbi.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com *.sentry.io *.adyen.com *.sharethis.com *.googleapis.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com widget.freshworks.com m2epro.freshdesk.com *.paypal.com *.postcodeanywhere.co.uk *.ratepay.com *.luckyorange.net *.cookiepro.com *.mfgroup.ch *.doubleclick.net *.visitors.live wss://in.visitors.live wss://visitors.live wss://in.visitors.live/ wss://visitors.live/ visitors.live *.taboola.com *.demdex.net *.omtrdc.net *.magento.com *.adobe.net *.adobedtm.com *.adobedc.net *.typekit.net *.magedevteam.com *.sodatech.com *.sodatech.net *.teads.tv www.sjwoe.com input.noibu.com wss://input.noibu.com/pv_part in.hotjar.com www.facebook.com *.b2c.com bt.fraud0.com *.revlifter.com *.pepperjamnetwork.com *.revlifter.io site-azp.slgnt.us ct.pinterest.com *.ads.linkedin.com cdn.polyfill.io offer.slgnt.us s.pinimg.com snap.licdn.com *.acsbapp.com cdn.noibu.com https://maps.googleapis.com *.clarity.ms *.facebook.com *.serverdata.net *.livechatinc.com api.addressy.com *.listrakbi.com *.mczbf.com *.tiktok.com *.ordergroove.com d.ratepay.com www.jsctool.com *.byondxr.com api.byondxr.com s3.us-west-2.amazonaws.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com https://www.google-analytics.com t.elasticsuite.io *.google-analytics.com https://cdn.linkedin.oribi.io https://vc.hotjar.io *.ghirardelli.com *.hotjar.io *.bing.com ws.hotjar.com wss://ws.hotjar.com sc-api.click2cart.com https://geolocation.onetrust.com https://bat.bing.com ghirardelli-pages.vercel.app https://ghirardelli-pages.vercel.app/api/synup https://ghirardelli-pages.vercel.app 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.byondxr.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=ydzGRQ0Y6pbwmlx68s7R62aBP3XF6hQZE0lSm6GnxX8-1752201119-1.0.1.1-DXJcfXhfeUuEM2ZWNacXHRFPWwQ4CgUpQD6RYaT4rUAzAjyiOV1NmgrYr9sRKe4Al74IINSW82DDIiC0CMT9qNdQYHWLcMPOqmd5PUFR4h4nAIr.Tt1102YHjR7ncaRJmGpJI8Lv8FvOkh530xDzsaKg1rX.NWRcV1w3IieJbEoPQi4H0_NGZHgoiiEbbLcc4dKwBv9FRmSjVRhYDrmDYQ; report-to cf-lvrwilhbjnsumrzk 1
default-src 'self'           *.ponycanyon.co.jp;         font-src 'self'           *.ponycanyon.co.jp           fonts.gstatic.com           data:;         form-action 'self'           *.ponycanyon.co.jp;         worker-src 'self'           blob:           *.ponycanyon.co.jp           cdnjs.cloudflare.com;         connect-src 'self'           *.ponycanyon.co.jp           *.google-analytics.com           *.analytics.google.com           *.googletagmanager.com           *.g.doubleclick.net           *.google.com           www.google.co.jp 	  *.clarity.ms;         frame-src 'self'           *.ponycanyon.co.jp           www.youtube.com           td.doubleclick.net 	  www.googletagmanager.com           open.spotify.com 	  embed-cdn.spotifycdn.com;         img-src *;         media-src 'self'           blob:           *.ponycanyon.co.jp;         script-src 'self'           'unsafe-inline'           *.ponycanyon.co.jp           ajax.aspnetcdn.com           cdn.jsdelivr.net           cdnjs.cloudflare.com           *.googletagmanager.com           *.google.com           www.google-analytics.com           ad.jp.ap.valuecommerce.com 	  *.clarity.ms 	  embed-cdn.spotifycdn.com;         style-src 'self'           'unsafe-inline'           *.ponycanyon.co.jp           cdn.jsdelivr.net           cdnjs.cloudflare.com           fonts.googleapis.com           tagmanager.google.com;         report-uri https://csp-log.ponycanyon.co.jp/; 1
default-src 'self';font-src 'self' data: https://fonts.gstatic.com;connect-src 'self' https://brandportal.uponor.com https://*.usercentrics.eu https://*.google.com https://*.googleapis.com https://*.linkedin.com https://*.stackadapt.com https://*.doubleclick.net https://*.teads.tv https://*.clarity.ms https://*.google-analytics.com https://*.adobe.io https://*.hotjar.io wss://*.hotjar.com https://*.bing.com https://uponorna.my.site.com https://*.lumoa.me https://*.sharethis.com https://pixel-config.reddit.com https://www.redditstatic.com https://*.google.ee https://*.google.de https://*.google.cz https://*.google.se https://salesviewer.org https://*.google.fi https://bat.bing.net https://*.facebook.com https://*.google.is https://*.google.pl https://*.google.sk; frame-src https://*.youtube.com https://*.googletagmanager.com https://*.doubleclick.net https://*.force.com https://*.google.com https://*.usercentrics.eu https://*.teads.tv https://*.adobe.com https://*.tfaforms.net https://*.facebook.com https://*.bimsmith.com https://go.eu.uponor.com https://*.transistor.fm https://go.uponor.info https://youtube.com https://locator.maplet.com/; script-src 'self' 'nonce-dZPN9BklP9wMWZzM0WBbeX2H5dPH41UqxYHt0r0MX+E=' 'strict-dynamic'; img-src 'self' data: https://brandportal.uponor.com https://*.usercentrics.eu https://*.facebook.com https://*.linkedin.com https://*.teads.tv https://bat.bing.com https://maps.gstatic.com https://*.google.com https://*.doubleclick.net https://d2csxpduxe849s.cloudfront.net https://*.googletagmanager.com https://*.clarity.ms https://img.youtube.com https://*.sharethis.com https://*.uponor.com https://googleapis.com https://*.krxd.net https://*.google.lt https://*.google.hu https://*.google.dk https://alb.reddit.com https://*.google.ca https://*.google.ee https://*.google.de https://*.google.cz https://*.google.se https://*.google.co.uk https://*.google.pt https://*.globenewswire.com https://*.google.pl https://*.google.nl https://*.google.es https://*.google.ba https://cdn.midas-network.com https://*.google.fr https://*.google.si https://*.google.com.uy https://*.google.fi https://*.google.sk https://*.google.co.in https://*.google.no https://*.google.ro; style-src 'self' 'unsafe-inline' https://*.force.com https://*.usercentrics.eu https://*.stackadapt.com https://*.googleapis.com; object-src 'self' https://*.usercentrics.eu;form-action 'self' https://*.uponor.com https://*.tfaforms.net https://*.facebook.com; base-uri 'self'; 1
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/privacysandbox_com 1
report-uri https://logs-01.loggly.com/inputs/4e92d8a9-baa6-4559-82e2-05428d10fa7b/tag/csp; report-to default 1
object-src 'none'; frame-ancestors https://*.workspot.com; worker-src 'self' blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.cloudflare.com https://pi.pardot.com https://*.cookiebot.com https://*.workspot.com https://www.google-analytics.com https://www.googletagmanager.com https://*.google.co.uk https://www.workspot.com https://*.google.com https://*.googleadservices.com https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.cn https://*.gstatic.com; font-src 'self' https://*.gstatic.com https://s0.wp.com data:; img-src 'self' https://*.cookiebot.com data: https://www.google-analytics.com https://*.google.co.uk https://*.google.com https://secure.gravatar.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com; connect-src 'self' https://*.cookiebot.com https://*.google.com https://www.google-analytics.com https://stats.g.doubleclick.net yoast.com; report-uri /; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://fonts.gstatic.com https://ws.colissimo.fr *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.dotdigital-pages.com *.dotdigital.com webchat.dotdigital.com webchat.staging.dotdigital.com https://www.youtube.com https://form.typeform.com *.criteo.com *.hotjar.com *.facebook.com *.simply-jobs.fr payment.direct.worldline-solutions.com payment.preprod.direct.worldline-solutions.com payment.anzworldline-solutions.com.au payment.preprod.anzworldline-solutions.com.au payment.payone.com payment.preprod.payone.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.bird.eu *.trackedlink.net https://maps.googleapis.com https://maps.gstatic.com https://ws.colissimo.fr https://*.tile.openstreetmap.fr https://*.onyourmap.com https://google.fr magefan.com cm.magefan.com *.disqus.com *.thebrighttag.com *.avis-verifies.com *.adform.net id5-sync.com *.liadm.com *.google.com *.google.fr *.kameleoon.eu *.nr-data.net *.metaffiliation.com *.facebook.com *.d-bi.fr *.adnxs.com *.omnitagjs.com *.casalemedia.com *.dmxleo.com *.360yield.com *.criteo.com *.media.net *.mediavine.com *.outbrain.com *.pubmatic.com *.rubiconproject.com *.sharethrough.com *.smaato.net *.smartadserver.com *.taboola.com *.teads.tv *.3lift.com *.advertising.com *.yahoo.com *.yieldlab.net *.yieldmo.com *.rlcdn.com *.smartclip.net *.tremorhub.com *.twiago.com *.krxd.net *.bing.com *.bidswitch.net *.doubleclick.net *.googleapis.com *.monnaiedeparis.fr blob: www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.typekit.net google.com *.google.com *.cdn-apple.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal webchat.dotdigital.com webchat.staging.dotdigital.com https://maps.googleapis.com https://www.google.com https://www.gstatic.com https://ws.colissimo.fr https://api.mapbox.com https://*.typeform.com *.disqus.com *.kameleoon.eu *.google.fr *.facebook.net *.d-bi.fr *.hotjar.com *.serving-sys.com *.criteo.com *.criteo.net *.monnaiedeparis.fr *.metaffiliation.com *.eulerian.net *.doubleclick.net *.bing.com *.soundclound.com *.soundcloud.com *.piwik.pro *.gstatic.com *.clarity.ms ipinfo.io *.addtoany.com payment.direct.worldline-solutions.com payment.preprod.direct.worldline-solutions.com payment.anzworldline-solutions.com.au payment.preprod.anzworldline-solutions.com.au payment.payone.com payment.preprod.payone.com https://widgets.rr.skeepers.io/ https://api-product-reviews.cxr.skeepers.io/ https://cl-ppr.rr.skeepers.io/ https://cl-pbr.cxr.skeepers.io/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com webchat.dotdigital.com webchat.staging.dotdigital.com https://fonts.googleapis.com https://ws.colissimo.fr https://api.mapbox.com https://*.typeform.com *.fontawesome.com *.googleapis.com *.addtoany.com 'self' data: *.typekit.net maxcdn.bootstrapcdn.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net *.sentry.io *.paypal.com google.com *.google.com qa-api.magedevteam.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com https://ws.colissimo.fr https://maps.googleapis.com https://nominatim.openstreetmap.org https://*.onyourmap.com https://*.mapbox.com http://dpm.demdex.net *.google-analytics.com *.g.doubleclick.net *.kameleoon.eu *.google.fr *.hotjar.com *.serving-sys.com *.criteo.com *.criteo.net *.monnaiedeparis.fr *.metaffiliation.com *.eulerian.net *.piwik.pro * payment.direct.worldline-solutions.com payment.preprod.direct.worldline-solutions.com payment.anzworldline-solutions.com.au payment.preprod.anzworldline-solutions.com.au payment.payone.com payment.preprod.payone.com https://widgets.rr.skeepers.io/ https://api-product-reviews.cxr.skeepers.io/ https://cl-ppr.rr.skeepers.io/ https://cl-pbr.cxr.skeepers.io/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://fonts.googleapis.com; report-to report-endpoint; 1
script-src  https://content.vistana.com 'self' https://stats.g.doubleclick.net https://checkoutshopper-test.adyen.com/ https://www.facebook.com https://pal-test.adyen.com https://*.clicktale.net https://c.az.contentsquare.net https://assets.adobedtm.com https://*.contentsquare.com https://pay.google.com https://dpm.demdex.net blob: https://t.contentsquare.net/uxa/f3e2b0b1cfa35.js https://zn3wuecdqd6sxvlyu-marriottvacationclub.siteintercept.qualtrics.com/WRSiteInterceptEngine/ 'report-sample' https://service.force.com/embeddedservice/ 'unsafe-eval' 'unsafe-inline' https://payments.salesforce.com/ https://siteintercept.qualtrics.com https://googleads.g.doubleclick.net https://mvwvo--exppod2--c.sandbox.vf.force.com https://checkoutshopper-live.adyen.com/ https://s32171.pcdn.co https://cdn.content.aws-prod1-useast1.aws.sfdc.cl/ https://privacy-portal-mvwc-cdn.my.onetrust.com https://maps.a.forceusercontent.com https://connect.facebook.net https://www.gstatic.com/recaptcha/ https://uip.canary.lwc.dev https://geolocation.onetrust.com https://*.kampyle.com https://cdn.content.aws-dev2-uswest2.aws.sfdc.cl/ https://mordev.112.2o7.net https://mvwvo--exppod2--c.sandbox.vf.force.com/resource/1669023906000/x7smvtestimage https://s20426.pcdn.co https://www.googletagmanager.com/gtag/js https://www.google.com/recaptcha/ https://cdn.cookielaw.org/ https://bat.bing.com https://js.stripe.com/ https://cdn.tt.omtrdc.net https://t.contentsquare.net https://www.googletagmanager.com import: https://www.google-analytics.com *.salesforce.com https://www.paypal.com/sdk/js https://*.contentsquare.net; report-to sfdc-csp-ep; report-uri https://mvwvo.lightning.force.com/_/ContentDomainCSPNoAuth?tenantId=00D4x000006sQxi&networkId=0DM4x000000dPWp&type=communities 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self'; connect-src 'self'; report-uri https://dcc-cspreport.enovation.ie/csp-report-dccdrupal.php 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://cdn.cookielaw.org https://www.bnpparibas.de https://brasil.bnpparibas; script-src 'self' 'unsafe-eval' https://fast.wistia.com https://beacon-v2 https://analyticsgroupcom.bnpparibas.com https://cdn-group.bnpparibas.com https://cdn.cookielaw.org https://cdn.territories.bnpparibas ajax.googleapis.com www.googletagmanager.com googletagmanager.com tagmanager.google.com 'sha256-77WmSGVq6PlE+/dOVkQSZGQWCrUBl6KIyLWH507dV1o=' 'sha256-ri1sEI/G/EU7+oOH7hH8BCb1gEU6R4Yt3lwBQgsRM34=' 'sha256-F+QMJISS2IIkRUd2a+c+u1owMqMSoidCaHFDAmzUgOo=' 'sha256-iqOPaRlwwgtNy7J3vh/+LSW9/QVdN+Fl+YfMS8+GcPo=' 'sha256-yZHeusBmoqYSsqdm5ylf993dfqVyosFaYa5gueKZDsA=' 'sha256-rjfSUjIA2A20p4lATAefLLG7Fy7VJssnkJ+SnJ2TXNo=' 'sha256-NoWu+BuWxBsWAc9iEH0HnQQP7HC05AcUDK7axdIDjwo=' 'sha256-RWn1w3BKiDlDNbD6vM1kYLpeWCwwWPkob0LMWJ2gKJk=' 'sha256-Rwb4lMFM6ruuLw7eXwoZFqzlTNkJghZm3wczUjn8DhI=' 'sha256-ey3QD29LI3pqJWTQulMrVOZd7VGrjmGOGV5DmV2otwQ=' 'sha256-fPXetwWx4258jL256OrNtQQyvFVR4/BotkeZKtfk54Q=' 'sha256-yElBEKucE35qwHf8qWcAvqD25zOJ7TqTptcHyzGhOxw=' 'sha256-0a685AMCA+1PwD4bw/Em4qPk8lLRCctJV7YwQX0Cllw=' 'sha256-KQ3rh51SydDPiCkYcJhQhgINy1AwThOIZOIPDGhcoiY='; style-src 'self' 'unsafe-inline' data: https://fonts.googleapis.com https://www.gstatic.com https://cdn-group.bnpparibas.com https://cdn.cookielaw.org https://cdn.territories.bnpparibas fonts.googleapis.com www.googletagmanager.com tagmanager.google.com; img-src 'self' data: https://s.w.org https://wp-rocket.me https://c.tile.openstreetmap.org https://a.tile.openstreetmap.org https://b.tile.openstreetmap.org blob: https://www.google.com/pagead/landing https://ade.googlesyndication.com https://pagead2.googlesyndication.com https://ad.doubleclick.net https://cdn-group.bnpparibas.com https://cdn.cookielaw.org https://cdn.territories.bnpparibas secure.gravatar.com www.gravatar.com i.ytimg.com data: www.googletagmanager.com; connect-src 'self' https://bnp-privacy.my.onetrust.com https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://yoast.com https://cdn.cookielaw.org https://o173685.ingest.sentry.io https://analyticsgroupcom.bnpparibas.com https://contrib.territories.bnpparibas https://www.google.com/pagead/landing https://pagead2.googlesyndication.com https://adservice.google.com www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com https://fast.wistia.com https://github.com/google/fonts https://cdn-group.bnpparibas.com https://cdn.cookielaw.org https://cdn.territories.bnpparibas fonts.gstatic.com fonts.googleapis.com data:; media-src 'self' https://asset.mediahub.bnpparibas https://upload.wikimedia.org https://broadcast.mediahub.bnpparibas data: https://mediahub.group.echonet https://cdn-group.bnpparibas.com https://cdn.cookielaw.org https://cdn.territories.bnpparibas; frame-src 'self' https://www.youtube.com https://wp-rocket.me https://open.spotify.com https://www.youtube-nocookie.com https://centric.bnpparibas.com https://13179764.fls.doubleclick.net https://td.doubleclick.net https://gateway.zscalertwo.net https://remove.video https://mozbar.moz.com www.youtube.com www.googletagmanager.com; child-src 'self' www.youtube.com www.googletagmanager.com; worker-src 'self' blob:; 1
frame-ancestors 'self'; report-uri https://www.thechronicle.com.au/csp-reports 1
object-src 'none';base-uri 'self';script-src 'nonce-MKhX5UMdXtWgglyM3Odc9w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-lJfGmhu70j_OBboHMH9taA' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All 1
form-action 'report-sample' 'self' 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com *.googleapis.com maxcdn.bootstrapcdn.com *.cdnfonts.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * landofcoder.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar gnc.com.mx *.gnc.com.mx *.mercadopago.com.mx *.google.com.mx *.bing.com *.clarity.ms https://cdn.aplazo.mx/ assets.instantsearchplus.com *.akamaized.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.magento-ds.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.magento-datasolutions.com *.acp-magento.appspot.com *.akamaized.net *.instantsearchplus.com *.fastsimon.com fastsimon-grid.akamaized.net cdnjs.cloudflare.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.googleapis.com *.gstatic.com *.fontawesome.com player.vimeo.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.getblue.io *.scarabresearch.com *.facebook.net *.appspot.com *.convertexperiments.com *.clarity.ms *.hotjar.com *.zdassets.com *.survicate.com *.recapture.io *.bing.com *.tiktok.com *.zendesk.com wss://widget-mediator.zopim.com/ https://api.aplazo.net https://posbifrost.aplazo.net https://api.aplazo.mx https://posbifrost.aplazo.mx js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://cdn.recapture.io landofcoder.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com maxcdn.bootstrapcdn.com *.cdnfonts.com *.fastsimon.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.sentry.io *.paypal.com google.com *.google.com *.magento-datasolutions.com *.magento-ds.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.fastsimon.com *.scarabresearch.com *.zdassets.com *.zendesk.com *.zopim.com *.clarity.ms *.tiktok.com wss://widget-mediator.zopim.com/ *.doubleclick.net *.hotjar.com *.googleapis.com https://api.aplazo.net https://posbifrost.aplazo.net https://api.aplazo.mx https://posbifrost.aplazo.mx api.instantsearchplus.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com https://app.recapture.io landofcoder.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-iGADQldYib_HYuR0EghJBA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'none'; form-action 'none'; frame-ancestors 'none'; report-uri; report-uri https://cybersmart.report-uri.com/r/d/csp/wizard 1
default-src 'self' *.fls.doubleclick.net *.google-analytics.com *.overdrive.com bam.nr-data.net connect.facebook.net hello.myfonts.net stats.g.doubleclick.net tracking.crazyegg.com/clock; connect-src 'self' *.google-analytics.com analytics.google.com bam.nr-data.net hello.myfonts.net manager.us.smartlook.cloud script.crazyegg.com/pages/data-scripts/0023/8294.json stats.g.doubleclick.net tracking.crazyegg.com/clock www.facebook.com/tr/ api.digioh.com jsapi.azurewebsites.net analytics.digioh.com; script-src 'self' apis.google.com/js/platform.js bam.nr-data.net connect.facebook.com connect.facebook.net js-agent.newrelic.com script.crazyegg.com servedbyadbutler.com/adserve/ servedbyadbutler.com/app.js web-sdk.smartlook.com www.google-analytics.com/analytics.js www.googletagmanager.com cdn.digioh.com scripts.digioh.com lightboxcdn.digioh.com 'unsafe-eval' 'unsafe-inline'; script-src-elem 'self' apis.google.com/ apis.google.com/_/scs/apps-static/_/js/ apis.google.com/js/platform.js bam.nr-data.net connect.facebook.net js-agent.newrelic.com/ script.crazyegg.com/pages/scripts/0023/8294.js script.crazyegg.com/pages/versioned/common-scripts/ servedbyadbutler.com/adserve/ servedbyadbutler.com/app.js web-sdk.smartlook.com www.google-analytics.com/analytics.js www.google-analytics.com/plugins/ua/ec.js www.google.com/recaptcha www.googletagmanager.com 'unsafe-inline'; style-src 'self' 'unsafe-inline'; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'nonce-oqIVu5dBZg7+FO8baHldskrALTg='; img-src 'self' data: images.contentreserve.com/ img1.od-cdn.com servedbyadbutler.com/getad.img/ t.co/i/ www.facebook.com/tr/ www.google-analytics.com/collect www.google.com/ads/ www.googletagmanager.com/a www.googletagmanager.com/td cdn.digioh.com *.google-analytics.com *.doubleclick.net; frame-src 'self' 9250847.fls.doubleclick.net accounts.google.com/ classroom.google.com www.facebook.com/ www.gstatic.com/; worker-src blob:; object-src 'none'; report-uri https://itsentry.overdrive.com/api/13/security/?sentry_key=86a98bc6ee19c71aed01755910f50c3c 1
font-src *.squarecdn.com fonts.googleapis.com fonts.gstatic.com *.klevu.com *.ksearchnet.com *.fontawesome.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com api.bazaarvoice.com stg.api.bazaarvoice.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ widgets.sandbox.afterpay.com *.cash.app *.dotdigital-pages.com *.dotdigital.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.pinterest.com *.pinterdev.com commerce-app.pintergration.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.afterpay.com/ *.cash.app *.trackedlink.net maps.googleapis.com maps.gstatic.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.klevu.com *.ksearchnet.com *.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.pinterest.com *.pinterdev.com *.pinimg.com commerce-app.pintergration.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com *.squarecdn.com https://hbiq.net *.cash.app *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal maps.googleapis.com maps.gstatic.com fonts.googleapis.com https://developer.adobe.com https://magento.com https://cdn.avmws.com/ http://cdn.avmws.com/ apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.klevu.com *.ksearchnet.com *.googletagmanager.com *.facebook.net www.termsfeed.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.pinterest.com *.pinterdev.com *.pinimg.com commerce-app.pintergration.com https://js.klevu.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com static.afterpay.com/ *.squarecdn.com *.cash.app fonts.googleapis.com display.ugc.bazaarvoice.com *.klevu.com *.ksearchnet.com *.fontawesome.com unsafe-inline assets.braintreegateway.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.afterpay.com *.squarecdn.com https://hbiq.net https://iq.afterpay-beta.com https://iq.afterpay.com *.cash.app api.lab.amplitude.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com https://developer.adobe.com https://cdn.avmws.com/ http://cdn.avmws.com/ api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.klevu.com *.ksearchnet.com *.google-analytics.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.pinterest.com *.pinterdev.com commerce-app.pintergration.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' http: https://*-chcf-wp.pantheonsite.io/ https://chcf-wp.ddev.site https://*.addthis.com https://*.youtube.com; script-src 'unsafe-inline' 'unsafe-eval' http: https://*.google.com https://fonts.googleapis.com https://ajax.googleapis.com https://jnn-pa.googleapis.com https://*.googletagmanager.com https://*.youtube.com https://*.addthis.com https://*.google-analytics.com https://*.ytimg.com https://*.moatads.com https://*.doubleclick.net https://*.addthisedge.com https://cdnjs.cloudflare.com; style-src 'unsafe-inline' http: https://*.google.com https://fonts.googleapis.com https://ajax.googleapis.com https://jnn-pa.googleapis.com https://*.youtube.com; img-src 'self' http: data: https://*.ytimg.com https://*.ggpht.com https://*.gstatic.com https://*.google-analytics.com; connect-src 'self' https://*.google-analytics.com https://*.bookingbug.com https://geolocation.onetrust.com https://*.cookielaw.org https://fonts.googleapis.com https://ajax.googleapis.com https://jnn-pa.googleapis.com *.addtoany.com; font-src 'self' data: fonts.gstatic.com use.typekit.net use.fontawesome.com bespoke.bookingbug.com; media-src 'self' *.youtube.com *.vimeo.com *.akamaized.net; report-uri 'self'; child-src 'self'; form-action 'self'; frame-ancestors 'self'; object-src 'self'; frame-src 'self' blob: *.youtube.com *.youtube-nocookie.com *.doubleclick.net *.soundcloud.com *.facebook.com *.vimeo.com *.addtoany.com *.infogram.com *.simplecast.com; worker-src 'self'; manifest-src 'self'; navigate-to 'self'; prefetch-src 'self'; upgrade-insecure-requests 1
default-src 'self' ; script-src 'self' 'unsafe-eval' 'unsafe-inline' 'nonce-17c59cf0-ace3-4e80-a453-86e59092c5a1' https: data: https://js.sentry-cdn.com https://fast.wistia.com https://fast.wistia.net https://siteintercept.qualtrics.com https://browser.sentry-cdn.com https://*.siteintercept.qualtrics.com https://www.googletagmanager.com https://js.monitor.azure.com; style-src 'self' 'unsafe-inline' https://fast.wistia.com https://cdn.jsdelivr.net https://more.suse.com; img-src 'self' https: data: https://fast.wistia.com https://embed-ssl.wistia.com https://cdn.cookielaw.org https://embed-ssl.wistia.com https://fast.wistia.net https://fast.wistia.com https://cdn.cookielaw.org https://embed-ssl.wistia.com https://embed-ssl.wistia.com https://cdn.cookielaw.org https://embed-ssl.wistia.com; connect-src 'self' https: wss: https://cdn.cookielaw.org https://distillery.wistia.com https://siteintercept.qualtrics.com https://dc.services.visualstudio.com https://fast.wistia.com https://fast.wistia.net https://pipedream.wistia.com wss://ws.qualified.com https://embed-ssl.wistia.com https://apple.dxcloud.episerver.net https://cdn.jsdelivr.net https://js.monitor.azure.com wss://ws.qualified.com; font-src 'self' https: data: https://fonts.gstatic.com https://fast.wistia.net; object-src 'none'; ; media-src 'self' https: blob: ; frame-src 'self' https: ; form-action 'self' https://suselinux.fra1.qualtrics.com; frame-ancestors 'self' ; base-uri 'none'; ;  report-uri https://www.suse.com/api/reporting/;  report-to csp-endpoint; 1
default-src 'self';   connect-src 'self' https://gvb-apim-service-prod2.azure-api.net https://gvb-app.matomo.cloud consentcdn.cookiebot.com https://dc.services.visualstudio.com/v2/track https://*.algolia.net https://*.algolianet.com https://*.algolia.io https://*.dynamics.com https://*.azureedge.net https://cdn.jsdelivr.net/npm/@lottiefiles/dotlottie-web@0.41.0/dist/dotlottie-player.wasm ;   script-src 'strict-dynamic' 'nonce-522sKZFu+JJfIH0+BG+xoi4H6gODOh1BOseSuWNlsDQ=' 'sha256-X9GtzORyUShRgrb5vBVwF3p8WtKom3jBuMyocEhfL3Q='  'self' https://cdn.matomo.cloud https://gvb-app.matomo.cloud consent.cookiebot.com consentcdn.cookiebot.com https://*.dynamics.com https://*.azureedge.net;   frame-src 'self' consentcdn.cookiebot.com https://*.tiqets.com;   base-uri 'self';   block-all-mixed-content;   font-src 'self' https: data:;   img-src * 'self' data: https;   object-src 'none';   script-src-attr 'none';   style-src 'self' https://gvb-apim-service-prod2.azure-api.net 'unsafe-inline'; 1
default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.adobedtm.com *.amazon-adsystem.com *.appdemostore.com *.atdmt.com *.avocet.io *.blubrry.com *.clicktale.net *.craftyclicks.co.uk *.chatcora.natwest.com   *.doubleclick.net *.everesttech.net *.facebook.com *.facebook.net *.fca.org.uk *.google.co.uk *.google.com *.google.ie *.googleadservices.com *.jwpcdn.com *.liveperson.net *.linkedin.com *.lpsnmedia.net *.neolane.net *.omguk.com *.omtrdc.net *.pinimg.com *.pinterest.com *.snapchat.com *.ulsterbank.co.uk *.ulsterbank.com *.ulsterbankanytimebanking.co.uk *.userzoom.com *.youtube.com *.ytimg.com analytics.twitter.com api.swiftype.com dcs.demdex.net dpm.demdex.net fast.demdex.net fast.rbs.demdex.net jwpltx.com rbs.demdex.net sc-static.net static.ads-twitter.com t.co www.brightedge.com; upgrade-insecure-requests; block-all-mixed-content; report-uri https://ulsterbankni.report-uri.com/r/t/csp/reportOnly 1
script-src 'sha256-EEC0GH3Ekmhto/aNuTfCEkXvmBKHU4YnEIyKNRcD24c=' 'sha256-3PGLPLxeuzstwKRw0c/My7OMcvEjBoubzMQ3e7QQt00=' 'sha256-yemDDSJelBraffTGGhUE+65Qzp0o/RBNk/y6vbVZCXc=' 'sha256-TnKrVTTldcZuJmBCXWQ2sRNW9aV0Fx1Z7CiUgicDv1k=' 'sha256-0Qv2QGTi8oA8Y/LsDS2Pt5zJc9XDABrCUJtpy7rJz54=' 'sha256-bO6ktYkU2XDKzJ09v5GE4T1cBRzlNWYJcKAVSWNfz40=' 'sha256-uGM8hAN2+8WiQjg0ghCfox4kZt6Bq3yeEhMfnLQuWX4=' 'sha256-NiY2j7oovlkJMjVZuiLnabXUunDNAGot+Hb6nka4AvM=' 'sha256-IkQLVTD+VHbd3+SwhREIvSycNK3WFeDVT/sgk9F8m64=' 'sha256-KmPn60FDCtI01la4SXUdRZLCiQbR+0YqSBYJLlgS+R0=' 'sha256-aU0YRIvwcipAxxnT0f7wPMdBW4YzsvPCz58gxw6FOcI=' 'sha256-uGg0g7JmykYZgLMMoqo3kyMYlzH6st+8KqNdFLMuVSg=' 'sha256-uC14Pe/9EUQAoUlt5G4rLkz7rpyyhOoIUDbDrDwNty0=' 'sha256-OZyUrZGaKqIYFWZgpqNrybUr5iXYVjRxetP/XqMb0Dw=' 'sha256-7JhjnBESpQNoz3YX5MRwCTZpTfw6+imtn521eW+XS4o=' 'sha256-HZgfu7EDRYoa+kqwRMgI+AT2Y+6huLMa9QijsE3hDAg=' 'sha256-3eKROXzw/9t6rWrf6eNScOQNiJ+6jWkkr5YpBBen1ms=' 'sha256-sfJvKlgWABhM3K8E5VQ5Eop8KNPGsSH++D6I35DWp4s=' 'sha256-/lJtIET5I9vOYy4SHPruKsiLM9/IQr3RwFBxUrG/8BE=' 'sha256-BEKJ6LIFDLMxCgLVwd+xyLgywoPwm0xvmYjKoTOsowM=' 'sha256-DqztKAG1rDV35UwKJU0QMYlthsereA6DifsOx/MP5k0=' 'sha256-K9XM00voUjpThrPCD+TjGMkftseH6Rf/BRRVmr3VWPo=' 'unsafe-inline' 'strict-dynamic' https:; object-src 'none'; base-uri 'none'; frame-ancestors 'none'; report-uri https://o387448.ingest.us.sentry.io/api/6640720/security/?sentry_key=59b34e9bdd5d401b89eba9a0e5163bd5&sentry_environment=prod&sentry_release=v3.174.0; report-to csp-endpoint; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' 'report-sample' blob: data: https://*.google.com https://*.geetest.com https://*.geevisit.com https://www.googletagmanager.com https://appleid.cdn-apple.com https://vk.com https://*.prdredir.com https://analytics.tiktok.com https://connect.facebook.net https://*.google-analytics.com https://telegram.org https://*.ada.support https://widget-mediator.zopim.com https://*.coincatch.com https://*.coincatch.cc https://*.bgbstatic.com https://*.gdrichem.com https://gateway.test.95516.com https://*.checkout.com https://gateway.95516.com https://www.facebook.com https://*.youtube.com https://dn-staticdown.qbox.me  https://megacheck.vip https://*.megacheck.vip https://*.saintpay.com https://*.skypay.space https://*.noxiaohao.com https://*.megacheck.net https://megacheck.net https://*.7b7x.com https://7b7x.com https://*.onfido.com https://cdn.builder.io https://www.fedstable.com https://applepay.cdn-apple.com https://*.apple.com https://*.gstatic.com https://*.googleapis.com https://static.zdassets.com https://bat.bing.com https://pagead2.googlesyndication.com https://tpc.googlesyndication.com https://*.hotjar.com https://partner.googleadservices.com https://*.adsrvr.org https://static.ads-twitter.com https://*.glassgs.com https://wcs.naver.net https://*.zendesk.com https://scripts.mediamathrdrt.com; connect-src 'self' 'report-sample' data: blob: https://www.googletagmanager.com https://wa.appsflyer.com https://*.google.com https://*.coincatch.com wss://*.coincatch.com https://*.coincatch.cc wss://*.coincatch.cc https://*.google-analytics.com https://analytics.tiktok.com https://www.facebook.com https://*.analytics.google.com https://*.ada.support wss://*.ada.support https://wa.onelink.me https://widget-mediator.zopim.com wss://widget-mediator.zopim.com https://*.bgbstatic.com  https://*.gdrichem.com https://gateway.test.95516.com https://*.checkout.com wss://*.checkout.com https://gateway.95516.com https://telegram.org https://*.youtube.com https://www.tradingview.com https://api.tronstack.io wss://*.gdrichem.com https://megacheck.vip https://*.megacheck.vip wss://megacheck.vip wss://*.megacheck.vip https://*.megacheck.net wss://*.megacheck.net https://megacheck.net wss://megacheck.net https://*.saintpay.com wss://*.saintpay.com https://*.skypay.space wss://*.skypay.space https://*.noxiaohao.com wss://*.noxiaohao.com https://*.gdrichem.com:8443 https://*.omkbic.com:8443 https://dn-staticdown.qbox.me https://*.7b7x.com https://7b7x.com wss://*.7b7x.com wss://7b7x.com https://*.onfido.com wss://*.onfido.com https://cdn.builder.io https://www.fedstable.com wss://www.fedstable.com wss://stream.fedstable.com https://*.coincatch.com https://*.geetest.com https://*.geevisit.com https://*.zendesk.com wss://*.zendesk.com https://ekr.zdassets.com https://static.zdassets.com https://bat.bing.com https://pagead2.googlesyndication.com https://tpc.googlesyndication.com https://*.hotjar.com wss://*.hotjar.com https://connect.facebook.net https://analytics.pangle-ads.com https://partner.googleadservices.com https://*.gstatic.com https://*.gurenla.com https://*.glassgs.com wss://*.glassgs.com https://*.adsrvr.org https://wcs.naver.net https://wcs.naver.com https://static.ads-twitter.com https://scripts.mediamathrdrt.com; frame-src 'self' 'report-sample' blob: data: https://scripts.mediamathrdrt.com https://*.coincatch.com https://*.coincatch.cc https://*.google.com https://*.bgbstatic.com https://www.facebook.com https://oauth.telegram.org https://telegram.org https://*.checkout.com https://*.ada.support https://*.youtube.com https://www.googletagmanager.com https://gateway.95516.com https://widget-mediator.zopim.com https://*.gdrichem.com https://gateway.test.95516.com https://*.google-analytics.com https://megacheck.vip https://*.megacheck.vip https://*.saintpay.com https://*.skypay.space https://*.noxiaohao.com https://*.megacheck.net https://megacheck.net https://*.7b7x.com https://7b7x.com https://*.onfido.com https://tpc.googlesyndication.com https://*.glassgs.com https://*.adsrvr.org https://*.adsrvr.cn; frame-ancestors 'self'; report-uri https://65266bb9a5a15fa1ff36a6b6.endpoint.csper.io?v=8; 1
default-src 'self' https://exlibris.ch https://*.exlibris.ch https://baqend.com https://*.baqend.com; script-src  'self' https://exlibris.ch https://*.exlibris.ch https://baqend.com https://*.baqend.com https://googletagmanager.com https://*.googletagmanager.com https://epoq-systems.de http://epoq-systems.de https://*.epoq-systems.de http://*.epoq-systems.de https://epoq.de http://epoq.de https://*.epoq.de http://*.epoq.de https://google.com https://*.google.com https://googleanalytics.com https://*.googleanalytics.com https://google-analytics.com https://*.google-analytics.com https://googlesyndication.com https://*.googlesyndication.com https://gstatic.com https://*.gstatic.com https://googleapis.com https://*.googleapis.com https://googleadservices.com https://*.googleadservices.com bat.bing.com https://*.hotjar.com https://*.hotjar.io https://datatrans.com https://*.datatrans.com https://cookielaw.org https://*.cookielaw.org https://*.trustpilot.com https://pay.google.com https://sandbox.secure.checkout.visa.com https://*.kameleoon.eu https://*.kameleoon.io https://unpkg.com/web-vitals/dist/ 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://exlibris.ch https://*.exlibris.ch https://baqend.com https://*.baqend.com exlibris.azureedge.net exlibris.blob.core.windows.net https://epoq.de https://*.epoq.de https://migros.ch https://*.migros.ch https://*.google.de https://*.google.ch https://*.google.com https://*.google.it https://*.google.li https://*.google.tn https://*.google.co.uk https://*.google.com.sa https://*.google.ba https://google-analytics.com https://*.google-analytics.com https://google-analytics.ch https://*.google-analytics.ch https://google.com https://*.google.com https://analytics.google.com https://*.analytics.google.com https://analytics.google.ch https://*.analytics.google.ch https://googleapis.com https://*.googleapis.com bat.bing.com https://doubleclick.net https://*.doubleclick.net https://g.doubleclick.net https://*.g.doubleclick.net https://cookielaw.org https://*.cookielaw.org https://onetrust.com https://*.onetrust.com https://onetrust.io https://*.onetrust.io https://hotjar.com https://*.hotjar.com https://hotjar.io https://*.hotjar.io wss://*.hotjar.com wss://hotjar.com https://raygun.io https://*.raygun.io https://*.kameleoon.eu https://*.kameleoon.io; style-src 'self' 'unsafe-inline' https://exlibris.ch https://*.exlibris.ch https://baqend.com https://*.baqend.com https://googleapis.com https://*.googleapis.com https://google.com https://*.google.com fast.fonts.net https://epoq-systems.de https://*.epoq-systems.de https://epoq.de https://*.epoq.de http://epoq-systems.de http://*.epoq-systems.de http://epoq.de http://*.epoq.de; img-src 'self' dhttps data: https://baqend.com https://*.baqend.com https://exlibris.ch https://*.exlibris.ch https://googletagmanager.com https://*.googletagmanager.com exlibris.azureedge.net https://epoq-systems.de https://*.epoq-systems.de https://epoq.de https://*.epoq.de http://epoq-systems.de http://*.epoq-systems.de http://epoq.de http://*.epoq.de https://gstatic.com https://*.gstatic.com https://googleapis.com https://*.googleapis.com https://google-analytics.com https://*.google-analytics.com https://doubleclick.net https://*.doubleclick.net https://g.doubleclick.net https://*.g.doubleclick.net https://googlesyndication.com https://*.googlesyndication.com https://*.google.de https://*.google.ch https://*.google.at https://*.google.fr https://*.google.hr https://*.google.dz https://*.google.nl https://*.google.es https://*.google.it https://*.google.li https://*.google.lu https://*.google.sc https://*.google.si https://*.google.co.uk https://*.google.co.in https://*.google.com https://*.google.com.pa https://*.google.com.ph https://*.google.com.gh https://*.google.com.tr https://*.google.com.br https://*.google.com.cy https://hotjar.com https://*.hotjar.com https://hotjar.io https://*.hotjar.io bat.bing.com https://cookielaw.org https://*.cookielaw.org optanon.blob.core.windows.net exlibris.blob.core.windows.net https://migros.ch https://*.migros.ch https://ytimg.com https://*.ytimg.com; media-src 'self' data https://exlibris.ch https://*.exlibris.ch exlibris.blob.core.windows.net https://*.phononet.de/ exlibris.azureedge.net; frame-src 'self' https://exlibris.ch https://*.exlibris.ch https://google.de https://*.google.de https://google.com https://*.google.com https://googletagmanager.com https://*.googletagmanager.com https://googlesyndication.com https://*.googlesyndication.com https://youtube.com https://*.youtube.com https://datatrans.com https://*.datatrans.com https://bic-media.com https://*.bic-media.com https://youtube-nocookie.com https://*.youtube-nocookie.com https://doubleclick.net https://*.doubleclick.net https://hotjar.com https://*.hotjar.com https://hotjar.io https://*.hotjar.io https://tradedoubler.com https://*.tradedoubler.com https://blickinsbuch.de https://*.blickinsbuch.de https://book2look.com https://*.book2look.com https://postfinance.ch https://*.postfinance.ch https://viseca.ch/ https://*.viseca.ch/ https://bonuscard.ch/ https://*.bonuscard.ch/ https://3ds.bonuscard.ch/ https://*.3ds.bonuscard.ch/ https://arcot.com/ https://*.arcot.com/ https://*.trustpilot.com https://pay.google.com https://sandbox.secure.checkout.visa.com https://3d.datatrans.com https://3d.sandbox.datatrans.com; font-src 'self' data https://exlibris.ch https://*.exlibris.ch https://baqend.com https://*.baqend.com https://gstatic.com https://*.gstatic.com https://google.com https://*.google.com https://hotjar.com https://*.hotjar.com https://hotjar.io https://*.hotjar.io; manifest-src 'self' https://exlibris.ch https://*.exlibris.ch https://baqend.com https://*.baqend.com; frame-ancestors 'self' https://exlibris.ch https://*.exlibris.ch; report-uri /loc/csp-report 1
default-src 'self'; script-src 'self' https://analytics.tiktok.com/i18n/pixel/static/main.MWZhMDU3MTU4MQ.jshttps://cdn.evgnet.com/beacon/siamcommercialbank/prod/scripts/evergage.min.jshttps://connect.facebook.net/signals/config/350129558785421https://snap.licdn.com/li.lms-analytics/insight.old.min.jshttps://www.googletagmanager.com/gtm.js 'unsafe-inline'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; object-src 'none'; base-uri 'self'; connect-src 'self' https://cdx-prod-ssc-frontend.cardx.co.thhttps://kong-prod-frontend.cardx.co.thhttps://www.google-analytics.comhttps://px.ads.linkedin.comhttps://firebase.googleapis.comhttps://firebaseinstallations.googleapis.comhttps://siamcommercialbank.australia-3.evergage.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://www.youtube.comhttps://www.google.comhttps://www.googletagmanager.com; img-src 'self' https://cdx-prod-ssc-frontend.cardx.co.thhttps://tr.line.mehttps://www.facebook.com data:; manifest-src 'self'; media-src 'self' https://cdx-prod-ssc-frontend.cardx.co.th; worker-src 'none' 1
object-src 'none';base-uri 'self';script-src 'nonce-eeRG4-hMqeibTIz7C7LYGw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-VXIIO7RTpE4V012sDvuezQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src https://*.axa.ch https://*.axa-ch.intraxa; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.axa.ch https://www.googletagmanager.com https://cdn.cookielaw.org https://cdn.mouseflow.com https://maps.google.com https://maps.googleapis.com https://connect.facebook.net https://axa-winterthur.dimelochat.com https://pay.sandbox.datatrans.com https://pay.datatrans.com https://recaptcha.net https://www.google.com https://www.gstatic.com/recaptcha/ https://bat.bing.com https://snap.licdn.com https://www.gstatic.com https://*.teads.tv; style-src 'self' 'unsafe-inline' https://*.axa.ch https://fonts.googleapis.com https://www.googletagmanager.com; img-src 'self' data: blob: https://*.axa.ch https://*.google.com https://*.google.ch https://maps.gstatic.com https://cdn.cookielaw.org https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://ad.doubleclick.net https://www.facebook.com https://www.googletagmanager.com https://i.ytimg.com https://px.ads.linkedin.com https://bat.bing.com https://d5cplpsrt2s33.cloudfront.net https://bat.bing.net https://maps.googleapis.com https://region1.google-analytics.com https://*.googlesyndication.com https://connect.facebook.net https://flagcdn.com https://px.ads.linkedin.com https://www.googleadservices.com https://www.gstatic.com https://*.teads.tv; font-src 'self' data: https://*.axa.ch https://fonts.gstatic.com https://cdn.mouseflow.com https://assets.merci-app.com; connect-src 'self' https://*.axa.ch https://gtm.axa.ch https://sgtm.axa.ch https://region1.analytics.google.com https://www.google.com https://*.tt.omtrdc.net https://europe.directline.botframework.com https://digitalassistantbot-acc.azurewebsites.net https://cdn.cookielaw.org wss://europe.directline.botframework.com https://googleads.g.doubleclick.net https://maps.googleapis.com https://stats.g.doubleclick.net https://region1.google-analytics.com https://o2.mouseflow.com https://www.google.ch https://selfadvisory-acc.azurewebsites.net https://*.onetrust.com https://bat.bing.com https://bat.bing.net https://px.ads.linkedin.com https://*.service.signalr.net https://pagead2.googlesyndication.com https://*.in.applicationinsights.azure.com https://www.googleadservices.com https://www.google-analytics.com wss://*.service.signalr.net https://*.mouseflow.com https://api.trongrid.io https://digitalassistantbot.azurewebsites.net https://www.facebook.com https://*.teads.tv; frame-src https://*.axa.ch https://td.doubleclick.net https://8141516.fls.doubleclick.net https://www.youtube.com https://pay.sandbox.datatrans.com https://pay.datatrans.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://recaptcha.net https://www.googletagmanager.com; upgrade-insecure-requests ; block-all-mixed-content ; report-uri https://www.acc.axa.ch/servlets/external/csp-reports.csp 1
font-src *.force.com https://assets.prod.abebookscdn.com https://fonts.gstatic.com/ 'self' https://www.kdpcommunity.com *.salesforce.com https://www.abebooks.com blob: https://kdpcommunity.com https://testdata.coremetrics.com data:; report-to sfdc-csp-ep; report-uri https://indiecommunity.lightning.force.com/_/ContentDomainCSPNoAuth?tenantId=00Df4000001cwvQ&networkId=0DMf4000000gttr&type=communities 1
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' Player/flowplay.js https://ajax.googleapis.com/ajax/libs/webfont/1.6.26/webfont.js https://assets-global.website-files.com/656db9d2a0a4556c7301b80a/js/webflow.9f1d254fa.js https://cdn.heapanalytics.com/js/heap-1645308922.js https://cdn.jsdelivr.net/gh/videsigns/webflow-tools@latest/Media https://cdn.jsdelivr.net/npm/@finsweet/attributes-cmsfilter@1/cmsfilter.js https://cdn.jsdelivr.net/npm/@finsweet/attributes-cmsselect@1/cmsselect.js https://cdn.jsdelivr.net/npm/@finsweet/attributes-formsubmit@1/formsubmit.js https://cdn.jsdelivr.net/npm/@finsweet/attributes-selectcustom@1/selectcustom.js https://cdn.jsdelivr.net/npm/@finsweet/cookie-consent@1/fs-cc.js https://cdn.jsdelivr.net/npm/swiper@11/swiper-bundle.min.js https://cdn.prod.website-files.com/656db9d2a0a4556c7301b80a/js/webflow.107f32587.js https://cdnjs.cloudflare.com/ajax/libs/gsap/3.11.3/ScrollTrigger.min.js https://cdnjs.cloudflare.com/ajax/libs/gsap/3.11.3/gsap.min.js https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.5.1/highlight.min.js https://d3e54v103j8qbb.cloudfront.net/js/jquery-3.5.1.min.dc5e7f18c8.js https://hubspotonwebflow.com/assets/js/form-124.js https://js-eu1.hs-analytics.net/analytics/1711618800000/25393921.js https://js-eu1.hs-analytics.net/analytics/1711666200000/25393921.js https://js-eu1.hs-analytics.net/analytics/1723072800000/25393921.js https://js-eu1.hs-banner.com/25393921.js https://js-eu1.hs-banner.com/v2/25393921/banner.js https://js-eu1.hs-scripts.com/25393921.js https://js-eu1.hscollectedforms.net/collectedforms.js https://js-eu1.usemessages.com/conversations-embed.js https://plausible.io/js/script.js https://unpkg.com https://unpkg.com/split-type https://unpkg.com/swiper/swiper-bundle.min.js https://ws.zoominfo.com/pixel/6318ef9b7326f94006446c6b https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtm.js; style-src 'report-sample' 'self' 'unsafe-inline' https://assets-global.website-files.com https://cdn.prod.website-files.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://unpkg.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://analytics.google.com https://api-eu1.hubspot.com https://assets-global.website-files.com https://cdn.prod.website-files.com https://dc8jmdyhm5-1.algolianet.com https://dc8jmdyhm5-2.algolianet.com https://dc8jmdyhm5-dsn.algolia.net https://exceptions-eu1.hs-embed-reporting.com https://forms-eu1.hscollectedforms.net https://heapanalytics.com https://hubspotonwebflow.com https://js-eu1.hs-banner.com https://plausible.io https://region1.analytics.google.com https://region1.google-analytics.com https://static.hsappstatic.net https://stats.g.doubleclick.net https://webflow.com https://ws.zoominfo.com https://www.google-analytics.com https://www.google.ca https://www.google.co.in https://www.google.com.pk https://www.google.pl https://www.google.pt; font-src 'self' data: https://fonts.gstatic.com https://static.hsappstatic.net; frame-src 'self' https://app-eu1.hubspot.com https://td.doubleclick.net https://www.googletagmanager.com https://www.youtube.com; img-src 'self' blob: data: https://analytics.google.com https://assets-global.website-files.com https://avatars.githubusercontent.com https://cdn.prod.website-files.com https://exceptions-eu1.hs-embed-reporting.com https://forms-eu1.hsforms.com https://github.com https://heapanalytics.com https://i.ytimg.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://track-eu1.hubspot.com https://www.google-analytics.com https://www.google.at https://www.google.be https://www.google.ca https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.uk https://www.google.com.au https://www.google.com.gh https://www.google.com.ph https://www.google.com.pk https://www.google.de https://www.google.es https://www.google.fr https://www.google.li https://www.google.nl https://www.google.pl https://www.google.pt https://www.google.ro https://www.google.ru https://www.google.se https://www.googletagmanager.com; manifest-src 'self'; media-src 'self' https://assets-global.website-files.com https://cdn.prod.website-files.com https://tonikstudio.fra1.cdn.digitaloceanspaces.com; report-uri https://6602a323bc57ae1120bf88dc.endpoint.csper.io/?v=7; worker-src 'none'; 1
script-src 'nonce-l645ihOdfIWjHpI4RgwXvg' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1
font-src *.fontawesome.com https://www.gstatic.com https://fonts.gstatic.com www.redwolfairsoft.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com www.redwolfairsoft.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com www.gstatic.com www.redwolfairsoft.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com www.google.com www.googletagmanager.com checkout.airwallex.com checkout-demo.airwallex.com h.online-metrix.net/ static-demo.airwallex.com pci-api-demo.airwallex.com demo-pacybsmock.airwallex.com imgs.signifyd.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com pay.google.com sandbox.secure.checkout.visa.com secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com https://www.google.com www.redwolfairsoft.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.online-metrix.net/ checkout.airwallex.com imgs.signifyd.com checkout-demo.airwallex.com www.gstatic.com sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com validate.fishpig.co.uk https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.redwolfairsoft.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ www.google.com checkout.airwallex.com h.online-metrix.net/ static-demo.airwallex.com static.airwallex.com cdn-scripts.signifyd.com bws-demo.airwallex.com bws.airwallex.com imgs.signifyd.com h64.online-metrix.net www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.online-metrix.net testflex.cybersource.com flex.cybersource.com pay.google.com x.klarnacdn.net sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com songbirdstag.cardinalcommerce.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io https://www.google.com https://www.gstatic.com www.redwolfairsoft.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://static.klaviyo.com *.fontawesome.com www.redwolfairsoft.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.redwolfairsoft.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com checkout.airwallex.com h.online-metrix.net/ bws-demo.airwallex.com bws.airwallex.com api-demo.airwallex.com api.airwallex.com imgs.signifyd.com thm.visa.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io www.redwolfairsoft.com 'self' 'unsafe-inline'; child-src www.redwolfairsoft.com http: https: blob: 'self' 'unsafe-inline'; default-src www.redwolfairsoft.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none'; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://js-agent.newrelic.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://ws.sharethis.com https://www.google.com mdbootstrap.com stackpath.bootstrapcdn.com; script-src-attr 'self' 'unsafe-inline'; style-src 'self' fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com mdbootstrap.com stackpath.bootstrapcdn.com use.fontawesome.com; style-src-attr 'self'; frame-ancestors 'self' 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=show&source%5Bapp%5D=ShopifyAppStore&source%5Bcontroller%5D=merchant%2Fapp_details&source%5Buuid%5D=8aafec46-3896-4ba6-8ae3-76b7845c8e98-1752201834; report-to shopify-csp 1
font-src *.fontawesome.com maxcdn.bootstrapcdn.com *.gstatic.com 'self' data: *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com services.postcodeanywhere.co.uk *.braintreegateway.com braintreegateway.com *.paypal.com paypal.com *.cardinalcommerce.com fonts.googleapis.com *.facebook.com *.google.com *.googleusercontent.com *.hotjar.com *.olark.com usborne.com static.klaviyo.com *.cloudflare.com *.typekit.net s3.amazonaws.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.amazoncognito.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.googletagmanager.com google.com https://youtube.com https://*.youtube.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ 'self' data: https: *.facebook.com www.google.co.uk www.google.com.br www.google.com.tr www.google.de www.google.fr *.gstatic.com data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ s7.addthis.com *.avada.io *.google.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.googletagmanager.com *.recommend.pro *.pcapredict.com js-agent.newrelic.com api.reviews.co.uk www.gstatic.com services.postcodeanywhere.co.uk *.paypal.com paypal.com *.cardinalcommerce.com *.bing.com *.hotjar.com *.pinimg.com *.facebook.net bam.eu01.nr-data.net *.olark.com *.clarity.ms *.onetrust.com *.google-analytics.com *.analytics.google.com *.helpscout.net *.feefo.com *.googleapis.com cdn.jsdelivr.net stream.mux.com inferred.litix.io *.cloudflare.com *.jotfor.ms *.jotform.com *.klaviyo.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-eval' 'nonce-bTVuNTU1dDliaXczcXR1Z3puenBiajE3Y2R6eG9ibHQ=' 'sha256-W5akSSK6LD5BjIlNICMcXaUObQSRAaj6bs7JHADURBA=' 'sha256-3qVqeAdyxxTdPkkRzqapjGkAUYLahxSrB7Mdup+GPQ0=' 'sha256-2rvfFrggTCtyF5WOiTri1gDS8Boibj4Njn0e+VCBmDI=' 'sha256-p8MCfMHqrovsjRYU9z0bU17dd0z81k/fVbGrtBBiM9g=' 'sha256-0pk2s4oXwBELlC6IBVb3nNaM2PjfjwI2N6OGIX5lx8Y=' 'sha256-nkEZknO0IxNxY/CkTMBhjNhwPvglpYumjx31B4fjkY8='; style-src https://static.klaviyo.com *.fontawesome.com maxcdn.bootstrapcdn.com *.googleapis.com *.gstatic.com services.postcodeanywhere.co.uk *.paypal.com paypal.com *.cardinalcommerce.com *.google.com *.facebook.com *.olark.com *.feefo.com *.googletagmanager.com *.jotfor.ms *.klaviyo.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.olark.com *.usborne.com *.gstatic.com usborne-public.s3.eu-west-1.amazonaws.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ ekr.zdassets.com/ https://get.geojs.io *.avada.io t.elasticsuite.io *.google-analytics.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.pcapredict.com tracking.recommend.pro api.reviews.co.uk api.reviews.io *.doubleclick.net services.postcodeanywhere.co.uk *.paypal.com paypal.com *.cardinalcommerce.com *.amazonaws.com *.ksearchnet.com *.pinterest.com *.facebook.com *.facebook.net *.hotjar.com *.hotjar.io bam.eu01.nr-data.net *.bing.com wss://*.hotjar.com/api/v2/client/ws *.olark.com *.clarity.ms *.onetrust.com *.google.com *.feefo.com *.cloudfront.net *.googleapis.com cdn.jsdelivr.net stream.mux.com inferred.litix.io *.datadome.co *.helpscout.net *.jotform.com *.klaviyo.com google.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://de8aec1f-cf1a-4d1d-b248-d1de1f89a316.sansec.watch/; report-to report-endpoint; 1
default-src https: data: 'unsafe-inline' 'unsafe-eval' blob: wss:; report-uri https://464b711251f54c909b7a68dbb569ad3b.myssl-uri.com/api/csp-report 1
frame-ancestors 'self' *.books.com.tw *.book.com.tw; report-uri https://cspr.books.com.tw/CspReport/fetchCspr 1
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/wallet_google 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' data: 'self' blob: *.cloudmaestro.com backend.yoogiscloset.com frontend.yoogiscloset.com js-agent.newrelic.com *.nr-data.net backend.yoogiscloset.com frontend.yoogiscloset.com www.yoogiscloset.com xdymhcopnh.execute-api.us-east-1.amazonaws.com knrpc.olark.com www.googletagmanager.com www.googleadservices.com ajax.googleapis.com apis.google.com connect.facebook.net static.olark.com *.google-analytics.com *.listrakbi.com *.static.olark.com *.affirm.com *.firebaseapp.com *.lightwidget.com *.adroll.com *.bing.com *.doubleclick.net *.trustpilot.com storage.googleapis.com api.olark.com *.googleapis.com *.sharethis.com *.clarity.ms www.clarity.ms *.api.olark.com www.google.com connect.facebook.com www.facebook.com *.paypal.com *.paypalobjects.com www.recaptcha.net www.gstatic.com accounts.google.com; report-uri /.webscale/csp-report 1
font-src https://www.googletagmanager.com *.googleapis.com *.gstatic.com *.fontawesome.com *.typekit.net *.yotpo.com dhv2ziothpgrr.cloudfront.net www-wp.silencercentral.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.authorize.net *.yotpo.com www-wp.silencercentral.com 'self' 'unsafe-inline'; frame-ancestors *.authorize.net www-wp.silencercentral.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ *.certcapture.com *.authorize.net *.yotpo.com www-wp.silencercentral.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.certcapture.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ magefan.com cm.magefan.com store.paradoxlabs.com maps.gstatic.com https://*.ipredictive.com https://www.googletagmanager.com *.yotpo.com dhv2ziothpgrr.cloudfront.net www-wp.silencercentral.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ tagmanager.google.com https://www.googletagmanager.com *.certcapture.com https://developer.adobe.com https://magento.com https://cdn.avmws.com/ http://cdn.avmws.com/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.authorize.net maps.googleapis.com https://js.ipredictive.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net www-wp.silencercentral.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com *.certcapture.com https://static.klaviyo.com *.fontawesome.com *.typekit.net *.yotpo.com dhv2ziothpgrr.cloudfront.net www-wp.silencercentral.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www-wp.silencercentral.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io https://www.google-analytics.com *.certcapture.com https://developer.adobe.com https://cdn.avmws.com/ http://cdn.avmws.com/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.authorize.net maps.googleapis.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com www-wp.silencercentral.com 'self' 'unsafe-inline'; child-src www-wp.silencercentral.com http: https: blob: 'self' 'unsafe-inline'; default-src www-wp.silencercentral.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' *.tillamook.com tillamook.com stackpath.bootstrapcdn.com; img-src 'self' data: *.ctfassets.net ctfassets.net *.cookielaw.org cookielaw.org www.google.com/ads/ www.google-analytics.com/ www.facebook.com/ c.lytics.io/c/b5c7317d218cb2a0ef160219694b5a9e www.googletagmanager.com; media-src 'self' *.ctfassets.net ctfassets.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: destinilocators.com https://connect.facebook.net/ *.hotjar.com hotjar.com *.klaviyo.com klaviyo.com *.cookielaw.org cookielaw.org www.google-analytics.com/ www.googletagmanager.com/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.clarity.ms givebutter.com/ destinilocators.com/ www.googleoptimize.com/ cdnjs.cloudflare.com/polyfill/v3/polyfill.min.js cdnjs.cloudflare.com/ajax/libs/iframe-resizer/2.8.10/iframeResizer.min.js cdnjs.cloudflare.com/ajax/libs/easyXDM/2.4.20/easyXDM.min.js va.vercel-scripts.com/v1/speed-insights/script.debug.js widget.intercom.io js.intercomcdn.com www.recaptcha.net analytics.tiktok.com/i18n/pixel/events.js; style-src 'self' 'unsafe-inline' *.typekit.net typekit.net api.tiles.mapbox.com www.exploretock.com stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css fonts.googleapis.com/css; style-src-elem 'self' 'unsafe-inline' *.typekit.net stackpath.bootstrapcdn.com fonts.googleapis.com; font-src 'self' *.tillamook.com tillamook.com *.typekit.net typekit.net www.exploretock.com stackpath.bootstrapcdn.com fonts.gstatic.com; connect-src 'self' wss: *.tillamook.com tillamook.com *.tillamaps.com tillamaps.com *.hotjar.com hotjar.com *.klaviyo.com klaviyo.com *.doubleclick.net doubleclick.net *.ingest.sentry.io *.ingest.us.sentry.io *.ctfassets.net ctfassets.net *.mapbox.com mapbox.com *.algolianet.com *.algolia.net *.onetrust.com onetrust.com *.cookielaw.org cookielaw.org analytics.google.com api.addresszen.com *.clarity.ms/collect www.recaptcha.net preview.contentful.com/ www.google-analytics.com/ vitals.vercel-insights.com/ cdn.contentful.com/ analytics.google.com/ d2k6913brarspg.cloudfront.net/ www.facebook.com/tr/ analytics.tiktok.com/api/v2/pixel; frame-src 'self' https://vars.hotjar.com https://www.facebook.com/ https://www.google.com/ https://www.youtube.com https://www.youtube-nocookie.com https://destinilocators.com/ https://td.doubleclick.net/; frame-ancestors https://app.contentful.com; worker-src 'self' blob:; child-src 'self' blob:; report-uri https://16x3230g.uriports.com/reports/report; report-to default 1
connect-src *.spiraxsarco.com *.onetrust.com *.onetrust.io *.google-analytics.com *.hotjar.com *.hotjar.io *.clarity.ms wss://*.hotjar.com 'self' px.ads.linkedin.com google.com analytics.google.com region1.analytics.google.com www.google-analytics.com www.googletagmanager.com pagead2.googlesyndication.com www.googleadservices.com ad.doubleclick.net stats.g.doubleclick.net 680-ryi-639.mktoresp.com forms.hubspot.com forms.hsforms.com cdn.linkedin.oribi.io hummingbirdwebsocket-nld2.cloud.adobe.io adservice.google.com translate.googleapis.com googleads.g.doubleclick.net www.google.com www.google.co.uk www.google.ae www.google.by www.google.com.gh www.google.com.mm www.google.ga www.google.am www.google.as www.google.at www.google.az www.google.ba www.google.be www.google.bg www.google.bi www.google.bs www.google.ca www.google.cd www.google.cg www.google.ch www.google.ci www.google.cl www.google.co.bw www.google.co.ck www.google.co.cr www.google.co.hu www.google.co.id www.google.co.il www.google.co.im www.google.co.in www.google.co.je www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ls www.google.co.ma www.google.co.nz www.google.co.th www.google.co.ug www.google.co.uz www.google.co.ve www.google.co.vi www.google.co.za www.google.co.zm www.google.com.af www.google.com.ag www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bo www.google.com.br www.google.com.bz www.google.com.co www.google.com.cu www.google.com.cy www.google.com.do www.google.com.ec www.google.com.eg www.google.com.et www.google.com.fj www.google.com.gi www.google.com.gt www.google.com.hk www.google.com.jm www.google.com.kw www.google.com.ly www.google.com.mt www.google.com.mx www.google.com.my www.google.com.na www.google.com.nf www.google.com.ni www.google.com.np www.google.com.om www.google.com.pa www.google.com.pe www.google.com.ph www.google.com.pk www.google.com.pr www.google.com.py www.google.com.qa www.google.com.sa www.google.com.sb www.google.com.sg www.google.com.sv www.google.com.tj www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.uz www.google.com.vc www.google.com.vn www.google.cn www.google.cz www.google.de www.google.dj www.google.dk www.google.dm www.google.ee www.google.es www.google.fi www.google.fm www.google.fr www.google.gg www.google.gl www.google.gm www.google.gr www.google.hn www.google.hr www.google.ht www.google.hu www.google.ie www.google.is www.google.it www.google.jo www.google.kg www.google.kz www.google.li www.google.lk www.google.lt www.google.lu www.google.lv www.google.md www.google.mn www.google.ms www.google.mu www.google.mw www.google.net www.google.nl www.google.no www.google.nr www.google.nu www.google.pl www.google.pn www.google.pt www.google.ro www.google.rs www.google.ru www.google.rw www.google.sc www.google.se www.google.sh www.google.si www.google.sk www.google.sm www.google.sn www.google.tm www.google.tn www.google.to www.google.tp www.google.tt www.google.tv www.google.uz www.google.vg www.google.vu www.google.ws www.google.co.zw www.google.dz/ads/ga-audiences www.google.al/ads/ga-audiences www.google.bf/ads/ga-audiences ttps://www.google.by/ads/ga-audiences www.google.cm/ads/ga-audiences www.google.co.ao/ads/ga-audiences ttps://www.google.co.mz/ads/ga-audiences www.google.co.tz/ads/ga-audiences www.google.com.bn/ads/ga-audiences ttps://www.google.com.gh/ads/ga-audiences www.google.com.kh/ads/ga-audiences www.google.com.lb/ads/ga-audiences ttps://www.google.com.mm/ads/ga-audiences www.google.com.ng/ads/ga-audiences www.google.com.pg/ads/ga-audiences ttps://www.google.dz/ads/ga-audiences www.google.ge/ads/ga-audiences www.google.iq/ads/ga-audiences www.google.sr/ads/ga-audiences 680-ryi-639.mktoutil.com wss://lo.msg.liveperson.net bat.bing.com js.calltrk.com mc.yandex.ru yandexmetrica.com:30103 ymetrica1.com; font-src *.onetrust.com 'self' fonts.gstatic.com use.typekit.net script.hotjar.com data:; img-src optimize.google.com www.google-analytics.com www.googletagmanager.com 'self' data: *; manifest-src 'self'; script-src *.onetrust.com *.scr.kaspersky-labs.com www.googleanalytics.com www.googleoptimize.com optimize.google.com static.ads-twitter.com 'self' 'nonce-OTBjMDU4MTQtOGRiNS00NDAzLWE0ZjktYTg0ZmEzNGE2ZjY4' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes' 'sha256-MhtPZXr7+LpJUY5qtMutB+qWfQtMaPccfe7QXtCcEYc=' 'sha256-NiPpcuG5iPK1KPR3YIEEEz98KT0W7243V6u7FeP7hdE=' 'sha256-gRuNVLzs+xy+3p6+I1CnZb8pDmnXUWSlO9ejbnSR/lQ=' 'sha256-ibqfaR/CmFL3wQZAxIuZ0V4RMm9txqHSln46Z5WyeVA=' 'sha256-30EB3olZggJZ3OT2ahL22VzuYSIEPTzmMb+L3StxKgI=' 'sha256-IgMQOOOedQeMPBl7lSreMVPmJvU62bc6l8HcsGXnbWc=' 'sha256-qbWCytLP5JMsZSG1DsvruBVK5O5otEfzrwtrYklbihw=' 'sha256-bkXrlHTrWu78qnQooXw+JqlG1rZijbuVZIkNBzTfagM=' 'sha256-vbs/XR7vkC12NXdDH8FEaUASiJdg/16cqF/0T3ze1ks=' 'sha256-4nxBwvGtrokGNkqD2OxOt8Y07P7caJHk00sGwjNYF5I=' 'sha256-/Fu0G2rh4wmpTYIDt4lb/x5WJp6zusqpavun8dZ8Yns=' 'sha256-yqVa7ver8F3o3KAsmdt2r10wQlIPCHuaBhkxEMbFQKE=' 'sha256-pZ/qdkaCfUhJbPDW6dxGk6IT/oRRR/mlpXeonIs9iew=' 'sha256-t2dxu6v8zWLBnuT0wS9gbS8+6dWSZKwyh8Oc1O+KFKM=' 'sha256-nOEqrdYQbjOqHNv8REn7NbgmgfgpHFGAMJeDad9+6Cc=' 'sha256-i9Hqrp5R5xqtEYAfxGINmtDPcds/LnLceINVGS0StZg=' 'sha256-5E/6sj96qbSHixz46qooKeWA+LIjK6XzdMgxXJYGMCo=' 'sha256-ZjDDDO/TrMCju3UiIns3DMC7cnl6jp0zh9NKm11JAyY=' 'sha256-pJrmX8BIQNU7+D+cF3F3p3Z/mHxe83gyTZAzRGq+YBE=' solutions.spiraxsarco.com ssl.google-analytics.com connect.facebook.net www.facebook.net www.google-analytics.com www.googletagmanager.com www.gstatic.com www.youtube.com platform.twitter.com cdn.syndication.twimg.com www.google.com accdn.lpsnmedia.net googleads.g.doubleclick.net js.hs-analytics.net js.hs-banner.com js.hs-scripts.com js.hsforms.net js.hsleadflows.net lo.v.liveperson.net lpcdn.lpsnmedia.net lptag.liveperson.net munchkin.marketo.net script.hotjar.com snap.licdn.com static.hotjar.com www.googleadservices.com www3.spiraxsarco.com cdn.calltrk.com pi.pardot.com bat.bing.com js.calltrk.com; style-src-elem *.onetrust.com 'self' solutions.spiraxsarco.com fonts.googleapis.com p.typekit.net use.typekit.net platform.twitter.com ton.twimg.com assets.calendly.com optimize.google.com www.googletagmanager.com 'unsafe-inline'; frame-src *.spiraxsarco.com *.doubleclick.net optimize.google.com vars.hotjar.com *.liveperson.net lpcdn.lpsnmedia.net www.traceparts.com traceparts-cache.s3.eu-west-1.amazonaws.com www.googletagmanager.com www.facebook.com www.google.com www.youtube.com m.youtube.com share.hsforms.com platform.twitter.com syndication.twitter.com player.vimeo.com calendly.com spiraxsarco.octadesk.com www.buzzsprout.com go.pardot.com www.linkedin.com; media-src 'self' *.spiraxsarco.com lpcdn.lpsnmedia.net; form-action 'self' resources.spiraxsarco.com; style-src-attr 'unsafe-inline'; object-src 'none'; base-uri 'self'; report-uri https://steam.report-uri.com/r/d/csp/enforce 1
object-src 'none';base-uri 'self';script-src 'nonce-ewNaxf1EL1QHerzQfa0jAQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; font-src 'self' *.gstatic.com *.googleapis.com *.googletagmanager.com *.fontawesome.com *.pipedrive.com data:; img-src 'self' *.ch-aviation.com *.servedbyadbutler.com servedbyadbutler.com *.pipedrive.com *.secureprivacy.ai images.prismic.io *.googletagmanager.com googletagmanager.com *.googleapis.com *.google.com *.gstatic.com data:; script-src 'self' *.servedbyadbutler.com servedbyadbutler.com *.googleapis.com *.googletagmanager.com *.google.com *.pipedrive.com *.highcharts.com *.secureprivacy.ai wasm-unsafe-eval data:; script-src-elem 'self' *.secureprivacy.ai *.servedbyadbutler.com servedbyadbutler.com *.gstatic.com *.googleapis.com *.googletagmanager.com *.googletagservices.com *.google.com *.pipedrive.com *.pipedriveassets.com *.doubleclick.net *.highcharts.com *.secureprivacy.ai data: 'unsafe-inline'; script-src-attr 'self' 'unsafe-inline'; connect-src 'self' *.servedbyadbutler.com servedbyadbutler.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.googlesyndication.com *.pipedrive.com *.doubleclick.net *.secureprivacy.ai *.sentry.io *.talentlyft.com data: 'unsafe-inline'; frame-src 'self' *.pipedrive.com *.doubleclick.net *.google.com; style-src 'self' *.fontawesome.com *.secureprivacy.ai *.googleapis.com 'unsafe-inline'; media-src 'self' data:; report-uri https://www.ch-aviation.com/csp-report-to 1
object-src 'none';base-uri 'self';script-src 'nonce-Up1kii3ju7aJJIFCSDbRfQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'none';  connect-src 'self' embedr.flickr.com chat-us.libanswers.com resources.bepress.com playback.bepressaws.com cascade2.libchat.com visitor2.constantcontact.com distillery.wistia.com api-iam.intercom.io wss://nexus-websocket-a.intercom.io yoast.com listgrowth.ctctcdn.com www.facebook.com stats.g.doubleclick.net *.google-analytics.com analytics.google.com *.analytics.google.com *.googleapis.com;  font-src 'self' data: cdn.jsdelivr.net fonts.gstatic.com static.juicer.io fonts.bunny.net;  frame-src 'self' imsa.libanswers.com accounts.google.com admin.helperhelper.com community.imsa.edu v2.libanswers.com docs.google.com calendar.google.com www.youtube.com www.google.com www.facebook.com bbox.blackbaudhosting.com assets.bepress.com *.concept3d.com;  img-src 'self' connect.facebook.net *.gstatic.com live.staticflickr.com www.googletagmanager.com previews.dropbox.com www.google-analytics.com *.imsa.edu s.w.org ps.w.org theeventscalendar.com fast.wistia.com data: embedwistia-a.akamaihd.net cdnjs.cloudflare.com www.paypalobjects.com *.googleapis.com onpointplugins.com secure.gravatar.com cdn.datatables.net *.facebook.com bbox.blackbaudhosting.com cdn.weglot.com localist-images.azureedge.net *.cloudfront.net imsa.edu *.googleusercontent.com *.google.com *.ctctcdn.com *.ytimg.com *.imsa.edu blackfacts.com;  script-src data: 'self' 'unsafe-inline' 'unsafe-eval' assets.bepress.com blackfacts.com imsa.libanswers.com community.imsa.edu pi.pardot.com cdn.jsdelivr.net widget.intercom.io js.intercomcdn.com fast.wistia.com ajax.googleapis.com www.google.com www.gstatic.com cdnjs.cloudflare.com static.ctctcdn.com connect.facebook.net www.facebook.com assets.juicer.io bbox.blackbaudhosting.com bbox.blackbaudhosting.com cdn.datatables.net connect.facebook.net www.google-analytics.com www.googletagmanager.com;  style-src 'self' 'unsafe-inline' www.gstatic.com cdn.jsdelivr.net cdnjs.cloudflare.com *.googleapis.com static.ctctcdn.com assets.juicer.io bbox.blackbaudhosting.com cdn.datatables.net;  script-src-elem 'self' 'unsafe-inline' imsa.libanswers.com *.googleapis.com assets.bepress.com connect.facebook.net www.gstatic.com *.google.com cdnjs.cloudflare.com static.ctctcdn.com www.google-analytics.com cdn.datatables.net www.googletagmanager.com embedr.flickr.com widgets.flickr.com imsa.enterprise.localist.com *.imsa.edu blackfacts.com;  style-src-elem 'self' 'unsafe-inline' static.ctctcdn.com *.googleapis.com cdn.datatables.net www.gstatic.com *.imsa.edu fonts.bunny.net imsa.enterprise.localist.com;  media-src 'self' blob: ;  worker-src 'self' blob: ;  report-uri https://app.imsa.edu/connect/csp/report 1
default-src 'self' https:; img-src 'self' https: assets.braintreegateway.com checkout.paypal.com bam.nr-data.net staging.shirtspace.com *.googletagmanager.com data:; font-src 'self' *.typekit.net cdn.shirtspace.com *.gstatic.com *.googleapis.com *.acsbapp.com data:; object-src 'none'; script-src 'self' 'unsafe-eval' *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com *.googleadservices.com *.g.doubleclick.net *.googlecommerce.com *.newrelic.com bam.nr-data.net *.braintreegateway.com www.paypalobjects.com *.paypal.com c.paypal.com widget.trustpilot.com connect.facebook.net graph.facebook.com bat.bing.com s.yimg.com sp.analytics.yahoo.com *.pinterest.com *.pinimg.com device.maxmind.com *.typekit.net cdn.jsdelivr.net *.honeybadger.io *.ckeditor.com io.clickguard.com acsbapp.com sc-static.net api.ipify.org cdnjs.cloudflare.com *.easysize.me *.klaviyo.com unleash.shirtspace.com unpkg.com *.frontapp.com cdn.shirtspace.com 'nonce-10TUWNubWQl9YdF9Im59oA=='; style-src 'self' cdn.shirtspace.com *.googleapis.com *.typekit.net *.typeform.com *.ckeditor.com cdnjs.cloudflare.com *.easysize.me *.klaviyo.com 'unsafe-inline'; child-src 'self' assets.braintreegateway.com c.paypal.com; frame-src 'self' assets.braintreegateway.com *.paypal.com widget.trustpilot.com www.facebook.com *.g.doubleclick.net *.google.com *.googletagmanager.com *.pinterest.com www.youtube.com *.acsbapp.com accessibe.com player.vimeo.com tr.snapchat.com tpc.googlesyndication.com *.easysize.me *.typeform.com; connect-src 'self' *.braintreegateway.com 'unsafe-inline' *.google-analytics.com *.g.doubleclick.net *.google.com *.braintree-api.com *.paypal.com *.pinterest.com *.mmapiws.com widget.trustpilot.com *.typekit.net www.facebook.com s.yimg.com http://localhost:3035 ws://localhost:3035 *.acsbapp.com io.clickguard.com bam.nr-data.net *.klaviyo.com *.easysize.me unleash.shirtspace.com cdn.shirtspace.com 1
object-src 'none';base-uri 'self';script-src 'nonce-xdod4WQvc-Kt1mUmXvxR3A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
manifest-src https:; media-src https:; upgrade-insecure-requests; style-src 'self' https: 'unsafe-inline'; object-src 'none'; connect-src 'self' https:; frame-ancestors 'none' 1
frame-ancestors 'self' nearpod.com *.nearpod.com *.nearpod.us; report-uri https://nearpod.report-uri.com/r/t/csp/reportOnly 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.acuityplatform.com challenges.cloudflare.com *.cloudfunctions.net *.configcat.com storage.googleapis.com cloudflare.hcaptcha.com cf-assets.hcaptcha.com *.kooth.com global.localizecdn.com *.segment.com *.segment.io *.sentry.io *.usefathom.com *.xenzonegroup.com wss://*.xenzonegroup.com *.snapchat.com; script-src-elem 'self' 'unsafe-inline' data: *.acuityplatform.com challenges.cloudflare.com storage.googleapis.com *.kooth.com global.localizecdn.com *.segment.com *.usefathom.com *.xenzonegroup.com www.googletagmanager.com *.doubleclick.net connect.facebook.net sc-static.net *.snapchat.com; connect-src 'self' *.cloudfunctions.net *.configcat.com *.kooth.com global.localizecdn.com *.localizejs.com *.segment.com *.segment.io *.sentry.io *.usefathom.com *.xenzonegroup.com wss://*.xenzonegroup.com *.analytics.google.com *.google-analytics.com *.snapchat.com; img-src * data:; media-src * data:; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src * data: chrome-extension: moz-extension: safari-web-extension:; frame-src 'self' vimeo.com *.vimeo.com challenges.cloudflare.com www.googletagmanager.com *.doubleclick.net *.snapchat.com; object-src 'none'; report-uri https://o367623.ingest.sentry.io/api/5691169/security/?sentry_key=d228aa23f64c4234b0ed98ff46a429d3?sentry_environment=csp_header_in_test_environments_or_csp-report-only_header_in_live 1
font-src *.googleapis.com *.gstatic.com data: *.klarnacdn.net *.cdn-apple.com *.fontawesome.com https://www.google.com https://www.gstatic.com https://fonts.bunny.net *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnaevt.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.klarna.com *.playground.klarna.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.stripe.com klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com *.facebook.com *.bing.com *.coccinelle.com stileo.it *.cookiebot.com *.google.it *.klarnacdn.net *.klarnaservices.com *.playground.klarnaservices.com *.klarna.com *.klarnaevt.com *.worldline-solutions.com *.secured-by-ingenico.com https://firebasestorage.googleapis.com *.webtrekk.net *.wt-eu02.net https://fbc.wcfbc.net https://*.flx1.com/ https://dmp.adform.net/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de kit.fontawesome.com *.cookiebot.com *.jsdelivr.net *.facebook.net *.clarity.ms *.bing.com glamipixel.com *.coccinelle.com *.rakuten.com *.rmtag.com *.criteo.com *.adobedtm.com *.cardinalcommerce.com *.doubleclick.net *.google.com *.r-data.net *.accelasearch.io *.klarnacdn.net *.klarnaservices.com *.playground.klarnaservices.com *.klarna.com x.klarnacdn.net *.cdn-apple.com *.avada.io https://responder.wt-safetag.com https://*.flx1.com/ https://www.googletagmanager.com https://*.gstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarnaevt.com *.amazon.com *.link.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.klarnacdn.net *.gstatic.com *.fontawesome.com *.googleapis.com *.google.com https://fonts.bunny.net unsafe-inline assets.braintreegateway.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.stripe.network *.stripecdn.com *.amazon.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cloudfront.net *.amazonaws.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.cookiebot.com *.googlesyndication.com *.google-analytics.com *.doubleclick.net *.coccinelle.com *.criteo.com *.klarnaevt.com *.playground.klarnaevt.com *.klarnaservices.com *.playground.klarnaservices.com *.klarnacdn.net x.klarnacdn.net *.klarna.com *.worldline-solutions.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io https://*.flx1.com/ https://*.gstatic.com https://jamie.g.shortest-route.com https://*.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.stripe.com klarna.com *.link.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; style-src 'self' fonts.googleapis.com 'unsafe-inline' *.jotfor.ms; img-src *; media-src *.youtube.com *.vimeo.com; frame-src 'self' *.youtube.com *.vimeo.com *.youtu.be; child-src blob: 'self' *.youtube.com *.vimeo.com *.youtu.be; font-src 'self' fonts.gstatic.com cdn.jotfor.ms; connect-src 'self' *.osano.com *.adnxs.com; upgrade-insecure-requests 1
script-src 'strict-dynamic' 'nonce-4iNlPbts0SUn1p75GGQsMQ==' 1
; default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.klaviyo.com *.paypalobjects.com *.licdn.com *.clarity.ms https://ttz41d7zd1.execute-api.eu-west-1.amazonaws.com/Prod/js storage.googleapis.com cdn.mxpnl.com *.finance-calculator.co.uk angus.finance-calculator.co.uk *.collector-11207.tvsquared.com collector-11207.tvsquared.com bat.bing.com cdn.sub2tech.com *.sub2tech.com dmtrk.net dmtrk.com r1.dmtrk.net r1.dmtrk.com r2.dmtrk.net r2.dmtrk.com r3.dmtrk.net r3.dmtrk.com ddlnk.net ddlnk.com r1.ddlnk.net r1.ddlnk.com r2.ddlnk.net r2.ddlnk.com r3.ddlnk.net r3.ddlnk.com t.trackedlink.net r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net webinsight.s3.amazonaws.com static.trackedweb.net trackedweb.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net i.emlfiles.com i.emlfiles1.com i.emlfiles2.com i.emlfiles3.com i.emlfiles4.com i.emlfiles5.com i.emlfiles6.com i.emlfiles7.com i.emlfiles8.com i.emfiles9.com r1.dotmailer-surveys.com r2.dotmailer-surveys.com r3.dotmailer-surveys.com r1.dotdigital-surveys.com r2.dotdigital-surveys.com r3.dotdigital-surveys.com *.dotdigital-pages.com script.hotjar.com player.vimeo.com www.googleoptimize.com *.bookingbug.com *.paypal.com static.trackedweb.net *.trackedlink.net *.gstatic.com static.zdassets.com *.trustpilot.com optimize.google.com tagmanager.google.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.facebook.net *.cquotient.com services.postcodeanywhere.co.uk cdn.cquotient.com www.googletagmanager.com googleads.g.doubleclick.net https://iploc.tryzens-analytics.com:12443 *.pcapredict.com maps.googleapis.com services.postcodeanywhere.co.uk *.collector-11207.tvsquared.com collector-11207.tvsquared.com bat.bing.com cdn.sub2tech.com *.collector-11207.tvsquared.com collector-11207.tvsquared.com *.sub2tech.com www.google-analytics.com p.cquotient.com static.hotjar.com www.googleadservices.com *.adyen.com geolocation.onetrust.com cdn.cookielaw.org *.googletagmanager.com extend.vimeocdn.com *.christopherward.com *.appointedd.com *.ratepay.com unpkg.com *.tryzens-analytics.com tally.so *.tally.so ; style-src 'self' 'unsafe-inline' *.klaviyo.com angus.finance-calculator.co.uk storage.googleapis.com *.collector-11207.tvsquared.com collector-11207.tvsquared.com bat.bing.com cdn.sub2tech.com *.sub2tech.com *.paypalobjects.com dmtrk.net dmtrk.com r1.dmtrk.net r1.dmtrk.com r2.dmtrk.net r2.dmtrk.com r3.dmtrk.net r3.dmtrk.com ddlnk.net ddlnk.com r1.ddlnk.net r1.ddlnk.com r2.ddlnk.net r2.ddlnk.com r3.ddlnk.net r3.ddlnk.com t.trackedlink.net r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net webinsight.s3.amazonaws.com static.trackedweb.net trackedweb.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net i.emlfiles.com i.emlfiles1.com i.emlfiles2.com i.emlfiles3.com i.emlfiles4.com i.emlfiles5.com i.emlfiles6.com i.emlfiles7.com i.emlfiles8.com i.emfiles9.com r1.dotmailer-surveys.com r2.dotmailer-surveys.com r3.dotmailer-surveys.com r1.dotdigital-surveys.com r2.dotdigital-surveys.com r3.dotdigital-surveys.com *.adyen.com optimize.google.com tagmanager.google.com foursixty.com cdn.jsdelivr.net fonts.googleapis.com services.postcodeanywhere.co.uk cdn.cookielaw.org *.christopherward.com ; frame-src 'self' *.doubleclick.net storage.googleapis.com *.surveymonkey.com *.finance-calculator.co.uk *.collector-11207.tvsquared.com collector-11207.tvsquared.com bat.bing.com cdn.sub2tech.com *.sub2tech.com *.dotdigital-pages.com *.bookingbug.com vars.hotjar.com *.paypal.com *.paypalobjects.com *.google.com widget.trustpilot.com *.youtube.com *.vimeo.com optimize.google.com www.facebook.com *.klarnaservices.com *.adyen.com extend.vimeocdn.com *.appointedd.com tally.so *.tally.so ; child-src 'none' ; img-src 'self' data: *.doubleclick.net *.vimeocdn.com *.clarity.ms px.ads.linkedin.com c.bing.com storage.googleapis.com angus.finance-calculator.co.uk *.paypalobjects.com dmtrk.net dmtrk.com r1.dmtrk.net r1.dmtrk.com r2.dmtrk.net r2.dmtrk.com r3.dmtrk.net r3.dmtrk.com ddlnk.net ddlnk.com r1.ddlnk.net r1.ddlnk.com r2.ddlnk.net r2.ddlnk.com r3.ddlnk.net r3.ddlnk.com t.trackedlink.net r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net webinsight.s3.amazonaws.com static.trackedweb.net trackedweb.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net i.emlfiles.com i.emlfiles1.com i.emlfiles2.com i.emlfiles3.com i.emlfiles4.com i.emlfiles5.com i.emlfiles6.com i.emlfiles7.com i.emlfiles8.com i.emfiles9.com r1.dotmailer-surveys.com r2.dotmailer-surveys.com r3.dotmailer-surveys.com r1.dotdigital-surveys.com r2.dotdigital-surveys.com r3.dotdigital-surveys.com www.jrni.com *.bookingbug.com *.paypal.com stats.g.doubleclick.net *.collector-11207.tvsquared.com collector-11207.tvsquared.com bat.bing.com cdn.sub2tech.com *.sub2tech.com edge.disstg.commercecloud.salesforce.com *.collector-11207.tvsquared.com collector-11207.tvsquared.com cdn.sub2tech.com *.sub2tech.com www.google-analytics.com *.paypalobjects.com static.secure-afterpay.com.au um.simpli.fi www.instagram.com www.googletagmanager.com services.postcodeanywhere.co.uk pixel.mathtag.com aa.agkn.com cx.atdmt.com www.facebook.com *.pbbl.co *.optimove.net *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.gstatic.com *.googleapis.com *.google.com *.adyen.com t1.stormiq.com cdn.cookielaw.org *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.christopherward.com *.cloudflare.com ; font-src 'self' data: www.christopherward.com fonts.gstatic.com res.cloudinary.com *.paypalobjects.com googleads.g.doubleclick.net ; connect-src 'self' *.onetrust.com *.mixpanel.com *.klaviyo.com *.collector-11207.tvsquared.com g.clarity.ms clarity.ms collector-11207.tvsquared.com bat.bing.com cdn.sub2tech.com *.sub2tech.com angus.finance-calculator.co.uk dmtrk.net dmtrk.com r1.dmtrk.net r1.dmtrk.com r2.dmtrk.net r2.dmtrk.com r3.dmtrk.net r3.dmtrk.com ddlnk.net ddlnk.com r1.ddlnk.net r1.ddlnk.com r2.ddlnk.net r2.ddlnk.com r3.ddlnk.net r3.ddlnk.com t.trackedlink.net r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net webinsight.s3.amazonaws.com static.trackedweb.net trackedweb.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net i.emlfiles.com i.emlfiles1.com i.emlfiles2.com i.emlfiles3.com i.emlfiles4.com i.emlfiles5.com i.emlfiles6.com i.emlfiles7.com i.emlfiles8.com i.emfiles9.com r1.dotmailer-surveys.com r2.dotmailer-surveys.com r3.dotmailer-surveys.com r1.dotdigital-surveys.com r2.dotdigital-surveys.com r3.dotdigital-surveys.com wss://*.hotjar.com *.hotjar.com *.hotjar.io *.paypal.com *.adyen.com widget.trustpilot.com wss://widget-mediator.zopim.com christopherward.zendesk.com *.trackedweb.net ekr.zdassets.com https://ttz41d7zd1.execute-api.eu-west-1.amazonaws.com/Prod/js* *.klarnaevt.com stats.g.doubleclick.net www.facebook.com https://www.tryzens-analytics.com:12280 *.pinterest.com *.klarnauserservices.com *.optimove.events www.google-analytics.com *.hotjar.com *.optimove.net *.hotjar.io https://uat.tryzens-analytics.com:12280 api.cquotient.com services.postcodeanywhere.co.uk cdn.cookielaw.org *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat google.com/pay extend.vimeocdn.com unpkg.com *.tryzens-analytics.com player.vimeo.com download-video-ak.vimeocdn.com ; form-action 'self' http://portal.afterpay.com http://portal-sandbox.afterpay.com *.playground.klarna.com *.klarna.com *.afterpay.com www.facebook.com *.collector-11207.tvsquared.com collector-11207.tvsquared.com bat.bing.com cdn.sub2tech.com *.sub2tech.com *.paypal.com *.adyen.com ; media-src 'self' static.zdassets.com res.cloudinary.com *.akamaized.net download-video-ak.vimeocdn.com player.vimeo.com ;; report-uri https://chw-csp.tryzens-analytics.com; 1
default-src https: wss:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report; 1
img-src 'self' staccwexerius.blob.core.windows.net cdn.xerius.be consentcdn.cookiebot.com *.cookiebot.com data: *.google-analytics.com www.googletagmanager.com xerius-prd-911.azureedge.net media.xerius.be media.accdesk.be media.myfamily.be media.xerius-lei.eu *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.ads.linkedin.com *.linkedin.com connect.facebook.net www.facebook.com *.doubleclick.net *.tiktok.com dev.visualwebsiteoptimizer.com *.clarity.ms *.bing.com https://www.google-analytics.com https://www.googletagmanager.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' app.varify.io media.xerius.be media.accdesk.be media.myfamily.be media.xerius-lei.eu cxppusa1formui01cdnsa01-endpoint.azureedge.net *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.googleadservices.com googleads.g.doubleclick.net pagead2.googlesyndication.com *.google-analytics.com *.doubleclick.net fonts.gstatic.com www.googleoptimize.com www.googletagmanager.com *.cookiebot.com consentcdn.cookiebot.com connect.facebook.net www.facebook.com *.ads.linkedin.com *.linkedin.com cdn.xerius.be staccwexerius.blob.core.windows.net xerius-prd-911.azureedge.net www.youtube.com data: xerius.piwik.pro www.gstatic.com script.hotjar.com static.hotjar.com js.monitor.azure.com js.cdn.applicationinsights.io js.cdn.monitor.azure.com *.tiktok.com amazon-adsystem.com *.amazon-adsystem.com paa-reporting-advertising.amazon *.paa-reporting-advertising.amazon trk.adbutter.net *.adnxs.com *.clarity.ms *.bing.com snap.licdn.com *.bannernow.com https://cdnjs.cloudflare.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' app.varify.io media.xerius.be media.accdesk.be media.myfamily.be media.xerius-lei.eu cxppusa1formui01cdnsa01-endpoint.azureedge.net *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.googleadservices.com googleads.g.doubleclick.net pagead2.googlesyndication.com *.google-analytics.com *.doubleclick.net fonts.gstatic.com www.googleoptimize.com www.googletagmanager.com *.cookiebot.com consentcdn.cookiebot.com connect.facebook.net www.facebook.com *.ads.linkedin.com *.linkedin.com cdn.xerius.be staccwexerius.blob.core.windows.net xerius-prd-911.azureedge.net www.youtube.com data: xerius.piwik.pro www.gstatic.com script.hotjar.com static.hotjar.com js.monitor.azure.com js.cdn.applicationinsights.io js.cdn.monitor.azure.com *.tiktok.com amazon-adsystem.com *.amazon-adsystem.com paa-reporting-advertising.amazon *.paa-reporting-advertising.amazon trk.adbutter.net *.adnxs.com *.clarity.ms *.bing.com snap.licdn.com *.bannernow.com https://cdnjs.cloudflare.com; worker-src 'none'; frame-ancestors 'self' auth.xerius.be 1
connect-src 'self' data: *.fontawesome.com *.google-analytics.com *.doubleclick.net *.google.com googletagmanager.com *.acsbapp.com wss://webmessaging.usw2.pure.cloud *.pure.cloud *.userway.org *.alive5.com alive5.com;default-src 'self' data: d13qcyivyon4xf.cloudfront.net *.recollect.net www2.elpasotexas.gov *.piktochart.com elpasotx.citysourced.com alive5.com *.pure.cloud td.doubleclick.net *.userway.org *.powerbigov.us;font-src 'self' data: *.gstatic.com *.fontawesome.com *.jsdelivr.net *.typekit.net *.fastly.net acsbapp.com *.userway.org;img-src 'self' data: *.google.com *.googleapis.com *.google-analytics.com *.jsdelivr.net *.fastly.net *.recollect.net *.piktochart.com *.userway.org *.alive5.com;script-src 'self' 'nonce-80243687c67d1067' *.fontawesome.com *.googletagmanager.com *.google.com *.google-analytics.com *.gstatic.com *.jquery.com 'sha256-EFV8pmp/wh+U6PZamj4KQ0q8X4ZQK18tF7skjashMC0=' 'sha256-d470bixwKmL9bRvqX+/YcGn63ywAfKoybYPkM5Uytpg=' 'sha256-CWheM/qrotfHL9rkBHCUQoQJ26R59qBT9Y6zmdWMo4I=' *.cloudflare.com *.jsdelivr.net *.recollect.net 'sha256-GZcyqV0YX2St+S/OQczTu1wNNg/O+RTwzw2JTTta3P0=' googletagmanager.com acsbapp.com *.pure.cloud *.acsbapp.com 'sha256-EhQpu6NNucte8YbnJ4xqNQ3ZEr6lZr9OylXRM08U23w=' 'sha256-6LGMzcnzg+kSHN9kCfnGBfyFkTD5ralHy4kgX9bEKac=' *.userway.org alive5.com 'sha256-Ktbr5+uWaq/tdIzd+uSnzMynWRb8C1GgwNmidruZnl4=' *.elpasotexas.gov 'sha256-N/ojzpn0NH2iToAWgtz7/qj3VTBrzGc5Kq/wcHmeC9g=' 'sha256-32mhgs7qr26DY71TSkr2GH6b4cN1O1vqJZeD8VqK09E=';Strict-Transport-Security max-age=31536000;style-src 'self' 'unsafe-inline' *.googleapis.com *.fontawesome.com *.google.com *.jsdelivr.net *.typekit.net *.fastly.net alive5.com *.userway.org; 1
default-src https: 'unsafe-inline' 'unsafe-eval'; worker-src 'self'; img-src https: data: 1
default-src 'self'; style-src https://accounts.google.com 'unsafe-inline'; script-src 'strict-dynamic' 'nonce-c2851a92-ba25-422e-8fdb-b339593c62a1'; img-src 'self' https://www.apfelkiste.ch data: blob: https://i.ytimg.com https://i.vimeocdn.com https://googleads.g.doubleclick.net https://www.google.com https://www.google.de https://www.google.ch https://www.google.fr; worker-src 'self' blob:; connect-src 'self' https://devnull.apfelkiste.ch https://accounts.google.com https://rumdash.io https://api.zakeke.com; frame-src 'self' https://www.youtube.com https://player.vimeo.com https://challenges.cloudflare.com https://accounts.google.com https://www.google.com https://portal.zakeke.com/; object-src 'self'; report-uri https://devnull.apfelkiste.ch/api/8/security/?sentry_key=291d0d843488451caadd66b48b4a6ae4 1
object-src 'none';base-uri 'self';script-src 'nonce-BdZHRjuaa_TMiHtZLPvqsw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self';    script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' *.wp.com https://fast.wistia.com/ https://analytics.wpmucdn.com/ https://cdn.jotfor.ms/ https://cdnjs.cloudflare.com/ https://sidebar.bugherd.com/ https://maps.googleapis.com/ https://www.google.com/ https://www.gstatic.com/ https://payfacto.bamboohr.com/ https://www.bugherd.com/ https://cdn-cookieyes.com/ https://hb.wpmucdn.com/maitredpos.com/ https://www.googletagmanager.com/ https://stats.wpmucdn.com/ https://cdn.callrail.com/ https://js.callrail.com/ https://j.6sc.co/ https://www.gstatic.com/ https://static.hotjar.com/ https://script.hotjar.com/;    style-src 'report-sample' 'self' 'unsafe-inline' https://use.fontawesome.com/ https://ams.wpml.org/ https://fonts.bunny.net/ https://hb.wpmucdn.com/maitredpos.com/ https://fonts.googleapis.com/;    object-src 'none'; base-uri 'self';    connect-src 'self' https://analytics3.wpmudev.com/ https://sessions.bugsnag.com/ wss://ws-mt1.pusher.com/ https://sockjs.pusher.com/ https://epsilon.6sense.com/ https://cdn.ampproject.org/ https://ams.wpml.org/ https://maps.google.com/ https://maps.googleapis.com/ https://app.callrail.com/ https://www.google-analytics.com/ https://metrics.hotjar.io/ wss://ws.hotjar.com/ https://content.hotjar.io/ https://distillery.wistia.com/ https://payfacto.bamboohr.com/ https://stats.g.doubleclick.net/ https://c.6sc.co/ https://analytics.google.com/ https://ipv6.6sc.co/ https://js.callrail.com/ https://cdn-cookieyes.com/ https://log.cookieyes.com/ https://stats1.wpmudev.com/;    font-src 'self' data: https://use.fontawesome.com/ https://fonts.bunny.net/ https://fonts.gstatic.com/;    frame-src 'self' https://form.jotform.com/ https://maps.google.com/ https://www.google.com/ https://sidebar.bugherd.com/ https://www.google.com/ https://forms.zohopublic.com;    img-src 'self' data: *.smushcdn.com *.wp.com https://d2iiunr5ws5ch1.cloudfront.net/ https://ps.w.org/ https://secure.gravatar.com/ https://wpmudev.com/ https://i0.wp.com/ https://www.google.ca/ https://resources.bamboohr.com/ https://b.6sc.co/ https://cdn-cookieyes.com/ https://b3550802.smushcdn.com/;    manifest-src 'self';    media-src 'self';    worker-src blob:;    frame-ancestors 'self' https://google.com/; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://fonts.gstatic.com *.fontawesome.com https://www.google.com https://www.gstatic.com maxcdn.bootstrapcdn.com *.nalli.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' data: *.payu.in https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors *.payglocal.in *.uat.payglocal.in 'self' data: *.payu.in *.facebook.com *.flydubai.com *.myshopify.com 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com api.razorpay.com *.payglocal.in *.uat.payglocal.in c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' data: *.payu.in *.facebook.com *.flydubai.com *.myshopify.com https://plumrocket.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://cdn.syteapi.com https://maps.gstatic.com/ https://maps.googleapis.com/ https://maps.google.com/ cdn.razorpay.com *.nalli.com www.facebook.com bat.bing.com maps.googleapis.com 'self' data: www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com https://cdn.syteapi.com/ https://cdn-api.syteapi.com/ https://fonts.gstatic.com https://maps.googleapis.com/ https://libraries.unbxdapi.com https://sandbox.unbxd.io https://cdn.jsdelivr.net *.netcoresmartech.com checkout.razorpay.com *.googleapis.com *.gstatic.com *.nalli.com connect.facebook.net bat.bing.com maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.payu.in *.googletagmanager.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com https://fonts.googleapis.com https://libraries.unbxdapi.com https://cdn.jsdelivr.net https://sandbox.unbxd.io *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com maxcdn.bootstrapcdn.com *.nalli.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src wdc.netcoresmartech.com 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com https://cdn-api.syteapi.com https://syteapi.com https://maps.googleapis.com/ *.netcoresmartech.com lumberjack.razorpay.com lumberjack-metrics.razorpay.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com *.nalli.com stats.g.doubleclick.net *.google-analytics.com *.analytics.google.com bat.bing.net ct.pinterest.com www.facebook.com maps.googleapis.com addressvalidation.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.payu.in 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; report-uri https://14edc0c0-b3cc-497c-8aa2-2e84efa49370.sansec.watch/; report-to report-endpoint; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.cloudflare.com *.trustedshops.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.paypal.com *.paypalobjects.com applepay.cdn-apple.com 'self' data: *.router-switch.com *.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com youtu.be *.vimeo.com *.addthis.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.sandbox.paypal.com *.chatra.io *.paypalobjects.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.cloudflare.com https://cdn.klarna.com https://s.ytimg.com *.usercentrics.eu https://firebasestorage.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.sandbox.paypal.com *.hsforms.net *.hsforms.com 'self' data: *.router-switch.com *.bootstrapcdn.com *.payssion.com *.google.com *.googleapis.com www.google.com.sg www.magecomp.com meetanshi.com www.google.fr blob: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.cloudflare.com www.google.com www.gstatic.com *.trustedshops.com *.usercentrics.eu *.addthis.com *.addthisedge.com *.moatads.com *.avada.io *.facebook.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.sandbox.paypal.com *.paypalobjects.com *.cdn-apple.com *.hsforms.net *.hsforms.com *.gstatic.com *.weglot.com *.router-switch.com *.bootstrapcdn.com *.cloudflareinsights.com translate.googleapis.com *.pushengage.com *.chatra.io *.googletagmanager.com www.google.com.sg 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.cloudflare.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com assets.braintreegateway.com *.googleapis.com *.gstatic.com *.weglot.com *.router-switch.com *.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.cloudflare.com *.googleapis.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.sandbox.paypal.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com *.router-switch.com *.bootstrapcdn.com *.doubleclick.net *.pushengage.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.googleapis.com *.gstatic.com data: *.bglobale.com *.global-e.com https://az693360.vo.msecnd.net *.typekit.net *.typenetwork.com https://plugin-magento-ui.glopalservice.com *.klarnacdn.net *.fontawesome.com https://cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com *.bglobale.com *.global-e.com *.abtasty.com *.abstasty.net csxd.izipizi.com *.cloudfront.net *.criteo.com *.criteo.net *.facebook.com *.facebook.net *.salecycle.com *.salecycle.net *.tiktok.com *.tiktok.net *.hipay-tpp.com *.hipay.com *.paypal.com www.youtube.com *.klarna.com https://www.googletagmanager.com/ www.commercepartnerhub.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * uat-secure.pointspay.com secure.pointspay.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.bglobale.com *.global-e.com *.3lift.com *.360yield.com *.adform.com *.adnxs.com *.assets.sc-trc.com *.nr-data.net *.bing.com *.bidswitch.net *.casalemedia.com *.clarity.ms *.contentsquare.net *.criteo.com *.doubleclick.com *.doubleclick.net *.facebook.com *.facebook.net *.ivitrack.com *.izipizi.com *.krxd.net *.media.net *.mediavine.com *.omnitagjs.com *.outbrain.com *.pubmatic.com *.salecycle.com *.sharethrough.com *.smartadserver.com *.taboola.com *.teads.com *.teads.tv *.thebrighttag.com *.tiktok.com *.tiktok.net *.tremorhub.com *.vo.msecnd.net.com *.yahoo.com *.yieldlab.net *.yieldmo.com *.rubiconproject.com *.adform.net *.sync.com *.emxdgt.com https://cdn-redirector.glopal.com https://plugin-magento-ui.glopalservice.com *.adobedtm.com *.klarna.com *.klarnaevt.com *.klarnacdn.net http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://www.google.fr https://api.mapbox.com *.tile.openstreetmap.org https://maps.googleapis.com https://maps.gstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com uat-secure.pointspay.com secure.pointspay.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.bglobale.com *.global-e.com *.abtasty.com *.abstasty.net acsbapp.com *.beyable.com https://az693360.vo.msecnd.net https://tag.beyable.com *.bing.com *.clarity.ms *.criteo.com *.criteo.net *.contentsquare.com *.privacy-center.org *.doubleclick.net *.elitrack.com *.facebook.com *.facebook.net *.fittingbox.com *.fittingbox.net *.hotjar.com *.jquery.com *.msecnd.net *.salecycle.com *.salecycle.net *.rr.skeepers.io t.contentsquare.net *.tiktok.com *.vimeo.com *.tiktok.net *.windows.net *.zdasets.com https://cdn-redirector.glopal.com https://plugin-magento-ui.glopalservice.com cdn-renderer.glopalstore.com https://maps.googleapis.com/maps/api/mapsjs *.hipay-tpp.com *.hipay.com mpsnare.iesnare.com *.paypal.com *.cdn-apple.com www.youtube.com player.vimeo.com *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ https://cdnjs.cloudflare.com https://maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com uat-secure.pointspay.com secure.pointspay.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.bglobale.com *.global-e.com *.typekit.net *.zdassets.com *.typenetwork.com https://cdn-redirector.glopal.com https://plugin-magento-ui.glopalservice.com *.hipay.com *.klarnacdn.net *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com data: mpsnare.iesnare.com *.amazonaws.com *.googleapis.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.abtasty.com *.abstasty.net *.acsbapp.com bat.bing.com https://az693360.vo.msecnd.net *.bing.com *.clarity.ms *.contentsquare.net *.criteo.com *.criteo.net *.doubleclick.net *.facebook.com *.facebook.net *.google.com *.google.fr *.google-analytics.com *.googlesyndication.com *.hotjar.io *.izipizi.com *.privacy-center.org *.salecycle.com wss://ws.salecycle.com *.sentry.io *.rr.skeepers.io *.tiktok.com *.tiktok.net *.vimeo.com *.windows.net *.zdassets.com *.zendesk.com *.zopim.com https://api-plugin-facade.glopalservice.com https://cognito-idp.eu-west-1.amazonaws.com api.glopaltranslator.com https://maps.googleapis.com/maps/api/mapsjs *.hipay-tpp.com *.hipay.com wss://mpsnare.iesnare.com cdn.plyr.io noembed.com *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://nominatim.openstreetmap.org api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com uat-secure.pointspay.com secure.pointspay.com maps.googleapis.com 'self' 'unsafe-inline'; child-src blob: assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
base-uri 'self'; form-action 'self'; frame-ancestors 'self'; frame-src https://www.googletagmanager.com; 1
default-src 'self'; script-src 'self' https:; style-src 'self' https: 'unsafe-inline'; connect-src 'self' https:; img-src 'self' https: data: blob:; font-src 'self' https: data:; frame-src 'self' https:; report-uri /api/csp-report; 1
default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src https://* 'self' epichttp:;script-src 'nonce-d9501fe51ed4493595aa8a1ff175960e' https://myhealthatvanderbilt.com 'self';img-src https://* 'self' blob: data:;style-src https://myhealthatvanderbilt.com 'self' 'unsafe-inline';worker-src 'self' blob:;child-src 'self' blob:;form-action 'self';media-src https://* 'self' blob:; 1
default-src https: 'unsafe-inline' 'unsafe-eval'; report-uri https://www.allesedv.at/mixedContentReporting.php 1
default-src 'self' wss: *.gravatar.com *.seeclickfix.com *.civicplus.com *.civicplus.pro *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdn.embedly.com/widgets/platform.js cdnjs.cloudflare.com static.cloudflareinsights.com *.fontawesome.com *.countyofsb.org * 'self'; style-src * 'self' 'unsafe-inline'; img-src * 'self' data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.googletagmanager.com *.seeclickfix.com *.civicplus.com *.civicplus.pro *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdn.embedly.com/widgets/platform.js cdnjs.cloudflare.com static.cloudflareinsights.com *.fontawesome.com * 'self' about: 'unsafe-inline' 'unsafe-eval' data:; worker-src * 'self' data: blob: 'unsafe-eval' 'unsafe-inline'; frame-src * 'self'; media-src 'self' blob: *; font-src 'self' *.seeclickfix.com *.civicplus.com *.civicplus.pro *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdn.embedly.com/widgets/platform.js cdnjs.cloudflare.com static.cloudflareinsights.com *.fontawesome.com * 'self' data:; upgrade-insecure-requests; form-action 'self'; frame-ancestors 'self';report-uri /contentsecuritypolicy/report 1
report-to slardar-endpoint; script-src 'unsafe-eval' 'report-sample' 'nonce-6db3a089d8828cf0b640c0705414217d-argus' 'strict-dynamic'; 1
default-src 'self' *.wargaming.net *.wgprod.net https://*.wgcdn.co https://*.gcdn.co https://www.youtube.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.wargaming.net *.wgprod.net *.tvsquared.com *.cookielaw.org *.onetrust.com *.outbrain.com *.snapchat.com *.redditstatic.com s.yimg.jp https://sc-static.net https://ob.cheqzone.com https://analytics.google.com https://www.google.com https://www.google.com.cy https://*.adform.net https://partner.worldoftanks.com https://*.wgcdn.co https://*.gcdn.co https://www.googleoptimize.com https://www.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://www.googleadservices.com https://u360.d-bi.fr https://bat.bing.com https://connect.facebook.net https://googleads.g.doubleclick.net https://*.adroll.com https://*.addthis.com https://*.addthisedge.com https://tag.marinsm.com https://pixel-geo.prfct.co https://static.criteo.net https://stackadapt.com https://*.creative-serving.com https://*.criteo.com https://*.cloudfront.net https://js.gleam.io https://a1.adform.net https://ajax.googleapis.com https://www.youtube.com https://animate.adobe.com https://*.stackadapt.com https://pagead2.googlesyndication.com https://secure.quantserve.com https://rules.quantcount.com https://*.clarity.ms s.yimg.jp cdn.taboola.com ; style-src 'self' 'unsafe-inline' *.wargaming.net *.wgprod.net https://fonts.googleapis.com https://*.wgcdn.co https://*.gcdn.co ; img-src 'self' data: android-webview-video-poster: * ; connect-src 'self' *.wargaming.net *.wgprod.net *.cookielaw.org *.onetrust.com *.outbrain.com *.snapchat.com s.yimg.jp https://*.worldoftanks.com https://*.worldoftanks.eu https://*.worldoftanks.asia https://*.wgcdn.co https://sc-static.net https://ob.cheqzone.com https://analytics.google.com https://www.google.com wss://worldoftanks.eu wss://worldoftanks.asia wss://worldoftanks.com https://*.facebook.com https://www.googleoptimize.com https://*.addthis.com https://*.google-analytics.com https://*.analytics.google.com https://ymetrica1.com https://*.cloudfront.net https://google.com https://google.com.ua https://google.pl https://*.doubleclick.net https://*.googleapis.com https://pagead2.googlesyndication.com https://*.clarity.ms s.yimg.jp https://collect.worldoftanks.asia https://content-wg.gcdn.co https://api.worldoftanks.asia https://bat.bing.com ; font-src 'self' *.wargaming.net *.wgprod.net https://fonts.gstatic.com https://*.wgcdn.co https://*.gcdn.co ; media-src 'self' *.wargaming.net *.wgprod.net https://*.wgcdn.co https://*.gcdn.co ; frame-src 'self' *.wargaming.net *.wgprod.net https://tr.snapchat.com https://creativecdn.com https://*.adform.net https://*.facebook.com https://ad3.adfarm1.adition.com https://connect.facebook.net https://www.youtube.com https://bid.g.doubleclick.net https://*.criteo.com https://*.addthis.com https://gleam.io https://*.gcdn.co https://*.wgcdn.co https://aax-eu.amazon-adsystem.com ; object-src 'self' *.wargaming.net *.wgprod.net https://*.gcdn.co https://www.youtube.com ; report-uri https://cspreport.wargaming.net/cspreport 1
default-src 'self' https://cdn.monetnik.ru; style-src 'self' https://cdn.monetnik.ru 'unsafe-inline' https://yastatic.net  https://*.mindbox.ru;  object-src 'none';  script-src 'self' 'unsafe-inline' 'unsafe-eval'  https://cdn.monetnik.ru   https://top-fwz1.mail.ru  https://vk.com https://*.mindbox.ru https://yastatic.net   https://mc.yandex.ru;  connect-src 'self' https://cdn.monetnik.ru https://mc.yandex.com  https://top-fwz1.mail.ru/ https://*.mindbox.ru https://vk.com https://mc.yandex.ru;  img-src https: data:;  frame-src https://mc.yandex.com https://mc.yandex.ru  https://content.adriver.ru   https://yandex.ru;  worker-src blob:;  font-src 'self' https://cdn.monetnik.ru fonts.gstatic.com; report-uri /external-event/log/csp/ 1
default-src 'self' *.google-analytics.com *.jsdelivr.net *.gstatic.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' *.googletagmanager.com *.google-analytics.com *.jsdelivr.net https://www.googletagmanager.com/ns.html *.cookielaw.org *.licdn.com *.ads-twitter.com *.facebook.net https://www.google.com/recaptcha/api.js https://www.youtube.com/iframe_api https://www.youtube.com https://cdnjs.cloudflare.com *.gstatic.com; style-src 'unsafe-inline' 'self' *.jsdelivr.net https://cdnjs.cloudflare.com; img-src 'self' *.google-analytics.com *.facebook.com *.linkedin.com *.blob.core.windows.net *.azureedge.net *.cookielaw.org *.google.com *.google.co.in analytics.twitter.com t.co px.ads.linkedin.com px.ads.linkedin.com.x cdn.incyte.com data: *.googletagmanager.com *.opendns.com; media-src 'self' *.google-analytics.com *.blob.core.windows.net *.azureedge.net https://cdn.incyte.com; frame-src *.youtube.com *.google.com *.googletagmanager.com incyte.hrmdirect.com *.facebook.com *.facebook.net; frame-ancestors 'self'; child-src *.youtube.com *.google.com *.googletagmanager.com incyte.hrmdirect.com; font-src 'self' data: https://cdn.jsdelivr.net https://fonts.gstatic.com; connect-src *; report-uri /report-csp-violation 1
default-src 'self'; script-src 'self' 'nonce-GC9hYyd3os6QUAN4iLQGEb7vqCkpEeY8E7Dqb-54BjdMO7TVA9xy7w' data: https://api-web.educagri.fr *.google-analytics.com https://www.googletagmanager.com https://analytics-sc.institut-agro.fr 'report-sample'; style-src-attr 'unsafe-inline' 'self' 'report-sample' data: https://api-web.educagri.fr; img-src 'self' data: *.ytimg.com *.vimeocdn.com https://api-web.educagri.fr https://www.google-analytics.com https://www.googletagmanager.com; base-uri 'self'; frame-src 'self' *.youtube-nocookie.com *.youtube.com *.vimeo.com *.data.sigea.educagri.fr *.dailymotion.com *.facebook.com https://www.google.com; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' data: https://api-web.educagri.fr *.google-analytics.com https://analytics-sc.institut-agro.fr; style-src 'self' 'report-sample' data: https://api-web.educagri.fr https://fonts.googleapis.com; report-uri https://cem.educagri.fr/api/csp/0/FE 1
object-src 'none';base-uri 'self';script-src 'nonce-pnPxjpUXMnfJHtIxSA1f6w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none'; script-src 'self' 'unsafe-inline' https://cdn.matomo.cloud https://heritagefund.matomo.cloud https://cdn.ckeditor.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://player.vimeo.com https://polyfill-fastly.io https://heritagefund.matomo.cloud/; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://cdn.matomo.cloud https://heritagefund.matomo.cloud https://cdn.ckeditor.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://player.vimeo.com https://polyfill-fastly.io; style-src 'self' 'unsafe-inline' https://p.typekit.net; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://p.typekit.net/; frame-ancestors 'self' 1
default-src 'self' https: 'unsafe-inline' 'unsafe-eval' ; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' ; style-src 'self' https: 'unsafe-inline' blob ; font-src 'self' https: data: ; img-src 'self' https: data: blob: ; media-src 'self' https: blob: ; worker-src 'self' https: blob: ; connect-src 'self'  https: ; object-src 'none'  https: ; frame-ancestors 'none' https: ; base-uri 'self' ; form-action 'self' ; frame-src 'self' ; report-uri /csp-report; 1
object-src 'none';base-uri 'self';script-src 'nonce-pydkN9asDeiA3AaMUymcGw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src-elem 'self' *.googletagmanager.com https://*.mopinion.com https://integration.occ7.mtel.eu https://connect.facebook.net https://snap.licdn.com https://www.clarity.ms https://c.clarity.ms/ https://www.youtube.com https://static.doubleclick.net 'nonce-z9RyCs0LaCzC1OS9gRt0TDjN7uAlWVRTSQvs3Wa6HpY='; script-src 'self' 'unsafe-eval' *.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net 'sha256-TqjM/ocl9Ih4hsJxBuYJi9DiPkAJnBID1b5nkiBEnYI=' 'sha256-vemytl4W5Qmww8+4p7ijbNPmvDbs6GPIf7CXCwtOWgc=' 'nonce-z9RyCs0LaCzC1OS9gRt0TDjN7uAlWVRTSQvs3Wa6HpY='; report-uri /umbraco/api/csp/report; default-src 'none'; font-src 'self' https://fonts.gstatic.com https://cdn.faceworks.nl https://*.mopinion.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net https://fonts.mopinion.com https://edge.cookieconsent.io; img-src 'self' mijn.s-bb.nl *.googletagmanager.com px.ads.linkedin.com https://www.facebook.com https://edge.cookieconsent.io https://www.toegankelijkheidsverklaring.nl; form-action 'self'; base-uri 'self'; frame-ancestors 'self'; frame-src 'self' youtube.com www.youtube.com; manifest-src 'self'; connect-src 'self' https://*.google-analytics.com https://*.mopinion.com https://*.clarity.ms https://api.cookieconsent.io https://px.ads.linkedin.com https://connect.facebook.net 1
object-src 'none';base-uri 'self';script-src 'nonce-2EMVPohbXvmtkdiobt3h3A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' https://*.zdassets.com https://*.zopim.com https://*.zendesk.com wss://*.zendesk.com wss://*.zopim.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.squarecdn.com https://api.smooch.io/ https://applepay.cdn-apple.com/ https://*.googleadservices.com/ https://assets.braintreegateway.com/web/ https://*.bazaarvoice.com/ https://*.doubleclick.net/ https://storage.googleapis.com/workbox-cdn/ https://www.google.com/pagead/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://cfjump.platypusshoes.com.au/ https://cfjump.platypusshoes.co.nz/ https://*.fullstory.com https://www.googletagmanager.com/ https://analytics.tiktok.com https://cdn.unidays.world https://*.truefitcorp.com https://www.paypalobjects.com/api/checkout.min.js https://*.klaviyo.com https://t.cfjump.com/ https://*.zdassets.com https://connect.facebook.net/ https://maps.googleapis.com/ https://js-agent.newrelic.com/ js.datadome.co ct.captcha-delivery.com https://*.adobedtm.com https://*.afterpay.com https://*.demdex.net https://*.forter.com https://dlthst9q2beh8.cloudfront.net https://d2nww8zpyj5pk0.cloudfront.net https://*.google-analytics.com https://*.paypal.com afterpay.com https://foursixty.com https://*.useinsider.com https://*.roymorgan.com https://s.pinimg.com https://lantern.roeyecdn.com https://web-sdk.aptrinsic.com/api/aptrinsic.js https://ct.pinterest.com/ https://js-sandbox.squarecdn.com/ ; style-src 'self' 'unsafe-inline' https://display.ugc.bazaarvoice.com/ https://maxcdn.bootstrapcdn.com/font-awesome/ https://*.typekit.net/ https://fonts.googleapis.com/ https://assets.braintreegateway.com/web/dropin/1.43.0/css/dropin.css https://assets.braintreegateway.com/web/dropin/1.16.0/css/dropin.css https://*.adobetm.com https://foursixty.com https://assets.api.useinsider.com https://*.adobemc.com ; img-src data: 'self' https://*.zendesk.com/ https://dpm.demdex.net/ https://www.googleadservices.com/ccm/ https://www.magentocommerce.com/products/media/ https://*.platypusshoes.co.nz/ https://*.platypusshoes.com.au/ https://googleads.g.doubleclick.net/ https://ad.doubleclick.net/ https://www.google.com/ccm/ https://www.paypalobjects.com https://www.google.com/ https://www.google.com.au/ https://www.google.co.nz/ https://www.google.com.vn/ https://maps.gstatic.com/mapfiles/ https://scontent.cdninstagram.com/ https://*.afterpay.com/ https://*.accentgra.com https://www.googletagmanager.com/ https://www.facebook.com/ https://*.bazaarvoice.com https://t.paypal.com/ https://duuytoqss3gu4.cloudfront.net/ https://df45ay5pw60dy.cloudfront.net/ https://d3nocrch4qti4v.cloudfront.net/ https://*.google-analytics.com https://*.pinterest.com https://*.twilio.com https://*.tiktok.com https://*.useinsider.com https://maps.googleapis.com/maps/ https://developers.google.com https://*.zopim.io https://*.zdassets.com https://amcglobal.sc.omtrdc.net/ https://adservice.google.com https://lantern.roeye.com/ https://accentgroupxpdev.112.2o7.net/b/ss/accentgroup-xpdev/ ; object-src 'none' ; base-uri 'self' ; child-src 'self' ; connect-src 'self' https://analytics.google.com/g/collect https://iq.afterpay.com/us/v1/ https://iq.afterpay-beta.com/us/v1/ https://*.my.sentry.io/ wss://api.smooch.io/ https://*.accentgra.com/ https://www.facebook.com/tr/ https://google.com/ https://www.google.com/ https://collect-ap2.attraqt.io/ https://smetrics.platypusshoes.co.nz/ https://*.fullstory.com https://*.klaviyo.com https://smetrics.platypusshoes.com.au/ https://api-js.datadome.co https://*.adobedc.net https://*.afterpay.com https://*.bazaarvoice.com https://*.braintree-api.com https://*.braintreegateway.com https://*.demdex.net https://*.forter.com https://*.foursixty.com https://google.com/ccm/ https://www.google.com/ccm/ https://*.google-analytics.com https://*.googleapis.com https://www.google.com.au/ads/ga-audiences https://*.nr-data.net https://*.paypal.com https://*.truefitcorp.com https://*.zdassets.com https://*.zendesk.com https://*.zopim.com https://accentgroupxpdev.112.2o7.net https://afterpay.com https://analytics.tiktok.com https://facebook.com https://*.roymorgan.com foursixty.com https://kleber.datatoolscloud.net.au https://sentry.io https://vimeo.com wss://*.twilio.com wss://widget-mediator.zopim.com https://d2o5idwacg3gyw.cloudfront.net https://dz8rit8v72mig.cloudfront.net https://d2lxqodqbpy7c2.cloudfront.net https://d6rak4b14t5gp.cloudfront.net https://d3k4bt74u9esq1.cloudfront.net wss://cdn0.forter.com api.useinsider.com api.myunidays.com https://hit.api.useinsider.com https://segment.api.useinsider.com https://carrier.useinsider.com https://locationv2.api.useinsider.com https://platypusaustralia.api.useinsider.com https://ct.pinterest.com/ https://stats.g.doubleclick.net https://unification.useinsider.com/api/event/v1/ https://*.api.useinsider.com ; font-src data: 'self' https://maxcdn.bootstrapcdn.com/font-awesome/ https://fonts.gstatic.com https://*.truefitcorp.com https://*.useinsider.com static.klaviyo.com use.typekit.net https://shopping.qantas.com/ ; frame-src 'self' https://www.googletagmanager.com/ geo.captcha-delivery.com https://*.formstack.com https://*.afterpay.com https://*.bazaarvoice.com https://*.demdex.net https://*.doubleclick.net https://*.facebook.com https://*.myunidays.com https://*.omniparcelreturns.com https://*.paypal.com https://*.paypalobjects.com https://*.truefitcorp.com https://*.useinsider.com https://*.vimeo.com https://*.youtu.be https://*.youtube.com https://afterpay.com https://assets.braintreegateway.com https://facebook.com https://foursixty.com https://google.com https://www.google.com/ vimeo.com https://ct.pinterest.com/ ; worker-src 'self' blob: https://*.accentgra.com https://*.platypusshoes.co.nz https://*.platypusshoes.com.au; 1
connect-src https://api.segment.io https://cdn.segment.com https://stats.g.doubleclick.net https://www.google-analytics.com https://via.intercom.io https://api.intercom.io https://api.au.intercom.io https://api.eu.intercom.io https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-b.intercom.io https://nexus-europe-websocket.intercom.io wss://nexus-europe-websocket.intercom.io https://nexus-australia-websocket.intercom.io wss://nexus-australia-websocket.intercom.io https://uploads.intercomcdn.com https://uploads.intercomcdn.eu https://uploads.au.intercomcdn.com https://uploads.eu.intercomcdn.com https://uploads.intercomusercontent.com 'self' https://api.ipstack.com https://geoip-js.com https://*.launchdarkly.com https://*.guide.jamfnow.com https://api.feedback.us.pendo.io https://sentry.pub.jamf.build https://api.services.jamfnow.com https://services-api.services.jamfnow.com https://jamfsw.okta.com/.well-known/openid-configuration https://jamfsw.okta.com/oauth2/v1/token; img-src https://*.google-analytics.com https://ssl.google-analytics.com https://www.google.ad https://www.google.ae https://www.google.al https://www.google.am https://www.google.as https://www.google.at https://www.google.az https://www.google.ba https://www.google.be https://www.google.bf https://www.google.bg https://www.google.bi https://www.google.bj https://www.google.bs https://www.google.bt https://www.google.by https://www.google.ca https://www.google.cat https://www.google.cd https://www.google.cf https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.co.ao https://www.google.co.bw https://www.google.co.ck https://www.google.co.cr https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.kr https://www.google.co.ls https://www.google.co.ma https://www.google.co.mz https://www.google.co.nz https://www.google.co.th https://www.google.co.tz https://www.google.co.ug https://www.google.co.uk https://www.google.co.uz https://www.google.co.ve https://www.google.co.vi https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.com https://www.google.com.af https://www.google.com.ag https://www.google.com.ai https://www.google.com.ar https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.com.bz https://www.google.com.co https://www.google.com.cu https://www.google.com.cy https://www.google.com.do https://www.google.com.ec https://www.google.com.eg https://www.google.com.et https://www.google.com.fj https://www.google.com.gh https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.hz https://www.google.com.jm https://www.google.com.kh https://www.google.com.kw https://www.google.com.lb https://www.google.com.ly https://www.google.com.mm https://www.google.com.mt https://www.google.com.mx https://www.google.com.my https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.com.np https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.com.pr https://www.google.com.py https://www.google.com.qa https://www.google.com.sa https://www.google.com.sb https://www.google.com.sg https://www.google.com.sl https://www.google.com.sv https://www.google.com.tj https://www.google.com.tr https://www.google.com.tw https://www.google.com.ua https://www.google.com.uy https://www.google.com.vc https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.dz https://www.google.ee https://www.google.es https://www.google.fi https://www.google.fm https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.gl https://www.google.gm https://www.google.gr https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.ie https://www.google.im https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.ki https://www.google.kz https://www.google.la https://www.google.li https://www.google.lk https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.mn https://www.google.ms https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.ne https://www.google.nl https://www.google.no https://www.google.nr https://www.google.nu https://www.google.pk https://www.google.pl https://www.google.pn https://www.google.ps https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.rw https://www.google.sc https://www.google.se https://www.google.sh https://www.google.si https://www.google.sk https://www.google.sm https://www.google.sn https://www.google.so https://www.google.sr https://www.google.st https://www.google.td https://www.google.tg https://www.google.tl https://www.google.tm https://www.google.tn https://www.google.to https://www.google.tt https://www.google.vg https://www.google.vu https://www.google.ws blob: data: https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://downloads.intercomcdn.eu https://downloads.au.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://messenger-apps.eu.intercom.io https://messenger-apps.au.intercom.io https://*.intercom-attachments-1.com https://*.intercom-attachments.eu https://*.au.intercom-attachments.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://static.intercomassets.eu https://static.au.intercomassets.com https://appinstallers-packages.services.jamfcloud.com 'self' https://*.guide.jamfnow.com https://app.pendo.io https://*.jamfnow.com https://*.services.jamfnow.com https://jamfnow-customapps.s3.amazonaws.com; script-src https://cdn.segment.com https://www.google-analytics.com https://www.googletagmanager.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com 'self' https://geoip-js.com/js/apis/geoip2/v2.1/geoip2.js https://*.salesforceliveagent.com https://*.guide.jamfnow.com https://cdn.jsdelivr.net/npm/confetti-js@0.0.15/dist/index.min.js https://www.youtube.com; child-src https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; font-src https://js.intercomcdn.com https://fonts.intercomcdn.com 'self'; form-action https://intercom.help https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io; media-src https://js.intercomcdn.com https://downloads.intercomcdn.com https://downloads.intercomcdn.eu https://downloads.au.intercomcdn.com; style-src 'unsafe-inline' 'self' https://*.guide.jamfnow.com; base-uri 'self'; default-src 'self' https:; report-uri https://sentry.pub.jamf.build/api/266/security/?sentry_key=69c661b6de484d0285748b2206db8711&sentry_environment=production; 1
default-src 'self' ; base-uri 'self' ; object-src 'none' ; style-src 'self' 'unsafe-inline' cdn.plyr.io https://fonts.googleapis.com https://devcomapbotpilot-test.azurewebsites.net/ https://chatbotapp-stage.azurewebsites.net/ https://intelibot-prod.azurewebsites.net/ ; script-src 'strict-dynamic' 'nonce-ZfEKj1oQpBAmzeczaoUXSj83F6tjObsQ' 'self' 'unsafe-inline' 'unsafe-eval' https://js.monitor.azure.com https://admin.dev.comap-control.bluehosting.cz https://chatbotapp-stage.azurewebsites.net/ https://devcomapbotpilot-test.azurewebsites.net/ https://intelibot-prod.azurewebsites.net/ ; font-src 'self' https://fonts.gstatic.com/ ; connect-src 'self' https://*.google.com https://*.logic.azure.com/ https://chatbotapp-stage.azurewebsites.net/ https://intelibot-prod.azurewebsites.net/   https://intelisearch.azurewebsites.net https://directline.botframework.com https://websearchproxy.azure-api.net wss://directline.botframework.com https://*.in.applicationinsights.azure.com/ wss://localhost:44377 ws://localhost:50602 noembed.com cdn.plyr.io ; img-src * 'self' data: ; media-src 'self' *.comap-control.com/ https://comapkenticouat6527.blob.core.windows.net ; frame-src https://www.thinglink.com youtube-nocookie.com www.youtube-nocookie.com youtube.com www.youtube.com vimeo.com www.vimeo.com https://www.google.com/ ; frame-ancestors https://admin.dev.comap-control.bluehosting.cz/ 1
base-uri 'self'; form-action 'self'; frame-ancestors 'self'; frame-src 'self'; upgrade-insecure-requests; block-all-mixed-content 1
object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-fORlgbdmtjmxw75DEXnwlg' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All 1
font-src fonts.googleapis.com fonts.gstatic.com payment.payline.com payment-2.payline.com homologation-payment.payline.com homologation-payment-2.payline.com payment.cdn.payline.com homologation-payment.cdn.payline.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com https://www.googletagmanager.com/ payment.payline.com payment-2.payline.com homologation-payment.payline.com homologation-payment-2.payline.com payment.cdn.payline.com homologation-payment.cdn.payline.com *.google.com/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.openstreetmap.org maps.googleapis.com maps.gstatic.com cdn.doofinder.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://www.magezon.com payment.payline.com payment-2.payline.com homologation-payment.payline.com homologation-payment-2.payline.com payment.cdn.payline.com homologation-payment.cdn.payline.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com cdn.doofinder.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ payment.payline.com payment-2.payline.com homologation-payment.payline.com homologation-payment-2.payline.com payment.cdn.payline.com homologation-payment.cdn.payline.com *.google.com/ s7.addthis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.doofinder.com payment.payline.com payment-2.payline.com homologation-payment.payline.com homologation-payment-2.payline.com payment.cdn.payline.com homologation-payment.cdn.payline.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com maps.googleapis.com *.doofinder.com wss://*.doofinder.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ payment.payline.com payment-2.payline.com homologation-payment.payline.com homologation-payment-2.payline.com payment.cdn.payline.com homologation-payment.cdn.payline.com ekr.zdassets.com/ 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-fV6c7L2V7JxgTwy5oR4Aqw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none'; script-src 'nonce-KkwHRKaMl1EZgAsRDFZKblyp' 'strict-dynamic' http: https:; base-uri 'none';  1
default-src 'self';      script-src 'self' *.hubspot.com *.hs-analytics.net *.hs-scripts.com;      connect-src 'self' *.hubspot.com *.hubapi.com;      img-src 'self' *.hs-analytics.net *.hubspotusercontent##.net;      frame-src 'self' *.hubspotvideo.com *.hscollectedforms.net;     style-src 'self' *.hubspotusercontent##.net; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com fonts.googleapis.com *.googleapis.com data: *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.chaordicsystems.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.twitter.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com https://accounts.google.com https://www.facebook.com https://login.live.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com https://static.addtoany.com/ www.google.com *.twitter.com *.criteo.com *.criteo.net *.chaordicsystems.com *.googletagmanager.com *.doubleclick.net *.prospin.com.br *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com js.mollie.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com maps.googleapis.com maps.gstatic.com *.googleapis.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.google.com.br *.prospin.com.br *.criteo.com *.freshchat.com *.bat.com *.bing.com *.linximpulse.net *.linximpulse.com *.chaordicsystems.com *.doubleclick.net *.smartadserver.com *.taboola.com *.tremorhub.com *.bidswitch.net *.media.net *.adnxs.com *.casalemedia.com *.stickyadstv.com *.360yield.com *.liadm.com *.mediavine.com *.postrelease.com *.outbrain.com *.pubmatic.com *.revcontent.com *.rubiconproject.com *.clmbtech.com *.3lift.com *.adgrx.com *.agkn.com *.unrulymedia.com *.teads.tv *.1rx.io *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com https://www.mollie.com *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com https://maps.googleapis.com https://static.addtoany.com/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.jsdelivr.net *.addtoany.com *.fw-cdn.com *.google.com.br 'self' data: *.linximpulse.net *.prospin.com.br *.bing.com *.clarity.com *.clarity.ms *.criteo.com *.chaordicsystems.com *.doubleclick.net *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com js.mollie.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com https://maps.googleapis.com https://player.vimeo.com https://stats.addtoany.com/menu maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.cloudflare.com *.twitter.com *.twimg.com *.chaordicsystems.com *.linximpulse.net *.linximpulse.com *.prospin.com.br *.clarity.ms *.criteo.com https://ipinfo.io/json *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.google-analytics.com *.facebook.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri *.chaordicsystems.com 'self' 'unsafe-inline'; 1
default-src https:; font-src https: data:; style-src 'unsafe-inline' https:; object-src 'self';connect-src https: wss:; script-src 'nonce-ho7JX5lq4iEqcl2H5uj23QsqVhzqd7uawuq4/MlOjOI=' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' https: 'report-sample'; img-src https: data:; report-uri /webhooks/csp-log/create 1
object-src 'none'; base-uri 'self'; script-src 'self' 'nonce--oHJTbSWrsfHJBjy9oGdSw' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All 1
default-src 'self' https: 'unsafe-inline' *.visualwebsiteoptimizer.com useruploads.vwo.io blob:; 1
object-src 'none';base-uri 'self';script-src 'nonce-8Xgop1wKb2mEKzN2Y-iWjQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self';font-src 'self' https: data:;img-src 'self' https: data:;media-src 'self' https: data: blob:;child-src 'self' https: blob:;connect-src 'self' *.paypal.com *.dynamics.com *.w3.org *.getgo.com *.bizzabo.com *.pheedloop.com *.bugsnag.com *.microsoft.com https://unpkg.com *.azureedge.net *.onetrust.com *.oribi.io *.adroll.com *.clickdimensions.com *.cookielaw.org *.cloudflare.com *.facebook.net *.facebook.com *.typekit.net *.doubleclick.net *.twimg.com *.linkedin.com *.crazyegg.com *.licdn.com *.twitter.com *.google-analytics.com google.com *.google.com *.google.co.in *.googleadservices.com *.googletagmanager.com *.googleapis.com *.gstatic.com https://ml314.com *.company-target.com *.demandbase.com *.6sc.co *.ceros.com *.zi-scripts.com *.zoominfo.com *.clarity.ms;script-src *.blob.core.windows.net *.jquery.com 'unsafe-inline' 'self' *.azureedge.net *.bizzabo.com *.pheedloop.com *.bugsnag.com *.paypal.com *.w3.org *.getgo.com https://unpkg.com *.vimeo.com *.microsoft.com *.msecnd.net *.dynamics.com *.brightcove.net *.cloudfront.net *.googletagmanager.com *.fontawesome.com *.wistia.com *.nprapps.org google.com *.google.com *.google-analytics.com *.google.co.in *.adroll.com *.ads-twitter.com *.clickdimensions.com *.cookielaw.org *.cloudflare.com *.facebook.net *.facebook.com *.googleapis.com *.typekit.net *.doubleclick.net *.twimg.com *.linkedin.com *.crazyegg.com *.licdn.com *.twitter.com *.googleadservices.com *.gstatic.com *.ml314.com https://ml314.com *.buzzsprout.com *.blubrry.com *.company-target.com *.demandbase.com *.rollbar.com *.ceros.com *.6sc.co *.simpli.fi *.paypalobjects.com *.zi-scripts.com *.clarity.ms;style-src 'self' https: 'unsafe-inline' *.dynamics.com *.paypal.com *.bizzabo.com *.pheedloop.com *.bugsnag.com https://unpkg.com *.azureedge.net https://ml314.com *.blubrry.com *.ceros.com;worker-src 'self' blob:;frame-ancestors 'self' *.dynamics.com *.azureedge.net *.microsoft.com *.company-target.com; 1
object-src 'none';base-uri 'self';script-src 'nonce-s6dhcXiD342LAO93j8FTEA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'self' 'nonce-Is9S4g3k3TI/007xxkOsL9mnMfE49+nwXaraPYWXhp4=' 'strict-dynamic' 'wasm-unsafe-eval';object-src 'none';base-uri 'self';report-uri https://o4507537122852864.ingest.de.sentry.io/api/4507764299726928/security/?sentry_key=2e67b3fa9c193f38db8ea33933d09ffa&sentry_environment=production&sentry_release=sprint24; 1
object-src 'none';base-uri 'self';script-src 'nonce-5TGAH84qZEDjNeSM6cmE9w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.googleapis.com *.versapay.com *.paynup.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.twitter.com *.versapay.com *.paynup.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.certcapture.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.certcapture.com *.twitter.com *.paynup.com *.versapay.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.weltpixel.com *.googletagmanager.com *.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net data: *.certcapture.com *.amazonaws.com *.google.co.in t.co.in t.co *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.versapay.com *.paynup.com *.trackedlink.net magefan.com cm.magefan.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com maps.gstatic.com *.facebook.com *.reddit.com *.ads-twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.googletagmanager.com *.doubleclick.net *.google.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com *.adobe.io *.commerce-payment-services.com *.magento-ds.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.magento-datasolutions.com *.certcapture.com *.ads-twitter.com *.pinimg.com *.qualtrics.com *.hotjar.com *.pinterest.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.versapay.com *.paynup.com *.datadoghq.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com *.googletagmanager.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.bing.com *.clarity.ms *.klaviyo.com unpkg.com *.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com *.certcapture.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.versapay.com *.paynup.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com assets.braintreegateway.com *.tagmanager.google.com *.googletagmanager.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.magento-datasolutions.com *.magento-ds.com *.certcapture.com *.pinterest.com *.googleapis.com *.qualtrics.com *.hotjar.com *.hotjar.io stats.g.doubleclick.net wss://ws.hotjar.com *.google.co.in *.cloudflare.com *.twitter.com *.twimg.com *.versapay.com *.paynup.com *.datadoghq.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com maps.googleapis.com *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.doubleclick.net *.run.app 'self' 'unsafe-inline'; child-src *.certcapture.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://127.0.0.1/magento_os/; report-to report-endpoint; 1
font-src fonts.gstatic.com use.typekit.net *.fontawesome.com www.searchanise.com *.searchserverapi.com staticw2.yotpo.com use.fontawesome.com maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com www.searchanise.com *.searchserverapi.com *.twitter.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com www.google.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.hub-box.com www.searchanise.com *.searchserverapi.com *.twitter.com secure.livechatinc.com widget.trustpilot.com frame.hubbox.com *.yotpo.com swellrewards.com *.swellrewards.com *.1account.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net p.typekit.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.adyen.com *.twitter.com *.twimg.com www.google.com www.google.ru www.searchanise.com *.searchserverapi.com s3.amazonaws.com services.postcodeanywhere.co.uk *.google-analytics.com *.analytics.google.com *.yotpo.com swellrewards.com *.swellrewards.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com amcglobal.sc.omtrdc.net commerce.adobe.net magento-recs-sdk.adobe.net www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com www.googletagmanager.com *.adyen.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.online-metrix.net testflex.cybersource.com flex.cybersource.com songbirdstag.cardinalcommerce.com *.trackedlink.net *.trackedweb.net searchanise-ef84.kxcdn.com ajax.aspnetcdn.com www.searchanise.com *.searchserverapi.com *.searchanise.com api.amplitude.com cdn.cookie-script.com cdn.livechatinc.com api.livechatinc.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net widget.trustpilot.com searchserverapi.com cpage11112.pcapredict.com services.postcodeanywhere.co.uk analytics.ahrefs.com *.yotpo.com swellrewards.com *.swellrewards.com *.1account.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com www.searchanise.com *.searchserverapi.com searchanise-ef84.kxcdn.com *.twitter.com services.postcodeanywhere.co.uk *.yotpo.com swellrewards.com *.swellrewards.com *.1account.net *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.snplow.net commerce.adobedc.net api.magento.com *.adobe.io performance.typekit.net pilot-payflowlink.paypal.com commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com *.sentry.io *.adyen.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.hub-box.com api.amplitude.com stats.g.doubleclick.net bam.nr-data.net bam-cell.nr-data.net services.postcodeanywhere.co.uk api.livechatinc.com *.google-analytics.com *.analytics.google.com mcprod.vapeuk.co.uk *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com data: *.fontawesome.com *.cloudflare.com *.twitter.com *.bootstrapcdn.com *.flixcar.com *.flixfacts.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com maps.googleapis.com maps.gstatic.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.twitter.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.chasepaymentechhostedpay.com *.chasepaymentechhostedpay-var.com https://chase.hostedpaymentservice.net https://chase-var.hostedpaymentservice.net *.kaptcha.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com www.google.com maps.googleapis.com maps.gstatic.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * libs.na.bambora.com gstatic.com canadapost.ca ct.soa-gw.canadapost.ca soa-gw.canadapost.ca *.chasepaymentechhostedpay.com *.chasepaymentechhostedpay-var.com https://chase.hostedpaymentservice.net https://chase-var.hostedpaymentservice.net *.kaptcha.com *.twitter.com *.addthis.com *.flippenterprise.net reebee.com webservices.purolator.com devwebservices.purolator.com *.flixcar.com *.cloudfront.net *.etilize.com *.weltpixel.com *.wesupply.xyz https://wesupplylabs.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net data: *.googleapis.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com maps.googleapis.com maps.gstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.cloudflare.com *.googleadservices.com *.google-analytics.com *.twitter.com *.flippenterprise.net reebee.com *.flixcar.com *.flix360.com *.flix360.io *.syndigo.cloud *.flexiti.fi *.etilize.com *.visions.ca *.powerreviews.com *.facebook.com *.cdninstagram.com *.fbcdn.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com apis.google.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com *.kaptcha.com maps.googleapis.com maps.gstatic.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com libs.na.bambora.com gstatic.com *.chasepaymentechhostedpay.com *.chasepaymentechhostedpay-var.com https://chase.hostedpaymentservice.net https://chase-var.hostedpaymentservice.net *.cloudflare.com *.twitter.com *.google-analytics.com googletagmanager.com *.trustedshops.com *.fontawesome.com *.addthis.com s7.addthis.com m.addthis.com z.moatads.com *.addthisedge.com graph.facebook.com widgets.pinterest.com *.flippenterprise.net reebee.com *.flixfacts.com *.flixcar.com *.flix360.com *.flix360.io *.syndigo.com *.etilize.com *.spexaccess.net *.1worldsync.com *.marker.io *.flexiti.fi *.visions.ca *.powerreviews.com ajax.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com *.instagram.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com downloads.mailchimp.com *.fontawesome.com assets.braintreegateway.com *.cloudflare.com *.googleapis.com *.twitter.com *.gstatic.com *.typekit.net *.bootstrapcdn.com *.flippenterprise.net reebee.com *.flix360.com *.flixcar.com *.etilize.com *.powerreviews.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com maps.googleapis.com maps.gstatic.com *.flixcar.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io *.googleapis.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com *.kaptcha.com maps.googleapis.com maps.gstatic.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com libs.na.bambora.com gstatic.com canadapost.ca ct.soa-gw.canadapost.ca soa-gw.canadapost.ca *.chasepaymentechhostedpay.com *.chasepaymentechhostedpay-var.com https://chase.hostedpaymentservice.net https://chase-var.hostedpaymentservice.net *.cloudflare.com *.twitter.com *.flippenterprise.net reebee.com webservices.purolator.com devwebservices.purolator.com *.syndigo.com *.marker.io bam.nr-data.net *.flexiti.fi *.visions.ca *.powerreviews.com *.google-analytics.com *.facebook.net https://www.google-analytics.com *.instagram.com *.googleusercontent.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'self' 'nonce-xPYyui4BRkJ9zMXcoE6g1qDO5ls=' 'strict-dynamic' 'unsafe-eval'; object-src 'none'; 1
font-src fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://www.shopperapproved.com *.vertexsmb.com www.googletagmanager.com www.sageexchange.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.certcapture.com *.meetanshi.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com www.google.com *.certcapture.com *.vertexsmb.com seal.godaddy.com static.hotjar.com www.sageexchange.com *.formstack.com *.meetanshi.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.certcapture.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://www.shopperapproved.com seal-boston.bbb.org *.googleapis.com maps.gstatic.com *.meetanshi.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ www.google.com *.certcapture.com chimpstatic.com downloads.mailchimp.com *.list-manage.com https://www.shopperapproved.com https://direct.shopperapproved.com *.vertexsmb.com seal.godaddy.com static.hotjar.com www.sageexchange.com *.formstack.com stats.g.doubleclick.net bat.bing.com *.ywxi.net *.amazonaws.com *.sagepayments.net maps.googleapis.com *.meetanshi.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.cloudflare.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.certcapture.com downloads.mailchimp.com unsafe-inline *.googleapis.com seal.godaddy.com stats.g.doubleclick.net bat.bing.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.certcapture.com *.vertexsmb.com seal.godaddy.com static.hotjar.com *.googleapis.com *.formstack.com stats.g.doubleclick.net www.sageexchange.com *.ywxi.net *.amazonaws.com *.sagepayments.com *.meetanshi.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src *.certcapture.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src *; script-src 'self' 'unsafe-inline' *; object-src *; style-src 'self' 'unsafe-inline' *; img-src 'self' data: *; media-src *; frame-src *; frame-ancestors *; child-src 'self' blob: *; font-src *; connect-src *; report-uri /report-csp-violation 1
default-src 'self'; script-src 'self' https://static.hotjar.com https://script.hotjar.com https://www.googletagmanager.com/gtm.js 'unsafe-eval' https://stortinget.matomo.cloud https://*.qbrick.com; style-src 'self' https://static.hotjar.com https://script.hotjar.com; font-src 'self' data: https://script.hotjar.com https://*.qbrick.com; img-src 'self' data: https://*.cookiebot.com https://static.hotjar.com https://script.hotjar.com https://survey-images.hotjar.com https://www.googletagmanager.com/ https://mm.dimu.org/image/ http://licensebuttons.net/p/mark/1.0/80x15.png https://i.creativecommons.org/l/by-nc-nd/4.0/80x15.png https://*.static.flickr.com https://*.dna.ip-only.net https://prd.jwpltx.com/v1/jwplayer6/; style-src-elem 'self' 'unsafe-inline'; style-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://openseadragon.github.io https://cdnjs.cloudflare.com https://*.cookiebot.com https://static.hotjar.com https://script.hotjar.com http://ajax.googleapis.com/ajax/libs/jquery/ https://www.googletagmanager.com https://www.gstatic.com https://www.google.com/recaptcha/ https://stortinget.matomo.cloud https://cdn.matomo.cloud/stortinget.matomo.cloud/ https://*.qbrick.com https://ssl.p.jwpcdn.com https://ssl.essens.no; script-src-attr 'self' 'unsafe-inline'; connect-src 'self' https://*.cookiebot.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://stortinget.matomo.cloud https://api.dimu.org https://*.snl.no/api/ https://snl.no/api/ https://api.flickr.com/services/rest/ https://*.qbrick.com wss://*.qbrick.com https://*.dna.ip-only.net https://httpcache1.dna.ip-only.net https://ssl.p.jwpcdn.com/player/ https://*.essens.no; frame-src 'self' https://*.cookiebot.com; media-src 'self' https://*.dna.ip-only.net; report-to main-endpoint; report-uri /api/CspReports/ReportAsync; 1
script-src  'self' https://www.acura.com https://stats.g.doubleclick.net https://checkoutshopper-test.adyen.com/ https://my.hondafinancialservices.com https://pal-test.adyen.com https://automobiles.honda.com/ https://cdn.cookielaw.org https://ahfc--webproj1.my.salesforce.com https://www.gstatic.com https://www.somt.honda.com https://treasuredata.com/ https://www.youtube.com https://www.google.com https://pay.google.com https://analytics.google.com blob: https://in.treasuredata.com/ https://uat2.sendyouropinions.com/ClientFiles/Honda/cnx/SPA.js https://webproj1-hondafinance.cs97.force.com/ https://www.tt.omtrdc.net https://assets.adobedtm.com/extensions/EP40e3bec801244c59a61bf06eb622a63c/AppMeasurement.min.js 'report-sample' https://www.google.co.in/ads/ga-audiences https://service.force.com/embeddedservice/ 'unsafe-eval' https://uat2.sendyouropinions.com/ClientFiles/Honda/cnx/cnx_style.css https://assets.adobedtm.com/ 'unsafe-inline' https://payments.salesforce.com/ https://cdn.treasuredata.eom/sdk/3.0/td.min.js https://www.2o7.net https://www.demdex.net https://checkoutshopper-live.adyen.com/ https://cdn.content.aws-prod1-useast1.aws.sfdc.cl/ https://consent-api.onetrust.com https://uat2.sendyouropinions.com/ https://assets.adobedtm.com/extensions/EP40e3bec801244c59a61bf06eb622a63c/AppMeasurement_Module_ActivityMap.min.js https://www.sc.omtrdc.net https://tagmanager.google.com https://www.gstatic.com/recaptcha/ https://uip.canary.lwc.dev https://assets.adobedtm.com/4d2629481466/43ad9a13e659/launch-520b4553879e.min.js https://geolocation.onetrust.com https://cdn.content.aws-dev2-uswest2.aws.sfdc.cl/ https://ahfc--webproj1--c.visualforce.com/ https://uat2.sendyouropinions.com/ClientFiles/Honda/cnx/cnx_bundle.js https://www.omt.honda.com https://www.google.com/recaptcha/ https://js.stripe.com/ https://www.googletagmanager.com import: https://www.google-analytics.com *.salesforce.com https://www.paypal.com/sdk/js https://ahfc--sfamsweb.sandbox.my.site.com; report-to sfdc-csp-ep; report-uri https://ahfc.lightning.force.com/_/ContentDomainCSPNoAuth?tenantId=00Dj0000001oPqD&networkId=0DM5b000000wk5s&type=communities 1
default-src https://*.hint.com 'self' https://static.hsappstatic.net; img-src 'self' https://*.hint.com https://www.facebook.com https://app.hubspot.com https://*.hsforms.com https://avatars.hubspot.net https://static.hsappstatic.net https://www.google.com https://www.google.com https://t.co https://www.google-analytics.com https://analytics.twitter.com https://facebook.com https://heapanalytics.com https://p.typekit.net https://px.ads.linkedin.com https://www.google.com/ads https://www.facebook.com/tr https://track.hubspot.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://www.gstatic.com https://www.google.com/recaptcha/enterprise.js https://313589.fs1.hubspotusercontent-na1.net https://platform.twitter.com https://platform.linkedin.com/in.js  https://js.hsleadflows.net https://script.hotjar.com https://www.googletagmanager.com https://snap.licdn.com https://static.hotjar.com https://static.hsappstatic.net https://js.hs-scripts.com https://app.hubspot.com https://www.google-analytics.com https://static.ads-twitter.com https://cdn.heapanalytics.com https://connect.facebook.net https://my.hellobar.com https://js.hs-analytics.net https://js.hs-banner.com https://js.hscollectedforms.net https://js.hsadspixel.net https://hsleadflows.net https://googleads.g.doubleclick.net; style-src 'self' 'unsafe-inline' https://static.hsappstatic.net https://cdnjs.cloudflare.com https://fonts.googleapis.com https://www.gstatic.com https://use.typekit.net https://cdn2.hubspot.net https://p.typekit.net https://fast.fonts.net https://px.ads.linkedin.com; object-src 'self'; font-src 'self' https://2562809.fs1.hubspotusercontent-na1.net https://cdnjs.cloudflare.com https://fonts.gstatic.com https://cdn2.hubspot.net https://use.typekit.net; connect-src 'self' https://forms.hscollectforms.net https://forms.hscollectforms.net https://js.hs-banner.com https://api.hubapi.com https://www.google-analytics.com https://*.hubspot.com https://stats.g.doubleclick.net https://forms.hscollectedforms.net; frame-src https://platform.twitter.com https://www.google.com 1
font-src userlike-cdn-umm.b-cdn.net *.gstatic.com data: *.cloudfront.net *.mey.com app.usercentrics.eu 'self' data: 'self' 'unsafe-inline';form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.facebook.com 'self' 'unsafe-inline';frame-ancestors https://*.etracker.com www.gstatic.com 'self';frame-src https://collect.mey.com https://*.criteo.com userlike-cdn-umm.b-cdn.net userlike-cdn-widgets.s3-eu-west-1.amazonaws.com api.userlike.com https://static.criteo.net *.zenaps.com *.awin1.com bid.g.doubleclick.net td.doubleclick.net ct.pinterest.com www.awin1.com fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de ad.ad-srv.net *.adsrvr.org *.fls.doubleclick.net www.facebook.com opt.kuponacdn.de gum.criteo.com pixel.mathtag.comm pp.payengine.de pptest.payengine.de checkoutshopper-test.adyen.com/ checkoutshopper.adyen.com/ 'self' 'unsafe-inline';img-src https://*.outbrain.com https://*.roeye.com https://www.wepowerconnections.com userlike-store-media-files.s3.amazonaws.com www.userlike.com userlike-cdn-web.b-cdn.net userlike-cdn-operators.s3-eu-west-1.amazonaws.com userlike-cdn-operators.userlike.com ct.pinterest.com bat.bing.com *.zenaps.com *.awin1.com googleads.g.doubleclick.net www.etracker.de id5-sync.com s.thebrighttag.com beacon.krxd.net *.google.de *.google.com ads.creative-serving.com *.uimserv.net *.adnxs.com ups.analytics.yahoo.com visitor.omnitagjs.com *.ad.smaato.net matching.ivitrack.com exchange.mediavine.com  *.taboola.com *.stickyadstv.com criteo-sync.teads.tv cm.adform.net sync-criteo.ads.yieldmo.com ad.sxp.smartclip.net *.emxdgt.com criteo-partners.tremorhub.com sync.outbrain.com *.3lift.com *.smartadserver.com ads.yahoo.com *.casalemedia.com *.bidswitch.net *.twiago.com contextual.media.net match.sharethrough.com *.pubmatic.com cdn.stickyadstv.com *.adscale.de ad.360yield.com sp.analytics.yahoo.com ad.yieldlab.net cotads.adscale.de *.criteo.com *.liadm.com pixel.rubiconproject.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.adyen.com *.gstatic.com *.googleapis.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.awin1.com *.bing.com *.cloudfront.net stats.g.doubleclick.net *.doubleclick.net *.g.doubleclick.net www.facebook.com www.google.com www.google.de www.googletagmanager.com *.usercentrics.eu *.adfarm1.adition.com *.adition.com  *.pinterest.com pixel.mathtag.com *.adnxs.com checkoutshopper-test.adyen.com/ checkoutshopper.adyen.com/ *.mey.com *.clarity.ms app.usercentrics.eu api.usercentrics.eu aggregator.service.usercentrics.eu 'self' data: 'self' 'unsafe-inline';script-src https://*.roeyecdn.com https://tagmanager.google.com https://googletagmanager.com https://www.googletagmanager.com https://*.outbrain.com ct.pinterest.com https://*.criteo.com *.zenaps.com *.awin1.com collect.mey.com userlike-cdn-umm.b-cdn.net api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com cdn.polyfill.io www.googleoptimize.com browser.sentry-cdn.com *.etracker.de *.etracker.com *.google.de *.google.com assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.googletagmanager.com *.adyen.com *.googleapis.com www.gstatic.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de jquery.sellxed.com *.adform.net *.amazon.com js.adsrvr.org www.awin1.com bat.bing.com *.dt51.net *.cloudfront.net googleads.g.doubleclick.net www.dwin1.com connect.facebook.net www.google.com *.google-analytics.com www.gstatic.com mastertag.kpcustomer.de opt.kuponacdn.de bam.nr-data.net bam.eu01.nr-data.net js-agent.newrelic.com static.shopgate.com the.sciencebehindecommerce.com tagmanager.google.com *.usercentrics.eu *.kuponacdn.de app.theadx.com browser-update.org pixel.mathtag.com pptest.payengine.de *.adnxs.com static.criteo.net s.pinimg.com sslwidget.criteo.com *.clarity.ms *.mey.com *.google.com *.gstatic.com app.usercentrics.eu 'self' 'unsafe-inline' 'unsafe-eval';style-src https://tagmanager.google.com https://googletagmanager.com https://www.googletagmanager.com *.adobe.com fonts.googleapis.com *.usercentrics.eu *.cloudfront.net *.mey.com *.googleapis.com *.gstatic.com app.usercentrics.eu 'self' 'unsafe-inline';object-src 'self' 'unsafe-inline';media-src www.userlike.com userlike-store-media-files.s3.amazonaws.com userlike-cdn-umm.b-cdn.net *.adobe.com blob: 'self' 'unsafe-inline';manifest-src 'self' 'unsafe-inline';connect-src http://bat.bing.net https://*.outbrain.com www.userlike.com userlike-cdn-web.b-cdn.net umd.userlike.com wss://umd.userlike.com ct.pinterest.com https://*.etracker.de https://*.criteo.com https://*.wepowerconnections.com https://*.g.doubleclick.net https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj  https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb  https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa  https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://collect.mey.com https://*.googletagmanager.com *.addressy.com maps.googleapis.com userlike-cdn-umm.b-cdn.net api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com sentry.mey.netz98.org eu-api.friendlycaptcha.eu www.etracker.de www.facebook.com www.clarity.ms dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.adyen.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de stats.g.doubleclick.net mey.dvinci-hr.com bam.eu01.nr-data.net the.sciencebehindecommerce.com *.usercentrics.eu aggregator.service.usercentrics.eu bat.bing.com *.pinterest.com *.google-analytics.com *.maps.googleapis.com *.mey.com *.cloudfront.net *.clarity.ms www.googletagmanager.com app.usercentrics.eu api.usercentrics.eu aggregator.service.usercentrics.eu blob: 'self' 'unsafe-inline';child-src userlike-cdn-umm.b-cdn.net userlike-cdn-widgets.s3-eu-west-1.amazonaws.com api.userlike.com http: https: blob: 'self' 'unsafe-inline';default-src https://*.outbrain.com https://*.clarity.ms https://c.bing.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval';base-uri 'self' 'unsafe-inline';report-uri https://sentry.mey.netz98.org/api/2/security/?sentry_key=81ac2c0efc304bedbb370dc8e745b346&sentry_environment=production;report-to csp-endpoint; 1
object-src 'none';base-uri 'self';script-src 'nonce-BxFmQzV-BMYGO31G5xNmuQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://*.gstatic.com *.yotpo.com *.googleapis.com *.fontawesome.com dhv2ziothpgrr.cloudfront.net *.klevu.com *.ksearchnet.com *.klarnaservices.com *.klarnaevt.com *.klarna.com *.klarnacdn.net *.google.com *.doubleclick.net *.pinterest.com *.tiktok.com *.nr-data.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.adyen.com *.yotpo.com *.facebook.com *.facebook.net *.amazon.co.uk 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.google.com *.braintreegateway.com *.paypal.com google.com www.googletagmanager.com *.adyen.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.yotpo.com *.rvvuptech.com *.clearpay.co.uk *.sandbox.paypal.com *.doubleclick.net *.hotjar.com *.facebook.com *.facebook.net *.vimeo.com *.pinterest.com *.newrelic.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com *.gstatic.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net validator.swagger.io *.ftcdn.net *.behance.net *.adyen.com https://*.gstatic.com *.trackedlink.net *.yotpo.com *.afterpay.com *.sandbox.paypal.com *.stats.paypal.com dhv2ziothpgrr.cloudfront.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com *.google.co.uk *.googletagmanager.com *.google.com *.facebook.com *.facebook.net *.klarnaservices.com *.klarnaevt.com *.klarna.com *.klarnacdn.net *.doubleclick.net *.pinterest.com *.tiktok.com *.nr-data.net *.bing.com *.newrelic.com *.media-amazon.com *.payments-amazon.com *.amazon.com *.clarity.ms yotpo-editor-production.s3.amazonaws.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ *.google.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.cdn-apple.com *.adyen.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.yotpo.com *.afterpay.com *.paypal.com *.sandbox.paypal.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com *.googleapis.com *.klarnaservices.com *.klarnaevt.com *.klarna.com *.klarnacdn.net *.doubleclick.net *.pinterest.com *.tiktok.com *.bing.com *.facebook.com *.facebook.net *.visualwebsiteoptimizer.com *.pinimg.com *.matomo.cloud *.adt313.net *.adt356.net *.adt356.com *.payments-amazon.com *.amazon.com *.clarity.ms https://js.klevu.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://fonts.googleapis.com/ cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.yotpo.com *.googleapis.com *.fontawesome.com dhv2ziothpgrr.cloudfront.net https://static.klaviyo.com *.klevu.com *.ksearchnet.com *.klarnaservices.com *.klarnaevt.com *.klarna.com *.klarnacdn.net *.google.com *.doubleclick.net *.pinterest.com *.tiktok.com *.nr-data.net *.bing.com https://statsjs.klevu.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.adyen.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.yotpo.com *.sandbox.paypal.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com *.google.co.uk *.klarnaservices.com *.klarnaevt.com *.klarna.com *.klarnacdn.net *.doubleclick.net *.pinterest.com *.tiktok.com *.facebook.com *.facebook.net bat.bing.com *.bing.com *.postcodeanywhere.co.uk *.payments-amazon.com *.amazon.com *.clarity.ms *.merchant-center-analytics.goog 'self' 'unsafe-inline'; child-src *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://592944fc-ced2-48d3-a0ef-ebc9d01e03fd.sansec.watch/; report-to report-endpoint; 1
default-src 'self'; base-uri 'none'; connect-src https: wss:; font-src https: data:; form-action 'self' *.bauhaus.cz *.facebook.com *.mail-komplet.cz; frame-ancestors 'self'; frame-src https:; img-src https: data:; object-src 'none'; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; report-uri https://kosik.bauhaus.cz/csp_report; report-to bauhaus-csp; 1
object-src 'none';base-uri 'self';script-src 'nonce-Y3rf1XZFAoGpxjfO_jLpIw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
base-uri 'self'; block-all-mixed-content; default-src 'self'; form-action 'self'; frame-ancestors 'self'; plugin-types 'none'; script-src 'self' 'report-sample' 'unsafe-inline'; style-src 'self' 'report-sample' 'unsafe-inline'; object-src 'none'; worker-src 'none'; report-uri https://prod.ap.batic.cudasvc.com/xenios/api/v1/error/report??paid=151&spid=24831&v=v1.0&payload=ymp00hZ1EycWvkX3IquhUieuZ-WwiM7wmeLf82fnMT6pUZ5yKevVikT-ngB7BfWK8foLZ2v_8uZQ1XcRDBaDNGvqWWaQIa1WA4DzNqn1-f1JJwlY1FZVbI12H_gVFer6g3_8q2Jx87APquseM2PS2Bos5jGpLQuydNBdb2vB1ntT-XgIYxmrqvf5izGJf_2O5d70KBm1TCy1E9TN2SfQug==; 1
default-src 'self';script-src 'self' 'unsafe-inline' 'nonce-+e6vaWKFg7tC6+HSoRs6EGYF' 'unsafe-eval' https://pixel.byspotify.com *.travcorpservices.com https://www.google.com https://www.google-analytics.com https://www.googleoptimize.com https://www.googletagmanager.com https://ajax.googleapis.com https://www.gstatic.com https://googleads.g.doubleclick.net https://api.feefo.com https://register.feefo.com https://bat.bing.com https://cdn.evgnet.com https://connect.facebook.net https://i.clarity.ms https://static-ssl.responsetap.com *.hotjar.com https://tag.simpli.fi https://unpkg.com https://www.bugherd.com https://www.datadoghq-browser-agent.com https://assetscdn.stackla.com/media/js https://vjs.zencdn.net https://cdn.amplitude.com/libs https://sdk.joinsherpa.io https://apps.mypurecloud.com https://consentcdn.cookiebot.com https://cdnjs.cloudflare.com https://ttc-contiki.entry.promo https://cdn.optimizely.com https://www.riddle.com;style-src 'self' 'unsafe-inline' https://assetscdn.stackla.com/media/components/stackla-uikit/dist https://fonts.googleapis.com https://p.typekit.net https://use.typekit.net https://vjs.zencdn.net https://apps.mypurecloud.com;img-src 'self' https://bat.bing.com https://c.clarity.ms https://i.ytimg.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.uplift-platform.com data:;frame-src 'self' https://10006172.fls.doubleclick.net https://uplift-cdn-stg.uplift.com https://vars.hotjar.com https://widget.stackla.com https://www.google.com https://apps.joinsherpa.io https://www.googletagmanager.com https://a25408250069.cdn.optimizely.com;font-src 'self' https://assetscdn.stackla.com https://fonts.gstatic.com https://use.typekit.net https://vjs.zencdn.net https://apps.mypurecloud.com;connect-src 'self' *.travcorpservices.com *.travcorp.com *.corp.ttc:7443 https://api.feefo.com https://bat.bing.com https://in.hotjar.com https://ws11.hotjar.com/api https://l.clarity.ms https://metrics.responsetap.com/infinity https://noembed.com https://pm-mrkt.prodgw.uplift-platform.com https://rum.browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://ttctravel.germany-2.evergage.com https://www.facebook.com https://www.google-analytics.com https://logx.optimizely.com https://region1.analytics.google.com https://ttc.contiki.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://*.123cards.com *.googleapis.com *.googletagmanager.com *.doubleclick.net *.g.doubleclick.net *.googleadservices.com *.facebook.net *.facebook.com *.google-analytics.com *.googleoptimize.com *.googlesyndication.com *.googletagservices.com *.gstatic.com *.mgr.consensu.org *.cloudsponge.com *.quantcast.com *.quantcount.com *.quantserve.com *.cloudflare.com *.rudderlabs.com *.amazon-adsystem.com *.2mdn.net *.opendns.com *.zencdn.net *.trackjs.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat https://polyfill.io https://*.digicert.com https://code.createjs.com https://*.clarity.ms https://*.stripe.com https://*.adyen.com https://*.chargebee.com https://*.braintreegateway.com https://*.paypal.com https://*.braintree-api.com https://*.bing.com https://*.trackjs.com https://secure.cdn.fastclick.net https://cdn.id5-sync.com https://cardsaqt.dataplane.rudderstack.com https://lb.eu-1-id5-sync.com https://id5-sync.com https://cdn.ampproject.org https://vjs.zencdn.net https://cdn.jsdelivr.net https://www.paypalobjects.com https://s3.amazonaws.com https://unpkg.com https://pouch-global-font-assets.s3.eu-central-1.amazonaws.com https://use.fontawesome.com https://rtb.jp2.as.criteo.com https://ads.as.criteo.com https://cdn.doubleverify.com https://s.update.sharethru.com https://tps.doubleverify.com https://tpsc-ue1.doubleverify.com https://pagead2.googlesyndication.com https://c.amazon-adsystem.com https://rtb.va.us.criteo.com https://ads.us.criteo.com https://nrb.ybp.yahoo.com https://beap-bc.yahoo.com android-webview-video-poster https://giftit.jifiti.com https://shopping.qantas.com; object-src ; img-src 'self' data: https: blob:; font-src 'self' data: https:; report-uri /report-csp-acl/ 1
default-src 'self' localhost:3000 strapi.sandbox.communicode.dev strapi.communicode.de sandbox.communicode.dev communicode.com https://app.usercentrics.eu https://www.google.com https://www.youtube-nocookie.com https://www.youtube.com; style-src 'unsafe-inline' *; script-src 'self' 'unsafe-eval' localhost:3000 sandbox.communicode.dev communicode.com google.com googletagmanager.com tagmanager.google.com googleadservices.com google-analytics.com xing-share.com linkedin.com static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com youtube.com snap.licdn.com www.gstatic.com; script-src-elem 'self' 'unsafe-inline' http://localhost:3000 sandbox.communicode.dev communicode.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://web.cmp.usercentrics.eu https://app.usercentrics.eu https://www.youtube.com https://privacy-proxy.usercentrics.eu; connect-src 'self' strapi.sandbox.communicode.dev strapi.communicode.de meilisearch.communicode.dev meilisearch.communicode.de v1.api.service.cmp.usercentrics.eu web.cmp.usercentrics.eu api.usercentrics.eu aggregator.service.usercentrics.eu region1.google-analytics.com consent-api.service.consent.usercentrics.eu privacy-proxy.usercentrics.eu graphql.usercentrics.eu; img-src 'self' data: *; frame-src 'self' https://www.youtube.com https://app.usercentrics.eu https://www.google.com https://www.gstatic.com https://web.cmp.usercentrics.eu https://www.sandbox.communicode.dev https://www.communicode.com 1
report-uri /csp-reports/; default-src 'self' https://trackbill.com https://*.trackbill.com; connect-src 'self' https://*.trackbill.com https://api.hubspot.com https://api.hubapi.com https://forms.hubspot.com https://*.pndsn.com https://pubsub.pubnub.com https://js-agent.newrelic.com https://bam.nr-data.net https://www.google-analytics.com https://stats.g.doubleclick.net https://api.hsforms.com https://www.facebook.com https://jsd-widget.atlassian.com https://mgas.prod.public.atl-paas.net; font-src 'self' https://fonts.gstatic.com https://static.hsappstatic.net; frame-src 'self' https://trackbill.com https://*.trackbill.com https://app.hubspot.com https://mozilla.github.io https://d31qbv1cthcecs.cloudfront.net https://www.youtube.com https://connect.facebook.net; img-src 'self' https://trackbill.com https://*.trackbill.com https://mozilla.github.io https://static.hsappstatic.net https://track.hubspot.com https://hubspot-avatars.s3.amazonaws.com https://www.facebook.com https://www.google.com https://www.google-analytics.com https://stats.g.doubleclick.net https://bam.nr-data.net https://certify.alexametrics.com https://d5nxst8fruw4z.cloudfront.net data: blob:; media-src 'self' https://trackbill.com https://*.trackbill.com; object-src 'self' https://trackbill.com https://*.trackbill.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://trackbill.com https://*.trackbill.com https://code.jquery.com https://mozilla.github.io https://app.hubspot.com https://static.hsappstatic.net https://js.usemessages.com https://js.hs-analytics.net https://js.hscollectedforms.net https://js.hsadspixel.net https://js.hs-scripts.com https://bam.nr-data.net https://connect.facebook.net https://www.google-analytics.com https://d31qbv1cthcecs.cloudfront.net https://www.googletagmanager.com https://js-agent.newrelic.com https://mgas.prod.public.atl-paas.net https://jsd-widget.atlassian.com; style-src 'self' 'unsafe-inline' https://trackbill.com https://*.trackbill.com https://code.jquery.com https://mozilla.github.io https://static.hsappstatic.net https://www.google-analytics.com https://fonts.googleapis.com; child-src 'self' https://trackbill.com https://*.trackbill.com https://app.hubspot.com https://mozilla.github.io https://d31qbv1cthcecs.cloudfront.net; form-action 'self' https://trackbill.com https://*.trackbill.com https://connect.facebook.net; frame-ancestors 'none'; plugin-types application/pdf; 1
object-src 'none';base-uri 'self';script-src 'nonce-4eEunY-GQBrvBf7_DRVdSQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/tv_google 1
default-src 'self' 'unsafe-inline' cdnjs.cloudflare.com cdn.rawgit.com raw.githubusercontent.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.teads.tv *.cookiehub.eu connect.facebook.net bat.bing.com bat.bing.net bat.bing-int.com static.ads-twitter.com snap.licdn.com *.googleads.g.doubleclick.net bat.bing-int.com services.postcodeanywhere.co.uk unpkg.com *.clarity.ms *.ads.linkedin.com *.licdn.com clarity.ms *.bing.com *.doubleclick.net *.googleadservices.com *.visualwebsiteoptimizer.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com *.cookiehub.eu services.postcodeanywhere.co.uk unpkg.com *.cookiehub.com; img-src 'self' data: *.google.co.uk *.facebook.com t.co analytics.twitter.com t.teads.tv bat.bing.com bat.bing.net *.visualwebsiteoptimizer.com services.postcodeanywhere.co.uk *.googletagmanager.com *.postcodeanywhere.co.uk *.googletagmanager.com *.google.com *.doubleclick.net *.googleadservices.com *.google.co.za *.google.co.za *.google.com.ph *.linkedin.com *.clarity.ms c.bing.com *.google.ro *.teads.tv *.bing.com analytics.twitter.com px.ads.linkedin.com bat.bing.net l.teads.tv *.teads.tv *.google.com.ar *.google.se www.google.co.uk *.google.de *.google.it *.google.cz *.vimeocdn.com *.facebook.com facebook.com *.google.mk dev.visualwebsiteoptimizer.com *.google.co.id; media-src data: player.vimeo.com *.vimeocdn.com *.libsyn.com cdn-podcasts.libsyn.com *.youtube.com youtu.be; frame-src 'self' td.doubleclick.net *.googletagmanager.com *.fls.doubleclick.net *.facebook.com *.vimeo.com; font-src 'self' data: *.childrenssociety.org.uk fonts.gstatic.com; connect-src 'self' region1.analytics.google.com *.google-analytics.com region1.google-analytics.com *.clarity.ms t.teads.tv bat.bing-int.com bat.bing.net *.googletagmanager.com cdn.cookiehub.eu dev.visualwebsiteoptimizer.com *.google.com stats.g.doubleclick.net px.ads.linkedin.com cm.teads.tv bat.bing.com consent-eu.cookiehub.net ad.doubleclick.net *.googletagmanager.com *.doubleclick.net *.googleadservices.com *.analytics.google.com *.google.co.uk g.doubleclick.net stats.g.doubleclick.net bat.bing.com region1.google-analytics.com *.facebook.com region1.analytics.google.com analytics.google.com analytics.google.com *.google.co.uk google.com; report-uri /report-csp-violation 1
object-src 'none';base-uri 'self';script-src 'nonce-D2Th2SA7ToGVCvMqAiYfZg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none'; script-src 'nonce-fYrChRhaF14JHRFu19r2q1kA' 'strict-dynamic' http: https:; base-uri 'none'; 1
default-src 'self'; connect-src ka-p.fontawesome.com; font-src ka-p.fontawesome.com; style-src-elem ka-p.fontawesome.com; report-to csp-endpoint; 1
default-src 'self' https://static.slo-tech.com https://zy.si https://push.slo-tech.com; script-src 'self' 'unsafe-inline' https://static.slo-tech.com https://oglasi.slo-tech.com https://zy.si; style-src 'self' data: 'unsafe-inline' static.slo-tech.com; img-src 'self' data: https://* http://* https://static.slo-tech.com https://oglasi.slo-tech.com https://zy.si; connect-src 'self' https://oglasi.slo-tech.com https://push.slo-tech.com wss://push.slo-tech.com ws://push.slo-tech.com https://zy.si; frame-src 'self' https://oglasi.slo-tech.com https://www.youtube-nocookie.com; worker-src 'none'; frame-ancestors 'none'; form-action 'self'; upgrade-insecure-requests; sandbox; report-uri https://sentry.ilol.si/api/2/security/?sentry_key=1caf1e883a1146c09085276ddd50841d 1
font-src https://cdnjs.cloudflare.com https://static.payzen.eu/static/ *.fontawesome.com *.typekit.net https://static.lyra.com/static/ fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de https://secure.payzen.eu/vads-payment/ https://api.payzen.eu/api-payment/ https://static.payzen.eu/static/ *.facebook.com https://secure.lyra.com/vads-payment/ https://api.lyra.com/api-payment/ https://static.lyra.com/static/ 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com js.stripe.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://secure.payzen.eu/vads-payment/ https://static.payzen.eu/static/ *.avis-verifies.com *.botnation.ai *.doubleclick.net *.facebook.com *.googletagmanager.com *.hotjar.com *.zenaps.com https://secure.lyra.com/vads-payment/ https://static.lyra.com/static/ *.myspectro.io *.kxcdn.com *.weltpixel.com js.mollie.com www.xtento.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com https://images.unsplash.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de axeptio.imgix.net https://secure.payzen.eu/static/latest/images/type-carte/ https://static.payzen.eu/static/ https://secure.payzen.eu/vads-payment/ https://www.google.fr https://api.mapbox.com *.tile.openstreetmap.org *.avis-verifies.com *.awin1.com *.bing.com *.clarity.ms *.facebook.com *.google.com *.analytics.google.com *.lacompagniedesanimaux.com *.netreviews.eu *.twgdns.com *.zenaps.com https://secure.lyra.com/static/latest/images/type-carte/ https://static.lyra.com/static/ https://secure.lyra.com/vads-payment/ https://www.mollie.com https://maps.googleapis.com https://maps.gstatic.com *.gstatic.com *.reddit.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://maps.googleapis.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js www.google.com/recaptcha/ www.gstatic.com/recaptcha/ js.stripe.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.axept.io https://cdnjs.cloudflare.com https://api.payzen.eu/api-payment/ https://static.payzen.eu/static/ *.plugins.emarsys.net *.scarabresearch.com widget.freshworks.com m2epro.freshdesk.com *.avis-verifies.com *.bing.com *.botnation.ai *.clarity.ms *.doubleclick.net *.dwin1.com *.facebook.net *.analytics.google.com *.hotjar.com *.iadvize.com *.newrelic.com *.nr-data.net *.remisesetprivileges.fr *.roeyecdn.com *.sciencebehindecommerce.com *.shipup.co *.skeepers.io *.twenga.fr *.zdassets.com *.zenaps.com assets.emarsys.net https://api.lyra.com/api-payment/ https://static.lyra.com/static/ *.myspectro.io *.kxcdn.com s.kk-resources.com js.mollie.com *.googletagmanager.com *.googleadservices.com *.google.com *.redditstatic.com *.reddit.com *.tiktok.com unpkg.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src https://fonts.googleapis.com https://cdnjs.cloudflare.com https://static.payzen.eu/static/ widget.freshworks.com m2epro.freshdesk.com *.fontawesome.com *.botnation.ai *.jsdelivr.net *.typekit.net https://static.lyra.com/static/ *.tagmanager.google.com *.googletagmanager.com fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com https://maps.googleapis.com https://player.vimeo.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de api.axept.io client.axept.io https://secure.payzen.eu/vads-payment/ https://api.payzen.eu/api-payment/ *.scarabresearch.com *.eservice.emarsys.net widget.freshworks.com m2epro.freshdesk.com *.fact-finder.de *.fact-finder.com *.fact-finder.co.uk *.fact-finder.fr *.fact-finder.pl *.fact-finder.it *.fact-finder.at *.fact-finder.ch *.fact-finder.cloud https://nominatim.openstreetmap.org *.botnation.ai *.clarity.ms *.doubleclick.net *.google.com *.google-analytics.com *.analytics.google.com *.googleapis.com *.iadvize.com *.nr-data.net *.remisesetprivileges.fr *.sciencebehindecommerce.com *.zdassets.com *.zendesk.com https://secure.lyra.com/vads-payment/ https://api.lyra.com/api-payment/ *.myspectro.io *.kxcdn.com s.kelkoogroup.net *.hotjar.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.run.app 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src https://secure.payzen.eu/vads-payment/ https://api.payzen.eu/api-payment/ https://static.payzen.eu/static/ https://secure.lyra.com/vads-payment/ https://api.lyra.com/api-payment/ https://static.lyra.com/static/ 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self' *.andrew.com; 1
font-src fonts.gstatic.com cdn.livechatinc.com stats.g.doubleclick.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.dotit.com *.ncco.com dotit.wufoo.com stats.g.doubleclick.net *.livechatinc.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ stats.g.doubleclick.net dotit.wufoo.com www.wrike.com *.google.com *.livechatinc.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.dotit.com *.ncco.com stats.g.doubleclick.net cp-ywz-382.chili-publish.online cp-ywz-382.chili-publish-sandbox.online *.livechatinc.com *.disqus.com https://img.youtube.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ stats.g.doubleclick.net chimpstatic.com *.wufoo.com www.youtube.com apis.google.com *.google.pl *.livechatinc.com *.disqus.com s7.addthis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com stats.g.doubleclick.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.livechatinc.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com stats.g.doubleclick.net *.analytics.google.com *.google-analytics.com dotit.wufoo.com *.smartystreets.com apis.google.com *.google.pl *.livechatinc.com ekr.zdassets.com/ 'self' 'unsafe-inline'; child-src stats.g.doubleclick.net http: https: blob: 'self' 'unsafe-inline'; default-src stats.g.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri stats.g.doubleclick.net 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-JAufIAuQSP_8PAF6DRyZpg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-yatveOHCeMHwP7RnFTixwQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com *.myheritage.com.br https://www.myheritage.com.br  'unsafe-eval' 'nonce-130c839551ef3f1f2ccd197d1649bb88' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com https://www.google.com/ccm/collect https://cdn.builder.io *.myheritage.com.br;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self' https://builder.io;img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=report&canonical_page_id=/company/home/ 1
default-src *.pharm24.gr *.skroutz.gr static.zdassets.com data:; frame-src *.pharm24.gr virtual-assistants.gr *.googletagmanager.com *.skroutz.gr *.hotjar.com *.checkout.com *.dco.gr *.disqus.com *.linkwi.se *.adsrvr.org *.google.com *.googlesyndication.com *.agkn.com *.facebook.net *.facebook.com *.youtube.com *.cookiebot.com *.aimtell.com; img-src * data: *.pharm24.gr *.youtube.com *.facebook.com trustmark.gr; script-src 'self' 'unsafe-inline' *.pharm24.gr *.skroutz.gr *.google.com *.debugbear.com virtual-assistants.gr secure.dcomodo.net *.vc-portal.com *.skroutz.gr *.gstatic.com *.checkout.com salesmanago.com *.salesmanago.com *.saleago.com bat.bing.com *.clarity.ms *.adman.gr *.hotjar.com *.googleapis.com *.google.com *.cloudflareinsights.com *.cloudflare.com *.disquscdn.com *.shareaholic.com *.shareaholic.net *.stackpathcdn.com *.cloudfront.net *.adsrvr.org *.instagram.com *.ampproject.org *.googlesyndication.com *.disqus.com *.cookiebot.com trustmark.gr *.agkn.com *.zdassets.com *.trustmark.gr *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.facebook.com connect.facebook.net *.facebook.net googleads.g.doubleclick.net *.doubleclick.net *.zopim.com *.linkwi.se s3.amazonaws.com *.amazonaws.com *.aimtell.com cdn-cfdnp.nitrocdn.com 'unsafe-inline' 'unsafe-eval' blob: data: gap:; style-src 'self' *.googleapis.com *.pharm24.gr *.vc-portal.com *.bootstrapcdn.com cdn-cfdnp.nitrocdn.com 'unsafe-inline'; worker-src 'self' *.aimtell.com blob: data: gap:; font-src 'self' *.hotjar.com *.stats.pharm24.gr *.pharm24.gr *.vc-portal.com *.gstatic.com *.bootstrapcdn.com *.stackpathcdn.com *.zopim.com cdn-cfdnp.nitrocdn.com data:; connect-src *.debugbear.com google.com *.checkout.com *.cookiebot.com *.zendesk.com *.saleago.com *.salesmanago.com *.salesmanago.pl *.getnitropack.com *.adman.gr *.hotjar.com *.googlesyndication.com *.trustmark.gr *.ampproject.org *.google.com *.google.gr *.disqus.com *.shareaholic.com *.shareaholic.net backup.pharm24.gr:* *.pharm24.gr *.doubleclick.net *.google-analytics.com *.agkn.com *.zdassets.com  *.amazonaws.com *.zopim.com bat.bing.com a.clarity.ms *.facebook.com *.aimtell.com wss://widget-mediator.zopim.com wss://ws6.hotjar.com/api/v2/client/ws 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com *.healthyplanetcanada.com healthyplanetcanada.com *.healthyplanetusa.com healthyplanetusa.com *.healthyplanetkitchen.ca healthyplanetkitchen.ca instore.healthyplanetcanada.com https://cdnjs.cloudflare.com maxcdn.bootstrapcdn.com *.fontawesome.com *.alicdn.com *.flaticon.com *.googleusercontent.com *.hsappstatic.net *.slant.co *.zip.co fonts.googleapis.com *.yotpo.com *.cdnfonts.com *.walmartimages.com s3.amazonaws.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.sharethis.com *.weltpixel.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.dotdigital-pages.com *.dotdigital.com webchat.dotdigital.com webchat.staging.dotdigital.com checkout.sezzle.com sandbox.checkout.sezzle.com tracking.sezzle.com *.trustpilot.com *.yotpo.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.sharethis.com *.googleapis.com *.healthyplanetcanada.com healthyplanetcanada.com *.healthyplanetusa.com healthyplanetusa.com *.healthyplanetkitchen.ca healthyplanetkitchen.ca instore.healthyplanetcanada.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.trackedlink.net magefan.com cm.magefan.com https://meetanshi.com/media/logo.png flagpedia.net media.sezzle.com *.3lift.com *.adnxs.com *.adsrvr.org *.baidu.com *.bidswitch.net *.bluekai.com *.casalemedia.com *.criteo.com *.criteo.net *.crwdcntrl.net *.doubleclick.net *.facebook.com *.facebook.net *.ggpht.com *.google.com *.googleadservices.com *.googleusercontent.com *.liadm.com *.outbrain.com *.pubmatic.com *.riskified.com *.rubiconproject.com *.shopify.com *.simpli.fi *.sitescout.com *.stackadapt.com *.teads.tv *.trackedweb.net *.tremorhub.com *.trustpilot.com *.yotpo.com google.com www.google.ad www.google.ae www.google.al www.google.am www.google.at www.google.az www.google.ba www.google.be www.google.bf www.google.bg www.google.bi www.google.bj www.google.bs www.google.by www.google.ca www.google.cf www.google.ch www.google.ci www.google.cl www.google.cm www.google.co.ao www.google.co.bw www.google.co.cr www.google.co.id www.google.co.il www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ls www.google.co.ma www.google.co.mz www.google.co.nz www.google.co.th www.google.co.tz www.google.co.ug www.google.co.uk www.google.co.uz www.google.co.ve www.google.co.vi www.google.co.za www.google.co.zm www.google.co.zw www.google.com.af www.google.com.ag www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bh www.google.com.bn www.google.com.bo www.google.com.br www.google.com.bz www.google.com.co www.google.com.cu www.google.com.cy www.google.com.do www.google.com.ec www.google.com.eg www.google.com.et www.google.com.fj www.google.com.gh www.google.com.gt www.google.com.hk www.google.com.jm www.google.com.kh www.google.com.kw www.google.com.lb www.google.com.ly www.google.com.mm www.google.com.mt www.google.com.mx www.google.com.my www.google.com.ng www.google.com.ni www.google.com.np www.google.com.om www.google.com.pa www.google.com.pe www.google.com.ph www.google.com.pk www.google.com.pr www.google.com.py www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.sv www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vc www.google.com.vn www.google.cv www.google.cz www.google.de www.google.dk www.google.dm www.google.dz www.google.ee www.google.es www.google.fi www.google.fr www.google.ga www.google.ge www.google.gl www.google.gr www.google.gy www.google.hn www.google.hr www.google.ht www.google.hu www.google.ie www.google.im www.google.iq www.google.is www.google.it www.google.jo www.google.kg www.google.kz www.google.li www.google.lk www.google.lt www.google.lu www.google.lv www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.mn www.google.mu www.google.mv www.google.mw www.google.nl www.google.no www.google.pl www.google.ps www.google.pt www.google.ro www.google.rs www.google.ru www.google.rw www.google.sc www.google.se www.google.sk www.google.sn www.google.sr www.google.tg www.google.tn www.google.tt maps.googleapis.com maps.gstatic.com *.reddit.com s.ad.smaato.net ad.360yield.com cs.adingo.jp sync-t1.taboola.com rtb-csync.smartadserver.com dis.criteo.com tg.socdm.com *.bing.com *.clarity.ms *.cluepixel.com *.unbxdapi.com *.disqus.com *.moneris.com *.flippenterprise.net *.wishabi.com *.wishabi.net d2kw3seoms87mw.cloudfront.net www.google.co.in yotpo-editor-production.s3.amazonaws.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net *.commerce-payment-services.com *.magento-ds.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.magento-datasolutions.com *.sharethis.com *.googleapis.com *.gstatic.com *.healthyplanetcanada.com healthyplanetcanada.com *.healthyplanetusa.com healthyplanetusa.com *.healthyplanetkitchen.ca healthyplanetkitchen.ca instore.healthyplanetcanada.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal webchat.dotdigital.com webchat.staging.dotdigital.com maps.googleapis.com https://gateway.moneris.com https://gatewayt.moneris.com checkout-sdk.sezzle.com sandbox.checkout-sdk.sezzle.com widget.sezzle.com *.trustpilot.com *.cloudflare.com *.criteo.com *.doubleclick.net *.facebook.net *.fullstory.com *.googleadservices.com *.googletagmanager.com *.noibu.com *.riskified.com *.stackadapt.com *.unbxd.io *.yotpo.com https://www.googletagmanager.com tagmanager.google.com *.redditstatic.com *.reddit.com unpkg.com *.bing.com *.clarity.ms *.crazyegg.com *.disqus.com *.gorgias.chat *.salesforceliveagent.com *.unbxdapi.com d21gpk1vhmjuf5.cloudfront.net *.flippenterprise.net *.simpli.fi https://cdn-scripts.signifyd.com https://imgs.signifyd.com https://h64.online-metrix.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.sharethis.com *.healthyplanetcanada.com healthyplanetcanada.com *.healthyplanetusa.com healthyplanetusa.com *.healthyplanetkitchen.ca healthyplanetkitchen.ca instore.healthyplanetcanada.com assets.braintreegateway.com webchat.dotdigital.com webchat.staging.dotdigital.com https://cdnjs.cloudflare.com maxcdn.bootstrapcdn.com *.fontawesome.com *.gstatic.com *.trustpilot.com *.shopify.com *.stackadapt.com *.yotpo.com tagmanager.google.com *.googleapis.com *.cdnfonts.com *.sezzle.com *.unbxdapi.com d1rabrmvm0ggsd.cloudfront.net *.flippenterprise.net 'self' 'unsafe-inline'; object-src *.healthyplanetcanada.com healthyplanetcanada.com *.healthyplanetusa.com healthyplanetusa.com *.healthyplanetkitchen.ca healthyplanetkitchen.ca instore.healthyplanetcanada.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net *.sentry.io www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.paypal.com google.com *.google.com *.magento-datasolutions.com *.magento-ds.com *.sharethis.com *.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com www.gstatic.com maps.googleapis.com gateway.sezzle.com sandbox.gateway.sezzle.com *.crwdcntrl.net *.doubleclick.net *.facebook.com *.googleadservices.com *.ipify.org *.noibu.com *.riskified.com *.stackadapt.com *.unbxd.io ipinfo.io www.google.ad www.google.ae www.google.al www.google.am www.google.at www.google.az www.google.ba www.google.be www.google.bf www.google.bg www.google.bs www.google.by www.google.cf www.google.ch www.google.cl www.google.co.cr www.google.co.id www.google.co.il www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ma www.google.co.nz www.google.co.th www.google.co.tz www.google.co.ug www.google.co.uk www.google.co.uz www.google.co.ve www.google.co.vi www.google.co.za www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bh www.google.com.bo www.google.com.br www.google.com.bz www.google.com.co www.google.com.cu www.google.com.cy www.google.com.do www.google.com.ec www.google.com.eg www.google.com.et www.google.com.fj www.google.com.gh www.google.com.gt www.google.com.hk www.google.com.jm www.google.com.kh www.google.com.kw www.google.com.lb www.google.com.ly www.google.com.mt www.google.com.mx www.google.com.my www.google.com.ng www.google.com.ni www.google.com.np www.google.com.om www.google.com.pa www.google.com.pe www.google.com.ph www.google.com.pk www.google.com.pr www.google.com.py www.google.com.qa www.google.com.sa www.google.com.sv www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vc www.google.com.vn www.google.cv www.google.cz www.google.de www.google.dk www.google.dm www.google.dz www.google.ee www.google.es www.google.fi www.google.fr www.google.ge www.google.gr www.google.gy www.google.hn www.google.hr www.google.ht www.google.hu www.google.ie www.google.im www.google.iq www.google.is www.google.it www.google.jo www.google.kz www.google.li www.google.lk www.google.lt www.google.lu www.google.md www.google.me www.google.mk www.google.mu www.google.mv www.google.nl www.google.no www.google.pl www.google.pt www.google.ro www.google.rs www.google.ru www.google.rw www.google.se www.google.sk www.google.sn www.google.tg www.google.tn www.google.tt *.google-analytics.com *.facebook.net *.redditstatic.com *.reddit.com *.yotpo.com *.flipp.com *.flippback.com *.bing.com *.clarity.ms *.crazyegg.com *.criteo.com *.disqus.com *.gorgias.chat *.unbxdapi.com *.flippenterprise.net *.fullstory.com *.healthyplanetcanada.com *.pangle-ads.com *.sezzle.com *.launchdarkly.com *.trustpilot.com www.google.co.in www.google.ca https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.healthyplanetcanada.com healthyplanetcanada.com *.healthyplanetusa.com healthyplanetusa.com *.healthyplanetkitchen.ca healthyplanetkitchen.ca instore.healthyplanetcanada.com *.gorgias.chat 'self' 'unsafe-inline' 'unsafe-eval'; base-uri *.riskified.com 'self' 'unsafe-inline'; report-uri  https://d7c800d6-f647-4457-b3f0-a1531d4ade8a.sansec.watch/; report-to report-endpoint; 1
font-src fonts.gstatic.com use.typekit.net *.fontawesome.com maxcdn.bootstrapcdn.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ *.multisafepay.com https://pay.google.com consentcdn.cookiebot.com metrics.azerty.nl www.googletagmanager.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net *.vimeocdn.com i.ytimg.com *.youtube.com https://images.unsplash.com *.multisafepay.com *.hsforms.net *.hsforms.com 'self' data: bat.bing.com www.facebook.com www.google.nl imgsct.cookiebot.com metrics.azerty.nl data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.magento-ds.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com https://maps.googleapis.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js *.avada.io *.multisafepay.com https://pay.google.com *.hsforms.net *.hsforms.com *.google.com *.gstatic.com app.aiden.cx consent.cookiebot.com sgtm.azerty.nl bat.bing.com d5yoctgpv4cpx.cloudfront.net consentcdn.cookiebot.com metrics.azerty.nl connect.facebook.net www.clarity.ms js-agent.newrelic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.fontawesome.com *.multisafepay.com maxcdn.bootstrapcdn.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com commerce.adobe.io *.sentry.io *.magento-datasolutions.com *.magento-ds.com https://maps.googleapis.com https://player.vimeo.com https://get.geojs.io *.avada.io *.multisafepay.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com p2iqhncxyh.execute-api.eu-central-1.amazonaws.com metrics.azerty.nl l.clarity.ms consentcdn.cookiebot.com bam.nr-data.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com bat.bing.com l.clarity.ms bam.nr-data.net www.google.com bat.bing.net pagead2.googlesyndication.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; frame-ancestors 'self'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js.cside.dev https://proxy.cside.dev https://proxy.csidetm.com https://proxy.cs.security https://analytics.twitter.com https://js.stripe.com https://unpkg.com https://*.intercom.io https://*.intercomcdn.com https://*.facebook.net https://cdn.jsdelivr.net https://code.jquery.com https://*.clarity.ms https://challenges.cloudflare.com https://www.googletagmanager.com https://ajax.cloudflare.com https://embed.lu.ma https://snap.licdn.com https://static.ads-twitter.com https://snid.snitcher.com https://cdn.vector.co/pixel.js https://www.google.com https://b.sf-syn.com https://static.cloudflareinsights.com https://google.com https://google.co.jp https://www.google.com.sg https://*.posthog.com https://js.hs-scripts.com https://js.hscollectedforms.net https://js.hsforms.net https://www.gstatic.com https://staging-cside-fingerprintjs.s3.us-west-1.amazonaws.com; style-src 'self' 'unsafe-inline' https://unpkg.com https://cdn.jsdelivr.net https://embed.lu.ma; worker-src 'self' blob:; img-src 'self' blob: data: https://content.cside.dev https://media.cside.dev https://media.client-side.dev https://px.ads.linkedin.com https://analytics.twitter.com https://px4.ads.linkedin.com https://*.clarity.ms https://t.co https://c.bing.com https://translate.google.com https://*.googleusercontent.com https://fonts.gstatic.com https://*.intercomcdn.com https://static.intercomassets.com https://b.sf-syn.com https://forms.hsforms.com https://www.google.com https://www.google.co.jp https://www.google.com.sg https://cside-blog.ghost.io https://track.hubspot.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://fonts.intercomcdn.com https://cdn.jsdelivr.net; frame-src 'self' https://js.stripe.com https://challenges.cloudflare.com https://www.youtube.com https://platform.twitter.com https://*.hubspot.com https://www.googletagmanager.com https://i.liadm.com https://td.doubleclick.net; connect-src 'self' https://*.cside.dev https://*.csidetm.com https://*.cs.security https://*.google-analytics.com https://*.intercom.io wss://*.intercom.io https://*.posthog.com https://*.clarity.ms https://*.liadm.com https://client-side-scripts.s3.us-west-1.amazonaws.com https://analytics.twitter.com https://api.stripe.com https://q.stripe.com https://unpkg.com https://cdn.jsdelivr.net https://cside.instatus.com https://px.ads.linkedin.com https://pro.ip-api.com https://api.vector.co https://www.google.com https://forms.hscollectedforms.net; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; report-to csp-endpoint; report-uri https://proxy.csidetm.com/csp 1
script-src *.hsadspixel.net *.hs-analytics.net js.hscta.net *.hubspot.com static.hsappstatic.net *.usemessages.com *.hs-banner.com *.hubspot.net *.hscollectedforms.net *.hsleadflows.net *.hsforms.net *.hsforms.com *.hs-scripts.com *.hubspotfeedback.com feedback.hubapi.com *.googletagmanager.com *.hotjar.com 'unsafe-inline' *.mouseflow.com; img-src js.hscta.net no-cache.hubspot.com *.hubspot.com *.hubspot.net *.hsforms.net *.hsforms.com *.google-analytics.com *.googletagmanager.com *.hotjar.com *.mouseflow.com; connect-src *.hubapi.com js.hscta.net *.hubspot.com *.hs-banner.com *.hsforms.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.mouseflow.com; frame-src *.hubspot.com play.hubspotvideo.com *.hubspot.net *.hsforms.net *.mouseflow.com; style-src cdn2.hubspot.net *.harmonicinc.com; child-src *.hsforms.com *.mouseflow.com; font-src *.hotjar.com *.hotjar.io *.mouseflow.com; 1
script-src 'nonce-wtnOHIsJXvVak5xKaXX5BpB2SQVnpfQI' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' 'self' https: http:; report-uri /.netlify/functions/__csp-violations 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.klarnacdn.net *.klevu.com *.ksearchnet.com https://www.gstatic.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.nosto.com *.nos.to 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.awin1.com *.zenaps.com *.fls.doubleclick.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.nosto.com *.nos.to *.klarna.com js.mollie.com https://www.google.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com *.awin1.com *.zenaps.com *.wepowerconnections.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.nosto.com *.nos.to *.klarna.com *.klarnaevt.com *.klarnacdn.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com https://www.mollie.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.awin1.com *.dwin1.com *.zenaps.com *.wepowerconnections.com https://the.sciencebehindecommerce.com lantern.roeyecdn.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.nosto.com *.nos.to *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.klevu.com *.ksearchnet.com widget.freshworks.com m2epro.freshdesk.com js.mollie.com https://www.google.com https://www.gstatic.com https://js.klevu.com https://www.dwin1.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com assets.braintreegateway.com *.nosto.com *.nos.to *.klarnacdn.net https://static.klaviyo.com *.klevu.com *.ksearchnet.com widget.freshworks.com m2epro.freshdesk.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.wepowerconnections.com https://the.sciencebehindecommerce.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.nosto.com *.nos.to *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com widget.freshworks.com m2epro.freshdesk.com 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://20a27546-5165-4716-8e1c-c91dee6f68ae.sansec.watch/; report-to report-endpoint; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.googleapis.com *.beautysuccess.fr fonts.googleapis.com googleapis.com https://cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; form-action *.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src bid.g.doubleclick.net player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com *.weltpixel.com *.hipay-tpp.com *.hipay.com libs.hipay.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.googleapis.com *.beautysuccess.fr maps.googleapis.com googleapis.com maps.gstatic.com *.openstreetmap.org api.maptiler.com magefan.com cm.magefan.com data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://www.googletagmanager.com tagmanager.google.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.googleapis.com *.gstatic.com *.hipay-tpp.com *.hipay.com mpsnare.iesnare.com *.paypal.com *.beautysuccess.fr *.googletagmanager.com maps.googleapis.com googleapis.com api.socloz.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com tagmanager.google.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.googleapis.com *.gstatic.com *.hipay.com *.beautysuccess.fr googleapis.com libs.hipay.com https://fonts.googleapis.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src data: mpsnare.iesnare.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com https://www.google-analytics.com *.hipay-tpp.com *.hipay.com wss://mpsnare.iesnare.com *.beautysuccess.fr api.maptiler.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-tf8tYf0Qk8MAnLvu1PZo1w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com *.googletagmanager.com *.google.com *.fontawesome.com https://fonts.bunny.net https://www.google.com https://www.gstatic.com *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.google.com *.googletagmanager.com *.googleapis.com *.facebook.com *.authorize.net *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.twitter.com 'self' 'unsafe-inline'; frame-ancestors *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.googletagmanager.com *.facebook.com *.authorize.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.twitter.com 'self' 'unsafe-inline'; img-src 'self' data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io www.apptrian.com *.google.com *.google.co.in https://firebasestorage.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.facebook.com https://meetanshi.com/media/logo.png www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.cloudflare.com *.klarna.com *.googleadservices.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.cloudfront.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com www.apptrian.com *.authorize.net *.braintreegateway.com *.paypal.com *.mouseflow.com localmenu.katzsdelicatessen.com *.addthis.com *.noibu.com *.avada.io *.shopify.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.googleapis.com *.gstatic.com *.googletagmanager.com *.facebook.net www.termsfeed.com *.fontawesome.com player.vimeo.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.googletagmanager.com *.google.com *.klaviyo.com *.fontawesome.com https://fonts.bunny.net https://static.klaviyo.com *.gstatic.com assets.braintreegateway.com *.cloudflare.com *.twitter.com *.twimg.com *.typekit.net *.trustedshops.com *.usercentrics.eu 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com www.apptrian.com  *.google-analytics.com *.googletagmanager.com *.googleapis.com *.doubleclick.net *.klaviyo.com *.report-uri.com *.noibu.com wss://*.noibu.com https://get.geojs.io *.avada.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://dpm.demdex.net https://www.google.com https://www.gstatic.com *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.cloudflare.com *.twitter.com *.twimg.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.report-uri.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://katzsdelicatessen.report-uri.com/r/d/csp/enforce; report-to report-endpoint; 1
font-src fonts.googleapis.com fonts.gstatic.com *.googleapis.com *.gstatic.com data: oct8necdneu.azureedge.net *.trustedshops.com *.cloudflare.com https://fonts.gstatic.com https://widgets.trustedshops.com *.yotpo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com sis-t.redsys.es:* sis.redsys.es sis-t.sermepa.es:* sis.sermepa.es * *.reskyt.com *.bing.com *.pinterest.com *.creativecdn.com *.tiktok.com *.t.co *.twitter.co *.doubleclick.net t.co *.twitter.com *.byspotify.com *.syndigo.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors https://www.salesmanago.pl https://api.clerk.io https://cdn.clerk.io *.googleapis.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.adyen.com *.vimeo.com *.oct8ne.com *.googletagmanager.com * *.cookiebot.com *.reskyt.com *.bing.com *.pinterest.com *.creativecdn.com *.tiktok.com *.t.co *.twitter.co *.doubleclick.net t.co *.twitter.com *.byspotify.com *.syndigo.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.adyen.com maps.googleapis.com maps.gstatic.com *.gstatic.com *.googleapis.com https://images.unsplash.com *.google.com *.google.es *.google.com.br *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net oct8necdneu.azureedge.net *.trustedshops.com *.bynder.com *.visualwebsiteoptimizer.com *.amazonaws.com *.atida.com *.dosfarma.com *.facebook.com *.zenaps.com *.awin1.com *.reskyt.com *.bing.com *.pinterest.com *.creativecdn.com *.tiktok.com *.t.co t.co *.twitter.co *.twitter.com *.cloudfront.net *.doubleclick.net *.byspotify.com *.cookiebot.com *.googlesyndication.com *.syndigo.com *.assets.efarma.com *.mifarma.co.uk openstreetmap.org www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://cdn.clerk.io *.ggpht https://widgets.trustedshops.com https://widgets-qa.trustedshops.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com polyfill.io maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.gstatic.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js *.google.com *.google.es *.google.com.br *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net *.cookiebot.com *.oct8ne.com *.trustedshops.com *.clerk.io *.cloudfront.net *.zdassets.com *.zendesk.com *.api.smooch.io *.visualwebsiteoptimizer.com *.connectif.cloud *.atida.com *.dosfarma.com *.newrelic.com *.nr-data.net *.dwin1.com *.pinimg.com *.ads-twitter.com *.tiktok.com *.kk-resources.com *.bing.com *.creativecdn.com *.facebook.net *.googlesyndication.com *.awin1.com *.zenaps.com *.facebook.com *.wepowerconnections.com *.sciencebehindecommerce.com *.reskyt.com *.pinterest.com *.t.co *.twitter.co *.doubleclick.net t.co *.twitter.com *.byspotify.com *.syndigo.com *.topsort.workers.dev js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com cdn.scalapay.com b2c-cdn.scalapay.com https://api.clerk.io https://cdn.clerk.io https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.trustedshops.com *.cloudflare.com *.googletagmanager.com *.reskyt.com *.bing.com *.pinterest.com *.creativecdn.com *.tiktok.com *.t.co *.twitter.co *.doubleclick.net t.co *.twitter.com *.byspotify.com *.syndigo.com unsafe-inline assets.braintreegateway.com https://api.clerk.io https://cdn.clerk.io https://fonts.googleapis.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.google.com *.google.es *.google.com.br *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net *.oct8ne.com *.google.com/pay *.api.smooch.io *.zdassets.com *.zendesk.com *.connectif.cloud *.atida.com *.dosfarma.com *.algolia.io *.cookiebot.com *.nr-data.net google.com *.googlesyndication.com *.awin1.com *.zenaps.com *.facebook.com *.wepowerconnections.com *.sciencebehindecommerce.com *.reskyt.com *.bing.com *.pinterest.com *.creativecdn.com *.tiktok.com *.t.co *.twitter.co *.doubleclick.net t.co *.twitter.com *.byspotify.com *.syndigo.com *.topsort.workers.dev api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
report-to *.usercentrics.eu; font-src https://www.googletagmanager.com *.googleapis.com *.gstatic.com maxcdn.bootstrapcdn.com https://geowidget.easypack24.net https://widgets.trustedshops.com *.fontawesome.com *.usercentrics.eu *.adobedtm.com *.adobe.com *.doubleclick.net *.ccdc02.com *.google-analytics.com *.googleadservices.com *.googlesyndication.com *.zdassets.com *.zendesk.com *.zopim.com *.google.com *.google.pl *.newrelic.com *.cardinalcommerce.com *.paypal.com *.ytimg.com *.vimeo.com *.vimeocdn.com *.youtube.com *.braintreegateway.com *.payu.com *.avada.io https://get.geojs.io *.cookiebot.eu wss://widget-mediator.zopim.com/ data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com *.usercentrics.eu *.adobedtm.com *.adobe.com *.doubleclick.net *.ccdc02.com *.google-analytics.com *.googleadservices.com *.googlesyndication.com *.zdassets.com *.zendesk.com *.zopim.com *.google.com *.google.pl *.newrelic.com *.ytimg.com *.vimeo.com *.vimeocdn.com *.youtube.com *.braintreegateway.com *.googleapis.com *.gstatic.com *.payu.com *.avada.io https://get.geojs.io wss://widget-mediator.zopim.com/ *.easypack24.net 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.payu.com merch-prod.snd.payu.com https://geowidget-app.inpost.pl/ https://sandbox-easy-geowidget.easypack24.net/ *.usercentrics.eu *.adobedtm.com *.doubleclick.net *.ccdc02.com *.google-analytics.com *.googleadservices.com *.googlesyndication.com *.googletagmanager.com *.zdassets.com *.zendesk.com *.zopim.com *.google.com *.google.pl *.newrelic.com *.ytimg.com *.vimeo.com *.vimeocdn.com *.braintreegateway.com *.googleapis.com *.gstatic.com *.avada.io https://get.geojs.io wss://widget-mediator.zopim.com/ *.cookiebot.eu *.easypack24.net 'self' 'unsafe-inline'; img-src *.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com https://images.unsplash.com *.googleapis.com static.payu.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org https://widgets.trustedshops.com https://widgets-qa.trustedshops.com *.usercentrics.eu *.doubleclick.net *.ccdc02.com *.google-analytics.com *.googleadservices.com *.googlesyndication.com *.googletagmanager.com *.zdassets.com *.zendesk.com *.zopim.com *.google.com *.google.pl *.newrelic.com *.cardinalcommerce.com *.ytimg.com *.vimeo.com *.braintreegateway.com *.payu.com *.avada.io https://get.geojs.io wss://widget-mediator.zopim.com/ wss://ws.hotjar.com *.hotjar.com *.hotjar.io connect.facebook.net *.cookiebot.eu data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com tagmanager.google.com https://www.googletagmanager.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js *.googleapis.com *.gstatic.com *.payu.com secure.snd.payu.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.avada.io *.usercentrics.eu *.doubleclick.net *.ccdc02.com *.google-analytics.com *.googleadservices.com *.googlesyndication.com *.googletagmanager.com *.zdassets.com *.zendesk.com *.zopim.com *.google.com *.google.pl *.newrelic.com *.cardinalcommerce.com *.ytimg.com *.braintreegateway.com https://get.geojs.io wss://widget-mediator.zopim.com/ wss://ws.hotjar.com *.hotjar.com *.hotjar.io cdn.jsdelivr.net *.trustedshops.com connect.facebook.net *.cookiebot.eu 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline https://www.googletagmanager.com tagmanager.google.com *.googleapis.com fonts.googleapis.com maxcdn.bootstrapcdn.com https://geowidget.easypack24.net https://geowidget.inpost.pl https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.fontawesome.com *.usercentrics.eu *.adobedtm.com *.doubleclick.net *.ccdc02.com *.google-analytics.com *.googleadservices.com *.zdassets.com *.zendesk.com *.zopim.com *.google.com *.google.pl *.newrelic.com *.cardinalcommerce.com *.paypal.com *.ytimg.com *.vimeo.com *.vimeocdn.com *.youtube.com *.braintreegateway.com *.gstatic.com *.payu.com *.avada.io https://get.geojs.io *.cookiebot.eu wss://widget-mediator.zopim.com/ *.easypack24.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://geowidget.easypack24.net *.adobedtm.com *.doubleclick.net *.ccdc02.com *.google-analytics.com *.googleadservices.com *.googlesyndication.com *.zdassets.com https://static.zdassets.com *.zendesk.com *.zopim.com *.google.com *.google.pl *.newrelic.com *.cardinalcommerce.com *.paypal.com *.ytimg.com *.vimeo.com *.vimeocdn.com *.youtube.com *.braintreegateway.com *.googleapis.com *.gstatic.com *.payu.com *.avada.io *.usercentrics.eu https://get.geojs.io wss://widget-mediator.zopim.com/ *.cookiebot.eu *.easypack24.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com https://www.google-analytics.com *.googleapis.com *.payu.com merch-prod.snd.payu.com *.easypack24.net *.inpost.pl *.openstreetmap.org *.trustedshops.com *.etrusted.com https://integrations.etrusted.site https://get.geojs.io *.avada.io *.usercentrics.eu *.adobedtm.com *.adobe.com *.doubleclick.net *.ccdc02.com *.google-analytics.com *.googleadservices.com *.googlesyndication.com *.zdassets.com *.zendesk.com *.zopim.com *.google.com *.google.pl *.newrelic.com bam.eu01.nr-data.net *.cardinalcommerce.com *.ytimg.com *.vimeocdn.com *.youtube.com *.braintreegateway.com *.gstatic.com wss://widget-mediator.zopim.com/ wss://ws.hotjar.com *.hotjar.com *.hotjar.io geoip.maxmind.com connect.facebook.net *.cookiebot.eu 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-Xw1CMLLSUuYRB40QONBaDQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src  'none'; connect-src 'self' *.puretaboo.com cognito-identity.us-east-1.amazonaws.com backend.getbeamer.com *.comm100.io *.algolia.net insights.algolia.io *.algolianet.com *.gammaapis.com *.gammacdn.com analytics.google.com *.google-analytics.com adservice.google.com *.analytics.google.com *.doubleclick.net *.pubnub.com *.lovense.com *.handyfeeling.com www.gammaentertainment.com *.tiypa.com *.recombee.us dasasoveekepl.cloudfront.net capture.trackjs.com ws: jlduihq7lrcdxgw4vrndhdfcsq.appsync-api.us-east-1.amazonaws.com tcs4u525zrg5hnnoe5kzndxuaq.appsync-api.us-east-1.amazonaws.com xtnzefcqrb.execute-api.us-east-1.amazonaws.com 2aed6ghjsb4436qtebuqk3gfzq0xeauy.lambda-url.us-east-1.on.aws lzzos7clo5.execute-api.us-east-1.amazonaws.com *.izooto.com www.idealgasm.com 3tt0xhv5u7.execute-api.us-east-1.amazonaws.com; form-action 'self' *.puretaboo.com join.gammasecure.com; script-src 'self' *.puretaboo.com app.getbeamer.com static.getbeamer.com blob: vue.comm100.com standby.comm100vue.com *.gammacdn.com www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com code.jquery.com d3a3ewgd1iewwz.cloudfront.net cdn.izooto.com 'unsafe-eval' 'unsafe-inline'; frame-src 'self' *.puretaboo.com push.getbeamer.com app.getbeamer.com www.google.com *.doubleclick.net cdn.izooto.com *.banhq.com; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub787d5a6164b329b26f2e4f7956bbed10&dd-evp-origin=content-security-policy&ddsource=csp-prod&ddtags=CSP-Prod; 1
default-src 'self' solutionreach.okta.com login.solutionreach.com *.oktacdn.com; connect-src 'self' solutionreach.okta.com solutionreach-admin.okta.com login.solutionreach.com *.oktacdn.com *.mixpanel.com *.mapbox.com solutionreach.kerberos.okta.com solutionreach.mtls.okta.com https://oinmanager.okta.com data:; script-src 'unsafe-inline' 'unsafe-eval' 'self' 'report-sample' solutionreach.okta.com login.solutionreach.com *.oktacdn.com; style-src 'unsafe-inline' 'self' 'report-sample' solutionreach.okta.com login.solutionreach.com *.oktacdn.com; frame-src 'self' solutionreach.okta.com solutionreach-admin.okta.com login.solutionreach.com login.okta.com; img-src 'self' solutionreach.okta.com login.solutionreach.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com data: blob:; font-src 'self' solutionreach.okta.com login.solutionreach.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self' 1
default-src 'self'; script-src 'self' https://cdnjs.cloudflare.com https://widget.weezevent.com https://www.googletagmanager.com https://www.google-analytics.com 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com data:; img-src 'self' data: https://secure.gravatar.com; connect-src 'self' https://www.google-analytics.com; frame-src 'self' https://new-liste-exposants.hubj2c.com https://www.google.com; 1
default-src 'self' https: data: wss: http: umbraco.tv packages.umbraco.org our.umbraco.org; block-all-mixed-content; form-action https:;script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.cloudflare.com static.cloudflareinsights.com umbraco.tv packages.umbraco.org our.umbraco.org code.jquery.com fonts.googleapis.com use.typekit.net unpkg.com cdn.jsdelivr.net ajax.aspnetcdn.com kit.fontawesome.com www.googletagmanager.com www.recaptcha.net www.google.com www.google-analytics.com www.gstatic.com js.authorize.net jstest.authorize.net;font-src 'self' https: data: fonts.gstatic.com use.typekit.net kit-pro.fontawesome.com;img-src 'self' https: data: umbraco.tv packages.umbraco.org our.umbraco.org p.typekit.net www.goole-analytics.com www.gstatic.com www.googletagmanager.com;media-src https: data: umbraco.tv packages.umbraco.org our.umbraco.org p.typekit.net;style-src 'self' 'unsafe-inline' https: data: use.typekit.net p.typekit.net fonts.googleapis.com kit-pro.fontawesome.com unpkg.com cdn.jsdelivr.net; 1
default-src 'self'; base-uri 'self'; script-src 'self' 'unsafe-eval' https: http: 'nonce-2e174bf2-d3b9-4ae1-b821-c93c84667dc1' 'strict-dynamic'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.googletagmanager.com try.abtasty.com *.abtasty.com https://*.new-immo-group.app https://*.new-immo-group.dev https://*.safeti-immobilien.de https://*.safti.es https://*.safti.fr https://*.safti.fr; connect-src 'self' http://demo.safti.local:12081 https://googleads.g.doubleclick.net https://*.abtasty.com https://*.clarity.ms https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://*.new-immo-group.app https://*.new-immo-group.dev https://*.safeti-immobilien.de https://*.safti.es https://*.safti.fr https://*.safti.fr https://abtasty.com http://dcinfos-cache.abtasty.com https://api.privacy-center.org https://ariane.abtasty.com/ https://bo.safeti-immobilien.de/api https://bo.safti.es https://bo.safti.es/api/highlightblock https://bo.safti.es/api/saftiblock https://bo.safti.fr https://bo.safti.fr/api/highlightblock https://bo.safti.fr/api/saftiblock https://clarity.ms https://dcinfos-cache.abtasty.com https://google-analytics.com https://google.com https://googletagmanager.com https://maps.googleapis.com https://new-immo-group.app https://new-immo-group.dev https://safeti-immobilien.de https://safti.es https://safti.fr https://stats.g.doubleclick.net; font-src 'self' *.abtasty.com https://abtasty.com https://fonts.gstatic.com https://*.new-immo-group.app https://*.new-immo-group.dev https://*.safeti-immobilien.de https://*.safti.es https://*.safti.fr https://*.safti.fr; img-src 'self' data: *.new-immo-group.app *.new-immo-group.dev http://demo.safti.local:9873 https://*.clarity.ms https://*.leadsmonitor.io https://*.safeti-immobilien.de https://*.safti.es https://*.safti.fr https://*.safti.fr https://c.bing.com https://clarity.ms https://leadsmonitor.io https://maps.googleapis.com https://maps.gstatic.com https://nig-aws-preprod-bien-photo.s3.eu-west-3.amazonaws.com https://nig-aws-prod-bien-photo.s3.eu-west-3.amazonaws.com https://photo.safeti-immobilien.de https://purecatamphetamine.github.io https://safeti-immobilien.de https://safti.es https://safti.fr https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.google.de https://www.google.es https://www.google.fr https://www.googletagmanager.com https://sdk.privacy-center.org https://*.new-immo-group.dev; worker-src 'self' blob:; frame-src 'self' https://*.alainbossard.fr https://*.bien-estimer-safti.fr https://*.cloudpano.com https://*.dailymotion.com https://*.facebook.com https://*.floorfy.com https://*.google.com https://*.istaging.com https://*.klapty.com https://*.matterport.com https://*.nodalview.com https://*.previsite.com https://*.previsite.net https://*.provirtualvisit.com https://*.rhinov.pro https://*.ricohtours.com https://*.youtu.be https://*.youtube.com https://alainbossard.fr https://bien-estimer-preprod.new-immo-group.app/ https://bien-estimer-safti.fr https://cloudpano.com https://dailymotion.com https://facebook.com https://floorfy.com https://google.com https://istaging.com https://klapty.com https://login.microsoftonline.com/ https://matterport.com https://nodalview.com https://oauth2-proxy.new-immo-group.app/ https://*.new-immo-group.dev https://*.new-immo-group.app https://omega-de.new-immo-group.dev https://omega-es.new-immo-group.dev https://omega-fr.new-immo-group.dev https://omega-preprod-safti-de.new-immo-group.app https://omega-pt.new-immo-group.dev https://omega.safti.de https://omega.safti.es https://omega.safti.fr https://omega.safti.pt https://player.vimeo.com https://previsite.com https://previsite.net https://provirtualvisit.com https://rhinov.pro https://ricohtours.com https://td.doubleclick.net https://tour.giraffe360.com https://youtu.be https://youtube.com https://qa-assistant.abtasty.com/ https://play.danim.com/ http://localhost:*; frame-ancestors 'self' http://*.safti-fr.localhost http://safti-fr.localhost https://*.safeti-immobilien.de https://*.safti.es https://*.safti.fr https://*.safti.fr https://omega-de.new-immo-group.dev https://omega-es.new-immo-group.dev https://omega-fr.new-immo-group.dev https://omega-pt.new-immo-group.dev https://omega.safti.de https://omega.safti.es https://omega.safti.fr https://omega.safti.pt https://safeti-immobilien.de https://safti.es https://safti.fr; media-src 'self' https://*.safti.es https://*.safti.fr https://*.safti.fr https://*.safeti-immobilien.de https://safti.es https://safti.fr https://safeti-immobilien.de; object-src 'self' https://*.safti.es https://*.safti.fr https://*.safti.fr https://*.safeti-immobilien.de https://safti.es https://safti.fr https://safeti-immobilien.de; manifest-src 'self' *.new-immo-group.app https://*.safeti-immobilien.de/ https://*.safti.es https://*.safti.fr https://*.safti.fr https://safeti-immobilien.de https://safti.es https://safti.fr 1
frame-src https://www.facebook.com https://go.nexon.com.au *.google.com; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com data: *.fontawesome.com https://cdn.livechatinc.com https://secure.livechatinc.com https://fonts.google.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com https://www.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com www.google.com https://www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://secure.livechatinc.com https://widget.trustpilot.com https://consentcdn.cookiebot.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * https://app-wallee.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.feedoptimise.com cdn.feedoptimise.com *.amazonaws.com maps.gstatic.com https://cdn.livechatinc.com https://secure.livechatinc.com https://cdn.livechat-static.com https://cdn.livechat-files.com/ https://bat.bing.com https://www.google.co.uk https://s.ytimg.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://app-wallee.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ widget.freshworks.com m2epro.freshdesk.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.feedoptimise.com cdn.feedoptimise.com maps.googleapis.com https://api.livechatinc.com https://cdn.livechatinc.com https://secure.livechatinc.com https://cdn.livechat-static.com https://widget.trustpilot.com https://bat.bing.com https://script.thisisbeacon.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://cdnjs.cloudflare.com https://js-agent.newrelic.com https://bam.nr-data.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://app-wallee.com https://gmtech.mfgroup.ch https://assets.secure.checkout.visa.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com widget.freshworks.com m2epro.freshdesk.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com https://app-wallee.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://cdn.livechatinc.com https://secure.livechatinc.com https://cdn.livechat-static.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.googleapis.com widget.freshworks.com m2epro.freshdesk.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com ws.postcoder.com https://api.livechatinc.com https://cdn.livechatinc.com https://secure.livechatinc.com https://youtube.com https://google.com https://fonts.google.com https://v5api.thisisbeacon.com https://consentcdn.cookiebot.com https://bam.nr-data.net *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com https://app-wallee.com https://assets.secure.checkout.visa.com 'self' 'unsafe-inline'; child-src https://api.livechatinc.com https://cdn.livechatinc.com https://secure.livechatinc.com https://youtube.com https://google.com https://fonts.google.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src https://cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * test.saferpay.com www.saferpay.com saferpay.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * test.saferpay.com www.saferpay.com saferpay.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://www.google.fr https://api.mapbox.com *.tile.openstreetmap.org https://maps.googleapis.com https://maps.gstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com test.saferpay.com www.saferpay.com saferpay.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://cdnjs.cloudflare.com https://maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com test.saferpay.com www.saferpay.com saferpay.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://fonts.googleapis.com https://cdnjs.cloudflare.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://nominatim.openstreetmap.org api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com test.saferpay.com www.saferpay.com saferpay.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src test.saferpay.com www.saferpay.com saferpay.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.hsadspixel.net https://js.hs-banner.com https://*.hs-analytics.net https://js.hscta.net https://*.hubspot.com https://static.hsappstatic.net https://*.usemessages.com https://*.hubspot.net https://*.hscollectedforms.net https://*.hsleadflows.net https://*.hsforms.net https://*.hsforms.com https://*.hs-scripts.com https://*.hubspotfeedback.com https://feedback.hubapi.com https://website-assets.atlan.com https://www.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com https://www.googleoptimize.com https://*.googletagmanager.com https://*.google-analytics.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://cdn.jsdelivr.net https://ajax.googleapis.com https://unpkg.com https://embedsocial.com https://platform.twitter.com http://*.ads-twitter.com https://cdn.syndication.twimg.com https://static.ads-twitter.com https://*.clarity.ms https://bat.bing.com https://ipgeolocation.abstractapi.com https://platform.linkedin.com https://snap.licdn.com https://*.quora.com https://*.zi-scripts.com https://*.zoominfo.com https://player.vimeo.com https://f.vimeocdn.com https://*.vimeocdn.com https://*.salesloft.com https://*.demandbase.com https://*.company-target.com https://cdn.dreamdata.cloud https://www.redditstatic.com https://cdn.seersco.com https://*.sibforms.com https://*.ashbyhq.com https://plausible.io https://*.plausible.io https://connect.facebook.net https://*.facebook.com https://www.youtube.com https://s.ytimg.com https://js.blazeverify.com https://js.emailable.com/v1 https://www.gartner.com https://gartner.com *.crazyegg.com https://builder.io https://*.calendly.com https://cdnjs.cloudflare.com https://cloudflare.com https://static.cloudflareinsights.com https://cdn.rollbar.com https://*.rollbar.com https://*.chatbase.co https://*.emailable.com https://cdn-cookieyes.com https://*.cookieyes.com https://d2wy8f7a9ursnm.cloudfront.net https://*.default.com https://*.lindy.ai https://*.g2.com;object-src 'none';frame-ancestors 'self';worker-src blob:;report-uri https://o4507661801488384.ingest.sentry.io/api/4507683673866240/security/?sentry_key=b5327dda5a6527e6c04e9aa0de05fe22; report-to csp-endpoint 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.weltpixel.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * landofcoder.com *.googletagmanager.com *.doubleclick.net 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.googleapis.com magefan.com cm.magefan.com *.disqus.com https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.facebook.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.com *.klaviyo.com *.clarity.ms *.googletagmanager.com *.doubleclick.net *.google.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.googleapis.com *.gstatic.com *.disqus.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com landofcoder.com *.googletagmanager.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.clarity.ms *.klaviyo.com unpkg.com *.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com assets.braintreegateway.com *.tagmanager.google.com *.googletagmanager.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com landofcoder.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.klaviyo.com *.clarity.ms *.doubleclick.net *.run.app 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' https:; font-src 'self' https: data:; img-src 'self' https: data: www.googletagmanager.com www.google-analytics.com *.contentsquare.net; object-src 'none'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob: www.googletagmanager.com www.google-analytics.com www.googleadservices.com d1stxfv94hrhia.cloudfront.net commondatastorage.googleapis.com d2wy8f7a9ursnm.cloudfront.net cdn.ckeditor.com t.contentsquare.net contentsquare.com secure.livechatinc.com; style-src 'self' https: 'unsafe-inline'; child-src blob: https://accounts.google.com https://www.google.com https://storage.googleapis.com https://www.googletagmanager.com/ https://www.paypalobjects.com https://*.paypal.com https://www.sandbox.paypal.com https://*.doubleclick.net https://www.facebook.com https://connect.facebook.com https://facebook.com https://service.force.com https://finditparts.my.site.com https://finditparts.my.salesforce.com https://secure.livechatinc.com https://app.dover.com/ https://app.dover.io/; worker-src blob:; frame-ancestors 'self' https://buttercms.com https://app.fullbay.com; connect-src 'self' https: http://localhost:3035 ws://localhost:3035 ws://localhost:3001/cable wss://www-build.finditparts.com/cable wss://www.finditparts.com/cable apis.google.com maps.googleapis.com cdn.jsdelivr.net code.jquery.com www.google-analytics.com *.attn.tv *.contentsquare.net *.webeyez.com firehose.eu-west-1.amazonaws.com cognito-identity.eu-west-1.amazonaws.com secure.livechatinc.com 1
base-uri *.google.com *.gstatic.com 'self' 'unsafe-inline'; default-src *.google.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; media-src *.google.com *.gstatic.com *.storyblok.com *.zdassets.com *.doofinder.com 'self' 'unsafe-inline'; manifest-src *.google.com *.gstatic.com 'self' 'unsafe-inline'; child-src *.google.com *.gstatic.com http: https: blob: 'self' 'unsafe-inline'; object-src *.google.com *.gstatic.com 'self' 'unsafe-inline'; style-src *.google.com *.gstatic.com *.doofinder.com *.photoslurp.com *.nosto.com *.klaviyo.com *.typekit.net *.storyblok.com 'self' 'unsafe-inline'; img-src *.google.com *.gstatic.com https://alehop.smartie.io widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.adyen.com cdn.doofinder.com https://images.unsplash.com *.oct8ne.com *.facebook.com *.google.es widgets.trustedshops.com *.twitter.com t.co *.azureedge.net *.pinterest.com *.doofinder.com *.bing.com *.storyblok.com data: 'self' 'unsafe-inline'; form-action *.google.com *.gstatic.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com 'self' 'unsafe-inline'; font-src *.google.com *.oct8ne.com fonts.gstatic.com *.azureedge.net *.doofinder.com *.typekit.net *.googleapis.com data: 'self' 'unsafe-inline'; frame-ancestors *.google.com *.gstatic.com *.storyblok.com 'self'; frame-src td.doubleclick.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.adyen.com *.oct8ne.com *.hotjar.com *.pinterest.com *.doofinder.com *.empathybroker.com *.empathy.co *.criteo.com 'self' 'unsafe-inline'; connect-src *.google.com *.googlesyndication.com analytics.tiktok.com *.analytics.google.com *.gstatic.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.doofinder.com wss://*.doofinder.com *.oct8ne.com *.zendesk.com *.zopim.com *.doubleclick.net *.hotjar.com *.hotjar.io *.clarity.ms *.smartsuppcdn.com *.googleapis.com *.google-analytics.com *.google.es *.connectif.cloud *.klaviyo.com *.photoslurp.com *.zdassets.com *.pinterest.com *.nosto.com *.empathybroker.com *.empathy.co 'self' 'unsafe-inline'; script-src https://analytics.tiktok.com *.google.com *.gstatic.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com cdn.doofinder.com *.oct8ne.com www.googletagmanager.com *.googleoptimize.com widgets.trustedshops.com static-eu.oct8ne.com static.zdassets.com *.facebook.net *.tradedoubler.com *.doubleclick.net *.hotjar.com *.ads-twitter.com smct.co *.bsmartdata.com *.retargeted.co *.bing.com *.clarity.ms *.smartsuppcdn.com *.smartsuppchat.com *.smartsupp.com *.connectif.cloud *.klaviyo.com *.photoslurp.com *.pinimg.com *.nosto.com *.doofinder.com *.empathybroker.com *.unpkg.com *.storyblok.com 'self' 'unsafe-inline' 'unsafe-eval'; 1
default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src https://* 'self' epichttp:;script-src 'nonce-95289971873e4609aef6ef25ac972795' https://EPCMYCPRD009 'self';img-src https://* 'self' blob: data:;style-src https://EPCMYCPRD009 'self' 'unsafe-inline';worker-src 'self' blob:;child-src 'self' blob:;form-action 'self';media-src https://* 'self' blob:; 1
default-src 'self' data: blob: *.armstrong.com *.armstrongceilings.com armstrongceilings.my.salesforce-sites.com d2qrdklrsxowl2.cloudfront.net fonts.gstatic.com www.google-analytics.com;style-src 'self' 'unsafe-inline' fast.fonts.net d2qrdklrsxowl2.cloudfront.net *.s3.amazonaws.com fonts.googleapis.com display.ugc.bazaarvoice.com;form-action 'self' *.armstrong.com  *.armstrongceilings.com armstrongceilings.tfaforms.net *.salesforceliveagent.com armstrongceilings.my.site.com; frame-ancestors 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.armstrong.com *.armstrongceilings.com www.gstatic.com js-na1.hs-scripts.com js.hs-banner.com js.hsforms.net *.bazaarvoice.com cdn-cookieyes.com *.outbrain.com *.salesforceliveagent.com *.ugc.bazaarvoice.com assets.adobedtm.com connect.facebook.net d2qrdklrsxowl2.cloudfront.net googleads.g.doubleclick.net lib-us-3.brilliantcollector.com players.brightcove.net siteintercept.qualtrics.com snap.licdn.com  vjs.zencdn.net www.googleadservices.com www.googletagmanager.com znbmda84ti8npbglj-armstrong.siteintercept.qualtrics.com *.google.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com *.mountain.com 100.20.58.101 18.210.229.244 3.212.39.155 34.215.155.61 35.160.46.251 35.85.84.151 44.212.189.233 44.228.85.26 44.238.122.172 52.22.50.55 52.71.121.170 54.156.2.105100.20.58.101 18.210.229.244 3.212.39.155 34.215.155.61 35.160.46.251 35.85.84.151 44.212.189.233 44.228.85.26 44.238.122.172 52.22.50.55 52.71.121.170 54.156.2.105 *.clearbitscripts.com;frame-src 'self' armstrongceilings.tfaforms.net bid.g.doubleclick.net d2qrdklrsxowl2.cloudfront.net armstrong.demdex.net www.google.com;img-src 'self' data: *.armstrong.com *.armstrongceilings.com *.bazaarvoice.com *.brightcove.com *.outbrain.com *.qualtrics.com armstrongceilings.my.salesforce-sites.com cf-images.us-east-1.prod.boltdns.net cm.everesttech.net data.coremetrics.com dpm.demdex.net p.adsymptotic.com px.ads.linkedin.com s7d2.scene7.com www.google-analytics.com www.google.com www.googletagmanager.com track.hubspot.com www.facebook.com;connect-src 'self' *.akamaihd.net *.armstrong.com *.armstrongceilings.com cdn-cookieyes.com *.cookieyes.com forms.hsforms.com *.brightcove.com *.qualtrics.com *.hapyak.com cdn.linkedin.oribi.io armstrong.tt.omtrdc.net brightcove.hs.llnwd.net dpm.demdex.net edge.api.brightcove.com lib-us-3.brilliantcollector.com manifest.prod.boltdns.net stats.g.doubleclick.net *.google-analytics.com 100.20.58.101 18.210.229.244 3.212.39.155 34.215.155.61 35.160.46.251 35.85.84.151 44.212.189.233 44.228.85.26 44.238.122.172 52.22.50.55 52.71.121.170 54.156.2.105 *.clearbitscripts.com 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com data: *.fontawesome.com *.oct8ne.com oct8necdneu.azureedge.net blob: *.yotpo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.adyen.com pay.google.com payments-eu.amazon.com *.amazon.de https://plumrocket.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.certcapture.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.adyen.com pay.google.com *.certcapture.com www.xtento.com https://plumrocket.com *.oct8ne.com c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com * static-eu.oct8ne.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.adyen.com pay.google.com *.payments-amazon.com *.media-amazon.com *.paypalobjects.com *.googleapis.com *.certcapture.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.xtento.com cdn.xtento.com blob: *.oct8ne.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com static-eu.oct8ne.com oct8necdneu.azureedge.net https://a.tile.openstreetmap.org https://b.tile.openstreetmap.org https://c.tile.openstreetmap.org *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com beacon-qa.magento-datasolutions.com beacon-stage.magento-ds.com beacon.magento-ds.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net *.commerce-payment-services.com *.magento-ds.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.magento-datasolutions.com *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.googleapis.com *.gstatic.com *.certcapture.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://klaviyo.com https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.xtento.com cdn.xtento.com *.oct8ne.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com *.googletagmanager.com https://*.klaviyo.com static-eu.oct8ne.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.certcapture.com https://static.klaviyo.com *.fontawesome.com *.typekit.net assets.braintreegateway.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://www.youtube.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.snplow.net commerce.adobedc.net p13n-mr.adobe.io www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net *.sentry.io www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.paypal.com google.com *.google.com *.adobedc.net *.demdex.net *.magento-datasolutions.com *.magento-ds.com *.adyen.com payments-eu.amazon.com *.googleapis.com *.certcapture.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://klaviyo.com https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ ws: https://geoip-js.com *.oct8ne.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com https://*.klaviyo.com static-eu.oct8ne.com *.yotpo.com 'self' 'unsafe-inline'; child-src *.certcapture.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.googleapis.com *.gstatic.com data: code.ionicframework.com maxcdn.bootstrapcdn.com media.flixfacts.com media.flixcar.com *.fontawesome.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com media.flixcar.com *.zdassets.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.gstatic.com *.googleapis.com media.flixcar.com *.flix360.com *.flix360.io 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ static.hotjar.com cdnjs.cloudflare.com js-agent.newrelic.com bam-cell.nr-data.net www.google.com www.gstatic.com media.flixcar.com media.flixfacts.com *.zendesk.com *.zdassets.com *.outbrain.com *.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com code.ionicframework.com *.freshchat.com maxcdn.bootstrapcdn.com media.flixcar.com *.fontawesome.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io *.googleapis.com bam-cell.nr-data.net *.google-analytics.com media.flixcar.com *.zendesk.com *.zdassets.com *.outbrain.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/sre_google 1
upgrade-insecure-requests;block-all-mixed-content;default-src https:;script-src * 'self' https: 'unsafe-eval' 'unsafe-inline';style-src * 'self' https: 'unsafe-inline';connect-src * https: https://*.paynearme.com;manifest-src 'self';font-src * 'self' https:;form-action 'self' https://www.facebook.com https://accounts.google.com https://twitter.com https://login.microsoftonline.com;img-src * 'self' https: data:;media-src *;object-src 'none';frame-ancestors *;frame-src * https://*.paynearme.com;worker-src 'self';base-uri 'self';report-uri /csp-report 1
default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src https://* 'self' epichttp:;script-src 'nonce-a97009fb69924d8a8a63c1e1ebd3548b' https://www.mysanfordchart.org 'self' checkin.sanfordhealth.org;img-src https://* 'self' blob: data:;style-src https://www.mysanfordchart.org 'self' 'unsafe-inline' fonts.googleapis.com;worker-src 'self' blob:;child-src 'self' blob:;font-src 'self' fonts.googleapis.com fonts.gstatic.com;form-action https://central.mychart.org/MyChart/ 'self';media-src https://* 'self' blob:;report-uri https://csp-reporting.sanfordhealth.org/; 1
font-src fonts.gstatic.com use.typekit.net *.klevu.com *.ksearchnet.com https://www.gstatic.com https://fonts.gstatic.com maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com *.gstatic.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cybersource.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.cybersource.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.weltpixel.com *.googletagmanager.com *.doubleclick.net *.yotpo.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com p.typekit.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.bird.eu https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com https://img.youtube.com store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com *.facebook.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com *.yotpo.com dhv2ziothpgrr.cloudfront.net https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com https://fmgaggi.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.klevu.com *.ksearchnet.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com s7.addthis.com *.cardinalcommerce.com h.online-metrix.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googletagmanager.com *.googleadservices.com *.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.clarity.ms *.klaviyo.com unpkg.com *.doubleclick.net *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net https://cdn-scripts.signifyd.com https://imgs.signifyd.com https://h64.online-metrix.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com https://static.klaviyo.com *.klevu.com *.ksearchnet.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com *.tagmanager.google.com *.googletagmanager.com *.yotpo.com *.googleapis.com dhv2ziothpgrr.cloudfront.net https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com *.adobe.io performance.typekit.net commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com *.sentry.io https://fmgaggi.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com ekr.zdassets.com/ *.cardinalcommerce.com h.online-metrix.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.google.com google.com *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.doubleclick.net *.run.app *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'nonce-NolyfQ31IyDZ4g1m0MrYnQ' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' code.jquery.com cdn.appdynamics.com col.eum-appdynamics.com fonts.gstatic.com ajax.googleapis.com www.googleapis.com fonts.googleapis.com use.fontawesome.com www.w3schools.com home.textkernel.nl staging.textkernel.nl www.dropbox.com apis.google.com www.google.com html5shim.googlecode.com media.readspeaker.com s7.addthis.com d2sl310zdnr3q6.cloudfront.net www.google-analytics.com https://apps.knollenstein.com https://appsdev.knollenstein.com font.visma.com *.easycruit.com m.addthis.com api-public.addthis.com flowanalytic.site networkanalytics.xyz knowledge-and-support-center.visma.net m.addthisedge.com apply.indeed.com content.googleapis.com commondatastorage.googleapis.com themes.googleusercontent.com www.googletagmanager.com fast.fonts.net db.onlinewebfonts.com hello.myfonts.net cdnjs.cloudflare.com d1fc8wv8zag5ca.cloudfront.net connect.facebook.net emea3.recruitmentplatform.com tag.goldenbees.fr s.ytimg.com www.findizer.fr webfonts.zohostatic.com platform.linkedin.com zgao.nl cdn.ontame.io *.ziggeo.com *.amazonaws.com api-eu-west-1.ziggeo.com embed-cdn-eu-west-1.ziggeo.com embed-eu-west-1.ziggeo.com assets.ziggeo.com hc-cdn.visma.net cdn.wootric.com production.wootric.com eligibility.wootric.com *.onetrust.com cdn.cookielaw.org https://storage.googleapis.com/snowplow-cto-office-tracker-bucket/3.1.1/sp.js https://snowplow.visma.com/com.snowplowanalytics.snowplow/tp2 *.sharethis.com www.gstatic.com easycruit.com; img-src 'self' data: * 'unsafe-inline' 'unsafe-eval'; report-uri https://easycruit.com/api/logging/v1/csp-report 1
default-src 'none'; connect-src 'self' https: policy.app.cookieinformation.com; font-src https:; frame-src https:; img-src 'self' data: https:; manifest-src 'self' https:; media-src 'self' https:; script-src 'unsafe-inline' https: maps.google.com; style-src 'unsafe-inline' https:; worker-src https:; base-uri https:; form-action https:; frame-ancestors 'self' https:; report-uri https://ing.dk/log-report-uri/reportOnly 1
object-src 'none';base-uri 'self';script-src 'nonce-9fXnkljM74S9OWuZ4XFHlQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
style-src-elem 'unsafe-inline' sportofino.com *.sportofino.com *.snrcdn.net geowidget.easypack24.net fonts.googleapis.com cdn.luigisbox.com; script-src-elem *.snrcdn.net *.etrusted.com https://widgets.trustedshops.com *.livechatinc.com geowidget.inpost.pl widget.packeta.com static.paynow.pl maps.googleapis.com www.googletagmanager.com js.braintreegateway.com ssl.ceneo.pl www.glami.cz www.ladenzeile.de x.klarnacdn.net c.paypal.com pay.google.com static.cloudflareinsights.com 'self' 'unsafe-inline' sportofino.com *.sportofino.com scripts.luigisbox.com cdn.luigisbox.com consent.cookiebot.com s.pinimg.com ct.pinterest.com consentcdn.cookiebot.com bat.bing.com a.mgid.com connect.facebook.net cdn.tmtarget.com glamipixel.com tags.creativecdn.com library.startquestion.com pixel.wp.pl googleads.g.doubleclick.net dss.hybrid.ai web.snrbox.com st.hybrid.ai emd.hybrid.ai im9.cz googleadservices.com expandeco.daktela.com www.googleadservices.com; font-src *.klarnacdn.net *.fontawesome.com https://cdnjs.cloudflare.com fonts.gstatic.com geowidget.easypack24.net https://widgets.trustedshops.com cdn.thulium.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * sandbox.przelewy24.pl secure.przelewy24.pl 'self' 'self' 'unsafe-inline'; frame-ancestors pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.klarna.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * apm.przelewy24.pl secure.payu.com merch-prod.snd.payu.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.bird.eu *.klarna.com *.klarnaevt.com *.klarnacdn.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com static.przelewy24.pl www.gstatic.com gstatic.com static.payu.com sportofino.com *.sportofino.com *.gstatic.com *.googleapis.com *.ggpht.com *.paynow.pl www.glami.cz static.paynow.pl https://widgets.trustedshops.com https://widgets-qa.trustedshops.com bat.bing.com pixel.wp.pl www.glami.pl www.facebook.com a.mgid.com dot.wp.pl stileo.it www.glami.ro sync.teads.tv www.google.pl sync.taboola.com ih.adscale.de eb2.3lift.com sync.outbrain.com ssp-csync.smartadserver.com ads.stickyadstv.com ads.yieldmo.com us-u.openx.net ad.doubleclick.net imgsct.cookiebot.com dss.hybrid.ai bat.bing.net ams.creativecdn.com cm.mgid.com www.fashiola.de www.fashiola.fr rt.udmserve.net www.heureka.cz ib.adnxs.com dsum-sec.casalemedia.com c1.adform.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://cdnjs.cloudflare.com sandbox.przelewy24.pl secure.przelewy24.pl apm.przelewy24.pl secure.payu.com secure.snd.payu.com 'self' 'unsafe-inline' sportofino.com *.sportofino.com library.startquestion.com bat.bing.com px.leadexpert.pl scripts.luigisbox.com tags.creativecdn.com cdn.luigisbox.com js-agent.newrelic.com bam.eu01.nr-data.net widgets.trustedshops.com www.snrcdn.net gstatic.com tck.snrbox.com proxy.snrbox.com connect.facebook.net creativecdn.com cdn.livechatinc.com *.inpost.pl https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com reco.sportofino.com dss.hybrid.ai a.mgid.com consentcdn.cookiebot.com widget.packeta.com googleadservices.com expandeco.daktela.com glamipixel.com pixel.wp.pl consent.cookiebot.com cdn.tmtarget.com cdn.thulium.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.klarnacdn.net *.fontawesome.com unsafe-inline assets.braintreegateway.com https://fonts.googleapis.com https://cdnjs.cloudflare.com fonts.googleapis.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com reco.sportofino.com geowidget.easypack24.net cdn.luigisbox.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com player.vimeo.com akamaized.net download-video.akamaized.net cdnstrapi.sportofino.com cdn.thulium.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com sandbox.przelewy24.pl secure.przelewy24.pl wss://sandbox-ws.przelewy24.pl wss://secure-ws.przelewy24.pl apple-pay-gateway.apple.com apm.przelewy24.pl www.google.com pay.google.com secure.payu.com merch-prod.snd.payu.com *.snrbox.com maps.googleapis.com widget.packeta.com reco.sportofino.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site api.luigisbox.com pagead2.googlesyndication.com live.luigisbox.com region1.google-analytics.com ct.pinterest.com consentcdn.cookiebot.com app.startquestion.com googleads.g.doubleclick.net pixel.wp.pl ams.creativecdn.com bat.bing.com bat.bing.net www.facebook.com www.google.pl stats.g.doubleclick.net expandeco.daktela.com cdn.thulium.com fcmregistrations.googleapis.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://sportofino.com/csp_reports; report-to report-endpoint; 1
default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src https://* 'self' epichttp:;script-src 'nonce-5765e7f4b39a46fd91f2570acfbc33d8' https://mykelseyonline.com 'self' https://play.vidyard.com/;img-src https://* 'self' blob: data:;style-src https://mykelseyonline.com 'self' 'unsafe-inline';worker-src 'self' blob:;child-src 'self' blob:;form-action https://central.mychart.org/MyChart/ 'self';media-src https://* 'self' blob:;report-uri /MkoApi/api/CspReport; 1
frame-ancestors 'self'; report-uri https://www.weeklytimesnow.com.au/csp-reports 1
object-src 'none';base-uri 'self';script-src 'nonce-CFvN_TnKe7EPVAI8-CxwoA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' data:; frame-ancestors *.weirdfish.co.uk *.adyen.com *.amazon.com *.paypal.com *.google.com *.exponea.com *.monetate.net; connect-src * data:; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline' data:; 1
default-src 'self' *.cumulusmedia.com 'report-sample'; base-uri 'self'; script-src 'strict-dynamic' 'self' 'inline-speculation-rules' *.cumulusmedia.com 'sha256-MhtPZXr7+LpJUY5qtMutB+qWfQtMaPccfe7QXtCcEYc=' *.googletagmanager.com 'sha256-GyUsdBtdHKlqtQSzGDSvNCHPdK8s1GO2S2y9jj4oYog=' *.google-analytics.com stats.wp.com 'sha256-+zMjo4vywISTRiN+RDp+W665czd5i8MOxiovBqr69F0=' 'sha256-X7SYke/fTbXP5LTn1g56zfcWCiSzQpGhzSLHvvNm0jo=' form.jotform.com cdn.jotfor.ms *.cookielaw.org 'sha256-iqOPaRlwwgtNy7J3vh/+LSW9/QVdN+Fl+YfMS8+GcPo=' *.onetrust.com connect.facebook.net s3.tradingview.com https://www.google.com/recaptcha/ https://challenges.cloudflare.com/turnstile/ 'sha256-riitXBKGtl5y5ccA7GF6ccqJuwEVP5tm8j0ff/fbw9U=' 'sha256-k8zlbQ8Yw3tO1mzGrtP0m5BxCIEa+iH8LXA4dctSEMI=' 'sha256-wBhUGm/Lzl4TA4tJsiguA/vnV9LaNE6plmk4Xn/6/Mw=' 'sha256-6wRdeNJzEHNIsDAMAdKbdVLWIqu8b6+Bs+xVNZqplQw=' 'sha256-5oZoxPs07HkLGv2K/yyNWiLlCvxwJuQdhXLKg2AXhT0=' 'nonce-YRGGp19ZxX7Hmjs/7l1S0xVx' 'report-sample'; style-src 'self' 'unsafe-inline' *.cumulusmedia.com fonts.googleapis.com cdn.jotfor.ms 'report-sample'; img-src 'self' data: *.cumulusmedia.com *.wp.com *.googletagmanager.com *.google-analytics.com *.cookielaw.org *.jotform.com; font-src 'self' data: *.cumulusmedia.com fonts.gstatic.com https://www.google.com/recaptcha/; connect-src 'self' *.cumulusmedia.com *.google-analytics.com *.doubleclick.net submit.jotform.com *.cookielaw.org *.onetrust.com; object-src 'none'; frame-src 'self' *.cumulusmedia.com *.jotform.com *.youtube.com s.tradingview.com www.tradingview-widget.com challenges.cloudflare.com; report-uri https://www.cumulusmedia.com/wp-admin/admin-ajax.php?action=wpshr 1
font-src static.prostor.ua *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.fontawesome.com maxcdn.bootstrapcdn.com helpcrunch.com data: 'self' 'unsafe-inline'; form-action *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.googlesyndication.com www.liqpay.ua 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.google.com *.doubleclick.net *.googlesyndication.com www.liqpay.ua *.rabota.ua *.googletagmanager.com www.xtento.com 'self' 'unsafe-inline'; img-src static.prostor.ua media.prostor.ua widgets.magentocommerce.com data: *.vimeocdn.com i.ytimg.com *.youtube.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' data: *.google.com *.google.bg *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.googlesyndication.com static.liqpay.ua ucarecdn.com upload.wikimedia.org *.google.com.ua *.googleadservices.com *.esputnik.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src static.prostor.ua *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.google.com *.google.bg *.googletagmanager.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com static.liqpay.ua *.esputnik.com esputnik.com multisearch.io *.helpcrunch.com *.rabota.ua unpkg.com *.hotjar.com *.googleadservices.com googleads.g.doubleclick.net analytics.tiktok.com 'self' 'unsafe-inline' www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src static.prostor.ua media.prostor.ua *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.fontawesome.com maxcdn.bootstrapcdn.com multisearch.io 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src prostor.helpcrunch.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src static.prostor.ua *.newrelic.com *.nr-data.net vimeo.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.google-analytics.com *.facebook.net *.google.com *.doubleclick.net *.googlesyndication.com *.multisearch.io *.helpcrunch.com wss://ws.helpcrunch.com *.esputnik.com esputnik.com google.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com *.googleadservices.com analytics.tiktok.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-lupR9oD8FT0OOvljSW8XOA' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All 1
font-src *.fontawesome.com https://fonts.bunny.net fonts.googleapis.com fonts.gstatic.com https://stackpath.bootstrapcdn.com https://fonts.gstatic.com/ https://akio-25-49.akio.cloud/ *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.fd-recette.net https://akio-25-49.akio.cloud/ 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com *.hipay-tpp.com *.hipay.com *.paypal.com *.google.com/ https://www.youtube.com *.googleapis.com *.photoweb.com *.photoweb.es *.contentsquare.net *.kwanko.com https://hq-dev.magento.digitalphoto.dev https://cdn.segment.com https://events.eu1.segmentapis.com https://akio-25-49.akio.cloud/ https://www.googletagmanager.com https://widget.trustpilot.com https://privacy.fnac.phoenix.digitalphoto.group *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.hipay.com *.google.com magefan.com cm.magefan.com *.facebook.com https://firebasestorage.googleapis.com * https://www.magezon.com openstreetmap.org maps.googleapis.com maps.gstatic.com photoweb.com *.photoweb.com *.magento.digitalphoto.dev blob: *.contentsquare.net https://akio-25-49.akio.cloud/ *.hsforms.net *.hsforms.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.hipay-tpp.com *.hipay.com mpsnare.iesnare.com *.paypal.com *.google.com *.googletagmanager.com *.facebook.net *.avada.io * maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.newrelic.com *.eu01.nr-data.net *.trustpilot.com *.contentsquare.net *.privacy-center.org *.kwanko.com https://hq-dev.magento.digitalphoto.dev https://cdn.segment.com https://events.eu1.segmentapis.com https://akio-25-49.akio.cloud/ *.hsforms.net *.hsforms.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.hipay.com *.googleapis.com *.fontawesome.com https://fonts.bunny.net fonts.googleapis.com https://stackpath.bootstrapcdn.com https://fonts.googleapis.com/ https://fonts.google.com https://akio-25-49.akio.cloud/ *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com data: mpsnare.iesnare.com *.googleapis.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.hipay-tpp.com *.hipay.com wss://mpsnare.iesnare.com *.googleapis.com *.google-analytics.com https://get.geojs.io *.avada.io *.google.com https://stats.g.doubleclick.net *.eu01.nr-data.net *.contentsquare.net *.kwanko.com https://hq-dev.magento.digitalphoto.dev https://cdn.segment.com https://events.eu1.segmentapis.com https://akio-25-49.akio.cloud/ https://api.privacy-center.org/v1/events https://prompts.maze.co/api/widgets https://sdk.fra-02.braze.eu/api/v3/data/ https://pagead2.googlesyndication.com/ https://jls.photoweb.fr/ t.elasticsuite.io *.hsforms.net *.hsforms.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
img-src 'self' data: https://*.siteimproveanalytics.io; script-src 'self' https://siteimproveanalytics.com cdn.jsdelivr.net https://cdn.jsdelivr.net; script-src-attr 'self'; script-src-elem 'self' https://js-agent.newrelic.com https://bam.nr-data.net https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/recaptcha__en.js cdn.jsdelivr.net https://cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://fonts.googleapis.com; style-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self' 1
upgrade-insecure-requests; default-src 'self' https://*.planer.io https://planer.io; script-src 'self' 'unsafe-inline' ; script-src-elem 'self' 'unsafe-inline' ; script-src-attr 'none'; style-src 'self' 'unsafe-inline' https://*.planer.io https://planer.io; img-src 'self' https: data:; manifest-src 'self' https://login.planer.io; object-src 'none'; frame-ancestors 'self'; report-uri https://frontend-logs.planer.io/v1/frontend-logs/central-login-page; report-to frontend-errors 1
worker-src blob:; sandbox *.425.degree *.425degree.com 425degree.com www.425degree.com https://www.facebook.com *.facebook.com *.facebook.net *.tiktok.com; font-src *.cloudflare.com *.425degree.com *.fontawesome.com *.typekit.net *.trustedshops.com *.googleapis.com https://www.gstatic.com fonts.gstatic.com *.kxcdn.com maxcdn.bootstrapcdn.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action www.facebook.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com *.doubleclick.net *.infogram.com *.facebook.com *.googleadservices.com *.googlesyndication.com https://www.google.co.th *.kasikornbank.com *.googletagmanager.com *.pinterest.com *.425.degree *.425degree.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com facebook.com www.facebook.com *.kxcdn.com youtube.com www.youtube.com platform.twitter.com *.google.com *.addthis.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com https://www.google.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com *.cloudflare.com https://cdn.klarna.com *.425degree.com *.425.degree https://www.trustmarkthai.com/ https://t.co https://www.google.co.th *.doubleclick.net *.facebook.com *.pinterest.com https://www.googletagmanager.com/ *.googleadservices.com *.paypal.com *.vimeocdn.com https://s.ytimg.com *.usercentrics.eu *.clarity.ms www.clarity.ms *.bing.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com i.ytimg.com *.youtube.com validator.swagger.io *.googleapis.com *.gstatic.com *.cdninstagram.com *.kxcdn.com *.twitter.com *.google.com *.fbcdn.net ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com *.cloudflare.com https://www.trustmarkthai.com/ https://chimpstatic.com/ *.twitter.com *.ads-twitter.com *.425.degree *.425degree.com https://googleads.g.doubleclick.net *.infogram.com *.facebook.com *.newrelic.com *.nr-data.net *.pinimg.com www.google-analytics.com *.googlesyndication.com *.trustedshops.com *.usercentrics.eu *.tiktok.com *.fullstory.com *.clarity.ms www.clarity.ms *.bing.com www.googleadservices.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com https://www.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com *.gstatic.com cdn.ampproject.org connect.facebook.net googletagmanager.com *.kxcdn.com platform.twitter.com *.addthis.com *.addthisedge.com *.moatads.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.kasikornbank.com www.facebook.com graph.facebook.com business.facebook.com twitter.com https://www.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cloudflare.com *.425degree.com *.fontawesome.com *.typekit.net *.trustedshops.com *.usercentrics.eu fonts.googleapis.com *.googleapis.com *.google.com *.kxcdn.com *.gstatic.com downloads.mailchimp.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.425.degree *.425degree.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.cloudflare.com *.pinterest.com *.paypal.com *.tiktok.com *.fullstory.com *.clarity.ms www.clarity.ms *.bing.com https://www.trustmarkthai.com/ https://t.co *.425.degree *.nr-data.net www.facebook.com www.google-analytics.com *.doubleclick.net www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com https://www.paypal.com/xoplatform/logger/api/logger cdn.ampproject.org *.kxcdn.com *.instagram.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
frame-ancestors 'self'; report-uri https://www.geelongadvertiser.com.au/csp-reports 1
img-src 'self' data: dev.visualwebsiteoptimizer.com cdn.cookielaw.org www.googletagmanager.com *.siteimproveanalytics.io *.intoxalock.com *.facebook.com *.lpsnmedia.net *.gstatic.com *.googleapis.com i.ytimg.com 'self' data: dev.visualwebsiteoptimizer.com cdn.cookielaw.org www.googletagmanager.com *.siteimproveanalytics.io *.intoxalock.com *.facebook.com *.lpsnmedia.net *.gstatic.com *.googleapis.com i.ytimg.com px.ads.linkedin.com; script-src m555.bluemod.us cdn.cookielaw.org www.googletagmanager.com js.monitor.azure.com *.liveperson.net *.liveperson.com *.lpsnmedia.net unpkg.com getrockerbox.com siteimproveanalytics.com *.infinity-tracking.com *.facebook.com *.intoxalock.com *.facebook.net *.ubembed.com *.googleapis.com https://www.google.com/recaptcha/api.js *.gstatic.com m555.bluemod.us *.googletagmanager.com *.gstatic.com mindrco.blueconic.net dev.visualwebsiteoptimizer.com snap.licdn.com www.youtube.com 'self' 'unsafe-inline' 'nonce-usbnKK0WkY9Vo1wBgrojEcrGmb2Rd8MZskpsCmcq2D8='; font-src 'self' data: *.gstatic.com; connect-src dev.visualwebsiteoptimizer.com *.applicationinsights.azure.com cdn.cookielaw.org *.google.com *.infinity-tracking.com *.googleapis.com *.onetrust.com dev.visualwebsiteoptimizer.com *.onetrust.com t081.intoxalock.com r5.visualwebsiteoptimizer.com px.ads.linkedin.com ad.doubleclick.net www.google-analytics.com 'self'; frame-src 'self' *.trustpilot.com www.googletagmanager.com td.doubleclick.net lpcdn.lpsnmedia.net *.liveperson.net *.youtube.com https://www.google.com https://locations.intoxalock.com.yext-cdn.com https://www.zeemaps.com/ 'self' *.trustpilot.com www.googletagmanager.com td.doubleclick.net lpcdn.lpsnmedia.net *.liveperson.net *.youtube.com https://www.google.com https://locations.intoxalock.com.yext-cdn.com https://www.zeemaps.com https://13396136.fls.doubleclick.net https://www.facebook.com; style-src *.googleapis.com 'self' 'unsafe-inline'; worker-src 'self' blob:; default-src 'self'; 1
default-src 'self'; base-uri 'self'; img-src 'self' data: https:; font-src 'self' https://fonts.gstatic.com data:; media-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ista.piwik.pro https://*.usercentrics.eu https://www.youtube.com https://maps.googleapis.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.googlesyndication.com https://*.googleapis.com https://tracking.ista.com https://www.googletagmanager.com https://www.clickcease.com https://www.googleoptimize.com https://*.hotjar.com https://siteintercept.qualtrics.com https://*.siteintercept.qualtrics.com https://www.facebook.com https://connect.facebook.net https://*.twitter.com 'report-sample'; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https: blob: 'report-sample'; style-src 'self' 'unsafe-inline' https://*.usercentrics.eu https://fonts.googleapis.com 'report-sample'; style-src-elem 'self' 'unsafe-inline' https://fonts.gstatic.com https://fonts.googleapis.com https://www.googletagmanager.com/debug/badge.css 'report-sample'; worker-src 'self' 'unsafe-inline' 'unsafe-eval' blob:; object-src 'none'; connect-src 'self' https://tracking.ista.com https://ista.piwik.pro https://*.usercentrics.eu https://fonts.googleapis.com *.google.com https://*.googleapis.com https://*.gstatic.com blob: data: https://*.google.com https://*.google.de https://*.g.doubleclick.net https://*.google-analytics.com https://*.googlesyndication.com https://siteintercept.qualtrics.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; frame-src 'self' https://*.usercentrics.eu *.youtube-nocookie.com *.youtube.com *.vimeo.com *.google.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.googlesyndication.com https://tracking.ista.com https://www.googletagmanager.com https://www.facebook.com https://*.twitter.com; frame-ancestors 'self'; report-uri https://www.ista.com/corporate/@http-reporting?csp=report&requestTime=1752198195722688&requestHash=e7d34da58cd2e2a4540b2d063f5c067c0e0254ee 1
font-src *.squarecdn.com *.googleapis.com https://www.gstatic.com *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com *.bootstrapcdn.com *.stamped.io foursixty.com *.zipmoney.com.au font.static.useinsider.com *.pinterest.com *.cloudfront.net *.livechatinc.com *.zip.co https://fonts.gstatic.com maxcdn.bootstrapcdn.com *.yotpo.com dhv2ziothpgrr.cloudfront.net https://cdn.livechatinc.com/ data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com https://plumrocket.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ widgets.sandbox.afterpay.com *.cash.app https://www.google.com *.doubleclick.net www.facebook.com *.affirm.com *.affirm.ca https://plumrocket.com *.livechatinc.com *.paypal.com *.kaptcha.com beaconlighting.api.useinsider.com *.addthis.com *.addthisedge.com *.pinterest.com *.cloudfront.net *.scarabresearch.com www.xtento.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * photos.pixlee.co https://accounts.google.com *.yotpo.com zip.co static.zip.co sandbox.zip.co zipmoney.com.au sandbox.zipmoney.com.au checkout.gb.zip.co checkout.quadpay.com checkout-sandbox.quadpay.com https://www.affirm.com/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.afterpay.com/ *.cash.app *.googleapis.com *.gstatic.com 'self' data: *.google.com *.google.bg www.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.affirm.com *.affirm.ca *.beaconlighting.com.au *.trackjs.com *.cdninstagram.com *.zipmoney.com.au *.magentosite.cloud *.stamped.io *.scarabresearch.com *.paypal.com *.api.useinsider.com *.pinterest.com *.cloudfront.net *.livechatinc.com blob: *.zip.co www.xtento.com cdn.xtento.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.pixlee.com *.yotpo.com dhv2ziothpgrr.cloudfront.net t.zip.co static.zipmoney.com.au static.zip.co https://web1.acsbapp.com/ data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://api.addressfinder.io https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com *.squarecdn.com https://hbiq.net *.cash.app polyfill.io *.googleapis.com https://www.gstatic.com https://www.google.com *.google.bg *.googletagmanager.com www.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.affirm.com *.affirm.ca s7.addthis.com iguana2.com *.stamped.io *.zipmoney.com.au foursixty.com *.trackjs.com *.bootstrapcdn.com *.livechatinc.com beaconlighting.api.useinsider.com *.addthis.com *.addthisedge.com z.moatads.com *.api.useinsider.com *.pinterest.com *.cloudfront.net *.scarabresearch.com *.zip.co www.xtento.com cdn.xtento.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.plugins.emarsys.net connect.facebook.net graph.facebook.com business.facebook.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.pxlecdn.com *.pixlee.com https://accounts.google.com https://cdn.searchspring.net/intellisuggest/is.min.js *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net static.zipmoney.com.au static.zip.co zip.co https://cdn1.affirm.com/js/v2/affirm.js https://acsbapp.com/ https://trx-cdn.zip.co/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://api.addressfinder.io static.afterpay.com/ *.squarecdn.com *.cash.app fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.fontawesome.com *.bootstrapcdn.com *.stamped.io foursixty.com *.api.useinsider.com *.pinterest.com *.cloudfront.net *.livechatinc.com *.scarabresearch.com *.zip.co downloads.mailchimp.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com https://accounts.google.com https://www.gstatic.com *.yotpo.com dhv2ziothpgrr.cloudfront.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://api.addressfinder.io *.afterpay.com *.squarecdn.com https://hbiq.net https://iq.afterpay-beta.com https://iq.afterpay.com *.cash.app api.lab.amplitude.com *.algolia.net *.algolia.com *.algolianet.com *.googleapis.com *.google-analytics.com www.facebook.com *.facebook.net *.google.com *.affirm.com *.affirm.ca ekr.zdassets.com/ *.bootstrapcdn.com *.zipmoney.com.au foursixty.com *.foursixty.com *.labs.au.edge.zip.co *.trackjs.com stamped.io *.livechatinc.com *.api.useinsider.com carrier.useinsider.com *.doubleclick.net *.pinterest.com *.cloudfront.net *.scarabresearch.com *.zip.co *.eservice.emarsys.net connect.facebook.net graph.facebook.com business.facebook.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com https://inbound-analytics.pixlee.com https://accounts.google.com https://beacon.searchspring.io/beacon *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com https://cdn.acsbapp.com/ https://trx.zip.co/z/t https://www.affirm.com/ https://tracker.affirm.com/ 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri https://www.affirm.com/ 'self' 'unsafe-inline'; 1
frame-ancestors 'self'; font-src 'self' data: https://*.cloudfront.net *.googleapis.com https://fonts.gstatic.com https://use.typekit.net https://static.olark.com https://maxcdn.bootstrapcdn.com https://cdn.jsdelivr.net https://at.alicdn.com https://www.slant.co; media-src 'self' https://*.cloudfront.net https://storage.googleapis.com https://static.olark.com https://www.facebook.com; img-src 'self' data: https:; default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https:; connect-src 'self' https:; object-src 'self' blob:; child-src https:; style-src 'self' 'unsafe-inline' https:; report-uri https://o115950.ingest.us.sentry.io/api/4504318134124545/csp-report/?sentry_key=9c71d70b1ee74ce3aa4d0d9c04d772a1&sentry_environment=production&sentry_release=32625500 1
base-uri 'self'; form-action 'self'; default-src 'self'; connect-src 'self' data: https://stats.nederhost.nl/ https://zammad.nederhost.nl/ wss://zammad.nederhost.nl/; frame-ancestors 'none'; frame-src 'self'; img-src 'self' data:; report-to csp-endpoint; report-uri /_/report_csp_violation; script-src 'self' 'nonce-yc0ykcPbeGJ8Rp2D' 'unsafe-eval' https://stats.nederhost.nl/ https://cdn.matomo.cloud/stats.nederhost.nl/ https://zammad.nederhost.nl/; style-src 'self' data: 'nonce-yc0ykcPbeGJ8Rp2D' https://zammad.nederhost.nl/; style-src-attr 'unsafe-inline'; 1
script-src 'nonce-xb42gNQI3Gef+NWVKNxz7w==' 'strict-dynamic' https: 'unsafe-inline' 'report-sample'; base-uri 'none'; report-uri https://events.mercadolibre.com/csp/reports?identifier=NgUBQST5Wc3DJyL4-AmZZaI4rkq2y3sF4Hshiv-jP5Z0ZAJl5VU0Fz9cE5bhVu_UP_IdpNs5bA==&policy_id=13&user_id=&request_id=28e654e5-3548-4f89-8147-4859687c6183; report-to csp-endpoint; object-src https://http2.mlstatic.com/ https://mlstaticquic-a.akamaihd.net/ 1
default-src 'self' *.itrustcapital.com;  script-src *.itrustcapital.com https://www.googletagmanager.com 'unsafe-inline' 'self' ;  style-src 'self' *.itrustcapital.com use.fontawesome.com 'unsafe-inline' https://www.google-analytics.com;  font-src 'self' *.itrustcapital.com use.fontawesome.com 'unsafe-inline';  connect-src sdk.iad-05.braze.com api.amplitude.com dataschemasprodstorage.blob.core.windows.net *.alloy.co https://rum.browser-intake-us3-datadoghq.com https://www.googletagmanager.com 'self' *.itrustcapital.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net wss:;  img-src 'self' *.itrustcapital.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net blob:;  object-src 'none'; frame-src https://www.googletagmanager.com; report-uri https://csp-report.browser-intake-us3-datadoghq.com/api/v2/logs?dd-api-key=pubb464f8903d11bb4c37d5cbb555ed196a&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=csp-report;  report-to default 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.dev.alchemy-cloud.com https://elearning.sistemlms.com https://cdn.pendo.io https://js-agent.newrelic.com https://ajax.googleapis.com https://unpkg.com/swagger-ui-dist/ https://cdn.prod.sistemlms.com https://data.pendo.io https://*.storage.googleapis.com https://player.opensesame.com https://www.gstatic.com; style-src 'self' 'unsafe-inline' https://cdn.dev.alchemy-cloud.com https://elearning.sistemlms.com https://fonts.googleapis.com https://unpkg.com/swagger-ui-dist/ https://*.storage.googleapis.com https://cdn.prod.sistemlms.com https://player.opensesame.com; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: https://cdn.dev.alchemy-cloud.com https://cdn.prod.sistemlms.com https://elearning.sistemlms.com https://data.pendo.io https://cdn.sistemlms.com https://unpkg.com/swagger-ui-dist/ https://*.storage.googleapis.com https://player.opensesame.com https://www.opensesame.com; object-src 'self'; base-uri 'self' https://elearning.sistemlms.com https://cdn.dev.alchemy-cloud.com https://cdn.prod.sistemlms.com; connect-src 'self' https://api.feedback.us.pendo.io https://cb-api.sistemlms.com https://data.pendo.io https://bam.nr-data.net https://elearning.sistemlms.com https://metrics.articulate.com https://cdn.sistemlms.com https://*.amazonaws.com https://fonts.googleapis.com https://cdn.prod.sistemlms.com https://cdn.dev.alchemy-cloud.com https://*.storage.googleapis.com https://unpkg.com/swagger-ui-dist/ https://www.gstatic.com; manifest-src 'self' https://elearning.sistemlms.com; media-src 'self' data: https://elearning.sistemlms.com https://cdn.sistemlms.com https://cdn.prod.sistemlms.com https://cdn.dev.alchemy-cloud.com https://player.opensesame.com; worker-src 'none'; frame-src 'self' https://www.youtube.com https://player.opensesame.com; frame-ancestors 'self' *.alchemy-cloud.com *.sistemlms.com; report-to csp-endpoint; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com https://fonts.bunny.net 'self' data: https://maxcdn.bootstrapcdn.com *.bootstrapcdn.com *.googleapis.com cdn.jsdelivr.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com self escolas.prepara.com.br escolas.microlins.com.br servidor.prepara.com.br servidor.microlins.com.br 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.disqus.com https://firebasestorage.googleapis.com 'self' *.prepara.com.br *.microlins.com.br *.adobedtm.com *.cloudflare.com *.googleadservices.com *.cloudfront.net *.clarity.ms *.tiktok.com *.facebook.com *.google.com.br *.google.com https://googleads.g.doubleclick.net www.google.com.ua data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.disqus.com *.avada.io *.shopify.com self 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *.adobedtm.com *.cloudflare.com pay.google.com *.google-analytics.com googletagmanager.com *.googletagmanager.com apis.google.com *.googleapis.com *.googleadservices.com *.gstatic.com www.google.com www.gstatic.com *.google.com/ https://maps.googleapis.com/maps/api/js *.instagram.com *.vimeo.com *.clarity.ms *.tiktok.com static.hotjar.com *.hotjar.com unpkg.com servidor.microlins.com.br https: 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com https://fonts.bunny.net 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com *.bootstrapcdn.com *.cloudflare.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com https://get.geojs.io *.avada.io *.cloudflare.com *.tiktok.com servidor.prepara.com.br servidor.microlins.com.br *.clarity.ms cta-redirect.rdstation.com *.rdstation.com https://viacep.com.br www.google.com https: 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-src 'self'; report-uri http://events.convio.com/site/XFrameViolation 1
default-src 'self'; script-src 'self' 'unsafe-inline' cdn.jsdelivr.net maps.googleapis.com twitter.com www.google.com platform.twitter.com plausible.io utteranc.es *.cloudflare.com code.jquery.com plausible.io/js/plausible.js utteranc.es/client.js; style-src 'self' 'unsafe-inline' *.cloudflare.com fonts.googleapis.com fonts.gstatic.com cdn.jsdelivr.net; img-src 'self' * data:; font-src 'self' data: fonts.gstatic.com cdnjs.cloudflare.com; connect-src 'self' plausible.io/api/event; media-src 'self'; frame-src 'self'; object-src 'none'; base-uri 'self'; require-trusted-types-for 'script';frame-ancestors 'none'; 1
frame-ancestors 'self'; report-uri https://www.cairnspost.com.au/csp-reports 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com use.fontawesome.com maxcdn.bootstrapcdn.com *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.twitter.com 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ https://static.addtoany.com/ *.google.com *.doubleclick.net *.facebook.com *.sendcloud.sc *.twitter.com *.multisafepay.com https://pay.google.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net log.pinterest.com ssl.google-analytics.com maps.googleapis.com maps.gstatic.com data: dev.visualwebsiteoptimizer.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.cloudfront.net *.multisafepay.com www.magmodules.eu *.squeezely.tech data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://static.addtoany.com/ www.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com t.trackedlink.net assets.pinterest.com maps.googleapis.com ssl.google-analytics.com dev.visualwebsiteoptimizer.com js-agent.newrelic.com bam-cell.nr-data.net *.sendcloud.sc *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.googleapis.com *.multisafepay.com https://pay.google.com squeezely.tech www.squeezely.tech *.squeezely.tech 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudflare.com *.twitter.com *.twimg.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.multisafepay.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://stats.addtoany.com/menu *.google-analytics.com *.facebook.com *.facebook.net log.pinterest.com bam-cell.nr-data.net *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.multisafepay.com squeezely.tech *.squeezely.tech 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' http://*.mogucdn.com https://*.mogucdn.com http://*.juangua.com https://*.juangua.com http://*.meilishuo.com https://*.meilishuo.com http://*.meilishuo.net https://*.meilishuo.net http://*.mogujie.com https://*.mogujie.com http://*.qq.com https://*.qq.com http://*.mogujie.org https://*.mogujie.org http://*.meili-inc.com https://*.meili-inc.com http://*.mogu.com https://*.mogu.com http://*.mogu-inc.com https://*.mogu-inc.com; report-uri http://sd.mogujie.com/index.php 1
default-src 'self' 'unsafe-inline' *.gardners.com; script-src 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' *.gardners.com *.braintreegateway.com *.cardinalcommerce.com *.gardners.com *.gardners.com/scripts/jquery-3.7.1.min.js *.google-analytics.com *.googletagmanager.com api.os.uk api.whichosmap.co.uk assets.braintreegateway.com code.jquery.com/jquery-migrate-3.5.2.min.js js.braintreegateway.com maps-api-ssl.google.com songbird.cardinalcommerce.com whichosmap.co.uk www.google.com www.gstatic.com www.gstatic.com/recaptcha/releases/p09oe8YIFfKgcnqQ9m9k4aiB/recaptcha__en.js; script-src-elem 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' *.gardners.com/scripts *.gardners.com/scripts/jquery-3.7.1.min.js *.googletagmanager.com *.paypal.com api.whichosmap.co.uk assets.braintreegateway.com code.jquery.com/jquery-migrate-3.5.2.min.js js.braintreegateway.com maps-api-ssl.google.com songbird.cardinalcommerce.com whichosmap.co.uk www.google-analytics.com www.google.com/recaptcha/api.js www.gstatic.com/recaptcha; style-src 'report-sample' 'self' 'unsafe-inline' *.gardners.com *.braintreegateway.com *.cardinalcommerce.com *.googleapis.com api.os.uk api.whichosmap.co.uk api.whichosmap.co.uk assets.braintreegateway.com stackpath.bootstrapcdn.com whichosmap.co.uk; style-src-elem 'report-sample' 'self' 'unsafe-inline' *.braintreegateway.com *.cardinalcommerce.com *.googleapis.com api.os.uk api.whichosmap.co.uk api.whichosmap.co.uk stackpath.bootstrapcdn.com whichosmap.co.uk; style-src-attr 'report-sample' 'self' 'unsafe-inline'; object-src 'none'; base-uri 'self'; connect-src 'self' 'unsafe-eval' 'unsafe-inline' data: *.gardners.com *.braintree-api.com *.braintreegateway.com *.cardinalcommerce.com *.google-analytics.com api.braintreegateway.com api2.smartrecruitonline.com client-analytics.braintreegateway.com maps.googleapis.com translate.googleapis.com; font-src 'report-sample' 'self' 'unsafe-inline' data: *.braintreegateway.com *.cardinalcommerce.com *.googleapis.com api.os.uk api.whichosmap.co.uk fonts.gstatic.com stackpath.bootstrapcdn.com; frame-src 'report-sample' 'self' *.cardinalcommerce.com *.paypal.com api.whichosmap.co.uk assets.braintreegateway.com whichosmap.co.uk www.google.com www.youtube.com; img-src 'report-sample' 'self' blob: data: data: https: *.braintreegateway.com *.cardinalcommerce.com *.google-analytics.com *.paypal.com *.youtube.com/ api.os.uk api.whichosmap.co.uk assets.braintreegateway.com jackets.dmmserver.com maps-api-ssl.google.com maps.gstatic.com www.googletagmanager.com; manifest-src 'self'; media-src 'self'; worker-src 'none'; report-uri https://67917890e3f085153460661d.endpoint.csper.io?v=4; 1
report-uri https://events.mercadolibre.com/csp/reports?identifier=q1DQgQi1Ad7mjZ-rA3fgpn10k3xa3hKAxvLvvgLY5v0JomkA4YPNtRfm3y_4tY1Y1aw=&policy_id=71&user_id=&request_id=0c1c96fe-4eb8-4037-a593-c2e42b79e0a7; report-to csp-endpoint; frame-ancestors 'none' 1
default-src https://*.googletagmanager.com https://mc.yandex.ru 'self' c5mdnuiqw2.a.trbcdn.net; script-src 'self' https://*.googletagmanager.com https://mc.yandex.ru https://mc.yandex.az https://mc.yandex.by https://mc.yandex.co.il https://mc.yandex.com https://mc.yandex.com.am https://mc.yandex.com.ge https://mc.yandex.com.tr https://mc.yandex.ee https://mc.yandex.fr https://mc.yandex.kg https://mc.yandex.kz https://mc.yandex.lt https://mc.yandex.lv https://mc.yandex.md https://mc.yandex.tj https://mc.yandex.tm https://mc.yandex.uz d2wy8f7a9ursnm.cloudfront.net 'unsafe-inline' *.gstatic.com cdnjs.cloudflare.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ chat.chatra.io; style-src 'unsafe-inline' *.googleapis.com *.chatra.io *.gstatic.com cdnjs.cloudflare.com; img-src https://*.googletagmanager.com https://*.google-analytics.com https://stats.g.doubleclick.net https://*.google.com https://*.google.ae https://*.google.com.ag https://*.google.am https://*.google.com.ar https://*.google.at https://*.google.com.au https://*.google.az https://*.google.com.bd https://*.google.be https://*.google.bg https://*.google.com.br https://*.google.by https://*.google.ca https://*.google.ch https://*.google.com.cu https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dk https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.fi https://*.google.fr https://*.google.ge https://*.google.gr https://*.google.com.hk https://*.google.hr https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.it https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.kg https://*.google.co.kr https://*.google.kz https://*.google.lk https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.md https://*.google.me https://*.google.mk https://*.google.com.mm https://*.google.mn https://*.google.com.mx https://*.google.com.my https://*.google.nl https://*.google.no https://*.google.com.om https://*.google.com.pk https://*.google.pl https://*.google.pt https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.com.sa https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sk https://*.google.so https://*.google.td https://*.google.co.th https://*.google.com.tj https://*.google.tm https://*.google.tn https://*.google.com.tr https://*.google.com.tw https://*.google.com.ua https://*.google.co.uk https://*.google.co.uz https://*.google.com.vn https://*.google.rs https://mc.yandex.ru https://mc.yandex.az https://mc.yandex.by https://mc.yandex.co.il https://mc.yandex.com https://mc.yandex.com.am https://mc.yandex.com.ge https://mc.yandex.com.tr https://mc.yandex.ee https://mc.yandex.fr https://mc.yandex.kg https://mc.yandex.kz https://mc.yandex.lt https://mc.yandex.lv https://mc.yandex.md https://mc.yandex.tj https://mc.yandex.tm https://mc.yandex.uz 'self' data: blob: c5mdnuiqw2.a.trbcdn.net h20x37ek96.a.trbcdn.net img.studwork.ru s3.studwork.ru studwork.obs.ru-moscow-1.hc.sbercloud.ru obs.ru-moscow-1.hc.sbercloud.ru/studwork/ studwork.s3-studwork-pd01.s3pd01.sbercloud.ru s3-studwork-pd01.s3pd01.sbercloud.ru/studwork/ *.google.com; font-src 'self' data: *.gstatic.com cdnjs.cloudflare.com c5mdnuiqw2.a.trbcdn.net; connect-src https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://pagead2.googlesyndication.com https://stats.g.doubleclick.net https://*.google.com https://*.google.ae https://*.google.com.ag https://*.google.am https://*.google.com.ar https://*.google.at https://*.google.com.au https://*.google.az https://*.google.com.bd https://*.google.be https://*.google.bg https://*.google.com.br https://*.google.by https://*.google.ca https://*.google.ch https://*.google.com.cu https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dk https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.fi https://*.google.fr https://*.google.ge https://*.google.gr https://*.google.com.hk https://*.google.hr https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.it https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.kg https://*.google.co.kr https://*.google.kz https://*.google.lk https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.md https://*.google.me https://*.google.mk https://*.google.com.mm https://*.google.mn https://*.google.com.mx https://*.google.com.my https://*.google.nl https://*.google.no https://*.google.com.om https://*.google.com.pk https://*.google.pl https://*.google.pt https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.com.sa https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sk https://*.google.so https://*.google.td https://*.google.co.th https://*.google.com.tj https://*.google.tm https://*.google.tn https://*.google.com.tr https://*.google.com.tw https://*.google.com.ua https://*.google.co.uk https://*.google.co.uz https://*.google.com.vn https://*.google.rs https://mc.yandex.ru https://mc.yandex.az https://mc.yandex.by https://mc.yandex.co.il https://mc.yandex.com https://mc.yandex.com.am https://mc.yandex.com.ge https://mc.yandex.com.tr https://mc.yandex.ee https://mc.yandex.fr https://mc.yandex.kg https://mc.yandex.kz https://mc.yandex.lt https://mc.yandex.lv https://mc.yandex.md https://mc.yandex.tj https://mc.yandex.tm https://mc.yandex.uz wss://mc.yandex.ru https://yandex.ru *.bugsnag.com 'self' https://api.studwork.ru https://h20x37ek96.a.trbcdn.net wss://ws.studwork.ru s3.studwork.ru *.chatra.io *.gstatic.com https://firebaseinstallations.googleapis.com https://fcmregistrations.googleapis.com; frame-src https://td.doubleclick.net blob: https://mc.yandex.ru https://mc.yandex.az https://mc.yandex.by https://mc.yandex.co.il https://mc.yandex.com https://mc.yandex.com.am https://mc.yandex.com.ge https://mc.yandex.com.tr https://mc.yandex.ee https://mc.yandex.fr https://mc.yandex.kg https://mc.yandex.kz https://mc.yandex.lt https://mc.yandex.lv https://mc.yandex.md https://mc.yandex.tj https://mc.yandex.tm https://mc.yandex.uz 'self' www.youtube.com www.instagram.com c5mdnuiqw2.a.trbcdn.net h20x37ek96.a.trbcdn.net https://api.studwork.ru *.chatra.io view.officeapps.live.com *.google.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; worker-src 'self' data:; media-src c5mdnuiqw2.a.trbcdn.net; manifest-src c5mdnuiqw2.a.trbcdn.net; object-src 'none'; report-uri https://studwork.report-uri.com/r/d/csp/wizard; child-src blob: https://mc.yandex.ru https://mc.yandex.az https://mc.yandex.by https://mc.yandex.co.il https://mc.yandex.com https://mc.yandex.com.am https://mc.yandex.com.ge https://mc.yandex.com.tr https://mc.yandex.ee https://mc.yandex.fr https://mc.yandex.kg https://mc.yandex.kz https://mc.yandex.lt https://mc.yandex.lv https://mc.yandex.md https://mc.yandex.tj https://mc.yandex.tm https://mc.yandex.uz 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com fonts.googleapis.com *.googleapis.com https://*.gstatic.com data: *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com https://*.typekit.net *.klevu.com *.ksearchnet.com *.cloudfront.net *.reviews.io *.reviews.co.uk data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.reviews.io *.reviews.co.uk *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.iubenda.com https://*.doubleclick.net https://*.google.com https://*.hotjar.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.reviews.io *.reviews.co.uk *.weltpixel.com *.googletagmanager.com *.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net https://images.unsplash.com maps.googleapis.com maps.gstatic.com *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.iubenda.com https://*.doubleclick.net https://*.google.com https://*.google.co.uk *.cloudfront.net *.klarna.com *.klarnaevt.com *.klarnacdn.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.reviews.io *.reviews.co.uk *.facebook.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.com *.clarity.ms *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com https://maps.googleapis.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com https://www.gstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js www.google.com/recaptcha/ www.gstatic.com/recaptcha/ chimpstatic.com downloads.mailchimp.com *.list-manage.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com *.iubenda.com https://*.pcapredict.com/js/sensor.js https://www.googletagmanager.com https://www.google.com https://*.hotjar.com https://*.doubleclick.net https://secure.leadforensics.com https://*.googleapis.com x.klarnacdn.net *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.reviews.io *.reviews.co.uk *.googletagmanager.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.clarity.ms unpkg.com *.doubleclick.net https://js.klevu.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com downloads.mailchimp.com *.stripe.network *.stripecdn.com *.amazon.com https://*.googleapis.com https://*.typekit.net *.klarnacdn.net https://static.klaviyo.com *.klevu.com *.ksearchnet.com assets.braintreegateway.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.tagmanager.google.com *.googletagmanager.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com https://maps.googleapis.com https://player.vimeo.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.iubenda.com https://*.hotjar.com https://*.adobedc.net https://*.nr-data.net x.klarnacdn.net *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com api.addressy.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.clarity.ms *.doubleclick.net *.run.app 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self' https://app.contentful.com; worker-src blob:; default-src 'self' gap: ws: 'unsafe-inline' 'unsafe-eval' data: api.country.is vercel.live vercel.app *.vercel.live *.vercel.app safevisit.online contentful.com *.contentful.com *.googleapis.com *.youtube.com *.youtube-nocookie.com *.paypal.com *.googletagmanager.com *.google-analytics.com *.google.com *.google.com.ph *.google.ca *.google.ie *.google.co.in *.facebook.com *.amazonaws.com *.cloudfront.net *.googletagservices.com pay.google.com *.s3.amazonaws.com google.com *.sitkagear.com js.narvar.com cdn.searchspring.net js.klarna.com manifest.webmanifest cdn.tailwindcss.com cdn.cookielaw.org api.yotpo.com cdn-widgetsrepository.yotpo.com *.yotpo.com *.searchspring.io *.bigcommerce.com *.locally.com *.ctfassets.net *.onetrust.com *.criteo.com *.avmws.com *.safevisit.online *.gtm-msr.appspot *.dynamic.criteo.com *.facebook.net *.klaviyo.com *.zdassets.com *.browser-intake-datadoghq *.vercel-insights.com *.csper.io klarnaservices.com *.klarnaservices.com datadoghq-browser-agent.com *.datadoghq-browser-agent.com browser-intake-datadoghq.com *.browser-intake-datadoghq.com *.gstatic.com *.bing.com *.typekit.net *.doubleclick.net *.bidswitch.net *.adnxs.com *.media.net *.rubiconproject.com *.smartadserver.com *.taboola.com *.aralego.com criteo-sync.teads.tv *.3lift.com *.yahoo.net *.socdm.com *.casalemedia.com *.dable.io *.adingo.jp *.stickyadstv.com *.360yield.com *.rlcdn.com *.outbrain.com *.pubmatic.com *.smaato.net *.clmbtech.com *.yieldmo.com *.klarnacdn.net vercel.com assets.vercel.com *.experticity.com 10974823.collect.igodigital.com *.collect.igodigital.com *.bazaarvoice.com gore-rebrand-fonts.surge.sh viev-fonts.surge.sh googleads.g.doubleclick.net envoydev.co track.securedvisit.com bh.contextweb.com stats.g.doubleclick.net public-prod-dspcookiematching.dmxleo.com match.adsrvr.org trends.revcontent.com match.sharethrough.com tapestry.tapad.com criteo-partners.tremorhub.com ad.tpmn.co.kr e1.emxdgt.com cm.g.doubleclick.net partner.mediawallahscript.com visitor.omnitagjs.com i.liadm.com exchange.mediavine.com 1f2e7.v.fwmrm.net tags.bluekai.com dpm.demdex.net ws-us3.pusher.co eu.klarnaevt.com sockjs-us3.pusher.com ws-us3.pusher.com aa.agkn.com track.sv.rkdms.com sync.crwdcntrl.net *.hotjar.com widget-mediator.zopim.com aorta.clickagy.com *.searchspring.net *.googlesyndication.com *.liadm.com *.abtasty.com appclip.loopid.com *.gorewear.com *.rebrand.gorewear.com rebrand.gorewear.com www.sandbox.paypal.com cdn.sand.us.zip.co localhost:* *.origin.gorewear.com origin.gorewear.com 1
default-src * data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval';worker-src 'self' blob:; style-src * data: blob: 'unsafe-inline'; 1
default-src 'self' https://hosting.gl; script-src 'self' 'unsafe-inline' https://hosting.gl https://hosting.gl/templates/lagom2/assets/js/ https://statistics.hosting.gl https://www.googletagmanager.com https://connect.facebook.net https://widget.trustpilot.com https://cdn.datatables.net https://customerwidget.joinflow.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; connect-src 'self' https://region1.google-analytics.com https://statistics.hosting.gl https://www.facebook.com https://api.telavox.se; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' https://www.facebook.com data:; font-src 'self' https://fonts.gstatic.com data:; frame-src 'self' https://widget.trustpilot.com; form-action 'self'; frame-ancestors 'self'; report-uri https://hostinggl.report-uri.com/r/d/csp/wizard 1
default-src 'self' https:; font-src 'self' https: data: https://d3858hfkbmzrt.cloudfront.net; img-src 'self' https: data: https://d3858hfkbmzrt.cloudfront.net; object-src 'none'; script-src 'strict-dynamic' 'self' https: blob: https://js-agent.newrelic.com https://*.nr-data.net https://*.sdkassets.chime.aws https://d3858hfkbmzrt.cloudfront.net 'nonce-tm+I6MVLsoe02zLVoCJ5NA=='; style-src 'self' https: https://d3858hfkbmzrt.cloudfront.net 'unsafe-inline' 'nonce-tm+I6MVLsoe02zLVoCJ5NA=='; frame-src 'self' https://helloglobo.looker.com; manifest-src 'self'; worker-src 'self' blob: https://*.sdkassets.chime.aws; media-src 'self' https: https://d3858hfkbmzrt.cloudfront.net; base-uri 'self'; connect-src 'self' ws: wss://*.pusher.com wss://*.pusherapp.com https://*.pusher.com https://*.twilio.com wss://*.twilio.com https://js-agent.newrelic.com https://*.nr-data.net https://*.chime.aws wss://*.chime.aws https://*.amazonaws.com https://*.sdkassets.chime.aws 1
form-action 'self'; report-to csp-report; 1
default-src 'none'; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: https://elegant-harmony-f8a4c00980.media.strapiapp.com https://cms.sandbox-london-b.fetch-ai.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://www.google-analytics.com; frame-ancestors 'none'; base-uri 'self'; 1
default-src https:; script-src 'unsafe-inline' https:; style-src 'unsafe-inline' https:; object-src 'none'; img-src 'self' data: https:; font-src data: https:; frame-ancestors 'none'; block-all-mixed-content; report-uri https://lingvist.report-uri.com/r/d/csp/reportOnly 1
font-src fonts.googleapis.com fonts.gstatic.com *.gstatic.com data: *.googleapis.com maxcdn.bootstrapcdn.com *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com *.zopim.com *.zopim.io *.oct8ne.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com pay.google.com payments-eu.amazon.com *.amazon.de *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.twitter.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.adyen.com pay.google.com *.paypal.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.weltpixel.com https://pay.kcp.co.kr https://paygw.kcp.co.kr https://testpay.kcp.co.kr https://www.youtube.com http://www.sandbox.paypal.com *.twitter.com *.hotjar.com *.pinterest.com *.pinterest.es *.criteo.com *.cookiebot.com *.doubleclick.net *.oct8ne.com js.mollie.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.adyen.com pay.google.com *.payments-amazon.com *.media-amazon.com *.paypalobjects.com maps.googleapis.com maps.gstatic.com *.gstatic.com *.googleapis.com https://images.unsplash.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de cdn.doofinder.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.bing.com *.zopim.com *.zopim.io *.doubleclick.net *.google.com *.google.co.in *.mastercard.com *.facebook.com *.pinterest.com *.google.es *.clarity.ms *.quantserve.com *.lladro.com *.yahoo.com *.3lift.com *.360yield.com *.pubmatic.com *.outbrain.com *.rubiconproject.com *.adnxs.com *.casalemedia.com *.tapad.com *.smartadserver.com *.taboola.com *.addthis.com *.dable.com *.criteo.com *.media.net *.bidswitch.net *.revcontent.com *.teads.tv *.sharethrough.com *.liadm.com *.dable.io *.yieldmo.com *.advertising.com *.clmbtech.com *.smaato.net *.dmxleo.com *.cookiebot.com visitor.omnitagis.com id5-sync.com matching.ivitrack.com exchange.mediavine.com jadserve.postrelease.com criteo-partners.tremorhub.com ad.yieldlab.net *.emxdgt.com sync.1rx.io sync.targeting.unrulymedia.com *.line.me www.googletagmanager.com visitor.omnitagjs.com *.oct8ne.com https://www.mollie.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeocdn.com www.vimeo.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://maps.googleapis.com *.gstatic.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de cdn.doofinder.com https://pay.kcp.co.kr https://paygw.kcp.co.kr https://testpay.kcp.co.kr *.cloudflare.com *.cloudfront.net *.twitter.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.bing.com *.zopim.com *.zdassets.com *.google.com *.googletagmanager.com *.facebook.net *.pinimg.com *.hotjar.com *.tiktok.com *.quantserve.com *.doubleclick.net *.quantcount.com *.doofinder.com *.oct8ne.com *.clarity.ms *.criteo.com *.criteo.net *.cookiebot.com www.mczbf.com *.line-scdn.net *.pinterest.com cdn.jsdelivr.net *.useberry.com js.mollie.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.doofinder.com maxcdn.bootstrapcdn.com https://pay.kcp.co.kr https://paygw.kcp.co.kr https://testpay.kcp.co.kr *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.fontawesome.com *.bing.com cdn.jsdelivr.net tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zopim.com *.zopim.io 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.google.com www.google.com payments-eu.amazon.com *.paypal.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com https://maps.googleapis.com https://player.vimeo.com *.googleapis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.doofinder.com wss://*.doofinder.com https://pay.kcp.co.kr https://paygw.kcp.co.kr https://testpay.kcp.co.kr *.analytics.google.com *.cloudflare.com *.twitter.com *.twimg.com *.zdassets.com *.zopim.com *.zopim.io wss://widget-mediator.zopim.com *.google-analytics.com *.doubleclick.net *.luckyorange.net *.pinterest.com *.tiktok.com *.clarity.ms *.oct8ne.com *.criteo.com www.mczbf.com *.cookiebot.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src https://pay.kcp.co.kr https://paygw.kcp.co.kr https://testpay.kcp.co.kr http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://seoulwebdev.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 1
object-src 'none';base-uri 'self';script-src 'nonce-s81d9XogR22aLXBwNnRh6g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src https://* 'self' epichttp:;script-src 'nonce-86019ea733514453bfa019151d5d0dd8' https://PMC-PIA-WB4F 'self';img-src https://* 'self' blob: data:;style-src https://PMC-PIA-WB4F 'self' 'unsafe-inline';worker-src 'self' blob:;child-src 'self' blob:;form-action 'self';media-src https://* 'self' blob:; 1
font-src *.cloudflare.com fonts.gstatic.com *.bootstrapcdn.com *.maxcdn.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action 'self' 'unsafe-inline'; frame-ancestors www.google.com www.gstatic.com 'self'; frame-src bid.g.doubleclick.net player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ td.doubleclick.net *.facebook.com www.googletagmanager.com www.google.com *.standout.com.br 'self' 'unsafe-inline'; img-src data: widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io cdn.confi.com.vc *.cloudflare.com www.google.com.br device.clearsale.com.br *.ebit.com.br *.ebitempresa.com.br newimgebit-a.akamaihd.net *.googleapis.com *.gstatic.com *.google.com *.googleadservices.com *.googletagmanager.com *.openpix.com.br s3.amazonaws.com flagpedia.net data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.cloudflare.com *.githubusercontent.com *.addthis.com device.clearsale.com.br *.ebit.com.br *.googleapis.com *.gstatic.com apis.google.com connect.facebook.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ maps.googleapis.com s3-sa-east-1.amazonaws.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.maxcdn.com *.bootstrapcdn.com *.cloudflare.com *.githubusercontent.com fonts.googleapis.com *.ebit.com.br *.gstatic.com 'self' 'unsafe-inline'; object-src data: 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.bootstrapcdn.com cdn.confi.com.vc www.google.com www.google.com.br googleads.g.doubleclick.net device.clearsale.com.br *.ebit.com.br newimgebit-a.akamaihd.net *.googleapis.com apis.google.com *.googletagmanager.com stats.g.doubleclick.net *.openpix.com.br *.gstatic.com s3.amazonaws.com www.gstatic.com maps.googleapis.com s3-sa-east-1.amazonaws.com *.standout.com.br 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-NkcDJhbsGwzVi24RNkYbpQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'none'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=BXcf3rvZklNTtoVCiNnTice90eDXFItcTvAN4sZ6mr8-1752200948.1238985-1.0.1.1-vrmeRZkJzepPpJFun0L1ZEAONgeT5k_ib0mFJp_djC6b5ZnqV7Q4kA6gUGJiqYk9F6aIcxX5fU2yY8ctAevwnWvkm35P6LvnryMzmcujqLvPjkASxeJwUI_CtZjx0NVaWuXuUEJ_9HO0iBgz1ISnUw; report-to cf-csp-endpoint 1
default-src 'none'; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://region1.google-analytics.com https://dgap.org https://createsend.com https://api.friendlycaptcha.com https://internationalepolitik.de https://static.elfsight.com https://core.service.elfsight.com https://universe-static.elfsightcdn.com https://matomo.dgap.org/; font-src 'self' data: dgap.org https://player.podigee-cdn.net https://fonts.gstatic.com; frame-src 'self' https://dgap.org https://www.internationalepolitik.de https://www.ip-quarterly.com https://www.youtube-nocookie.com/embed/ https://e.issuu.com https://www.google.com https://player.podigee-cdn.net https://av.dgap.org https://av.internationalepolitik.de https://av.ip-quarterly.com https://matomo.dgap.org https://www.openstreetmap.org https://cloud.dgap.org https://audio.podigee-cdn.net https://sign.dgap.dev https://www.helpmundo.de https://www.helpdirect.org; img-src 'self' https://www.gstatic.com https://*.met.vgwort.de https://www.googletagmanager.com https://www.google-analytics.com data: dgap.org https://matomo.dgap.org https://images.podigee-cdn.net https://region1.google-analytics.com; manifest-src 'self'; media-src 'self' https://audio.podigee-cdn.net; prefetch-src 'self'; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https://dgap.org https://matomo.dgap.org https://www.google-analytics.com https://www.googletagmanager.com https://internationalepolitik.de https://ip-quarterly.com https://js.createsend1.com https://player.podigee-cdn.net https://audio.podigee-cdn.net https://www.helpmundo.de https://www.helpdirect.org cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://www.google.com https://matomo.dgap.org/; script-src-attr 'self' 'report-sample'; script-src-elem 'self' 'report-sample' 'unsafe-inline' https://dgap.org https://www.googletagmanager.com https://www.google-analytics.com https://matomo.dgap.org https://js.createsend1.com https://player.podigee-cdn.net https://audio.podigee-cdn.net https://www.helpmundo.de https://www.helpdirect.org https://static.elfsight.com https://core.service.elfsight.com https://universe-static.elfsightcdn.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://www.google.com; style-src 'self' 'report-sample' 'unsafe-inline' https://js.createsend1.com https://www.gstatic.com https://dgap.org https://player.podigee-cdn.net https://audio.podigee-cdn.net https://cdnjs.cloudflare.com; style-src-attr 'self' 'report-sample' 'unsafe-inline'; style-src-elem 'self' 'report-sample' 'unsafe-inline' https://www.google.com https://dgap.org https://player.podigee-cdn.net https://audio.podigee-cdn.net https://cdnjs.cloudflare.com; worker-src 'self' blob:; form-action 'self' https://www.createsend.com https://dgap.org; frame-ancestors 'self' https://dgap.org https://www.internationalepolitik.de https://www.ip-quarterly.com https://av.dgap.org https://av.internationalepolitik.de https://av.ip-quarterly.com https://sign.dgap.dev; report-uri https://dgap.org/en/system/reporting/default; report-to default 1
font-src *.fontawesome.com maxcdn.bootstrapcdn.com https://*.klarnacdn.net https://fonts.gstatic.com https://fonts.gstatic.com/s/lato/ data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://*.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.klarna.com https://www.googletagmanager.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://*.avis-verifies.com https://*.criteo.com https://*.facebook.com https://widgets.rr.skeepers.io https://sandbox.sequracdn.com https://live.sequracdn.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.klarna.com *.klarnaevt.com *.klarnacdn.net http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://*.quirumed.com https://www.quirumed.com https://*.onetrust.com https://*.google.es https://*.facebook.com https://*.media.net https://*.outbrain.com https://*.rubiconproject.com https://*.sharethrough.com https://*.smartadserver.com https://*.taboola.com https://*.teads.tv https://*.3lift.com https://*.adform.net https://*.omnitagjs.com https://*.casalemedia.com https://*.criteo.com https://www.sync-criteo.ads.yieldmo.com https://id5-sync.com https://www.id5-sync.com https://*.ivitrack.com https://*.mediavine.com https://*.pubmatic.com https://*.tremorhub.com https://*.yieldlab.net https://*.bidswitch.net https://*.doubleclick.net https://*.adnxs.net https://*.ib.adnxs.com https://www.ib.adnxs.com https://*.secure.adnxs.com https://secure.adnxs.com https://*.360yield.com https://*.krxd.net https://*.thebrighttag.com https://*.bing.com https://*.ups.analytics.yahoo.com https://www.ups.analytics.yahoo.com https://ib.adnxs.com https://jadserve.postrelease.com https://sync-criteo.ads.yieldmo.com https://e1.emxdgt.com https://sync.1rx.io https://sync.targeting.unrulymedia.com https://c.clarity.ms https://dev.visualwebsiteoptimizer.com https://*.visualwebsiteoptimizer.com https://*.segmentify.com https://cdn.segmentify.com https://*.sgmtfy.com https://aa.agkn.com https://sandbox.sequracdn.com https://live.sequracdn.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com https://*.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com https://vimeo.com www.vimeo.com *.vimeocdn.com https://*.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.klarna.com *.klarnacdn.net http://www.googletagmanager.com/ https://www.googletagmanager.com/ https://widgets.rr.skeepers.io/ https://api-product-reviews.rr.skeepers.io/ https://cl-ppr.rr.skeepers.io/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://*.doofinder.com https://*.avis-verifies.com https://*.googlesyndication.com https://*.onetrust.com https://*.criteo.net https://*.criteo.com https://*.facebook.net https://*.googleoptimize.com https://*.datadome.co https://*.bing.com https://*.newrelic.com https://*.retailrocket.net https://*.nr-data.net https://*.quirumed.com https://*.bolt.com https://*.commerce-quick-checkout.com https://*.clarity.ms https://*.google.com https://*.googleadservices.com https://*.google-analytics.com https://*.googletagmanager.com https://*.paypal.com https://*.sandbox.paypal.com https://*.paypalobjects.com https://*.t.paypal.com https://*.s.ytimg.com https://live.sequracdn.com https://assets.adobedtm.com https://geostag.cardinalcommerce.com https://1eafstag.cardinalcommerce.com https://unpkg.com https://cdn.noibu.com https://*.klarnaservices.com https://*.klarna.com https://js.klarna.com https://*.segmentify.com https://cdn.segmentify.com https://*.sgmtfy.com https://*.sgmtfy.com/* https://cdn.sgmntfy.com https://*.cloudflare.com https://*.cloudflare.com/* https://cdnjs.cloudflare.com/* https://widgets.rr.skeepers.io https://client.rum.us-east-1.amazonaws.com https://sandbox.sequracdn.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com https://*.retailrocket.net https://*.klarnacdn.net https://*.cloudflare.com https://*.cloudflare.com/* https://cdnjs.cloudflare.com/* https://*.segmentify.com https://cdn.segmentify.com https://*.sgmtfy.com https://*.sgmtfy.com/* https://cdn.sgmntfy.com https://fonts.googleapis.com/* https://fonts.googleapis.com/css https://fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.klarnaevt.com *.klarnacdn.net *.klarna.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://widgets.rr.skeepers.io/ https://api-product-reviews.rr.skeepers.io/ https://cl-ppr.rr.skeepers.io/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://*.doofinder.com https://*.avis-verifies.com https://*.googlesyndication.com https://*.onetrust.com https://*.google-analytics.com https://*.google.com https://*.doubleclick.net https://*.retailrocket.net https://*.nr-data.net https://*.datadome.co https://*.google.es https://www.google.es https://www.google.com https://*.bing.com https://*.newrelic.com https://*.cardinalcommerce.com https://*.paypal.com https://*.braintree-api.com https://*.client-analytics.sandbox.braintreegateway.com https://*.client-analytics.braintreegateway.com https://api.sandbox.braintreegateway.com https://api.braintreegateway.com https://t.clarity.ms https://input.noibu.com https://*.noibu.com https://cdn.noibu.com wss://input.noibu.com https://measurement-api.criteo.com https://dev.visualwebsiteoptimizer.com https://*.visualwebsiteoptimizer.com https://*.segmentify.com https://cdn.segmentify.com https://*.sgmtfy.com https://*.klarnaservices.com https://evt-eu.playground.klarnaservices.com https://widgets.rr.skeepers.io https://bat.bing.com https://api-product-reviews.cxr.skeepers.io https://sandbox.sequracdn.com https://live.sequracdn.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'nonce-OIRgMQMBDo/WC2IXvdN9TQ==' 'strict-dynamic' https: 'unsafe-inline' 'report-sample'; base-uri 'none'; report-uri https://events.mercadolibre.com/csp/reports?identifier=XJ9wXLk50PkpKcPzHNbsRD10FVb1duyt3s1Ba2hUDEDJhy2AhBzD8YZTC4UUxrXRKlqW9sCE9g==&policy_id=13&user_id=&request_id=59423893-5280-466e-808d-1df4e278c35a; report-to csp-endpoint; object-src https://http2.mlstatic.com/ https://mlstaticquic-a.akamaihd.net/ 1
font-src fonts.gstatic.com *.googleapis.com *.gstatic.com *.klevu.com *.ksearchnet.com https://script.hotjar.com https://fonts.gstatic.com https://embed.tawk.to https://i5.walmartimages.com https://use.typekit.net 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.canadapost.ca https://sso.epost.ca api.bazaarvoice.com stg.api.bazaarvoice.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com https://testsecureacceptance.cybersource.com https://secureacceptance.cybersource.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.dotdigital-pages.com *.dotdigital.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com pay.google.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com webchat.dotdigital.com webchat.staging.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.xtento.com https://vars.hotjar.com https://testsecureacceptance.cybersource.com https://secureacceptance.cybersource.com https://testflex.cybersource.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io maps.googleapis.com mageside.com *.canadapost.ca *.googleapis.com *.gstatic.com *.trackedlink.net display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com www.gstatic.com https://www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.klevu.com *.ksearchnet.com www.xtento.com cdn.xtento.com https://maps.gstatic.com https://www.google.com https://www.google.ca https://stats.g.doubleclick.net https://tools.applemediaservices.com https://aq.flippenterprise.net https://f.wishabi.net https://cdn.flippenterprise.net https://apple-resources.s3.amazonaws.com magefan.com cm.magefan.com *.disqus.com https://img.youtube.com *.hsforms.net *.hsforms.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://www.googletagmanager.com maps.googleapis.com developers.google.com *.googleapis.com *.google.com *.gstatic.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com pay.google.com x.klarnacdn.net centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com webchat.dotdigital.com webchat.staging.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.klevu.com *.ksearchnet.com www.xtento.com cdn.xtento.com https://maps.googleapis.com https://maps.gstatic.com https://connect.facebook.net https://static.hotjar.com https://kent-esengage.live.exchangesolutions.com https://cdn.jsdelivr.net https://embed.tawk.to https://a.omappapi.com https://aq.flippenterprise.net *.disqus.com *.hsforms.net *.hsforms.com https://js.klevu.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com display.ugc.bazaarvoice.com webchat.dotdigital.com webchat.staging.dotdigital.com *.klevu.com *.ksearchnet.com https://fonts.googleapis.com https://cdn.jsdelivr.net https://a.omappapi.com https://embed.tawk.to https://aq.flippenterprise.net https://use.typekit.net https://p.typekit.net *.gstatic.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com webchat.dotdigital.com webchat.staging.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.klevu.com *.ksearchnet.com https://api.omappapi.com https://maps.googleapis.com https://va.tawk.to https://embed.tawk.to https://aq.flippenterprise.net https://dam.flippenterprise.net https://app.launchdarkly.com https://region1.analytics.google.com https://cdn-gateflipp.flippback.com https://p.flipp.com https://events.launchdarkly.com https://google.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.gstatic.com data: *.cloudflare.com *.fontawesome.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.googleapis.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.stripe.com stripe.com *.link.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com https://www.googletagmanager.com/ *.trustpilot.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com p.typekit.net *.vimeocdn.com i.ytimg.com validator.swagger.io *.gstatic.com *.googleapis.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com *.cloudflare.com https://cdn.klarna.com *.paypal.com https://s.ytimg.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.googletagmanager.com ts.tradetracker.net www.magmodules.eu www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com unpkg.com commerce.adobedtm.com www.sandbox.paypal.com t.paypal.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com www.googletagmanager.com *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.cloudflare.com *.newrelic.com *.nr-data.net *.aptrinsic.com *.demdex.net *.google.com *.gstatic.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ tm.tradetracker.net *.trustpilot.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.cloudflare.com *.googleapis.com *.trustpilot.com *.fontawesome.com unsafe-inline assets.braintreegateway.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.gstatic.com *.stripe.network *.stripecdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com commerce.adobedtm.com commerce.adobedc.net *.snplow.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com *.adobe.io performance.typekit.net commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.cloudflare.com *.paypal.com *.nr-data.net *.newrelic.com *.demdex.net *.aptrinsic.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.newrelic.com *.demdex.net *.aptrinsic.com *.everesttech.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' data: https: 'unsafe-inline' http://*.omniupdate.com *.twimg.com http://img.youtube.com d.adroll.mgr.consensu.org s.dca0.com; script-src 'self' 'unsafe-inline' *.emu.edu *.adroll.com script.crazyegg.com www.googletagmanager.com www.youvisit.com *.google-analytics.com pi.pardot.com connect.facebook.net www.googleadservices.com googleads.g.doubleclick.net api.meritpages.com *.google.com *.googleapis.com *.addthis.com graph.facebook.com *.purechat.com *.purechatcdn.com *.ebscohost.com code.jquery.com 25livepub.collegenet.com widgets.pinterest.com platform.twitter.com instawidget.net *.twimg.com api.darksky.net assets.adobedtm.com embedr.flickr.com widgets.flickr.com s3.amazonaws.com d.adroll.mgr.consensu.org s.dca0.com; report-uri /is/csp/report/ 1
font-src *.fontawesome.com *.gstatic.com *.typekit.net *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'self'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com assets.braintreegateway.com player.vimeo.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de cdn.dnky.co webchat.dotdigital.com *.facebook.com *.youtube.com *.pinterest.com/ *.gorgias.chat *.gorgias.io *.hotjar.com *.pinimg.com *.tiktok.com *.polyfill.io *.profitmetrics.io *.clarity.ms *.amplitude.com *.google.com *.google.hu *.google.ie *.google.sk *.google.ro *.google.co.in *.doubleclick.net *.cookiebot.com *.optimonk.com facebook.com youtube.com pinterest.com/ gorgias.chat gorgias.io hotjar.com pinimg.com tiktok.com polyfill.io profitmetrics.io clarity.ms amplitude.com google.com google.hu google.ie google.sk google.ro google.co.in doubleclick.net cookiebot.com optimonk.com *.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.pinterest.com/ *.gorgias.chat *.gorgias.io *.hotjar.com *.pinimg.com *.tiktok.com *.polyfill.io *.profitmetrics.io *.clarity.ms *.amplitude.com *.google.com *.google.hu *.google.ie *.google.sk *.google.ro *.google.co.in *.doubleclick.net *.cookiebot.com *.optimonk.com *.gstatic.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com js.authorize.net jstest.authorize.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com cdn-scripts.signifyd.com www.youtube.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de cdn.dnky.co api.comapi.com webchat.dotdigital.com *.bmig2020.hu/ bmig2020.hu/ *.bauhaus.hu/ *.cloudfront.net/ *.facebook.net *.adobedtm.com *.adobe.com *.googleapis.com *.pinterest.com/ *.gorgias.chat *.gorgias.io *.hotjar.com *.pinimg.com *.tiktok.com *.polyfill.io *.profitmetrics.io *.clarity.ms *.amplitude.com *.google.com *.google.hu *.google.ie *.google.sk *.google.ro *.google.co.in *.doubleclick.net *.cookiebot.com *.optimonk.com facebook.net adobedtm.com adobe.com googleapis.com pinterest.com/ gorgias.chat gorgias.io hotjar.com pinimg.com tiktok.com polyfill.io profitmetrics.io clarity.ms amplitude.com google.com google.hu google.ie google.sk google.ro google.co.in doubleclick.net cookiebot.com optimonk.com *.google-analytics.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.typekit.net *.fontawesome.com *.gstatic.com *.optimonk.com *.pinterest.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com payments.sandbox.braintree-api.com origin-analytics-sand.sandbox.braintree-api.com assets.braintreegateway.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de api.comapi.com webchat.dotdigital.com *.pinterest.com/ *.gorgias.chat *.gorgias.io *.hotjar.com *.pinimg.com *.tiktok.com *.polyfill.io *.profitmetrics.io *.clarity.ms *.amplitude.com *.google.com *.google.hu *.google.ie *.google.sk *.google.ro *.google.co.in *.doubleclick.net *.cookiebot.com *.optimonk.com pinterest.com/ gorgias.chat gorgias.io hotjar.com pinimg.com tiktok.com polyfill.io profitmetrics.io clarity.ms amplitude.com google.com google.hu google.ie google.sk google.ro google.co.in doubleclick.net cookiebot.com optimonk.com *.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline' https://kiwirail.co.nz/* https://www.googletagmanager.com/ www.kiwirail.co.nz/* http://www.w3.org/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://www.facebook.com https://www.youtube.com/ https://connect.facebook.net/;img-src 'self' 'unsafe-inline' data: http://www.w3.org/ https://www.facebook.com/ https://www.google-analytics.com/;report-uri https://www.kiwirail.co.nz/csp/v1/report; 1
font-src *.googleapis.com *.gstatic.com *.fontawesome.com https://cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de api.bazaarvoice.com stg.api.bazaarvoice.com *.facebook.com *.nosto.com *.nos.to 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.addtoany.com *.webotit.ai gjigle.com https://d1di987mdgym2l.cloudfront.net *.clic2buy.com *.criteo.com *.googlesyndication.com *.ad-srv.net *.googletagmanager.com tech.boticinal.com staging.tech.boticinal.com *.salecycle.com ws.salecycle.com *.doubleclick.net *.facebook.com *.pinterest.com *.trustpilot.com *.sendcloud.sc *.jsdelivr.net *.nosto.com *.nos.to *.hipay-tpp.com *.hipay.com *.paypal.com s3-eu-west-1.amazonaws.com *.back.ecard.pledg.co *.front.ecard.pledg.co front.ecard.pledg.co hooks.stripe.com 'self' 'unsafe-inline'; img-src *.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.googleapis.com *.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com *.etsystatic.com *.boticinal.com *.powersante.com gjigle.com *.bazaarvoice.com *.kelkoogroup.net *.bing.com *.google.com *.google.fr *.google.tn www.google.tn *.clarity.ms *.rubiconproject.com *.ads.yieldmo.com *.tremorhub.com *.outbrain.com *.taboola.com *.smartadserver.com *.3lift.com *.360yield.com *.pubmatic.com *.casalemedia.com *.teads.tv *.media.net *.adform.net *.omnitagjs.com *.sharethrough.com *.ivitrack.com *.stickyadstv.com *.mediavine.com *.smaato.net *.doubleclick.net *.advertising.com *.yahoo.com *.adnxs.com *.liadm.com *.dmxleo.com *.criteo.com *.commerce-connectoer.com *.perfmaker.net *.bidswitch.net *.rlcdn.com *.googleadservices.com *.google-analytics.com *.paypalobjects.com *.yieldlab.net *.smartclip.net *.twiago.com *.krxd.net *.adscale.de id5-sync.com *.thebrighttag.com *.sc.omtrdc.net *.demdex.net tech.boticinal.com staging.tech.boticinal.com *.googletagmanager.com *.salecycle.com ws.salecycle.com *.facebook.com *.pinterest.com jadserve.postrelease.com pixel.tapad.com gum.criteo.com sync.1rx.io e1.emxdgt.com *.amazonaws.com *.nosto.com *.nos.to data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com *.privacy-center.org notifpush.com *.addtoany.com *.hipay-tpp.com *.hipay.com *.newrelic.com *.bazaarvoice.com *.cloudfront.net *.webotit.ai *.spockee.io *.kk-resources.com *.nr-data.net *.criteo.com *.criteo.net *.carts.guru *.bing.com *.elitrack.com *.clic2buy.com *.doubleclick.net *.clarity.ms pagead2.googlesyndication.com *.perfmaker.net *.googleoptimize.com *.emxdgt.com *.weglot.com *.datadoghq-browser-agent.com *.userly.net *.go2cloud.org *.ad-srv.net tech.boticinal.com staging.tech.boticinal.com *.trustpilot.com *.googletagmanager.com *.salecycle.com *.marvellousmachine.net *.facebook.com *.pinterest.com widget.trustpilot.com api.privacy-center.org sync.1rx.io e1.emxdgt.com jadserve.postrelease.com pixel.tapad.com gum.criteo.com region1.google-analytics.com static.zdassets.com *.sendcloud.sc *.jsdelivr.net *.nosto.com *.nos.to *.paypal.com s3-eu-west-1.amazonaws.com *.back.ecard.pledg.co *.front.ecard.pledg.co *.trygr.io trygrcdn.blob.core.windows.net https://cdnjs.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com display.ugc.bazaarvoice.com *.weglot.com *.googletagmanager.com *.salecycle.com *.sendcloud.sc *.jsdelivr.net *.nosto.com *.nos.to *.hipay.com *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com data: mpsnare.iesnare.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io *.googleapis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com notifpush.com *.zendesk.com *.zdassets.com *.trustpilot.com *.nr-data.net *.spockee.io https://s.kelkoogroup.net *.doubleclick.net *.notifadz.com *.clarity.ms *.criteo.com *.criteo.net *.carts.guru gjigle.com *.weglot.com *.googletagmanager.com tech.boticinal.com staging.tech.boticinal.com *.salecycle.com ws.salecycle.com *.marvellousmachine.net *.facebook.com *.pinterest.com *.googlesyndication.com *.google.com *.google.fr *.google.tn region1.analytics.google.com pro.ip-api.com *.bing.com api.privacy-center.org *.sendcloud.sc *.cdn.jsdelivr.net *.mapbox.com *.nosto.com *.nos.to *.hipay-tpp.com *.hipay.com wss://mpsnare.iesnare.com s3-eu-west-1.amazonaws.com *.back.ecard.pledg.co *.front.ecard.pledg.co 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-9t-iijp_UnWPOAST7aZ1bw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' *.localphone.com *.localphone.co.uk; img-src * data:; child-src *; frame-src *; script-src 'self' 'unsafe-inline' *.localphone.com https://js.stripe.com https://*.google.com https://ajax.googleapis.com http://www.google-analytics.com https://*.gstatic.com https://*.g.doubleclick.net https://www.googleadservices.com https://www.facebook.com https://cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' *.localphone.com https://*.googleapis.com https://cdn.jsdelivr.net; font-src 'self' data: fonts.gstatic.com https://sxt.cdn.skype.com; connect-src 'self' *.localphone.com; 1
frame-ancestors 'self' https://app.contentful.com; worker-src blob:; default-src 'self' gap: ws: 'unsafe-inline' 'unsafe-eval' data: api.country.is vercel.live vercel.app *.vercel.live *.vercel.app safevisit.online contentful.com *.contentful.com *.googleapis.com *.youtube.com *.paypal.com *.googletagmanager.com *.google-analytics.com *.google.com *.google.com.ph *.google.ca *.google.ie *.google.co.in *.facebook.com *.amazonaws.com *.cloudfront.net *.googletagservices.com pay.google.com *.s3.amazonaws.com google.com *.sitkagear.com js.narvar.com cdn.searchspring.net js.klarna.com manifest.webmanifest cdn.tailwindcss.com cdn.cookielaw.org api.yotpo.com cdn-widgetsrepository.yotpo.com *.yotpo.com *.searchspring.io *.bigcommerce.com *.locally.com *.ctfassets.net *.onetrust.com *.criteo.com *.avmws.com *.safevisit.online *.gtm-msr.appspot *.dynamic.criteo.com *.facebook.net *.klaviyo.com *.zdassets.com *.vercel-insights.com *.csper.io klarnaservices.com *.klarnaservices.com *.gstatic.com *.bing.com *.typekit.net *.doubleclick.ne *.bidswitch.net *.adnxs.com *.media.net *.rubiconproject.com *.smartadserver.com *.taboola.com *.aralego.com criteo-sync.teads.tv *.3lift.com *.yahoo.net *.socdm.com *.casalemedia.com *.dable.io *.adingo.jp *.stickyadstv.com *.360yield.com *.rlcdn.com *.outbrain.com *.pubmatic.com *.smaato.net *.clmbtech.com *.yieldmo.com *.klarnacdn.net vercel.com assets.vercel.com googleads.g.doubleclick.net *.dotomi.com he.lijit.com envoydev.co track.securedvisit.com bh.contextweb.com stats.g.doubleclick.net public-prod-dspcookiematching.dmxleo.com match.adsrvr.org *.zendesk.com *.zopim.com widget-mediator.zopim.com trends.revcontent.com match.sharethrough.com tapestry.tapad.com criteo-partners.tremorhub.com ad.tpmn.co.kr e1.emxdgt.com cm.g.doubleclick.net partner.mediawallahscript.com visitor.omnitagjs.com i.liadm.com exchange.mediavine.com 1f2e7.v.fwmrm.net tags.bluekai.com dpm.demdex.net ws-us3.pusher.co eu.klarnaevt.com sockjs-us3.pusher.com ws-us3.pusher.com aa.agkn.com jadserve.postrelease.com ad.tpmn.io match.prod.bidr.io i6.liadm.com sync.crwdcntrl.net *.sv.rkdms.com *.simpli.fi *.dlx.addthis.com ws.rqtrk.eu *.youtube-nocookie.com *.klarnaevt.com *.cloudflare.com *.datadome.co *.hotjar.com *.hotjar.io *.narvar.com aorta.clickagy.com *.abtasty.com *.narvar.qa suggest-cache.searchspring.net *.captcha-delivery.com *.usablenet.com *.usablenet.dev *.gorewear.com *.dev.stagesitkagear.com *.stagesitkagear.com www.sandbox.paypal.com cdn.sand.us.zip.co localhost:* 1
default-src 'self'; connect-src 'self' https://*.google-analytics.com https://*.brightcove.com https://*.boltdns.net https://*.brightcovecdn.com https://*.siteimprove.com; font-src 'self' data:; frame-src 'self' https://info.mumc.nl https://www.google.com https://players.brightcove.net https://*.youtube.com https://*.vimeo.com https://heritage.mumc.nl; img-src 'self' https://metrics.brightcove.com https://*.boltdns.net data:; media-src 'self' https://*.brightcovecdn.com blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.texthelp.com https://*.browsealoud.com https://players.brightcove.net https://vjs.zencdn.net https://cdn.rawgit.com https://www.googletagmanager.com https://www.google-analytics.com https://apis.google.com https://www.google.com https://www.gstatic.com blob: https://cdn.jsdelivr.net https://cdn.siteimprove.net https://cdnjs.cloudflare.com https://unpkg.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; report-uri https://www.mumc.nl/report-uri/reportOnly; block-all-mixed-content 1
font-src *.typekit.net fonts.gstatic.com use.typekit.net *.googleapis.com *.gstatic.com data: *.fontawesome.com *.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.swagger.io *.ftcdn.net *.behance.net *.gstatic.com *.googleapis.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.super99.com *.scene7.com *.doubleclick.net *.google.com *.google-analytics.com *.googleadservices.com *.braintreegateway.com *.paypal.com https://www.google.com https://www.google.com.co maps.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ beacon-audiences.magento-ds.com beacon-qa.magento-datasolutions.com beacon-stage.magento-ds.com beacon.magento-ds.com assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.online-metrix.net testflex.cybersource.com flex.cybersource.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.facebook.net *.connect.facebook.net https://smetrics.super99.com *.super99.com *.cardinalcommerce.com unpkg.com cdn.jsdelivr.net *.magento-datasolutions.com *.googleadservices.com *.google-analytics.com *.google.com *.googletagmanager.com *.paypal.com *.paypalobjects.com *.bolt.com *.commerce-quick-checkout.com *.cybersource.com *.braintreegateway.com *.clarity.ms maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com beacon-audiences.magento-ds.com fonts.googleapis.com *.fontawesome.com *.google.com *.googleapis.com *.gstatic.com *.bootstrapcdn.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.snplow.net commerce.adobedc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com beacon-audiences.magento-ds.com p13n-mr.adobe.io *.adobedc.net *.demdex.net *.adobe.io performance.typekit.net *.sentry.io *.googleapis.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.super99.com https://smetrics.super99.com *.cardinalcommerce.com *.paypal.com *.pingdom.net *.woorank.com *.youtube.com *.google.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com *.bolt.com *.magento-ds.com *.braintreegateway.com *.braintree-api.com maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.staging.flexint.net *.dynamicyield.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.staging.flexint.net *.dynamicyield.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net https://images.unsplash.com *.flexshopper.com *.dynamicyield.com mcstaging.flex.store *.flexshopper.xyz images.flexshopper.xyz http://images.flexshopper.xyz *.adxcel-ec2.com *.bing.com *.360yield.com *.liadm.com *.media.net *.mediavine.com *.postrelease.com *.criteo.com *.outbrain.com *.pubmatic.com *.revcontent.com *.rubiconproject.com *.sharethrough.com *.smaato.net *.tapad.com *.teads.tv *.tremorhub.com *.clmbtech.com *.tpmn.co.kr *.3lift.com *.yieldmo.com *.emxdgt.com *.1rx.io *.doubleclick.net *.bidswitch.net *.adnxs.com *.mediawallahscript.com *.smartadserver.com *.taboola.com *.omnitagjs.com *.casalemedia.com *.agkn.com *.unrulymedia.com *.crwdcntrl.net *.adsrvr.org *.stickyadstv.com *.imrworldwide.com *.lijit.com *.mathtag.com *.bidr.io *.facebook.net *.facebook.com *.dmxleo.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com commerce.adobe.net *.commerce-payment-services.com *.magento-ds.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.magento-datasolutions.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js *.osano.com acsbapp.com *.livevox.com *.staging.flexint.net *.flexshopper.com *.flexshopper.xyz *.dynamicyield.com edge.fullstory.com cdn.segment.com api.segment.io *.steelhousemedia.com *.criteo.com *.listrakbi.com *.ipredictive.com *.liadm.com *.bing.com *.facebook.net *.taboola.com *.impactradius-event.com *.pinimg.com *.googleapis.com *.pinterest.com *.maxmind.com device.maxmind.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com *.flexshopper.com *.listrakbi.com *.dynamicyield.com maxcdn.bootstrapcdn.com assets.braintreegateway.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.magento-datasolutions.com *.magento-ds.com *.osano.com *.acsbapp.com *.livevox.com *.flexshopper.com *.flexshopper.xyz *.dynamicyield.com *.fullstory.com cdn.segment.com api.segment.io *.taboola.com *.pinterest.com *.listrakbi.com *.doubleclick.net *.mmapiws.com d-ipv6.mmapiws.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'none'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=D2ZnDEd8di6rY7COHD_AoFU_82bXMWW3H1NJU3X5GQ0-1752198016-1.0.1.1-LKpnCgbOiMAlXUm0yEdHDcF_YqWs3eNfTyY6ZY84GKCYNKZtmf2sih7LkiCQ.EdqBCj9MfkbaOEsthdpYdxixwK7k0Q.u4d0glPuirX6xW1oogHa57kpXOoENAnyiLrQOMkLu15PgTxS5I4ecqJf4g; report-to cf-csp-endpoint 1
default-src 'self'; script-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' *.google.com *.googleadservices.com *.googletagmanager.com *.jquery.com *.facebook.net *.cookiebot.com *.doubleclick.net *.privacymanager.io *.disqus.com *.twitter.com *.trustpilot.com *.clarity.ms *.gstatic.com *.youtube.com youtube.com; style-src 'self' data: 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: https://a.disquscdn.com https://c.clarity.ms https://c.disquscdn.com https://clm.nektony.com https://googleads.g.doubleclick.net https://imgsct.cookiebot.com https://nektony.com https://ps.w.org https://referrer.disqus.com https://secure.gravatar.com https://ssl.gstatic.com https://syndication.twitter.com https://www.google.com https://www.google.com.ua https://www.googletagmanager.com *.facebook.com *.bing.com; font-src 'self' data: https://fonts.gstatic.com https://nektony.com; connect-src *; media-src 'self'; frame-src 'self' https://consentcdn.cookiebot.com https://disqus.com https://store.payproglobal.com https://td.doubleclick.net https://widget.trustpilot.com https://www.facebook.com https://www.google.com https://www.googletagmanager.com https://www.youtube-nocookie.com https://www.youtube.com; worker-src 'self';  upgrade-insecure-requests; report-uri https://nektony.com/csp-report-mode1.php; manifest-src 'self'; 1
default-src 'self';media-src 'self' blob: data: https:// *.onnetwork.tv *.tvp.pl;worker-src 'self' blob: data: *.sadeczanin.info;script-src 'self' 'unsafe-inline' 'unsafe-eval'  *.googleapis.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com https://weatherwidget.io *.weatherwidget.io *.google.com *.g.doubleclick.net *.instagram.com *.googlesyndication.com *.twitter.com  *.openxcdn.net *.4dex.io *.criteo.net tags.crwdcntrl.net *.creativecdn.com cdn.id5-sync.com cdn.prod.uidapi.com *.onnetwork.tv *.googleapis.com *.jsdelivr.net *.facebook.net *.2mdn.net *.google-analytics.com *.optad360.io *.script.ac *.ampproject.org; img-src 'self' https: data: blob: http://api.sadeczanin.info; style-src 'self' 'unsafe-inline' www.fonts.googleapis.com *.googleapis.com *.onnetwork.tv *.google.com; font-src 'self' data:  *.fonts.googleapis.com *.onnetwork.tv *.gstatic.com; frame-src 'self' https://weatherwidget.io *.weatherwidget.io https://instagram.com *.instagram.com https://twitframe.com *.twitframe.com *.twitter.com *.facebook.com *.googlesyndication.com *.google.com *.g.doubleclick.net *.googleadservices.com *.youtube.com *.youtu.be https://youtube.com https://youtu.be https://zrzutka.pl *.zrzutka.pl *.criteo.com *.onnetwork.tv *.googleapis.com *.aztv.pl *.casalemedia.com *.openx.net *.quantumdex.io *.adxbid.info *.openx.net *.quantumdex.io https://adxbid.info *.adxbid.info https://onetag-sys.com *.onetag-sys.com *.openx.net *.smartadserver.com *.wp.pl *.rubiconproject.com *.pubmatic.com *.a-mo.net *.indexww.com *.adnxs.com *.3lift.com https://hdsystem.pl https://www.hdsystem.pl *.richaudience.com; connect-src 'self' *.google-analytics.com *.sadeczanin.info pagead2.googlesyndication.com *.google.com *.g.doubleclick.net *.gstatic.com bcp.crwdcntrl.net id5-sync.com *.criteo.com *.criteo.net *.onnetwork.tv *.jsdelivr.net *.openx.net *.adnxs.com *.quantumdex.io *.wp.pl *.rubiconproject.com https://dnacdn.net *.dnacdn.net *.onetag-sys.com https://onetag-sys.com *.a-mo.net *.casalemedia.com *.pubmatic.com *.smartadserver.com *.adform.net *.creativecdn.com *.vidoomy.com *.4dex.io *.adxpremium.services *.adsrvr.org *.richaudience.com; 1
font-src *.survicate.com fonts.gstatic.com hawksearch.net dev.hawksearch.net https://www.gstatic.com https://fonts.gstatic.com maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com *.facebook.com 'self' connect.facebook.net graph.facebook.com business.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.affirm.com *.affirm.ca *.doubleclick.net *.survicate.com servedby.flashtalking.com shareasale.com *.commercepartnerhub.com insight.adsrvr.org *.pinterest.com pinterest.com hareasale.com *.usaepay.com www.facebook.com *.duosecurity.com *.duo.com *.paypalobjects.com bludot.pxf.io www.xtento.com assets.bounceexchange.com *.weltpixel.com https://www.google.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com *.pinterdev.com commerce-app.pintergration.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.affirm.com *.affirm.ca *.linkedin.com *.google.com.au *.google.ca *.google.com.mx *.cookielaw.org *.lightboxcdn.com *.3lift.com www.google.co.in *.clrstm.com *.33across.com *.ctnsnet.com *.googleapis.com *.openx.net *.gstatic.com *.bing.com *.postcodeanywhere.co.uk *.curalate.com *.datasteam.io pippio.com *.dtstmio.com *.agkn.com *.liadm.com datacloud.tealiumiq.com *.twitter.com *.google.com *.google.co.in cm.g.doubleclick.net cdn.klarna.com p.alocdn.com bat.bing.com px.ads.linkedin.com px4.ads.linkedin.com *.pinterest.com secure.adnxs.com insight.adsrvr.org b1img.com t.co alb.reddit.com p.adsymptotic.com idsync.rlcdn.com c.clarity.ms www.facebook.com c.bing.com segments.company-target.com nsg.symantec.com ds.reson8.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.seeitinyourspace.com *.simpli.fi *.pubmatic.com *.mxptint.net *.media.net *.adentifi.com bludot.pxf.io www.ojrq.net logs-01.loggly.com www.xtento.com cdn.xtento.com events.bouncex.net api.bounceexchange.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.pinterdev.com *.pinimg.com commerce-app.pintergration.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.affirm.com *.affirm.ca *.google.com.au *.google.ca *.google.com.mx *.yottaa.com *.pinterest.com *.liadm.com *.usbrowserspeed.com *.remarketstats.com *.amazonaws.com *.sitedataprocessing.com *.dwin1.com *.cookielaw.org *.datasteam.io *.lightboxcdn.com www.google.co.in *.bing.com *.agkn.com js-agent.newrelic.com bam-cell.nr-data.net cdn.yottaa.com cdn.optimizely.com tags.tiqcdn.com nsg.symantec.com js.adsrvr.org beacon-v2.helpscout.net static.ads-twitter.com snap.licdn.com deploytealium.com bat.bing.com connect.facebook.net survey.survicate.com pinimg.com b1img.com analytics.twitter.com *.tealiumiq.com *.googletagmanager.com ssl.google-analytics.com www.google.com tags.b1js.com www.redditstatic.com s.pinimg.com edge.curalate.com js.b1js.com code.murdoog.com *.clarity.ms *.murdoog.com *.usaepay.com *.nr-data.net *.hotjar.com *.postie.com *.doubleclick.net *.googleapis.com *.postcodeanywhere.co.uk unpkg.com viewinyourspace.com *.seeitinyourspace.com *.viewinyourspace.com utt.impactcdn.com www.xtento.com cdn.xtento.com tag.wknd.ai assets.bounceexchange.com api.bounceexchange.com *.unpkg.com *.jsdelivr.net https://www.googletagmanager.com tagmanager.google.com *.facebook.net https://www.google.com https://www.gstatic.com www.facebook.com graph.facebook.com business.facebook.com *.pinterdev.com *.pinimg.com commerce-app.pintergration.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.google.com.au *.google.ca *.google.com.mx *.lightboxcdn.com *.bing.com *.gstatic.com fonts.googleapis.com dev.hawksearch.net *.postcodeanywhere.co.uk *.survicate.com tagmanager.google.com maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.helpscout.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.affirm.com *.affirm.ca wss://ws.hotjar.com *.yottaa.com *.google.com.au *.google.ca *.google.com.mx *.bouncex.net *.redditstatic.com *.linkedin.com *.lightboxcdn.com *.reddit.com *.cookielaw.org *.onetrust.com *.hotjar.io www.google.co.in *.addressy.com endpoint1.collection.us2.sumologic.com *.helpscout.net *.googleapis.com *.bing.com *.cloudfront.net *.curalate.com *.facebook.com *.getletterpress.com *.agkn.com *.linkedin.oribi.io stats.g.doubleclick.net *.nr-data.net *.clarity.ms *.yottaa.net *.optimizely.com *.tealiumiq.com collect.tealiumiq.com ct.pinterest.com cloudfront.net *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.pinterest.com *.postcodeanywhere.co.uk *.usaepay.com d3hb14vkzrxvla.cloudfront.net *.browser-intake-datadoghq.com viewinyourspace.com *.viewinyourspace.com *.hotjar.com bludot.pxf.io *.facebook.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.pinterdev.com commerce-app.pintergration.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://googleads.g.doubleclick.net/pagead/viewthroughconversion/ https://translate.google.com/translate_a/element.js https://www.youtube.com/iframe_api https://www.googletagmanager.com/gtag/js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/destination https://www.gstatic.com/_/mss/boq-one-google/_/ https://www.gstatic.com/og/_/js/ https://apis.google.com/js/api.js https://apis.google.com/js/client.js https://www.google.com/tools/feedback/chat_load.js https://www.google.com/tools/feedback/help_api.js https://www.google.com/tools/feedback/load.js https://www.google.com/tools/feedback/open.js https://www.google.com/tools/feedback/open_to_help_guide_lazy.js https://www.gstatic.com/feedback/js/ https://www.gstatic.com/feedback/js/help/prod/service/lazy.min.js https://www.gstatic.com/inproduct_help/api/main.min.js https://www.gstatic.com/inproduct_help/chatsupport/chatsupport_button_v2.js https://www.gstatic.com/inproduct_help/service/lazy.min.js https://www.gstatic.com/uservoice/feedback/client/web/live/ https://www.gstatic.com/uservoice/surveys/resources/prod/js/survey/ https://www.gstatic.com/_/mss/boq-chrome-webstore/_/js/k=boq-chrome-webstore.ChromeWebStoreConsumerFeUi.en_US.FftC4bE1IL8.2018.O/ https://apis.google.com/_/scs/abc-static/_/js/ https://www.youtube.com/s/player/ https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/ChromeWebStoreConsumerFeUi/cspreport/fine-allowlist 1
object-src 'none';base-uri 'self';script-src 'nonce-szvplsM0_hv1nQvxRs3j8w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; base-uri 'self'; child-src 'self' blob: *.doubleclick.net *.facebook.com *.google.com *.googlesyndication.com *.vimeo.com connect.facebook.net vimeo.com www.googletagmanager.com; connect-src 'self' 'strict-dynamic' *.acsbapp.com *.analytics.google.com *.bsnteamsports.com *.fancloth.shop *.fontawesome.com *.google.com *.google-analytics.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.nr-data.net *.zdassets.com *.zendesk.com *.zopim.com *.zopim.io acsbapp.com ajax.googleapis.com browser-intake-datadoghq.com cdn.cookielaw.org code.jquery.com dev.visualwebsiteoptimizer.com fonts.googleapis.com fonts.gstatic.com geolocation.onetrust.com privacyportal.onetrust.com settings.luckyorange.net stats.g.doubleclick.net vimeo.com vimeocdn.com www.facebook.com www.ssgecom.com wss://*.hotjar.com wss://in.visitors.live wss://visitors.live wss://widget-mediator.zopim.co https://chat-assets.cdn.gladly.com https://chat-sdk.cdn.gladly.com https://cdn.gladly.com https://us-1.gladly.com https://api.us-1.gladly.chat wss://ws.us-1.gladly.chat https://api.smooch.io https://*.config.smooch.io wss://api.smooch.io https://gladly-production.sinter-collect.com https://js.verygoodvault.com https://js2.verygoodvault.com https://st-ea.hiw19909.jscrambler.com https://hiw19909.jscrambler.com https://jscrambler.com; font-src 'self' data: *.bsnteamsports.com *.fancloth.shop *.bootstrapcdn.com *.bsnteamsports.com *.fancloth.shop *.fontawesome.com *.gladly.com *.typekit.net *.zopim.com cdnjs.cloudflare.com fonts.googleapis.com fonts.gstatic.com script.hotjar.com static.zdassets.com; form-action 'self' *.facebook.com *.google.com connect.facebook.net; frame-src 'self' *.paymetric.combid.g.doubleclick.net *.vimeo.com xiecomm.worldpay.com cert-xiecomm.worldpay.com vars.hotjar.com www.google.com www.googletagmanager.com td.doubleclick.net https://js.verygoodvault.com https://js2.verygoodvault.com; img-src 'self' data: blob: *.bsnteamsports.com *.fancloth.shop *.bsnteamsports.com *.bsnsports.com *.google.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.nr-data.net *.zdassets.com *.zdusercontent.com *.zendesk.com *.zopim.com *.zopim.io *.vimeo.com *.vimeocdn.com ajax.googleapis.com cdn.cookielaw.org code.jquery.com dev.visualwebsiteoptimizer.com googleads.g.doubleclick.net imfarm.bsnsports.com pulse.art.bsnsports.com script.hotjar.com ssgsales.com www.facebook.com stats.g.doubleclick.net https://chat-assets.cdn.gladly.com https://media.cdn.gladly.com https://media.smooch.io; media-src *.vimeo.com static.zdassets.com vimeo.com https://chat-sdk.cdn.gladly.com https://cdn.gladly.com; object-src 'none'; script-src 'self' 'strict-dynamic' 'unsafe-eval' 'report-sample' https: 'unsafe-inline' 'nonce-IfznaZE154pYWkD/FguUig=='; style-src 'self' 'report-sample' 'unsafe-inline' *.bsnteamsports.com *.fancloth.shop *.bootstrapcdn.com *.fontawesome.com *.google.com *.googleapis.com *.typekit.net *.zdassets.com cdn.jsdelivr.net cdnjs.cloudflare.com code.jquery.com fonts.googleapis.com tagmanager.google.com unpkg.com www.googletagmanager.com https://chat-sdk.cdn.gladly.com https://cdn.gladly.com; upgrade-insecure-requests; report-uri https://62e17a85e7a4e344fdd77145.endpoint.csper.io?v=1; worker-src 'self' blob: www.google.com 1
child-src blob: data: https:; connect-src https: wss:; default-src blob: data: https: 'report-sample' 'unsafe-eval' 'unsafe-inline'; font-src data: https:; form-action https:; frame-src data: https:; img-src blob: data: https:; media-src blob: data: https:; object-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; script-src-elem https: 'nonce-Gv2oA0WPx+SQI+74+lf5NA=='; style-src https: 'unsafe-inline'; report-uri https://csp.ffx.io/; report-to csp-endpoint 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.afterpay.com *.klevu.com *.yotpo.com *.livechatinc.com *.vimeo.com *.pixlee.com *.pxlecdn.com *.pixlee.co *.jst.ai *.jsdelivr.net *.klaviyo.com *.elev.io *.zdassets.com *.cartfulsolutions.com *.cloudmaestro.com *.freshchat.com *.visualwebsiteoptimizer.com *.cloudflare.com polyfill.io *.cartsave.io *.paypal.com *.braintree-api.com data: *.greatlakesskipper.com *.twitter.com *.twimg.com *.trustedshops.com *.googleapis.com *.ksearchnet.com *.fontawesome.com maxcdn.bootstrapcdn.com fonts.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.cybersource.com *.freshchat.com *.visualwebsiteoptimizer.com *.cloudflare.com polyfill.io *.cartsave.io *.braintree-api.com *.twitter.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com www.google.com *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.criteo.net *.criteo.com *.livechatinc.com *.wufoo.com *.yotpo.com *.vimeo.com *.pixlee.com *.pxlecdn.com *.pixlee.co *.jst.ai *.jsdelivr.net getshogun.com *.klaviyo.com *.facebook.com *.cybersource.com insight.adsrvr.com insight.adsrvr.org *.frstre.com *.cloudfront.net *.g.doubleclick.net *.twitter.com *.cloudmaestro.com *.elev.io *.freshchat.com *.visualwebsiteoptimizer.com *.cloudflare.com polyfill.io *.cartsave.io *.braintree-api.com *.addthis.com *.recaptcha.net *.freshdesk.com airtable.com *.paypalobjects.com *.kaptcha.com *.weltpixel.com *.googletagmanager.com *.doubleclick.net *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * https://plumrocket.com *.wesupply.xyz https://wesupplylabs.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net data: landofcoder.com *.yotpo.com *.vimeo.com *.pixlee.com *.pixlee.co *.pxlecdn.co *.jst.ai *.jsdelivr.net *.pxlecdn.com *.klaviyo.com *.facebook.com *.facebook.net *.google.com *.bing.com *.choozle.com s3.amazon.com s3.amazonaws.com *.g.doubleclick.net *.adsrvr.org *.twitter.com *.swagger.io *.cloudfront.net *.godaddy.com *.cartfulsolutions.com *.cloudmaestro.com *.trustwave.com/ *.taboola.com *.media.net *.3lift.com *.rubiconproject.com *.adnxs.com *.outbrain.com *.adform.net *.360yield.com *.yieldmo.com *.bidswitch.net *.yahoo.com *.smartadserver.com *.advertising.com *.stickyadstv.com *.fwmrm.net *.adscale.de *.teads.tv *.postrelease.com *.sharethrough.com *.ivitrack.com *.casalemedia.com *.smaato.net *.pubmatic.com *.omnitagjs.com *.criteo.com *.mediawallahscript.com *.mgid.com *.addthis.com *.revcontent.com *.liadm.com *.rlcdn.com *.turn.com *.krxd.net *.google.com.ar *.freshchat.com *.visualwebsiteoptimizer.com *.cloudflare.com polyfill.io *.cartsave.io *.braintree-api.com *.bazaarvoice.com *.klevu.com *.greatlakesskipper.com *.clmbtech.com *.tapad.com *.openx.net *.dmxleo.com *.tremorhub.com *.kargo.com *.tpmn.co.kr *.agkn.com *.amanad.adtdp.com *.bluekai.com *.mathtag.com *.zemanta.com *.bnmla.com *.stackadapt.com *.simpli.fi *.admanmedia.com *.loopme.me *.digitaleast.mobi *.yieldlab.net *.lemmatechnologies.com *.avct.cloud *.deepintent.com *.dotomi.com *.creative-serving.com *.twiago.com *.amazon-adsystem.com *.mediavine.com *.socdm.com *.octillion.tv *.bidr.io.tv *.everesttech.net *.w55c.net *.emxdgt.com *.adgrx.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.reddit.com *.googletagmanager.com *.doubleclick.net *.trackedlink.net *.ksearchnet.com *.disqus.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com quickchart.io img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.magento-ds.com https://www.gstatic.com/recaptcha/ www.google.com *.typekit.net google.com *.google.com *.magento-datasolutions.com *.klevu.com *.cloudflare.com *.klaviyo.com acsbapp.com *.acsbap.com acsbap.com *.online-metrix.net *.criteo.net *.criteo.com *.trustwave.com *.livechatinc.com *.wufoo.com *.fontawesome.com *.yotpo.com *.vimeo.com *.pixlee.com *.pxlecdn.com *.pixlee.co *.jst.ai *.gstatic.com *.jsdelivr.net *.justuno.com *.getshogun.com *.zdassets.com *.elev.io *.facebook.net *.zopim.com *.govx.com govxconnect.com *.pinimg.com *.bing.com *.tapfiliate.com *.cloudfront.net *.pepperjam.net *.pepperjam.com *.g.doubleclick.net *.ensighten.com *.bestworlds.com *.cartsave.io *.twitter.com *.swagger.io *.payments-amazon.com *.amazon.com *.godaddy.com *.cartfulsolutions.com *.cybersource.com *.cloudmaestro.com *.freshchat.com *.visualwebsiteoptimizer.com polyfill.io *.oribi.io *.paypal.com *.cloudflareinsights.com *.braintree-api.com *.greatlakesskipper.com *.trackedweb.net *.emxdgt.com *.uptrendsdata.com *.noibu.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.googleapis.com *.googletagmanager.com *.googleadservices.com *.redditstatic.com *.reddit.com *.tiktok.com unpkg.com *.doubleclick.net *.trackedlink.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.ksearchnet.com *.disqus.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com https://js.klevu.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.klevu.com *.fontawesome.com *.yotpo.com *.vimeo.com *.pixlee.com *.pxlecdn.com *.pixlee.co *.jst.ai *.jsdelivr.net *.klaviyo.com *.bestworlds.com *.cartsave.io *.cloudmaestro.com *.freshchat.com *.visualwebsiteoptimizer.com *.cloudflare.com polyfill.io *.paypal.com *.braintree-api.com apps.bazaarvoice.com *.greatlakesskipper.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.tagmanager.google.com *.googletagmanager.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.ksearchnet.com maxcdn.bootstrapcdn.com fonts.gstatic.com assets.braintreegateway.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.vimeo.com *.pixlee.com *.pxlecdn.com *.pixlee.co *.jst.ai *.jsdelivr.net *.klaviyo.com *.zdassets.com *.cloudmaestro.com agentcore.s3.amazonaws.com *.freshchat.com *.cloudflare.com polyfill.io *.cartsave.io *.paypal.com *.braintree-api.com *.livechatinc.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.sentry.io *.paypal.com google.com *.google.com *.magento-datasolutions.com *.magento-ds.com *.yotpo.com *.vimeo.com *.pixlee.com *.pxlecdn.com *.pixlee.co *.klaviyo.com *.jst.ai *.acsbapp.com acsbapp.com *.jsdelivr.net *.zdassets.com *.zendesk.com *.facebook.com *.elev.io *.zopim.com wss://*.zopim.com *.google-analytics.com *.g.doubleclick.net *.pinterest.com *.bestworlds.com *.cartsave.io *.bing.com *.amazon.com *.cartfulsolutions.com *.cloudmaestro.com adapter.aivo.co *.agentbot.net *.oribi.io *.hotjar.com *.freshchat.com *.visualwebsiteoptimizer.com *.cloudflare.com polyfill.io *.braintree-api.com *.ksearchnet.com *.trackedweb.net *.googleadservices.com *.google.com.ar *.uptrendsdata.com *.noibu.com *.twitter.com *.twimg.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.doubleclick.net *.run.app *.trackedlink.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.klevu.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.klaviyo.com *.cloudmaestro.com *.visualwebsiteoptimizer.com *.cloudflare.com polyfill.io *.cartsave.io *.paypal.com *.braintree-api.com *.greatlakesskipper.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
object-src 'none';base-uri 'self';script-src 'nonce-zrYqirm4O2TXJlab1GUvjg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
media-src 'self' data: blob: https:; frame-src 'self' https://www.deutschakademie.de https://www.deutschakademie.com https://*.facebook.com https://www.google.com/recaptcha/ https://*.doubleclick.net https://*.googlesyndication.com https://*.googletagmanager.com https://*.adtrafficquality.google https://*.paypal.com https://*.livechatinc.com https://cdn.chatbot.com https://app.hubspot.com https://js.mollie.com; frame-ancestors 'self' https://www.deutschakademie.de https://www.deutschakademie.com https://*.livechatinc.com https://cdn.chatbot.com ;block-all-mixed-content;script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://*.clarity.ms https://cdnjs.cloudflare.com https://cdn-cookieyes.com https://*.googletagservices.com https://*.googlesyndication.com https://*.googleadservices.com https://*.doubleclick.net https://*.google.com https://www.gstatic.com https://api.livechatinc.com https://cdn.livechatinc.com https://googletagmanager.com https://js-eu1.hs-analytics.net https://js-eu1.hs-banner.com https://js-eu1.hs-scripts.com https://maps.google.com https://maps.googleapis.com https://ajax.googleapis.com https://tagmanager.google.com https://www.provenexpert.com https://www.googletagmanager.com https://*.google-analytics.com https://cdn.chatbot.com https://connect.facebook.net; style-src 'self' 'report-sample' 'unsafe-inline' https://cdnjs.cloudflare.com *.google.com www.provenexpert.com www.googletagmanager.com https://fonts.googleapis.com https://cdn.chatbot.com https://connect.facebook.net https://www.deutschakademie.de https://www.deutschakademie.com; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com cdnjs.cloudflare.com https://www.gstatic.com https://www.deutschakademie.de https://www.deutschakademie.com https://cdn.jsdelivr.net/npm/ https://www.provenexpert.com/css/widget_landing.css; object-src 'self' data: *.googlesyndication.com;child-src 'self' https://*.livechatinc.com blob: *.google.com *.doubleclick.net *.googlesyndication.com www.googletagmanager.com;base-uri 'self';form-action 'self' *.google.com *.facebook.com; worker-src 'self' blob: www.google.com; script-src-elem 'self' 'unsafe-inline' https://*.hsappstatic.net https://*.hubspot.com https://*.accessgo.de https://*.clarity.ms cdnjs.cloudflare.com *.google-analytics.com https://ajax.googleapis.com *.adtrafficquality.google https://cdnjs.cloudflare.com  https://cdn-cookieyes.com  https://*.googletagservices.com https://*.googlesyndication.com https://*.googleadservices.com https://*.doubleclick.net https://*.google.com https://www.gstatic.com https://*.livechatinc.com https://googletagmanager.com https://js-eu1.hs-analytics.net https://js-eu1.hs-banner.com https://js-eu1.hs-scripts.com https://js-eu1.hsforms.net https://maps.google.com https://maps.googleapis.com https://tagmanager.google.com https://*.paypal.com https://www.provenexpert.com https://www.googletagmanager.com https://*.google-analytics.com https://cdn.chatbot.com https://connect.facebook.net https://www.deutschakademie.de https://www.deutschakademie.com https://js.mollie.com https://cdn.jsdelivr.net/npm/ 1
script-src 'nonce-iUIU8TFZnwmy9gnNCMmvRQ==' 'strict-dynamic' https: 'unsafe-inline' 'report-sample'; base-uri 'none'; report-uri https://events.mercadolibre.com/csp/reports?identifier=XJ9wXLk50PkpKcPzHNbsRD10FVb1duyt3s1Ba2hUDEDJhy2AhBzD8YZTC4UUxrXRKlqW9sCE9g==&policy_id=13&user_id=&request_id=2043475c-6c1e-4f48-bb44-5ddd2f05e323; report-to csp-endpoint; object-src https://http2.mlstatic.com/ https://mlstaticquic-a.akamaihd.net/ 1
font-src cdn.jsdelivr.net fonts.gstatic.com cdn.almapay.com applepay.cdn-apple.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.getalma.eu *.almapay.com/ *.stripe.com/ *.checkout.com/ *.adyen.com/ *.instagram.com https://www.googletagmanager.com/ secure-gateway.hipay-tpp.com *.hipay.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.payplug.com *.dalenys.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.cdninstagram.com cdn.doofinder.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://secure-magenta.dalenys.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.jsdelivr.net *.instagram.com cdn.doofinder.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ secure-gateway.hipay-tpp.com *.hipay.com mpsnare.iesnare.com s7.addthis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://secure-magenta.dalenys.com applepay.cdn-apple.com api-qa.payplug.com cdn-qa.payplug.com api.payplug.com cdn.payplug.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.jsdelivr.net fonts.googleapis.com *.doofinder.com *.hipay.com unsafe-inline assets.braintreegateway.com https://secure-magenta.dalenys.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ data: mpsnare.iesnare.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.getalma.eu *.almapay.com *.doofinder.com wss://*.doofinder.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.hipay.com wss://mpsnare.iesnare.com ekr.zdassets.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'self' 'report-sample' https://static.mycasavi.com 'sha256-HqcrltV/add35ktFKnghPtUZD86xFk2tNSOVuSxlxZI=' 'sha256-nP0EI9B9ad8IoFUti2q7EQBabcE5MS5v0nkvRfUbYnM=' https://cdn.eu.pendo.io https://pendo-eu-static.storage.googleapis.com https://pendo-eu-static-5744612903485440.storage.googleapis.com https://app.intercom.io https://widget.intercom.io/ https://js.intercomcdn.com https://browser.sentry-cdn.com https://widget.moin.ai https://cdn.crowdin.com https://crowdin.com https://cdn-a.cumul.io https://static.hotjar.com https://script.hotjar.com https://maps.googleapis.com https://cdn.jsdelivr.net https://agent.b4u-cloud.de 'nonce-GYGDzwz5Qr/bEosIlFxYqQ==';worker-src 'self' blob: https://static.mycasavi.com;report-uri /csp-report;base-uri 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none' 1
font-src fonts.googleapis.com fonts.gstatic.com *.googleapis.com *.gstatic.com data: cdnjs.cloudflare.com cloud.tagbox.com *.cloudflare.com https://fonts.gstatic.com *.slant.co *.tagbox.com *.taggbox.com *.typekit.net 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.authorize.net *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.authorize.net 'self'; frame-src bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.youtube-nocookie.com www.google.com challenges.cloudflare.com *.cloudflare.com maps.googleapis.com maps.gstatic.com *.pinterest.com *.snapchat.com *.tagbox.com *.taggbox.com *.twitter.com www.googletagmanager.com www.youtube.com *.googleapis.com *.google.com *.weltpixel.com *.authorize.net 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com https://images.unsplash.com maps.googleapis.com maps.gstatic.com *.gstatic.com *.googleapis.com cdn.jsdelivr.net cdnjs.cloudflare.com *.cloudflare.com fonts.googleapis.com plant.gertens.com plants.gertens.com *.qscaping.com *.snapchat.com *.tagbox.com *.taggbox.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.hsforms.net *.hsforms.com 'self' data: *.facebook.com *.reddit.com data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://maps.googleapis.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.gstatic.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js www.google.com/recaptcha/ www.gstatic.com/recaptcha/ challenges.cloudflare.com apis.google.com cdn.jsdelivr.net cloud.tagbox.com *.cloudflare.com s.pinimg.com *.pinterest.com *.shipperhq.com sc-static.net *.snapchat.com *.tagbox.com *.taggbox.com analytics.tiktok.com *.twitter.com www.google.com www.gstatic.com assets.shipperhq.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.authorize.net *.hsforms.net *.hsforms.com *.google.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net *.redditstatic.com *.reddit.com unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com cdn.jsdelivr.net cdnjs.cloudflare.com cloud.tagbox.com *.cloudflare.com https://fonts.googleapis.com maps.googleapis.com maps.gstatic.com static.klaviyo.com *.tagbox.com *.taggbox.com *.typekit.net assets.shipperhq.com https://static.klaviyo.com *.googleapis.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com vimeo.com https://maps.googleapis.com https://player.vimeo.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.cloudflare.com *.facebook.com *.klaviyo.com *.pinterest.com *.snapchat.com *.tagbox.com *.taggbox.com *.tiktok.com www.google.com rms.shipperhq.com https://rms.shipperhq.com wss://rms.shipperhq.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.authorize.net ovs.shipperhq.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com *.facebook.net *.redditstatic.com *.reddit.com *.doubleclick.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-fKEsjT4bdYZb2SKu1IK3kA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
img-src https://higherlogicdownload.s3.amazonaws.com/UNIFORMLAWS/ https://cdn.jsdelivr.net/jquery.slick/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/UNIFORMLAWS/ https://img.youtube.com/vi/ https://d2x5ku95bkycr3.cloudfront.net https://higherlogiclongterm.s3.amazonaws.com/UNIFORMLAWS/ https://d132x6oi8ychic.cloudfront.net 'self'; style-src https://d132x6oi8ychic.cloudfront.net 'unsafe-inline' https://higherlogiccloudfront.s3.amazonaws.com https://cdn.jsdelivr.net/jquery.slick/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://d2x5ku95bkycr3.cloudfront.net/ https://ajax.googleapis.com/ajax/libs/jqueryui/ https://use.fortawesome.com/ https://fonts.googleapis.com/ https://d3uf7shreuzboy.cloudfront.net/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/UNIFORMLAWS/ https://higherlogicdownload.s3.amazonaws.com/UNIFORMLAWS/ https://higherlogiclongterm.s3.amazonaws.com/UNIFORMLAWS/ 'self'; font-src https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://cdn.jsdelivr.net/jquery.slick/ https://higherlogiccloudfront.s3.amazonaws.com https://higherlogicdownload.s3.amazonaws.com/UNIFORMLAWS/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/UNIFORMLAWS/ 'self' https://higherlogiclongterm.s3.amazonaws.com/UNIFORMLAWS/ https://maxcdn.bootstrapcdn.com/font-awesome/ https://d2x5ku95bkycr3.cloudfront.net https://d132x6oi8ychic.cloudfront.net data:; script-src-elem https://www.google.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-ui-1.13.3.min.js https://d3uf7shreuzboy.cloudfront.net/ https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-3.7.1.min.js https://d2x5ku95bkycr3.cloudfront.net/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://www.gstatic.com/recaptcha/ https://static.filestackapi.com/filestack-js/ 'self' https://ajax.aspnetcdn.com/ajax/ 'unsafe-eval' 'unsafe-inline'; media-src https://higherlogiclongterm.s3.amazonaws.com/UNIFORMLAWS/ https://higherlogicdownload.s3.amazonaws.com/UNIFORMLAWS/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/UNIFORMLAWS/ https://higherlogicstream.s3.amazonaws.com/UNIFORMLAWS/ 'self' https://d132x6oi8ychic.cloudfront.net; script-src https://higherlogiclongterm.s3.amazonaws.com/UNIFORMLAWS/ https://higherlogicdownload.s3.amazonaws.com/UNIFORMLAWS/ https://ajax.aspnetcdn.com/ajax/ https://cdn.jsdelivr.net/jquery.slick/ https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-ui-1.13.3.min.js https://d132x6oi8ychic.cloudfront.net https://cdn.informz.net 'unsafe-eval' https://use.fortawesome.com/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/UNIFORMLAWS/ https://cdnjs.cloudflare.com/ajax/libs/prism/ 'unsafe-inline' https://d2x5ku95bkycr3.cloudfront.net/ https://higherlogiccloudfront.s3.amazonaws.com https://static.filestackapi.com https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-3.7.1.min.js https://d3uf7shreuzboy.cloudfront.net/ 'self'; frame-src https://www.google.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://api.connectedcommunity.org/ 'self' https://www.youtube.com/embed/; worker-src 'self'; default-src 'self'; base-uri 'self'; connect-src 'self' https://hl-managedservices.informz.net; frame-ancestors https://*.connectedcommunity.org/ 'self'; object-src 'none'; manifest-src 'self'; 1
font-src maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com www.facebook.com platform.twitter.com *.weltpixel.com www.xtento.com *.fw-cdn.com/20195190/105526.js https://widget.freshworks.com *.freshchat.com googleapis.com *.googleapis.com googletagmanager.com *.googletagmanager.com googlesyndication.com *.googlesyndication.com google.com *.google.com google.co.nz *.google.co.nz doubleclick.net *.doubleclick.net staticcdn.co.nz *.staticcdn.co.nz newrelic.com *.newrelic.com nr-data.net *.nr-data.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com *.gstatic.com www.xtento.com cdn.xtento.com *.fw-cdn.com/20195190/105526.js https://widget.freshworks.com *.freshchat.com googleapis.com *.googleapis.com googletagmanager.com *.googletagmanager.com googlesyndication.com *.googlesyndication.com google.com *.google.com google.co.nz *.google.co.nz doubleclick.net *.doubleclick.net staticcdn.co.nz *.staticcdn.co.nz newrelic.com *.newrelic.com nr-data.net *.nr-data.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com connect.facebook.net twitter.com platform.twitter.com https://www.googletagmanager.com tagmanager.google.com unpkg.com *.maxmind.com www.xtento.com cdn.xtento.com *.fw-cdn.com/20195190/105526.js https://widget.freshworks.com *.freshchat.com googleapis.com *.googleapis.com googlesyndication.com *.googlesyndication.com google.com *.google.com google.co.nz *.google.co.nz doubleclick.net *.doubleclick.net staticcdn.co.nz *.staticcdn.co.nz newrelic.com nr-data.net stripe.com *.stripe.com *.wetanz.com  'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com maxcdn.bootstrapcdn.com tagmanager.google.com *.fw-cdn.com/20195190/105526.js https://widget.freshworks.com *.freshchat.com googletagmanager.com *.googletagmanager.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.google-analytics.com *.mmapiws.com *.fw-cdn.com/20195190/105526.js https://widget.freshworks.com *.freshchat.com googleapis.com *.googleapis.com googletagmanager.com *.googletagmanager.com googlesyndication.com *.googlesyndication.com google.com *.google.com google.co.nz *.google.co.nz doubleclick.net *.doubleclick.net staticcdn.co.nz *.staticcdn.co.nz newrelic.com nr-data.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.ambitojuridico.com www.googletagmanager.com www.google.com code.jquery.com  static.addtoany.com  pautas.legis.com.co prepautas.legis.com.co  js-agent.newrelic.com lablegis.azurewebsites.net js-agent.newrelic.com  use.fontawesome.com www.gstatic.com www.google-analytics.com static.hotjar.com cdn.mouseflow.com snap.licdn.com js.hs-scripts.com connect.facebook.net legislab.legis.com.co www.googleadservices.com crested-timer-310514-default-rtdb.firebaseio.com script.hotjar.com js.hsleadflows.net js.hs-analytics.net js.hscollectedforms.net js.hs-banner.com platform.twitter.com stackpath.bootstrapcdn.com td.doubleclick.net legislab.azurewebsites.net  *.youtube.com legislab.azurewebsites.net lablegis.azurewebsites.net data: www.datos.gov.co cdn.jsdelivr.net; object-src 'self'; style-src 'self' 'unsafe-inline'  'unsafe-eval' https://www.ambitojuridico.com https://ambitojuridico.com use.fontawesome.com lablegis.azurewebsites.net legislab.legis.com.co www.googletagmanager.com www.google.com code.jquery.com  static.addtoany.com  pautas.legis.com.co prepautas.legis.com.co  js-agent.newrelic.com lablegis.azurewebsites.net js-agent.newrelic.com  use.fontawesome.com www.gstatic.com www.google-analytics.com static.hotjar.com cdn.mouseflow.com snap.licdn.com js.hs-scripts.com connect.facebook.net legislab.legis.com.co www.googleadservices.com crested-timer-310514-default-rtdb.firebaseio.com script.hotjar.com js.hsleadflows.net js.hs-analytics.net js.hscollectedforms.net js.hs-banner.com platform.twitter.com stackpath.bootstrapcdn.com td.doubleclick.net legislab.azurewebsites.net *.youtube.com legislab.azurewebsites.net lablegis.azurewebsites.net data: www.datos.gov.co cdn.jsdelivr.net fonts.googleapis.com; img-src 'self' blob:  https://www.ambitojuridico.com cdn2.iconfinder.com is1-ssl.mzstatic.com lh3.googleusercontent.com cdn3.iconfinder.com lablegis.azurewebsites.net px.ads.linkedin.com www.facebook.com googleads.g.doubleclick.net www.linkedin.com track.hubspot.com forms.hsforms.com www.google.com.co data: www.google.com www.google-analytics.com pautas.legis.com.co www.ambitojuridico.com www.googletagmanager.com prepautas.legis.com.co legislab.azurewebsites.net lablegis.azurewebsites.net www.datos.gov.co cdn.jsdelivr.net ambitojuridico.com; media-src 'self'; frame-src 'self' https://www.ambitojuridico.com static.addtoany.com widget.spreaker.com www.googletagmanager.com platform.twitter.com *.youtube.com es.surveymonkey.com https://www.facebook.com/ td.doubleclick.net legislab.azurewebsites.net lablegis.azurewebsites.net www.datos.gov.co cdn.jsdelivr.net https://formulariocontactenos.legis.com.co; frame-ancestors 'self'; child-src 'self'; font-src 'self' https://www.ambitojuridico.com use.fontawesome.com lablegis.azurewebsites.net stackpath.bootstrapcdn.com legislab.azurewebsites.net lablegis.azurewebsites.net data: www.datos.gov.co cdn.jsdelivr.net fonts.gstatic.com; connect-src 'self' https://www.ambitojuridico.com lablegis.azurewebsites.net pautas.legis.com.co bam.nr-data.net www.google.com analytics.google.com www.google-analytics.com px.ads.linkedin.com forms.hscollectedforms.net www.google.com forms.hubspot.com prepautas.legis.com.co legislab.legis.com.co www.google.com stats.g.doubleclick.net www.facebook.com legislab.azurewebsites.net lablegis.azurewebsites.net data: www.datos.gov.co cdn.jsdelivr.net vc.hotjar.io wss:; upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: ; img-src 'self' data: secure.gravatar.com www.gravatar.com; report-uri https://northmemorial.com?gdsih-csp-report; 1
object-src 'none';base-uri 'self';script-src 'nonce-48xvq2aCQoKkTuNN3C44Xg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.klarnacdn.net *.gstatic.com https://fonts.gstatic.com data: *.klevu.com *.phyron.com *.flixcar.com *.flixfacts.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.klarna.com *.klevu.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com https://briqpay.test *.briqpay.com *.klarna.com *.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.hotjar.com *.klarnaservices.com *.ingrid.com *.klarnaevt.com *.dibspayment.eu 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.klarna.com *.klarnaevt.com *.klarnacdn.net https://*.google.com *.gstatic.com https://*.googleapis.com https://*.googleusercontent.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.adnxs.com *.omtrdc.net *.bing.com *.cloudflare.com *.cookiebot.com *.elongroup.se *.elon.se elon.se *.facebook.com *.googleadservices.com *.google-analytics.com *.google.se *.googletagmanager.com *.googleapis.com *.imbox.io *.klevu.com *.klarnaservices.com *.phyron.com *.vaimo.net *.ytimg.com *.pricerunner.se *.flixcar.com *.flixfacts.com *.flix360.com *.flix360.io *.jwpsrv.com *.jwplayer.com *.uc.se *.prisjakt.no *.googlesyndication.com *.where-to-buy.co *.clarity.ms *.doubleclick.net *.dialogtrail.com *.lemonpi.io *.facebook.net *.reddit.com *.elon.no *.wistia.com *.videoly.co https://where-to-buy.co data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://briqpay.test *.briqpay.com *.klarna.com *.klarnacdn.net *.klarnaservices.com *.google.com *.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.adnxs.com *.bing.com *.clarity.ms *.cookiebot.com *.depict.ai *.elongroup.se *.facebook.net *.googletagmanager.com *.googleapis.com *.hotjar.com *.imbox.io *.klevu.com *.myvisitors.se *.oribi.io *.pertento.ai *.phyron.com *.pinimg.com *.pinterest.com *.testfreaks.com *.charpstar.net *.flixfacts.com *.loadbee.com *.flix360.io *.flixcar.com *.unpkg.com *.dialogtrail.com *.adform.net *.elon.se *.cloudfront.net *.videoly.co *.scaleflex.it *.redditstatic.com *.voyado.com https://unpkg.com *.ingrid.com *.klarnaevt.com https://www.elon.se 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; style-src *.adobe.com *.klarnacdn.net https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com unsafe-inline assets.braintreegateway.com *.depict.ai *.dibspayment.eu *.googleapis.com *.gstatic.com *.klevu.com *.phyron.com *.flixcar.com https://www.elon.se 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.phyron.com *.flixcar.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com https://ipinfo.io *.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com *.adnxs.com *.demdex.net *.clarity.ms *.cookiebot.com *.depict.ai *.dibspayment.eu *.google-analytics.com *.g.doubleclick.net *.hotjar.com *.hotjar.io *.klarnauserservices.com *.ksearchnet.com *.pertento.ai *.phyron.com *.pinterest.com *.sentry.io security-hub.vaimo.network *.apptus.cloud *.iconify.design *.dialogtrail.com *.flix360.io *.charpstar.net *.loadbee.com *.flixcar.com *.googlesyndication.com *.elon.no *.bing.com *.facebook.com *.reddit.com *.unisvg.com wss://ws.depict.ai wss://headless.dialogtrail.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.googleapis.com *.gstatic.com data: d19ayerf5ehaab.cloudfront.net *.reviews.io *.reviews.co.uk *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com www.huffy.com www.huffy.ca www.huffy.co.uk www.buzzbicycles.com www.batchbicycles.com www.batchbicycles.ca www.ninerbikes.com www.ninerbikes.eu www.ninerbikes.co.uk s3.lightboxcdn.com apps.bazaarvoice.com cdnjs.cloudflare.com assets.reviews.io data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com api.bazaarvoice.com stg.api.bazaarvoice.com https://plumrocket.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.reviews.io *.reviews.co.uk *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.certcapture.com *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com *.certcapture.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com https://plumrocket.com *.weltpixel.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.reviews.io *.reviews.co.uk *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com td.doubleclick.net 12403326.fls.doubleclick.net js.stripe.com m.stripe.network *.googletagmanager.com *.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net widgets.automizely.com widgets.automizely.io *.gstatic.com *.googleapis.com https://images.unsplash.com *.certcapture.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com maps.googleapis.com maps.gstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.cloudfront.net *.reviews.io *.reviews.co.uk www.huffy.com www.huffy.ca www.huffy.co.uk www.buzzbicycles.com www.batchbicycles.com www.batchbicycles.ca www.ninerbikes.com www.ninerbikes.eu www.ninerbikes.co.uk photos-us.bazaarvoice.com www.lightboxcdn.com s3.lightboxcdn.com bat.bing.com adservice.google.com guarantee-cdn.com https://p.veritone-ce.com *.facebook.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.com *.clarity.ms *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com *.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com player.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com ajax.googleapis.com fonts.googleapis.com widgets.automizely.com widgets.automizely.io *.googleapis.com *.gstatic.com https://maps.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.certcapture.com https://developer.adobe.com https://magento.com https://cdn.avmws.com/ http://cdn.avmws.com/ apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com *.googletagmanager.com maps.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.reviews.io *.reviews.co.uk *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com www.huffy.com www.huffy.ca www.huffy.co.uk www.buzzbicycles.com www.batchbicycles.com www.batchbicycles.ca www.ninerbikes.com www.ninerbikes.eu www.ninerbikes.co.uk guarantee-cdn.com js.stripe.com cdn.avmws.com bat.bing.com cdn.evgnet.com acsbapp.com script.crazyegg.com api.lightboxcdn.com www.lightboxcdn.com www.clarity.ms js-agent.newrelic.com ssl.avmws.com s3.amazonaws.com cdn.attn.tv dx.mountain.com px.mountain.com shop.pe shopper.shop.pe app.shop.pe buzz.attn.tv d2mjzob2nc713b.cloudfront.net addshoppers.s3.amazonaws.com 52.22.50.55 events.attentivemobile.com widget.reviews.io widget.reviews.co.uk rum-static.pingdom.net static.hotjar.com cdn.livesession.io https://534009336.collect.igodigital.com *.googleadservices.com *.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.clarity.ms unpkg.com *.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com widgets.automizely.com widgets.automizely.io *.certcapture.com display.ugc.bazaarvoice.com unsafe-inline assets.braintreegateway.com d19ayerf5ehaab.cloudfront.net *.reviews.io *.reviews.co.uk *.stripe.network *.stripecdn.com *.amazon.com www.huffy.com www.huffy.ca www.huffy.co.uk www.buzzbicycles.com www.batchbicycles.com www.batchbicycles.ca www.ninerbikes.com www.ninerbikes.eu www.ninerbikes.co.uk www.lightboxcdn.com s3.lightboxcdn.com assets.reviews.io widget.reviews.io cdnjs.cloudflare.com network-a.bazaarvoice.com s3.amazonaws.com *.tagmanager.google.com *.googletagmanager.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.magento-datasolutions.com *.magento-ds.com api.automizely.com api.automizely.io *.googleapis.com https://maps.googleapis.com https://player.vimeo.com *.certcapture.com https://developer.adobe.com https://cdn.avmws.com/ http://cdn.avmws.com/ api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com maps.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com cdn.acsbapp.com script.crazyegg.com adservice.google.com a.clarity.ms www.huffy.com bam.nr-data.net js.stripe.com ppm.stripe.com r.stripe.com m.stripe.com https://*.evergage.com rs.livesession.io api.reviews.co.uk api.reviews.io buzz.attn.tv events.attentivemobile.com app.shop.pe rum-collector-2.pingdom.net *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.clarity.ms *.doubleclick.net *.run.app 'self' 'unsafe-inline'; child-src *.certcapture.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com bat.bing.com www.huffy.com www.huffy.ca www.huffy.co.uk www.buzzbicycles.com www.batchbicycles.com www.batchbicycles.ca www.ninerbikes.com www.ninerbikes.eu www.ninerbikes.co.uk a.clarity.ms bam.nr-data.net www.google.com commerce.adobedc.net network-a.bazaarvoice.com r.stripe.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src https://* 'self' epichttp:;script-src 'nonce-c924466082264b788662cfdd56e0f6cb' https://www.viewmychart.com 'self';img-src https://* 'self' blob: data:;style-src https://www.viewmychart.com 'self' 'unsafe-inline';worker-src 'self' blob:;child-src 'self' blob:;form-action 'self';media-src https://* 'self' blob:; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com data: *.stape.io *.fontawesome.com https://fonts.bunny.net *.development.scalapay.com *.staging.scalapay.com *.integration.scalapay.com *.scalapay.com https://widgets.trustedshops.com world.nerogiardini.it data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * world.nerogiardini.it 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com world.nerogiardini.it 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com *.awin1.com *.zenaps.com *.fls.doubleclick.net *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.stape.io c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * world.nerogiardini.it 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.googleapis.com *.awin1.com *.zenaps.com *.wepowerconnections.com *.feedaty.com magefan.com cm.magefan.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.doubleclick.net *.stape.io https://firebasestorage.googleapis.com intpaye.netsgroup.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.development.scalapay.com *.staging.scalapay.com *.integration.scalapay.com *.scalapay.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com world.nerogiardini.it data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.awin1.com *.dwin1.com *.zenaps.com *.wepowerconnections.com https://the.sciencebehindecommerce.com lantern.roeyecdn.com *.feedaty.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.googletagmanager.com *.doubleclick.net *.stape.io *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.development.scalapay.com *.staging.scalapay.com *.integration.scalapay.com *.scalapay.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com world.nerogiardini.it 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.feedaty.com *.googleapis.com *.googletagmanager.com *.stape.io *.fontawesome.com https://fonts.bunny.net unsafe-inline assets.braintreegateway.com *.development.scalapay.com *.staging.scalapay.com *.integration.scalapay.com *.scalapay.com *.gstatic.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com world.nerogiardini.it 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com world.nerogiardini.it 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.googleapis.com *.wepowerconnections.com https://the.sciencebehindecommerce.com *.feedaty.com *.google-analytics.com *.doubleclick.net *.googlesyndication.com *.stape.io https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.development.scalapay.com *.staging.scalapay.com *.integration.scalapay.com *.scalapay.com *.gstatic.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site world.nerogiardini.it 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com assets.braintreegateway.com c.paypal.com *.paypal.com world.nerogiardini.it http: https: blob: 'self' 'unsafe-inline'; default-src world.nerogiardini.it 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://nerogiardini.it/scommercereporturi/report/storefront; report-to report-endpoint; 1
default-src https:;                                                 script-src https: 'unsafe-inline' 'unsafe-eval';                                                 style-src https: 'unsafe-inline';                                                 font-src https: data:;                                                 img-src https: data: about: ;                                                 connect-src https: wss: 'self';                                                 worker-src https: blob: 'self'; 1
default-src https:; connect-src https: wss:; font-src https: data:; frame-src https:; img-src https: data:; media-src https:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob:; style-src 'unsafe-inline' https:; report-uri https://www.check24.net/csp-violation-ezmd9dpdxv7nb0ecejb9/ 1
default-src 'none'; child-src 'self' blob:; connect-src 'self' https://*.amazonaws.com https://*.aptrinsic.com https://*.bambora.com https://*.cloudfront.net https://*.collect.igodigital.com https://*.criteo.com https://*.criteo.net https://*.doubleclick.net https://*.google.com https://*.googleapis.com https://*.heyday.ai https://*.noibu.com https://*.optimizely.com https://*.paypal.com https://*.pinterest.com https://*.services.visualstudio.com https://*.siteimprove.com https://*.siteimprove.net https://*.smct.io https://*.tiktok.com https://*.usercentrics.eu https://*.vimeo.com https://bat.bing.com https://maps.gstatic.com https://snapwidget.com https://ws1.postescanada-canadapost.ca https://www.facebook.com https://www.google-analytics.com https://www.google.com.vn wss://input.noibu.com/pv_part; font-src 'self' data: https://*.cloudfront.net https://*.episerver.net https://fonts.gstatic.com; frame-ancestors 'self'; frame-src 'self' data: https://*.bambora.com https://*.bikinivillage.com/ https://*.cardinalcommerce.com https://*.cdn.optimizely.com https://*.cloudfront.net https://*.criteo.com https://*.criteo.net https://*.doubleclick.net https://*.episerver.net https://*.heyday.ai https://*.paypal.com https://*.pinterest.com https://*.siteimprove.com https://*.siteimprove.net https://*.smct.io https://*.tiktok.com https://*.vimeo.com https://authentication.cardinalcommerce.com https://snapwidget.com https://v2-sim.preprod.psp-solutions.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com; img-src 'self' data: https: https://*.bambora.com https://*.collect.igodigital.com https://*.criteo.com https://*.dmxleo.com https://*.doubleclick.net https://*.episerver.net https://*.google.com https://*.googleapis.com https://*.heyday.ai https://*.paypal.com https://*.pinterest.com https://*.siteimprove.com https://*.siteimprove.net https://*.smct.io https://*.tiktok.com https://*.usercentrics.eu https://*.vimeo.com https://ads-engagement.presage.io https://authentication.cardinalcommerce.com https://bat.bing.com https://events.smct.co https://maps.gstatic.com https://s.pinimg.com https://secure.quantserve.com https://tag.rmp.rakuten.com https://track.linksynergy.com https://ws1.postescanada-canadapost.ca https://www.facebook.com https://www.google.com.vn https://www.googletagmanager.com https://www.paypalobjects.com; media-src 'self' https://scontent.cdninstagram.com; script-src-elem 'self' 'unsafe-inline' https://*.aptrinsic.com https://*.bambora.com https://*.bikinivillage.com/ https://*.collect.igodigital.com https://*.criteo.com https://*.doubleclick.net https://*.episerver.net https://*.google.com https://*.googleapis.com https://*.heyday.ai https://*.monitor.azure.com https://*.noibu.com https://*.optimizely.com https://*.paypal.com https://*.pinterest.com https://*.quantcount.com https://*.siteimprove.com https://*.siteimprove.net https://*.smct.io https://*.tiktok.com https://*.usercentrics.eu https://*.vimeo.com https://ads-engagement.presage.io https://authentication.cardinalcommerce.com https://bat.bing.com https://cdn.datatables.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://code.jquery.com https://connect.facebook.net https://maps.gstatic.com https://maxcdn.bootstrapcdn.com https://maxcdn.bootstrapcdn.com/bootstrap https://s.pinimg.com https://secure.quantserve.com https://smct.co https://snapwidget.com https://tag.rmp.rakuten.com https://unpkg.com https://ws1.postescanada-canadapost.ca https://www.facebook.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.bikinivillage.com/ https://*.noibu.com https://snapwidget.com https://ws1.postescanada-canadapost.ca; style-src-elem 'self' 'unsafe-inline' https://*.aptrinsic.com https://*.bambora.com https://*.criteo.com https://*.doubleclick.net https://*.episerver.net https://*.google.com https://*.googleapis.com https://*.heyday.ai https://*.noibu.com https://*.paypal.com https://*.pinterest.com https://*.siteimprove.com https://*.siteimprove.net https://*.smct.io https://*.tiktok.com https://*.usercentrics.eu https://*.vimeo.com https://authentication.cardinalcommerce.com https://bat.bing.com https://cdn.datatables.net https://cdn.jsdelivr.net https://code.jquery.com https://maps.gstatic.com https://maxcdn.bootstrapcdn.com https://maxcdn.bootstrapcdn.com/bootstrap https://s.pinimg.com https://secure.quantserve.com https://snapwidget.com https://tag.rmp.rakuten.com https://ws1.postescanada-canadapost.ca https://www.facebook.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com; style-src 'self' 'unsafe-inline' https://*.noibu.com https://snapwidget.com https://ws1.postescanada-canadapost.ca; script-src-attr 'unsafe-inline' https://*.bikinivillage.com/; style-src-attr 'unsafe-inline'; worker-src blob:; 1
default-src *; img-src https:; frame-src 'none' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' www.resellerratings.com www.paypal.com cdn.attn.tv s.yimg.com static.klaviyo.com cdn-tp4.mozu.com/27977-44902/ t.contentsquare.net ajax.googleapis.com www.googleadservices.com bat.bing.com www.google.com www.googletagmanager.com live-chat.chatbotize.com d2gh7vqn9p1ieu.cloudfront.net www.res-x.com resources.xg4ken.com polaris.truevaultcdn.com pay.google.com www.paypalobjects.com challenges.cloudflare.com googleads.g.doubleclick.net cdn.sift.com www.google-analytics.com www.mczbf.com acsbapp.com s3-us-west-2.amazonaws.com maps.googleapis.com www.clarity.ms static-tracking.klaviyo.com b-code.liadm.com sv.calendars.com edge1.certona.net services.xg4ken.com connect.facebook.net se.monetate.net cdn-tp4.mozu.com cdn.equalweb.com access.equalweb.com; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=0SK8EX.g7vvnaC_1tUO_2Ul7z2YDVZQWdvPXaH2QrwQ-1752202784-1.0.1.1-ph9hBnd9bRXE8zi6j6cAhd0E5NHh1t8Ev0CJAa7rjMlCIGvVOGnOAY4GLS33ZH6KG2hzOQsu8SRBPhAZ1kgFRoG6xjDa_B5Y9.W0BLvGOS7PndWANmSOTdD8pyrOhSoKYBOsLRcZOTU7ahw3gwOm9YRBR7_zTtn1whulp5r.ZQx_yKGJOXoya96fEXQqN_KIKU992xK6Jqo9aGwRMewn8Q; report-to cf-sbxcnfjxgcljoyrl 1
report-uri https://events.mercadolibre.com/csp/reports?identifier=qvBBmEdztc3BYFJDe1xydTjRL2zXPiNewuw4gpYPPLCy0NLEvJWwvjS26VvEAw9T-q_5BRMCw6epUg==&policy_id=76&user_id=&request_id=39f981b3-da03-45c6-8abd-3cd41a445514; report-to csp-endpoint; frame-ancestors 'self' 1
font-src *.googleapis.com *.gstatic.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com cloud.taggbox.com stackpath.bootstrapcdn.com cdn.userway.org cloud.tagshop.ai cdn.tagshop.ai 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.authorize.net 'self' 'unsafe-inline'; frame-ancestors *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com accounts.accessibe.com mossberg.app.box.com *.taggbox.com platform.twitter.com td.doubleclick.net cdn.userway.org *.authorize.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io camo.githubusercontent.com *.googleapis.com *.gstatic.com https://firebasestorage.googleapis.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com web1.acsbapp.com maps.gstatic.com *.ggpht.com resources.mossberg.com cdn.taggbox.com cdn.userway.org api.delivrabl.net aorta.clickagy.com cloud.tagshop.ai idsync.rlcdn.com c.clarity.ms c.bing.com aa.agkn.com d.agkn.com us-u.openx.net cm.g.doubleclick.net *.liadm.com track.hubspot.com forms.hsforms.com *.hsforms.net *.hsforms.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com *.youtube.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com *.avada.io *.shopify.com connect.facebook.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com acsbapp.com *.acsbapp.com cdn.userway.org cdn.userconsent.org maps.googleapis.com api.pinterest.com *.taggbox.com web.taggshop.io kit.fontawesome.com widget.tagshop.ai cloud.tagshop.ai platform.twitter.com tags.clickagy.com www.clarity.ms static.cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net *.authorize.net *.hsforms.net *.hsforms.com *.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com web.taggshop.io cloud.taggbox.com cdn.userway.org widget.tagshop.ai cloud.tagshop.ai cdn.tagshop.ai *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com cdn.tagshop.ai 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com https://get.geojs.io *.avada.io *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net cdn.acsbapp.com api.userway.org cdn.userway.org *.userway.org maps.googleapis.com graph.facebook.com api.taggbox.com resources.mossberg.com *.doubleclick.net api.ipdata.co web.taggshop.io widget.tagshop.ai aorta.clickagy.com hemsync.clickagy.com i.clarity.ms forms.hubspot.com *.authorize.net t.elasticsuite.io *.hsforms.net *.hsforms.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.mossberg.com; report-to report-endpoint; 1
font-src *.typekit.net static.sensefuel.live fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com 'self'; frame-src player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ bid.g.doubleclick.net *.youtube-nocookie.com *.issuu.com *.doubleclick.net *.facebook.com *.google.com *.pinterest.com *.tiktok.com t.weba.be consentcdn.cookiebot.com widget.trustpilot.com www.googletagmanager.com *.vectary.com *.multisafepay.com https://pay.google.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: *.vimeocdn.com i.ytimg.com *.youtube.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com https://images.unsplash.com maps.gstatic.com maps.googleapis.com *.bing.com *.bing.net *.convertexperiments.com *.doubleclick.net *.facebook.com *.facebook.net *.google.com *.googleapis.com *.krxd.net *.pinimg.com *.pinterest.com *.squeezely.tech *.tiktok.com google.com squeezely.tech imgsct.cookiebot.com *.usercentrics.eu comcluster.cxense.com *.perfecta.be cdn.flbx.io *.cloudfront.net *.multisafepay.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com https://maps.googleapis.com maps.googleapis.com *.bing.com *.convertexperiments.com *.doubleclick.net *.facebook.net *.google.com *.googleapis.com *.mediahuis.be *.pinimg.com *.pinterest.com *.tiktok.com squeezely.tech consent.cookiebot.com consentcdn.cookiebot.com cdn.cxense.com t.weba.be *.clarity.ms widget.trustpilot.com tag.search.sensefuel.live *.perfecta.be *.vectary.com *.getflowbox.com *.multisafepay.com https://pay.google.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.typekit.net *.googleapis.com *.mailchimp.com tag.search.sensefuel.live *.perfecta.be *.multisafepay.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.flbx.io 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.newrelic.com *.nr-data.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com https://maps.googleapis.com https://player.vimeo.com maps.googleapis.com *.bing.com *.bing.net *.convertexperiments.com *.doubleclick.net *.facebook.com *.google.com *.googleapis.com *.pinterest.com *.tiktok.com google.com squeezely.tech consentcdn.cookiebot.com *.clarity.ms t.weba.be widget.trustpilot.com *.googlesyndication.com www.google.com *.search.sensefuel.live *.perfecta.be *.getflowbox.com *.multisafepay.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://eed84d46-fdcb-4bb2-a18d-eb417ef43ca6.sansec.watch/; report-to report-endpoint; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com *.adobe.com *.adobedtm.com *.cardinalcommerce.com *.ccdc02.com *.jsdelivr.net unpkg.com *.kapturecrm.com *.wizzy.ai *.gozayaan.com *.googletagmanager.com *.supabase.co *.hotjar.com swopstore.com script.google.com *.facebook.net *.matomo.cloud *.soch.com *.bing.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.adobedtm.com *.cardinalcommerce.com *.ccdc02.com *.jsdelivr.net unpkg.com *.kapturecrm.com *.wizzy.ai *.gozayaan.com *.googletagmanager.com *.supabase.co *.hotjar.com swopstore.com script.google.com *.facebook.net *.matomo.cloud *.soch.com *.bing.com api.razorpay.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com * 'self' 'unsafe-inline'; img-src *.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.googleapis.com *.adtrafficquality.google *.clarity.ms *.cardinalcommerce.com *.ccdc02.com *.jsdelivr.net unpkg.com *.kapturecrm.com *.wizzy.ai *.gozayaan.com *.googletagmanager.com *.supabase.co *.hotjar.com swopstore.com script.google.com *.facebook.net *.matomo.cloud *.soch.com *.bing.com cdn.razorpay.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net assets.adobedtm.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net *.commerce-payment-services.com *.magento-ds.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.magento-datasolutions.com *.googleapis.com *.gstatic.com *.lightwidget.com *.artfut.com *.adtrafficquality.google *.googlesyndication.com s3-ap-southeast-1.amazonaws.com *.cloudflare.com *.clarity.ms *.vimeo.com *.mxpnl.com *.bing.com *.cardinalcommerce.com *.ccdc02.com *.jsdelivr.net unpkg.com *.kapturecrm.com *.wizzy.ai *.gozayaan.com *.googletagmanager.com *.supabase.co *.hotjar.com swopstore.com script.google.com *.facebook.net *.matomo.cloud *.soch.com cdn.jsdelivr.net checkout.razorpay.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.adobedtm.com *.cardinalcommerce.com *.ccdc02.com *.jsdelivr.net unpkg.com *.kapturecrm.com *.wizzy.ai *.gozayaan.com *.googletagmanager.com *.supabase.co *.hotjar.com swopstore.com script.google.com *.facebook.net *.matomo.cloud *.soch.com *.bing.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.snplow.net commerce.adobedc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net *.sentry.io www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.paypal.com google.com *.google.com *.magento-datasolutions.com *.magento-ds.com *.googleapis.com *.onedirect.in *.adtrafficquality.google *.clarity.ms *.mixpanel.com *.adobe.com *.adobedtm.com *.cardinalcommerce.com *.ccdc02.com *.jsdelivr.net unpkg.com *.kapturecrm.com *.wizzy.ai *.gozayaan.com *.googletagmanager.com *.supabase.co *.hotjar.com swopstore.com script.google.com *.facebook.net *.matomo.cloud *.soch.com *.bing.com lumberjack.razorpay.com lumberjack-metrics.razorpay.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com wss://sockets.wizzy.ai *.wizsearch.in wss://sockets.wizsearch.in 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
upgrade-insecure-requests; report-to www.uoh.cl; report-uri www.uoh.cl; 1
frame-ancestors 'self'; report-uri https://www.townsvillebulletin.com.au/csp-reports 1
font-src fonts.gstatic.com *.fontawesome.com https://geowidget.easypack24.net *.cloudflare.com *.gstatic.com *.googleapis.com *.thulium.com mediataranko.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com sandbox.przelewy24.pl secure.przelewy24.pl https://www.facebook.com/tr/ 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com pay.google.com *.dpd.com.pl *.poczta-polska.pl *.creativecdn.com *.doubleclick.net *.pinterest.com td.doubleclick.net *.thulium.com *.cookiebot.com *.salesmanago.pl *.googletagmanager.com *.easypack24.net *.inpost-group.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.salesmanago.pl *.salesmanago.es *.salesmanago.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com static.przelewy24.pl www.gstatic.com gstatic.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org *.cloudflare.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.analytics.google.com *.google.com *.g.doubleclick.net ad.doubleclick.net *.paypal.com *.ytimg.com *.eficads.net *.adensemble.com https://conversionlabs.net.pl *.google.pl *.pinterest.com ade.googlesyndication.com *.cookiebot.com *.bing.com *.adnxs.com *.clarity.ms cdn-test.online mediataranko.com *.creativecdn.com https://maps.googleapis.com https://khms0.googleapis.com https://khms1.googleapis.com https://lh3.ggpht.com https://maps.gstatic.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.ampproject.org raw.githubusercontent.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com s7.addthis.com *.avada.io sandbox.przelewy24.pl secure.przelewy24.pl pay.google.com sandbox-global-geowidget-sdk.easypack24.net geowidget.inpost-group.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org *.cloudflare.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.googleadservices.com *.google.com *.gstatic.com *.fontawesome.com *.poczta-polska.pl *.clickonometrics.pl *.eficads.net *.adensemble.com *.pinimg.com *.tmtarget.com *.cookiebot.com *.azureedge.net *.ar-mtch1.com *.thulium.com *.bing.com *.creativecdn.com *.clarity.ms *.pinterest.com cdn-test.online *.ecdp.cloud mediataranko.com https://code.jquery.com https://maps.googleapis.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com sandbox-global-geowidget-sdk.easypack24.net geowidget.inpost-group.com https://geowidget.easypack24.net *.cloudflare.com *.googleapis.com *.gstatic.com cdn-test.online mediataranko.com https://getbootstrap.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://geowidget.easypack24.net *.thulium.com cdn-test.online mediataranko.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com cdn.ampproject.org *.salesmanago.pl *.salesmanago.es *.salesmanago.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com ekr.zdassets.com/ https://get.geojs.io *.avada.io sandbox.przelewy24.pl secure.przelewy24.pl wss://sandbox-ws.przelewy24.pl wss://secure-ws.przelewy24.pl apple-pay-gateway.apple.com *.easypack24.net *.inpost.pl *.openstreetmap.org *.cloudflare.com *.paypal.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.doubleclick.net *.g.doubleclick.net *.google.com *.pinterest.com *.googlesyndication.com *.cookiebot.com *.ar-mtch1.com *.thulium.com wss://chat-proxy-service.thulium.com *.clarity.ms *.creativecdn.com cdn-test.online *.ecdp.cloud *.bing.com mediataranko.com https://maps.googleapis.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src *.salesmanago.pl *.salesmanago.es *.salesmanago.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src  https://console.googletagservices.com/pubconsole/loaders.js 'unsafe-inline' 'self' https://payments.salesforce.com/ https://stats.g.doubleclick.net https://checkoutshopper-test.adyen.com/ https://pal-test.adyen.com https://preferences.truste.com https://googleads.g.doubleclick.net https://checkoutshopper-live.adyen.com/ https://cdn.content.aws-prod1-useast1.aws.sfdc.cl/ https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.1.1/webfonts/fa-solid-900.woff2 https://cdn.evgnet.com/ https://*.onetrust.com https://cdn.evgnet.com https://www.facebook.com/groups https://www.youtube.com https://securepubads.g.doubleclick.net/ https://pay.google.com https://www.gstatic.com/recaptcha/ https://uip.canary.lwc.dev https://cdn.content.aws-dev2-uswest2.aws.sfdc.cl/ https://generalmills.us-4.evergage.com blob: https://www.googletagmanager.com/gtag/js https://www.google.com/recaptcha/ https://cdn.cookielaw.org/ https://js.stripe.com/ https://cdn.pdst.fm/ https://preferences-mgr.trustarc.com/ https://www.googletagmanager.com import: https://www.google-analytics.com *.salesforce.com https://www.paypal.com/sdk/js 'report-sample' https://service.force.com/embeddedservice/ 'unsafe-eval'; report-to sfdc-csp-ep; report-uri https://gmibboxtopstrial2020.lightning.force.com/_/ContentDomainCSPNoAuth?tenantId=00D5Y0000024od9&networkId=0DM5Y000000OLrC&type=communities 1
default-src 'self' https: data: blob: wss: 'unsafe-eval' 'unsafe-inline'; script-src 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' *.%2A.civiccomputing.com *.civiccomputing.com *.clarity.ms *.cloudflare.com *.googletagmanager.com *.jsdelivr.net *.library.wales; style-src-attr 'unsafe-inline' 'report-sample'; img-src 'self' data: *.ytimg.com *.vimeocdn.com *.youtube.com *.gstatic.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.ad *.google.ae *.google.al *.google.am *.google.as *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cat *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com.af *.google.com.ag *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gr *.google.gy *.google.hn *.google.hr *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kg *.google.ki *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.pn *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vu *.google.ws *.library.wales *.llgc.org.uk *.staticflickr.com *.ticketsource.co.uk fonts.gstatic.com play.google.com syndication.twitter.com translate.google.com; base-uri 'self'; frame-src 'self' *.youtube-nocookie.com *.youtube.com *.vimeo.com *.doubleclick.net *.googletagmanager.com *.google.com *.libanswers.com *.library.wales *.llyfrgell.cymru *.lyfrgell.cymru *.twitter.com div.show hwb.gov.wales sketchfab.com www.canva.com; style-src-elem 'report-sample' 'self' 'unsafe-inline' *.clarity.ms *.fontawesome.com *.libanswers.com *.library.wales connect.facebook.net fonts.googleapis.com; style-src 'self' https: data: blob: wss: *.googleapis.com 'inline' 'report-sample'; connect-src 'self' https: data: blob: wss: *.googleapis.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.google.com *.google.ad *.google.ae *.google.al *.google.am *.google.as *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cat *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com.af *.google.com.ag *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gr *.google.gy *.google.hn *.google.hr *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kg *.google.ki *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.pn *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vu *.google.ws; script-src-elem 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' *.%2A.civiccomputing.com *.civiccomputing.com *.clarity.ms *.cloudflare.com *.googletagmanager.com *.jsdelivr.net *.library.wales *.%2A.v2.scr.kaspersky-labs.com *.flickr.com *.libanswers.com adblockers.opera-mini.net connect.facebook.net s3.amazonaws.com wusote.hirizasune.com; report-uri https://www.library.wales/@http-reporting?csp=report&requestTime=1752199966251258&requestHash=d459d7d42887a980aa7ed69cff4e5c91dba2bb4b 1
default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src https://* 'self' epichttp:;script-src 'nonce-1c546aee0ed54164ad5d2ccb4719e3a6' https://essentiamychart.org 'self';img-src https://* 'self' blob: data:;style-src https://essentiamychart.org 'self' 'unsafe-inline';worker-src 'self' blob:;child-src 'self' blob:;form-action https://central.mychart.org/MyChart/ 'self';media-src https://* 'self' blob:; 1
object-src 'none'; script-src-attr 'self'; script-src-elem 'self' https://analytics.clickdimensions.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; style-src 'self' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; style-src-attr 'self' 1
img-src https://higherlogicdownload.s3.amazonaws.com/ACCA/ https://cdn.jsdelivr.net/jquery.slick/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/ACCA/ https://img.youtube.com/vi/ https://d2x5ku95bkycr3.cloudfront.net https://higherlogiclongterm.s3.amazonaws.com/ACCA/ https://d132x6oi8ychic.cloudfront.net 'self'; style-src https://d132x6oi8ychic.cloudfront.net 'unsafe-inline' https://higherlogiccloudfront.s3.amazonaws.com https://cdn.jsdelivr.net/jquery.slick/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://d2x5ku95bkycr3.cloudfront.net/ https://ajax.googleapis.com/ajax/libs/jqueryui/ https://use.fortawesome.com/ https://fonts.googleapis.com/ https://d3uf7shreuzboy.cloudfront.net/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/ACCA/ https://higherlogicdownload.s3.amazonaws.com/ACCA/ https://higherlogiclongterm.s3.amazonaws.com/ACCA/ 'self'; font-src https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://cdn.jsdelivr.net/jquery.slick/ https://higherlogiccloudfront.s3.amazonaws.com https://higherlogicdownload.s3.amazonaws.com/ACCA/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/ACCA/ 'self' https://higherlogiclongterm.s3.amazonaws.com/ACCA/ https://maxcdn.bootstrapcdn.com/font-awesome/ https://d2x5ku95bkycr3.cloudfront.net https://d132x6oi8ychic.cloudfront.net data:; script-src-elem https://www.google.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-ui-1.13.3.min.js https://d3uf7shreuzboy.cloudfront.net/ https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-3.7.1.min.js https://d2x5ku95bkycr3.cloudfront.net/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://www.gstatic.com/recaptcha/ https://static.filestackapi.com/filestack-js/ 'self' https://ajax.aspnetcdn.com/ajax/ 'unsafe-eval' 'unsafe-inline'; media-src https://higherlogiclongterm.s3.amazonaws.com/ACCA/ https://higherlogicdownload.s3.amazonaws.com/ACCA/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/ACCA/ https://higherlogicstream.s3.amazonaws.com/ACCA/ 'self' https://d132x6oi8ychic.cloudfront.net; script-src https://higherlogiclongterm.s3.amazonaws.com/ACCA/ https://higherlogicdownload.s3.amazonaws.com/ACCA/ https://ajax.aspnetcdn.com/ajax/ https://cdn.jsdelivr.net/jquery.slick/ https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-ui-1.13.3.min.js https://d132x6oi8ychic.cloudfront.net https://cdn.informz.net 'unsafe-eval' https://use.fortawesome.com/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/ACCA/ https://cdnjs.cloudflare.com/ajax/libs/prism/ 'unsafe-inline' https://d2x5ku95bkycr3.cloudfront.net/ https://higherlogiccloudfront.s3.amazonaws.com https://static.filestackapi.com https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-3.7.1.min.js https://d3uf7shreuzboy.cloudfront.net/ 'self'; frame-src https://www.google.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://api.connectedcommunity.org/ 'self' https://www.youtube.com/embed/; worker-src 'self'; default-src 'self'; base-uri 'self'; connect-src 'self' https://hl-managedservices.informz.net; frame-ancestors https://*.connectedcommunity.org/ 'self'; object-src 'none'; manifest-src 'self'; 1
font-src sw-assets.ekomiapps.de *.contentbird-convert.com https://www.gstatic.com https://fonts.gstatic.com https://secure.tpay.com https://secure.sandbox.tpay.com https://tpay.com *.fontawesome.com https://geowidget.easypack24.net https://static.unzer.com https://applepay.cdn-apple.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src secure.authorize.net test.authorize.net *.usercentrics.eu td.doubleclick.net *.pinterest.com *.criteo.com www.sovendus-connect.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.awin1.com *.zenaps.com *.fls.doubleclick.net https://www.googletagmanager.com/ https://www.google.com https://secure.tpay.com https://secure.sandbox.tpay.com https://tpay.com https://geowidget-app.inpost.pl/ https://payment.unzer.com https://payment.heidelpay.com https://sbx-payment.heidelpay.com https://sbx-payment.unzer.com https://h.online-metrix.net https://google.com/pay https://pay.google.com/ https://test-heidelpay.hpcgw.net/ https://sbx-api.heidelpay.com/ 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: *.josera.de *.foodforplanet.de *.trbo.com sw-assets.ekomiapps.de *.usercentrics.eu www.google.de *.analytics.google.com bat.bing.com *.g.doubleclick.net ib.adnxs.com region1.google-analytics.com rtb-csync.smartadserver.com a.twiago.com sync-t1.taboola.com pixel.quantserve.com ad.360yield.com sync.1rx.io *.criteo.com sync.targeting.unrulymedia.com *.wepowerconnections.com lantern.roeye.com *.contilla.de *.contentbird-convert.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.awin1.com *.zenaps.com https://ssl.ceneo.pl http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.googletagmanager.com https://secure.tpay.com https://secure.sandbox.tpay.com https://tpay.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org https://static.unzer.com *.online-metrix.net https://www.gstatic.com data: 'self' 'unsafe-inline'; script-src secure.authorize.net test.authorize.net 'unsafe-inline' foodf11123.pcapredict.com *.trbo.com *.usercentrics.eu cdn.jsdelivr.net tierspuren.online *.upsellit.com *.cptrack.de lantern.roeyecdn.com *.brandswap.com brandswaptag.azureedge.net api.contester.net sw-assets.ekomiapps.de s.pinimg.com bat.bing.com *.facebook.net *.criteo.com *.criteo.net googleads.g.doubleclick.net www.clarity.ms secure.quantserve.com ad4m.at *.pinterest.com rules.quantcount.com *.sovendus.com *.contilla.de *.contentbird-convert.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.awin1.com *.dwin1.com *.zenaps.com *.wepowerconnections.com https://the.sciencebehindecommerce.com https://ssl.ceneo.pl widget.freshworks.com m2epro.freshdesk.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ https://www.google.com https://www.gstatic.com s7.addthis.com *.snrbox.com https://secure.tpay.com https://secure.sandbox.tpay.com https://tpay.com *.avada.io https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org https://static.unzer.com https://applepay.cdn-apple.com https://pay.google.com https://code.jquery.com https://h.online-metrix.net https://h64.online-metrix.net https://www.dwin1.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src sw-assets.ekomiapps.de *.contentbird-convert.com widget.freshworks.com m2epro.freshdesk.com *.snrcdn.net https://secure.tpay.com https://secure.sandbox.tpay.com https://tpay.com *.fontawesome.com https://geowidget.easypack24.net https://geowidget.inpost.pl 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://geowidget.easypack24.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.josera.de tierspuren.online region1.google-analytics.com tagapi.brandswap.com sw-assets.ekomiapps.de *.usercentrics.eu www.google.com *.analytics.google.com *.googlesyndication.com googleads.g.doubleclick.net *.pinterest.com *.criteo.com *.clarity.ms *.sovendus.com *.googletagmanager.com bat.bing.com www.google.de *.contentbird-convert.com www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.wepowerconnections.com https://the.sciencebehindecommerce.com widget.freshworks.com m2epro.freshdesk.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ ekr.zdassets.com/ *.snrbox.com https://secure.tpay.com https://secure.sandbox.tpay.com https://tpay.com api.addressy.com https://get.geojs.io *.avada.io *.easypack24.net *.inpost.pl *.openstreetmap.org https://api.unzer.com https://api.heidelpay.com https://sbx-api.heidelpay.com https://sbx-api.unzer.com https://payment.unzer.com https://payment.heidelpay.com https://sbx-payment.heidelpay.com https://sbx-payment.unzer.com https://h.online-metrix.net https://h64.online-metrix.net https://google.com/pay https://www.google.com/pay https://pay.google.com https://test-heidelpay.hpcgw.net/ https://sbx-api.heidelpay.com/ 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none'; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.jsdelivr.net cdnjs.cloudflare.com unpkg.com cdn3.theuaelottery.ae cdn3.uat-uaenl.ae www.gstatic.com;report-uri https://muddy-meadow-fb56.swang-203.workers.dev/csp-report 1
base-uri 'self'; frame-src 'self' cookiejar.mondly.com www.facebook.com optimize.google.com bid.g.doubleclick.net secure.livechatinc.com www.googletagmanager.com 7f075c3104c14b369e4245a534bf1142.pages.ubembed.com secure.2checkout.com 2pay-js.2checkout.com; frame-ancestors 'self' *.mondly.com; font-src 'self' data: d37sy4vufic209.cloudfront.net fonts.gstatic.com; img-src 'self' data: https://* *.optimonk.com; media-src 'self' d37sy4vufic209.cloudfront.net d13tz37rv54ob.cloudfront.net; style-src 'self' 'unsafe-inline' d37sy4vufic209.cloudfront.net optimize.google.com fonts.googleapis.com tagmanager.google.com *.optimonk.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' d37sy4vufic209.cloudfront.net www.google.com connect.facebook.net cdn.livechatinc.com api.livechatinc.com optimize.google.com tagmanager.google.com secure.livechatinc.com www.googletagmanager.com www.googleadservices.com www.google-analytics.com ssl.google-analytics.com googleads.g.doubleclick.net 7f075c3104c14b369e4245a534bf1142.js.ubembed.com analytics.tiktok.com assets.ubembed.com cdn.cookielaw.org www.googleoptimize.com static.ads-twitter.com www.clarity.ms secure.2checkout.com 2pay-js.2checkout.com *.optimonk.com web-sdk-cdn.singular.net 1
img-src https://higherlogicdownload.s3.amazonaws.com/NSBA/ https://cdn.jsdelivr.net/jquery.slick/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/NSBA/ https://img.youtube.com/vi/ https://d2x5ku95bkycr3.cloudfront.net https://higherlogiclongterm.s3.amazonaws.com/NSBA/ https://d132x6oi8ychic.cloudfront.net 'self'; style-src https://d132x6oi8ychic.cloudfront.net 'unsafe-inline' https://higherlogiccloudfront.s3.amazonaws.com https://cdn.jsdelivr.net/jquery.slick/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://d2x5ku95bkycr3.cloudfront.net/ https://ajax.googleapis.com/ajax/libs/jqueryui/ https://use.fortawesome.com/ https://fonts.googleapis.com/ https://d3uf7shreuzboy.cloudfront.net/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/NSBA/ https://higherlogicdownload.s3.amazonaws.com/NSBA/ https://higherlogiclongterm.s3.amazonaws.com/NSBA/ 'self'; font-src https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://cdn.jsdelivr.net/jquery.slick/ https://higherlogiccloudfront.s3.amazonaws.com https://higherlogicdownload.s3.amazonaws.com/NSBA/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/NSBA/ 'self' https://higherlogiclongterm.s3.amazonaws.com/NSBA/ https://maxcdn.bootstrapcdn.com/font-awesome/ https://d2x5ku95bkycr3.cloudfront.net https://d132x6oi8ychic.cloudfront.net data:; script-src-elem https://www.google.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-ui-1.13.3.min.js https://d3uf7shreuzboy.cloudfront.net/ https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-3.7.1.min.js https://d2x5ku95bkycr3.cloudfront.net/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://www.gstatic.com/recaptcha/ https://static.filestackapi.com/filestack-js/ 'self' https://ajax.aspnetcdn.com/ajax/ 'unsafe-eval' 'unsafe-inline'; media-src https://higherlogiclongterm.s3.amazonaws.com/NSBA/ https://higherlogicdownload.s3.amazonaws.com/NSBA/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/NSBA/ https://higherlogicstream.s3.amazonaws.com/NSBA/ 'self' https://d132x6oi8ychic.cloudfront.net; script-src https://higherlogiclongterm.s3.amazonaws.com/NSBA/ https://higherlogicdownload.s3.amazonaws.com/NSBA/ https://ajax.aspnetcdn.com/ajax/ https://cdn.jsdelivr.net/jquery.slick/ https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-ui-1.13.3.min.js https://d132x6oi8ychic.cloudfront.net https://cdn.informz.net 'unsafe-eval' https://use.fortawesome.com/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/NSBA/ https://cdnjs.cloudflare.com/ajax/libs/prism/ 'unsafe-inline' https://d2x5ku95bkycr3.cloudfront.net/ https://higherlogiccloudfront.s3.amazonaws.com https://static.filestackapi.com https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-3.7.1.min.js https://d3uf7shreuzboy.cloudfront.net/ 'self'; frame-src https://www.google.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://api.connectedcommunity.org/ 'self' https://www.youtube.com/embed/; worker-src 'self'; default-src 'self'; base-uri 'self'; connect-src 'self' https://hl-managedservices.informz.net; frame-ancestors https://*.connectedcommunity.org/ 'self'; object-src 'none'; manifest-src 'self'; 1
font-src https://fonts.gstatic.com *.klevu.com *.ksearchnet.com fonts.gstatic.com blog.vintageking.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.syfpos.com *.facebook.com blog.vintageking.com 'self' 'unsafe-inline'; frame-ancestors blog.vintageking.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.affirm.com *.affirm.ca c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * syf.demdex.net *.syfpos.com *.syf.com *.weltpixel.com www.xtento.com https://www.googletagmanager.com/ *.wesupply.xyz https://wesupplylabs.com guarantee-cdn.com *.googletagmanager.com *.doubleclick.net https://*.online-metrix.net https://imgs.signifyd.com blog.vintageking.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com *.affirm.com *.affirm.ca https://helloextend-static-assets.s3.amazonaws.com validate.fishpig.co.uk https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.syfpos.com *.syf.com analytics.synchrony.com *.d1.sc.omtrdc.net www.xtento.com cdn.xtento.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.klevu.com *.ksearchnet.com guarantee-cdn.com *.gstatic.com *.facebook.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com https://imgs.signifyd.com https://*.online-metrix.net blog.vintageking.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.affirm.com *.affirm.ca https://*.helloextend.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.syfpos.com analytics.synchrony.com *.mysynchrony.com https://*.leadmanagerfx.com https://*.marketingcloudfx.com www.xtento.com cdn.xtento.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.klevu.com *.ksearchnet.com *.cloudflare.com guarantee-cdn.com *.googletagmanager.com *.googleadservices.com *.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.clarity.ms *.klaviyo.com unpkg.com *.doubleclick.net https://cdn-scripts.signifyd.com https://imgs.signifyd.com blog.vintageking.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://fonts.googleapis.com https://static.klaviyo.com unsafe-inline assets.braintreegateway.com *.syfpos.com *.klevu.com *.ksearchnet.com *.tagmanager.google.com *.googletagmanager.com fonts.googleapis.com blog.vintageking.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ blog.vintageking.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.affirm.com *.affirm.ca https://*.helloextend.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.syfpos.com *.syf.com *.d1.sc.omtrdc.net https://*.leadmanagerfx.com https://*.marketingcloudfx.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.klevu.com *.ksearchnet.com *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.doubleclick.net *.run.app https://imgs.signifyd.com blog.vintageking.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com blog.vintageking.com http: https: blob: 'self' 'unsafe-inline'; default-src blog.vintageking.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.userway.org *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ bid.g.doubleclick.net *.braintreegateway.com *.paypal.com google.com *.google.com *.livechatinc.com *.userway.org www.googletagmanager.com js.mollie.com webservices.purolator.com devwebservices.purolator.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.paypal.com *.typekit.net *.gstatic.com https://images.unsplash.com *.userway.org *.automann.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com https://firebasestorage.googleapis.com https://www.mollie.com *.pixriot.com *.storeimaging.com data: 'self' 'unsafe-inline'; style-src *.adobe.com fonts.googleapis.com *.userway.org *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; connect-src *.clarity.ms dpm.demdex.net amcglobal.sc.omtrdc.net *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adobe.io performance.typekit.net *.sentry.io www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.paypal.com google.com *.google.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io https://maps.googleapis.com https://player.vimeo.com *.userway.org *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net https://get.geojs.io *.avada.io webservices.purolator.com devwebservices.purolator.com *.pixriot.com *.storeimaging.com 'self' 'unsafe-inline'; script-src *.clarity.ms *.cloudfront.net assets.adobedtm.com *.adobe.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.typekit.net google.com *.google.com *.cdn-apple.com https://cdn.jsdelivr.net/ https://maps.googleapis.com browser-update.org *.userway.org *.livechatinc.com connect.facebook.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.avada.io js.mollie.com 'self' 'unsafe-inline' 'unsafe-eval'; 1
default-src data: blob: https: 'unsafe-eval' 'unsafe-inline'; object-src 'none';worker-src 'self' https://dev.visualwebsiteoptimizer.com/ blob: data:;  1
default-src 'self';  script-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://cdnjs.cloudflare.com https://static.addtoany.com;  style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://use.typekit.net https://p.typekit.net https://fonts.bunny.net;  img-src 'self' https://wpassets.ncwit.org https://www.google-analytics.com https://secure.gravatar.com data:;  font-src 'self' https://fonts.gstatic.com https://use.typekit.net https://fonts.bunny.net data:;  connect-src 'self' https://analytics.google.com;  frame-src 'self' https://www.youtube.com https://static.addtoany.com https://www.google.com https://academic-alliance-memberships.softr.app https://ncwit-workforce-members.softr.app;  object-src 'none'; 1
object-src 'none';base-uri 'self';script-src 'nonce-0YEY5VQRyPXRPJq-8_HQCg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src *; script-src 'self' 'unsafe-inline' https:; style-src 'self' 'unsafe-inline' https: data: blob:; img-src 'self' https: data:; connect-src *; font-src 'self' https: data:; media-src 'self' https: data:; report-uri *; child-src *; form-action * *.simplesat.io; frame-ancestors *; object-src *; frame-src *; worker-src *; manifest-src *; navigate-to *; base-uri * 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com 'self' data: ubuy.syf.com buy.syf.com svcs.syf.com usvcs.syf.com www.b2bcreditservices.com iwww.b2bcreditservices.com use.fontawesome.com *.googleapis.com https://*.hotjar.com https://*.hotjar.io https://apps.bazaarvoice.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com api.bazaarvoice.com stg.api.bazaarvoice.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.syfpos.com www.facebook.com *.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * syf.demdex.net *.syfpos.com *.syf.com ubuy.syf.com buy.syf.com svcs.syf.com usvcs.syf.com www.b2bcreditservices.com iwww.b2bcreditservices.com e.issuu.com www.youtube.com youtube.com woobox.com www.woobox.com facebook.com www.facebook.com instagram.com www.instagram.com s7.addthis.com assets.pinterest.com ecwportal.vertexsmb.com *.hotjar.com *.hotjar.io *.paypalobjects.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.syfpos.com *.syf.com analytics.synchrony.com *.d1.sc.omtrdc.net *.mysynchrony.com https://redchamps.com *.hsforms.net *.hsforms.com 'self' data: *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com www.addthis.com buy.syf.com svcs.syf.com usvcs.syf.com www.b2bcreditservices.com iwww.b2bcreditservices.com log.pinterest.com www.facebook.com *.googleadservices.com www.google.pl *.familyfarmandhome.com https://*.hotjar.com https://*.hotjar.io data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.syfpos.com analytics.synchrony.com *.mysynchrony.com *.syf.com *.tiqcdn.com *.hsforms.net *.hsforms.com *.gstatic.com *.googletagmanager.com tagmanager.google.com https://chimpstatic.com ubuy.syf.com buy.syf.com svcs.syf.com usvcs.syf.com www.b2bcreditservices.com iwww.b2bcreditservices.com js-agent.newrelic.com bam.nr-data.net woobox.com www.woobox.com s7.addthis.com m.addthis.com v1.addthisedge.com assets.pinterest.com ecwportal.vertexsmb.com connect.facebook.net freegeoip.app api.ipbase.com *.google-analytics.com *.hotjar.com *.hotjar.io widgets.syfpayments.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com display.ugc.bazaarvoice.com downloads.mailchimp.com assets.braintreegateway.com *.syfpos.com *.googleapis.com *.gstatic.com tagmanager.google.com fonts.google.com ubuy.syf.com buy.syf.com svcs.syf.com usvcs.syf.com www.b2bcreditservices.com iwww.b2bcreditservices.com use.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.syfpos.com *.syf.com *.d1.sc.omtrdc.net t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com ubuy.syf.com buy.syf.com svcs.syf.com usvcs.syf.com www.b2bcreditservices.com iwww.b2bcreditservices.com js-agent.newrelic.com bam.nr-data.net s7.addthis.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com wss://*.hotjar.io https://*.doubleclick.net *.connect.facebook.net *.facebook.com www.google.pl www.google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'nonce-2mlvJq8R8BfyxvuLX9MxNA==' *.google-analytics.com *.googlesyndication.com *.gstatic.com *.youtube.com *.fontawesome.com *.googletagmanager.com *.trustpilot.com; script-src 'strict-dynamic' 'unsafe-eval' 'nonce-2mlvJq8R8BfyxvuLX9MxNA==' *.unpkg.com *.addtoany.com *.trustpilot.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com *.jsdelivr.net *.vimeo.com *.godaddy.com *.cloudflare.com *.google-analytics.com; style-src 'unsafe-inline' 'self' *.jsdelivr.net *.cloudflare.com *.typekit.net https://tagmanager.google.com https://fonts.googleapis.com; connect-src 'self' https://lottie.host/ *.6sense.com *.pingdom.net *.salesloft.com http://ib.adnxs.com https://secure.adnxs.com/ https://pagead2.googlesyndication.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.co.uk *.cookiebot.com *.linkedin.com *.6sc.co; frame-src 'self' 'nonce-2mlvJq8R8BfyxvuLX9MxNA==' *.addtoany.com https://www.googletagmanager.com https://td.doubleclick.net *.youtube.com *.vimeo.com *.google.com *.cookiebot.com *.trustpilot.com *.doubleclick.net; font-src 'self' 'nonce-2mlvJq8R8BfyxvuLX9MxNA==' data: *.jsdelivr.net *.cloudflare.com *.typekit.net *.fontawesome.com https://fonts.gstatic.com; img-src 'self' data: https://www.quartix.com/ https://b.sf-syn.com/ https://www.google.com https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com *.gravatar.com *.google.co.uk *.6sc.co *.facebook.com *.facebook.net *.linkedin.com *.metricool.com *.cookiebot.com; object-src 'nonce-2mlvJq8R8BfyxvuLX9MxNA=='; report-uri /wp-json/aptce-logger/v1/report; 1
default-src 'self' 'unsafe-inline' ajax.googleapis.com cdn.vidyard.com euc-widget.freshworks.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com play.vidyard.com www.google-analytics.com www.googletagmanager.com; script-src 'self' 'unsafe-inline' ajax.googleapis.com euc-widget.freshworks.com www.google-analytics.com www.googletagmanager.com 'unsafe-eval'; script-src-elem 'self' 'unsafe-inline' ajax.googleapis.com kit.fontawesome.com euc-widget.freshworks.com www.d-hosting.nl www.google-analytics.com www.googletagmanager.com; script-src-attr 'unsafe-inline'; style-src 'self' euc-widget.freshworks.com fonts.googleapis.com maxcdn.bootstrapcdn.com 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' euc-widget.freshworks.com fonts.googleapis.com maxcdn.bootstrapcdn.com www.d-hosting.nl; style-src-attr 'unsafe-inline'; img-src 'self' www.d-hosting.nl www.google-analytics.com www.gstatic.com www.googletagmanager.com quickchart.io; font-src 'self' fonts.gstatic.com euc-widget.freshworks.com ka-f.fontawesome.com maxcdn.bootstrapcdn.com; connect-src 'self' euc-widget.freshworks.com www.google-analytics.com ka-f.fontawesome.com; frame-src 'self' www.googletagmanager.com; frame-ancestors 'self'; form-action 'self'; report-uri https://07d95ef832b8e7e3fcc49a07cb322378.report-uri.com/r/d/csp/wizard 1
font-src cdn.jsdelivr.net fonts.gstatic.com *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com https://cdnjs.cloudflare.com *.fontawesome.com *.klarna.com *.klarnacdn.net usizy-media.s3.eu-west-1.amazonaws.com *.alothemes.com *.magepow.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com pay.google.com payments-eu.amazon.com *.amazon.de *.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.adyen.com pay.google.com *.paypal.com *.google.com *.doubleclick.net *.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com * *.klarna.com *.klarnaservices.com *.trustpilot.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com https://flagcdn.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com pay.google.com *.payments-amazon.com *.media-amazon.com *.paypalobjects.com https://images.unsplash.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com cdn.doofinder.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.jsdelivr.net *.ekinsport.com *.klarna.com *.klarnacdn.net *.klarnaevt.com media.usizy.es static.usizy.es https://*.googleapis.com https://maps.gstatic.com *.alothemes.com *.magepow.com data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com cdn.jsdelivr.net *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com cdn.doofinder.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com https://cdnjs.cloudflare.com *.jsdelivr.net https://polyfill-fastly.io https://browser.sentry-cdn.com *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com static.axept.io static.usizy.es media.usizy.es sgtm.ekinsport.com https://*.googleapis.com *.alothemes.com *.magepow.com cdn.brevo.com sibautomation.com *.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src cdn.jsdelivr.net fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.doofinder.com unsafe-inline assets.braintreegateway.com https://fonts.googleapis.com https://cdnjs.cloudflare.com *.fontawesome.com *.jsdelivr.net *.klarna.com *.klarnacdn.net static.usizy.es *.alothemes.com *.magepow.com maxcdn.bootstrapcdn.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.google.com payments-eu.amazon.com *.paypal.com *.getalma.eu *.google-analytics.com *.facebook.com *.facebook.net *.doofinder.com wss://*.doofinder.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com google.com https://*.ingest.sentry.io *.klarnaservices.com *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaevt.com client.axept.io api.axept.io usizy.com media.usizy.es https://*.googleapis.com *.alothemes.com *.magepow.com in-automate.brevo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com/ https://cse.google.com/ https://www.eventbrite.com/ https://apply.ciis.edu https://apply-ciis-edu.cdn.technolutions.net/ https://slate-technolutions-net.cdn.technolutions.net/ https://fw.cdn.technolutions.net/ https://bbox.blackbaudhosting.com/ https://mx.technolutions.net/ https://player.vimeo.com/ https://www.googletagmanager.com/ https://payments.blackbaud.com/ https://www.gstatic.com/ apply.ciis.edu https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://www.google.com/ https://cse.google.com/ https://www.eventbrite.com/ https://apply.ciis.edu https://apply-ciis-edu.cdn.technolutions.net/ https://slate-technolutions-net.cdn.technolutions.net/ https://fw.cdn.technolutions.net/ https://bbox.blackbaudhosting.com/ https://mx.technolutions.net/ https://player.vimeo.com/ https://www.googletagmanager.com/ https://payments.blackbaud.com/ https://www.gstatic.com/ apply.ciis.edu https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; style-src 'self' 'unsafe-inline' https://use.typekit.net/ https://p.typekit.net/ https://www.google.com/ https://www.eventbrite.com/ https://apply.ciis.edu https://apply-ciis-edu.cdn.technolutions.net/ https://slate-technolutions-net.cdn.technolutions.net/ https://fw.cdn.technolutions.net/ https://bbox.blackbaudhosting.com/ https://mx.technolutions.net/ https://player.vimeo.com/ https://www.googletagmanager.com/ https://payments.blackbaud.com/ https://www.gstatic.com/ cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://use.typekit.net; style-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self' https://www.eventbrite.com/ https://apply.ciis.edu https://apply-ciis-edu.cdn.technolutions.net/ https://slate-technolutions-net.cdn.technolutions.net/ https://fw.cdn.technolutions.net/ https://bbox.blackbaudhosting.com/ https://mx.technolutions.net/ https://player.vimeo.com/ https://www.googletagmanager.com/ https://payments.blackbaud.com/ https://www.gstatic.com/ 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report; connect-src https: wss://*.iitrust.lk wss://*.iitrust.ru:* wss://*.sber-solutions.ru 1
font-src maxcdn.bootstrapcdn.com *.gstatic.com https://www.nominette.com https://demo.nominette.nl data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com pay.google.com payments-eu.amazon.com *.amazon.de 'self' 'unsafe-inline'; frame-ancestors *.gstatic.com https://www.nominette.com https://demo.nominette.nl 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com pay.google.com *.paypal.com www.google.com *.hotjar.com *.hotjar.io *.weltpixel.com https://www.nominette.com https://demo.nominette.nl 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com pay.google.com *.payments-amazon.com *.media-amazon.com *.paypalobjects.com maps.gstatic.com maps.googleapis.com *.google.com *.google.be *.googleapis.com *.gstatic.com *.google-analytics.com *.magentocommerce.com *.trustprofile.io bat.bing.com *.facebook.com https://www.nominette.com https://demo.nominette.nl maps.google.com data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com maps.googleapis.com *.google.com www.gstatic.com *.googleapis.com *.newrelic.com *.nr-data.net *.hotjar.com *.hotjar.io *.voyado.com https://www.nominette.com bat.bing.com *.clarity.ms *.realytics.io *.realytics.net connect.facebook.net https://demo.nominette.nl 'self' 'unsafe-inline' 'unsafe-eval'; style-src maxcdn.bootstrapcdn.com *.googleapis.com https://www.nominette.com https://demo.nominette.nl 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.google.com google.com payments-eu.amazon.com *.paypal.com *.google.be *.google-analytics.com *.googleapis.com *.nr-data.net *.g.doubleclick.net *.hotjar.com *.hotjar.io *.voyado.com *.exatom.io bat.bing.com *.clarity.ms *.realytics.io *.stape.cc 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com https://fonts.bunny.net *.adobe.com *.facebook.com *.facebook.net *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.youtube.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://firebasestorage.googleapis.com *.facebook.com *.facebook.net *.fontawesome.com *.googleapis.com *.gstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.adobedtm.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ s7.addthis.com *.avada.io *.facebook.com *.facebook.net *.fontawesome.com *.googleapis.com *.gstatic.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com www.youtube.com player.vimeo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com https://fonts.bunny.net *.facebook.com *.facebook.net *.googleapis.com *.gstatic.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.amazonaws.com *.googleapis.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com ekr.zdassets.com/ https://get.geojs.io *.avada.io *.adobe.com *.facebook.com *.facebook.net *.fontawesome.com *.googleapis.com *.gstatic.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com cdn.plyr.io noembed.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com *.fontawesome.com https://fonts.bunny.net *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com 'self' data: 3efe134ec6.nxcli.io data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.yotpo.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.twitter.com *.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 3efe134ec6.nxcli.io 'self' 'unsafe-inline'; frame-ancestors 3efe134ec6.nxcli.io 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.facebook.com platform.twitter.com *.yotpo.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com *.twitter.com *.facebook.com *.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * www.xtento.com *.weltpixel.com 3efe134ec6.nxcli.io 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com *.yotpo.com https://firebasestorage.googleapis.com connect.facebook.net graph.facebook.com business.facebook.com *.adroll.com *.klarna.com *.googleadservices.com *.google-analytics.com *.google.com *.google.co.uk *.twitter.com *.twimg.com *.ytimg.com *.herokuapp.com *.pooldawg.com *.bing.com *.doubleclick.net *.bidswitch.net *.adnxs.com *.smartadserver.com *.taboola.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com www.xtento.com cdn.xtento.com *.hsforms.net *.hsforms.com *.reddit.com 3efe134ec6.nxcli.io data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.plugins.emarsys.net *.scarabresearch.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.facebook.com twitter.com platform.twitter.com *.yotpo.com *.avada.io *.shopify.com connect.facebook.net graph.facebook.com business.facebook.com d2z0bn1jv8xwtk.cloudfront.net *.adroll.com js-agent.newrelic.com bam.nr-data.net *.klaviyo.com *.googleadservices.com *.gstatic.com *.google-analytics.com *.bing.com *.mountain.com *.criteo.net *.criteo.com *.conversionwax.com *.attn.tv js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com www.xtento.com cdn.xtento.com *.hsforms.net *.hsforms.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net *.redditstatic.com *.reddit.com unpkg.com 3efe134ec6.nxcli.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://static.klaviyo.com *.yotpo.com *.googleapis.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.cloudflare.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu static.ctctcdn.com *.klaviyo.com *.google.com *.googletagmanager.com assets.braintreegateway.com tagmanager.google.com 3efe134ec6.nxcli.io 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 3efe134ec6.nxcli.io 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.scarabresearch.com *.eservice.emarsys.net https://static.klaviyo.com static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.yotpo.com https://get.geojs.io *.avada.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com d.adroll.com bam.nr-data.net *.klaviyo.com *.doubleclick.net *.bing.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com *.facebook.net *.redditstatic.com *.reddit.com 3efe134ec6.nxcli.io 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com 3efe134ec6.nxcli.io http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 3efe134ec6.nxcli.io 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' data: 'unsafe-inline' d.bongo4u.com; script-src 'self' data: 'unsafe-inline' d.bongo4u.com blob: 'unsafe-eval' bongo4u.com *.bongo4u.com *.emerge2.com *.google.com *.gstatic.com *.google-analytics.com *.googleapis.com *.googleusercontent.com *.googleadservices.com *.googletagmanager.com *.facebook.net *.twitter.com *.twimg.com *.youtube.com youtu.be *.ytimg.com *.yahooapis.com *.mailchimp.com *.list-manage.com chimpstatic.com *.ipify.org jsonip.com *.amazonaws.com/downloads.mailchimp.com/ *.jquery.com *.hotjar.com acsbapp.com *.bootstrapcdn.com googleads.g.doubleclick.net *.elfsight.com *.createsend1.com *.roomvo.com; connect-src 'self' data: 'unsafe-inline' d.bongo4u.com comments.emerge2.com util.emerge2.com bongo4u.com *.emerge2.com *.google-analytics.com *.googletagmanager.com *.google.com *.google.ca *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.doubleclick.net *.facebook.com *.hotjar.io *.hotjar.com acsbapp.com *.acsbapp.com *.elfsight.com createsend.com *.ipify.org *.mailchimp.com *.catalog-display.com *.roomvo.com *.opencagedata.com *.googleusercontent.com; frame-src 'self' data: 'unsafe-inline' d.bongo4u.com bongo4u.com *.google.com *.google.ca *.googleapis.com *.googletagmanager.com *.youtube.com *.youtu.be *.facebook.com *.twitter.com *.twimg.com *.instagram.com *.yahoo.com *.catalog-display.com *.shortstack.com *.pgtb.me *.formstack.com *.list-manage.com *.doubleclick.net *.orgill.com *.orgill.ca *.adobe.com *.hotjar.com *.storefrontcloud.io *.roomvo.com *.loom.com; object-src 'self' data: 'unsafe-inline' d.bongo4u.com  blob: *.apple.com *.macromedia.com; img-src 'self' https: data: blob: d.bongo4u.com *.bongo4u.com *.ytimg.com *.orgill.com android-webview-video-poster; media-src 'self' https: data: d.bongo4u.com; style-src 'self' data: 'unsafe-inline' d.bongo4u.com bongo4u.com *.bongo4u.com *.googletagmanager.com *.google.com *.google-analytics.com *.googleapis.com *.googleusercontent.com *.bootstrapcdn.com *.twitter.com *.twimg.com *.mailchimp.com *.cloudflare.com/ajax/libs/; font-src 'self' data: 'unsafe-inline' d.bongo4u.com *.googleapis.com fonts.gstatic.com *.bootstrapcdn.com fonts.cdnfonts.com *.googleusercontent.com *.cloudflare.com/ajax/libs/ *.hotjar.com *.acsbapp.com;  report-uri https://util.emerge2.com/csp_violations_tracker.php; 1
font-src fonts.gstatic.com use.typekit.net *.googleapis.com *.gstatic.com *.klevu.com *.ksearchnet.com *.fontawesome.com *.cloudflare.com *.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cybersource.com *.facebook.com *.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.dotdigital-pages.com *.dotdigital.com webchat.dotdigital.com webchat.staging.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com *.cybersource.com https://www.google.com https://www.facebook.com *.doubleclick.net *.cardinalcommerce.com https://h.online-metrix.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com p.typekit.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.trackedlink.net *.googleapis.com *.gstatic.com *.klevu.com *.ksearchnet.com magefan.com cm.magefan.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.online-metrix.net *.google.com *.google.co.in *.doubleclick.net *.hsforms.com *.hubspot.com *.googletagmanager.com *.nr-data.net https://trains.walthers.com/hubfs/Ma_yJuhneJoly2o2l-flyer_CONs-1.jpg https://cdnjs.cloudflare.com/ajax/libs/tinymce/4.9.6/skins/lightgray/img/trans.gif data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal *.googleapis.com *.gstatic.com webchat.dotdigital.com webchat.staging.dotdigital.com js.klevu.com *.ksearchnet.com *.facebook.net connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.online-metrix.net *.googletagmanager.com *.google.com *.google.co.in *.hs-analytics.net *.hs-scripts.com *.hscollectedforms.net *.hs-banner.com *.hsleadflows.net *.hsadspixel.net *.doubleclick.net *.loyaltylion.net *.klevu.com https://cdn.equalweb.com http://assets.adobedtm.com https://h64.online-metrix.net *.hsforms.net https://js.klevu.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com webchat.dotdigital.com webchat.staging.dotdigital.com *.klevu.com *.ksearchnet.com *.fontawesome.com *.cloudflare.com *.bootstrapcdn.com *.loyaltylion.net https://statsjs.klevu.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.amazonaws.com *.walthers.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com *.adobe.io performance.typekit.net commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.googleapis.com webchat.dotdigital.com webchat.staging.dotdigital.com *.klevu.com *.ksearchnet.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.online-metrix.net *.google.com *.google-analytics.com *.doubleclick.net *.hubspot.com *.hubapi.com *.hs-banner.com *.walthers.com https://cdn.equalweb.com *.loyaltylion.net *.loyaltylion.com https://forms.hscollectedforms.net https://kg668dbov0.execute-api.us-east-1.amazonaws.com *.hsforms.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' farmersinsurance.okta.com *.oktacdn.com; connect-src 'self' farmersinsurance.okta.com farmersinsurance-admin.okta.com *.oktacdn.com *.mixpanel.com *.mapbox.com farmersinsurance.kerberos.okta.com farmersinsurance.mtls.okta.com *.authenticatorlocalprod.com:8769 http://localhost:8769 http://127.0.0.1:8769 *.authenticatorlocalprod.com:65111 http://localhost:65111 http://127.0.0.1:65111 *.authenticatorlocalprod.com:65121 http://localhost:65121 http://127.0.0.1:65121 *.authenticatorlocalprod.com:65131 http://localhost:65131 http://127.0.0.1:65131 *.authenticatorlocalprod.com:65141 http://localhost:65141 http://127.0.0.1:65141 *.authenticatorlocalprod.com:65151 http://localhost:65151 http://127.0.0.1:65151 https://oinmanager.okta.com data: *.ingest.sentry.io; script-src 'unsafe-inline' 'unsafe-eval' 'self' 'report-sample' farmersinsurance.okta.com *.oktacdn.com; style-src 'unsafe-inline' 'self' 'report-sample' farmersinsurance.okta.com *.oktacdn.com; frame-src 'self' farmersinsurance.okta.com farmersinsurance-admin.okta.com login.okta.com *.vidyard.com com-okta-authenticator:; img-src 'self' farmersinsurance.okta.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com *.vidyard.com data: blob:; font-src 'self' farmersinsurance.okta.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self' 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.klevu.com *.ksearchnet.com *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com https://plumrocket.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.dotdigital-pages.com *.dotdigital.com https://plumrocket.com *.iubenda.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com js.mollie.com https://accounts.google.com www.xtento.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: track.goggles4u.info https://track.goggles4u.info www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.trackedlink.net https://images.unsplash.com *.iubenda.com *.klevu.com *.ksearchnet.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.mollie.com www.google.com.ua www.xtento.com cdn.xtento.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal https://maps.googleapis.com *.iubenda.com *.klevu.com *.ksearchnet.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.mollie.com https://accounts.google.com https://www.gstatic.com www.xtento.com cdn.xtento.com *.yotpo.com https://js.klevu.com sst.goggles4u.co.uk https: 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.klevu.com *.ksearchnet.com https://accounts.google.com https://www.gstatic.com *.yotpo.com *.googleapis.com https://statsjs.klevu.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com https://maps.googleapis.com https://player.vimeo.com https://checkout.iwdagency.com *.iubenda.com *.klevu.com *.ksearchnet.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://accounts.google.com *.yotpo.com sst.goggles4u.co.uk https: 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self';                       script-src 'report-sample' 'self' 'unsafe-eval' https://googleads.g.doubleclick.net/pagead/viewthroughconversion/823935011/ https://js.monitor.azure.com/scripts/b/ai.2.min.js https://player.vimeo.com/api/player.js https://www.clarity.ms https://www.googletagmanager.com/gtm.js;                       script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://player.vimeo.com/api/player.js https://f.vimeocdn.com https://googleads.g.doubleclick.net https://snap.licdn.com https://www.clarity.ms https://www.google.com/recaptcha/api.js https://www.googletagmanager.com/gtag/destination https://www.gstatic.com/recaptcha/releases/ https://www.youtube.com/iframe_api https://www.youtube.com/s/player/;                       style-src 'report-sample' 'self' 'unsafe-inline';                       object-src 'none';                       base-uri 'self';                       connect-src 'self' https://eastus-0.in.applicationinsights.azure.com https://*.clarity.ms https://www.google-analytics.com https://www.google.com https://px.ads.linkedin.com https://www.googleadservice.com/pagead;                       font-src 'self';                       frame-src 'self' https://td.doubleclick.net https://www.googletagmanager.com https://ai.appraisalinstitute.org/ https://embed.podcasts.apple.com/ https://player.vimeo.com/ https://www.google.com/ https://www.youtube.com/;                       img-src 'self' data: https://*.appraisalinstitute.org https://dummyimage.com https://placedog.net https://via.placeholder.com https://*.clarity.ms https://www.google.com https://www.googletagmanager.com https://appraisalinstitute-org-authoring-2023.azurewebsites.net https://px.ads.linkedin.com https://*.bing.com;                       manifest-src 'self';                       media-src 'self';                       worker-src 'none';                       frame-ancestors 'self'  https://appraisal-org-local-2023.bluemod.me/ https://appraisal-cms-local-2023.bluemod.me/                        https://appraisal-org-dev-2023.bluemod.us/ https://appraisal-cms-dev-2023.bluemod.us/                       https://appraisal-org-test-2023.bluemod.us/ https://appraisal-cms-test-2023.bluemod.us/                       https://appraisalinstitute-org-authoring-2023.azurewebsites.net/ https://appraisalinstitute-cms-authoring-2023.azurewebsites.net/                       https://www.appraisalinstitute.org/ https://appraisalinstitute-cms-prod-2023.azurewebsites.net/; 1
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: 'unsafe-inline' 'unsafe-eval' data:; report-uri https://www0mansion0review0jp.report-uri.com/r/d/csp/reportOnly; 1
script-src 'nonce-NPoY2DRu9YoCW64TJgYF/g==' 'strict-dynamic' https: 'unsafe-inline' 'report-sample'; base-uri 'none'; report-uri https://events.mercadolibre.com/csp/reports?identifier=uWeqk09P8XJfmcbz3f0uGdxBp7hiPupLDbm-HPYxpKk2HT54Um0hqHvPPSdb_FOBMVTaKhHIgg==&policy_id=13&user_id=&request_id=4d2b4f91-99a6-4a19-a72a-0873b7023e85; report-to csp-endpoint; object-src https://http2.mlstatic.com/ https://mlstaticquic-a.akamaihd.net/ 1
script-src 'nonce-HlkoLPat0M8/qHnmFdO/rA==' 'strict-dynamic' https: 'unsafe-inline' 'report-sample'; base-uri 'none'; report-uri https://events.mercadolibre.com/csp/reports?identifier=uWeqk09P8XJfmcbz3f0uGdxBp7hiPupLDbm-HPYxpKk2HT54Um0hqHvPPSdb_FOBMVTaKhHIgg==&policy_id=13&user_id=&request_id=81a6ff61-cd8e-4636-a7fa-cc41e7dfaae5; report-to csp-endpoint; object-src https://http2.mlstatic.com/ https://mlstaticquic-a.akamaihd.net/ 1
object-src 'none';base-uri 'self';script-src 'nonce-NJqa4yc1sssidcMqDelerQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src * 'unsafe-inline' 'unsafe-eval' data: blob: filesystem:; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.klevu.com *.ksearchnet.com *.cloudflare.com *.googleapis.com *.zopim.com *.tawk.to *.jsdelivr.net media.flixfacts.com 'unsafe-inline' data: *.yotpo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com oppwa.com *.oppwa.com peachpayments.com *.peachpayments.com *.facebook.com webchat.jdg.co.za *.jdg.co.za *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.hana.ondemand.com 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.braintreegateway.com *.paypal.com google.com *.google.com *.dotdigital-pages.com *.dotdigital.com webchat.dotdigital.com webchat.staging.dotdigital.com maps.googleapis.com chart.googleapis.com oppwa.com *.oppwa.com peachpayments.com *.peachpayments.com *.nosto.com *.issuu.com *.hotjar.com *.hotjar.io *.googletagmanager.com *.criteo.net *.criteo.com *.addthis.com *.facebook.com webchat.jdg.co.za *.jdg.co.za *.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com 'unsafe-inline' data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com *.trackedlink.net *.klevu.com *.ksearchnet.com oppwa.com *.oppwa.com *.peachpayments.com *.eu-west-1.amazonaws.com *.cloudflare.com *.google.com *.google.lv *.google.co.za *.google.com.na *.google.na *.zopim.com *.nosto.com *.hotjar.com *.hotjar.io *.googletagmanager.com *.zopim.io *.sfdr.co sfdr.co *.tawk.to tawk.link *.tawk.link *.addthis.com *.jsdelivr.net *.facebook.com *.azurewebsites.net maps.googleapis.com app.mobicredwidget.co.za amcglobal.sc.omtrdc.net media.flixcar.com rt.flix360.com assets.secure.checkout.visa.com mrpg.scene7.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal webchat.dotdigital.com webchat.staging.dotdigital.com js.klevu.com *.ksearchnet.com maps.googleapis.com chart.googleapis.com *.oppwa.com oppwa.com *.peachpayments.com *.zopim.com *.videoly.co sfdr.co *.cnetcontent.com *.cloudfront.net *.klevu.com *.google.lv *.google.co.za *.google.com.na *.google.na *.cloudflare.com *.cloudflareinsights.com *.nosto.com *.hotjar.com *.googletagmanager.com *.criteo.net *.criteo.com *.sfdr.co *.tawk.to *.tawk.link *.jsdelivr.net *.addthis.com *.addthisedge.com *.moatads.com *.mouseflow.com *.facebook.com *.what3words.com commerce.adobedtm.com magento-recs-sdk.adobe.net static.zdassets.com app.mobicredwidget.co.za www.gstatic.com connect.facebook.net bam.nr-data.net js.testfreaks.com media.flixfacts.com media.flixcar.com security-hub.vaimo.network *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com webchat.dotdigital.com webchat.staging.dotdigital.com *.klevu.com *.ksearchnet.com oppwa.com *.oppwa.com *.peachpayments.com *.cloudflare.com *.googleapis.com *.jsdelivr.net www.gstatic.com media.flixcar.com 'unsafe-inline' data: *.yotpo.com https://js.klevu.com 'self' 'unsafe-inline'; object-src maps.googleapis.com chart.googleapis.com 'self' 'unsafe-inline'; media-src *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.klevu.com *.ksearchnet.com maps.googleapis.com chart.googleapis.com oppwa.com *.oppwa.com *.peachpayments.com *.testfreaks.com *.nosto.com *.hotjar.io *.hotjar.com *.doubleclick.net *.zendesk.com *.tawk.to wss://*.tawk.to *.tawk.link *.addthis.com *.addthisedge.com *.what3words.com *.googleapis.com vsb111.tawk.to ekr.zdassets.com api.magento.com commerce.adobedc.net app.mobicredwidget.co.za wss://widget-mediator.zopim.com bam.nr-data.net *.googletagmanager.com security-hub.vaimo.network 'unsafe-eval' data: *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://security-hub.vaimo.network/public/api/content-security-policy.php; report-to report-endpoint; 1
upgrade-insecure-requests; report-uri https://tanp.report-uri.com/r/d/csp/reportOnly 1
font-src fonts.gstatic.com use.typekit.net maxcdn.bootstrapcdn.com * use.fontawesome.com *.yotpo.com *.googleapis.com *.gstatic.com community.blackovis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cardinalcommerce.com *.paypal.com https://plumrocket.com * *.yotpo.com swellrewards.com *.swellrewards.com community.blackovis.com 'self' 'unsafe-inline'; frame-ancestors community.blackovis.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com https://plumrocket.com * *.yotpo.com swellrewards.com *.swellrewards.com *.weltpixel.com https://*.online-metrix.net https://imgs.signifyd.com community.blackovis.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com p.typekit.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.nextopia.net store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com * *.yotpo.com swellrewards.com *.swellrewards.com maps.gstatic.com *.gstatic.com https://imgs.signifyd.com https://*.online-metrix.net community.blackovis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.attn.tv events.attentivemobile.com widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ cdn.nextopia.net *.ecomm-nav.com *.authorize.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com * *.yotpo.com swellrewards.com *.swellrewards.com maps.googleapis.com https://www.googletagmanager.com tagmanager.google.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com community.blackovis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com maxcdn.bootstrapcdn.com cdn.nextopia.net unsafe-inline * *.yotpo.com swellrewards.com *.swellrewards.com tagmanager.google.com *.googleapis.com community.blackovis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com community.blackovis.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com *.adobe.io performance.typekit.net commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com *.sentry.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.attn.tv events.attentivemobile.com widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.nextopia.net *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com * *.yotpo.com swellrewards.com *.swellrewards.com *.google-analytics.com https://imgs.signifyd.com community.blackovis.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com community.blackovis.com http: https: blob: 'self' 'unsafe-inline'; default-src community.blackovis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
img-src *.force.com slack-imgs-mil-dev.com 'self' https://stats.g.doubleclick.net https://img.youtube.com https://payments.salesforce.com/icons/ https://unpkg.com https://login.salesforce.com/icons/ *.my-salesforce-cms.com https://www.gstatic.com *.slack-edge-gov.com *.my-salesforce.com https://google-analytics.com *.cloudinary.com https://www.google.com https://analytics.google.com *.amazonaws.com blob: slack-imgs.com slack-gov-dev.com *.sfdcstatic.com *.twimg.com https://creditkarma1.my.salesforce-scrt.com https://sh-exp-ck.app.intuit.com *.slack.com https://www.paypal.com https://translation.googleapis.com https://help.creditkarma.com *.slack-imgs.com slack-imgs-gov.com https://support.creditkarma.com https://creditkarma1.my.salesforce.com https://i.ytimg.com https://cdn.content.aws-dev2-uswest2.aws.sfdc.cl/icons/ *.salesforce-experience.com https://portal.creditkarma.com https://support.helpcenter.ca https://support.creditkarma.ca slack-imgs-gov-dev.com *.slack-edge.com https://cdn.content.aws-prod1-useast1.aws.sfdc.cl/icons/ https://creditkarma1.my.site.com https://na237.salesforce.com/icons/ slack-mil-dev.com https://www.gstatic.com/recaptcha/ https://accounts.creditkarma.com https://creditkarma1.file.force.com https://td.doubleclick.net https://www.google.com/recaptcha/ *.slack-edge.mil https://www.sandbox.paypal.com https://i.vimeocdn.com https://www.googletagmanager.com https://www.google-analytics.com *.salesforce.com https://*.adyen.com slack-imgs.mil data:; report-to sfdc-csp-ep; report-uri https://creditkarma1.lightning.force.com/_/ContentDomainCSPNoAuth?tenantId=00D1U000000rAl3&networkId=0DM1U000000e6Hq&type=communities 1
base-uri 'self'; child-src 'self'; connect-src 'self' ws: https://*.psychologytools.com https://a.optinmonster.com https://a.omappapi.com https://api.omappapi.com https://checkout.stripe.com https://api.stripe.com https://maps.googleapis.com https://plausible.io; default-src 'self'; font-src 'self' https://fonts.gstatic.com https://*.psychologytools.com https://fonts.bunny.net data:; form-action 'self' https://*.psychologytools.com; frame-src 'self' https://*.psychologytools.com https://checkout.stripe.com https://connect-js.stripe.com https://js.stripe.com https://*.js.stripe.com https://hooks.stripe.com https://www.youtube.com; img-src 'self' data: https://*.psychologytools.com https://psychologytools-com-local.s3.eu-west-1.amazonaws.com https://psychology-tools-dev-files.s3.eu-west-1.amazonaws.com https://media-engine-local-public.s3.eu-west-2.amazonaws.com https://media-engine-local-private.s3.eu-west-2.amazonaws.com https://media-engine-dev-public.s3.eu-west-2.amazonaws.com https://media-engine-staging-public.s3.eu-west-2.amazonaws.com https://media-engine-production-public.s3.eu-west-2.amazonaws.com https://media-engine-production-public.s3.eu-west-2.amazonaws.com https://*.stripe.com https://gravatar.com https://*.cloudfront.net; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src  'nonce-jZrzoCD3H932unDQbxlgPLyAzTnuivII' 'self' 'unsafe-eval' https://*.psychologytools.com https://cdn.jsdelivr.net/npm/sweetalert2@11 https://checkout.stripe.com https://connect-js.stripe.com https://js.stripe.com https://*.js.stripe.com https://maps.googleapis.com; script-src-attr 'self' 'unsafe-inline' https://*.psychologytools.com https://cdn.jsdelivr.net/npm/sweetalert2@11 https://psychologytools-com-local.s3.eu-west-1.amazonaws.com https://media-engine-local-public.s3.eu-west-2.amazonaws.com https://media-engine-local-private.s3.eu-west-2.amazonaws.com https://media-engine-dev-public.s3.eu-west-2.amazonaws.com https://media-engine-staging-public.s3.eu-west-2.amazonaws.com https://media-engine-production-public.s3.eu-west-2.amazonaws.com https://media-engine-production-public.s3.eu-west-2.amazonaws.com; script-src-elem 'self' 'unsafe-inline' https://*.psychologytools.com https://cdn.jsdelivr.net/npm/sweetalert2@11 https://a.omappapi.com https://cdn.jsdelivr.net/npm/choices.js@9.0.1/public/assets/scripts/choices.min.js https://plausible.io; style-src 'self' 'unsafe-inline' https://*.psychologytools.com https://cdn.jsdelivr.net/npm/sweetalert2@11; style-src-attr 'self' 'unsafe-inline' https://*.psychologytools.com https://cdn.jsdelivr.net/npm/sweetalert2@11; style-src-elem 'self' 'unsafe-inline' https://*.psychologytools.com https://fonts.googleapis.com https://cdn.jsdelivr.net/npm/sweetalert2@11 https://a.omappapi.com https://cdn.jsdelivr.net/npm/choices.js@9.0.1/public/assets/styles/choices.min.css https://fonts.bunny.net; 1
default-src 'self' jhnet.okta.com sso.jhnet.com *.oktacdn.com; connect-src 'self' jhnet.okta.com jhnet-admin.okta.com sso.jhnet.com *.oktacdn.com *.mixpanel.com *.mapbox.com jhnet.kerberos.okta.com jhnet.mtls.okta.com https://oinmanager.okta.com data: *.ingest.sentry.io; script-src 'unsafe-inline' 'unsafe-eval' 'self' 'report-sample' jhnet.okta.com sso.jhnet.com *.oktacdn.com; style-src 'unsafe-inline' 'self' 'report-sample' jhnet.okta.com sso.jhnet.com *.oktacdn.com; frame-src 'self' jhnet.okta.com jhnet-admin.okta.com sso.jhnet.com login.okta.com *.vidyard.com; img-src 'self' jhnet.okta.com sso.jhnet.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com *.vidyard.com data: blob:; font-src 'self' jhnet.okta.com sso.jhnet.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self' 1
default-src 'self'; connect-src 'self' https://api-gb.one.network https://apikeys.civiccomputing.com https://cms-chesheast.cloud.contensis.com https://directline.botframework.com  https://powerva.microsoft.com https://region1.google-analytics.com   https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com wss://directline.botframework.com https://www.facebook.com https://tn-prd.geohawk.co.uk https://tnjp-stats.geohawk.co.uk https://public.govdelivery.com; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com https://static.one.network https://tnjplib.mxdata.co.uk https://use.fontawesome.com https://use.typekit.net; form-action 'self'; frame-ancestors 'none'; frame-src 'self' https://api-gb.one.network https://bacas.cheshireeast.gov.uk https://portal-gb.one.network https://ppbacas.cheshireeast.gov.uk https://www.cheshireeasthighways.org https://www.facebook.com https://www.googletagmanager.com https://web.facebook.com https://player.vimeo.com https://eequ.org https://www.youtube-nocookie.com https://m.facebook.com https://public.govdelivery.com; img-src 'self' blob: data: https://csi.gstatic.com https://i.ytimg.com https://fonts.gstatic.com https://api.mapbox.com https://s3-us-west-2.amazonaws.com https://bot-framework.azureedge.net https://content.powerapps.com https://fonts.gstatic.com https://static.one.network https://tnjplib.mxdata.co.uk https://www.google.com https://www.googleadservices.com https://translate.google.com https://www.cheshireeast.gov.uk https://www.google-analytics.com https://www.googletagmanager.com https://widget.wheredoivote.co.uk; object-src data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com https://cc.cdn.civiccomputing.com https://cdn.botframework.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://connect.facebook.net https://one.network https://static.one.network https://tnjplib.mxdata.co.uk https://unpkg.com   https://www.giveasyoulive.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.youtube-nocookie.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://apis.google.com https://ajax.googleapis.com https://cdn.botframework.com https://www.google-analytics.com https://cc.cdn.civiccomputing.com https://connect.facebook.net   https://www.googletagmanager.com https://cdn.jsdelivr.net https://unpkg.com https://widget.wheredoivote.co.uk https://player.vimeo.com https://tnjplib.mxdata.co.uk https://s3.amazonaws.com https://public.govdelivery.com; style-src 'self' 'unsafe-inline' data: https://cdn.jsdelivr.net https://fonts.googleapis.com https://one.network https://p.typekit.net https://tnjplib.mxdata.co.uk https://unpkg.com https://use.fontawesome.com https://use.typekit.net https://www.cheshireeast.gov.uk https://www.gstatic.com https://www.nerdfonts.com https://www.youtube-nocookie.com; media-src blob: data:; worker-src blob:; report-to csp-endpoint; 1
script-src * 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; object-src 'none'; base-uri 'self'; connect-src 'self' https:; font-src 'self' https: data:; frame-src 'self' https:; img-src 'self' https: data:;  manifest-src 'self' https:; media-src 'self'; worker-src 'self'; frame-ancestors 'self'; 1
default-src 'self'; script-src 'self' 'nonce-RandomString123456' https://metaswitch.com https://*.metaswitch.com 'strict-dynamic' 'nonce-Umv0ROhr2AtUCFR9YjNiaA=='; style-src 'self' 'nonce-RandomString123456' https://metaswitch.com https://*.metaswitch.com; img-src 'self' data: https://metaswitch.com https://*.metaswitch.com; font-src 'self' https://metaswitch.com https://*.metaswitch.com; connect-src 'self' https://metaswitch.com https://*.metaswitch.com; frame-src 'self' https://metaswitch.com https://*.metaswitch.com; object-src 'none'; base-uri 'self'; form-action 'self'; report-uri https://770a769bea45352cd46f7e284097b330.report-uri.com/r/d/csp/reportOnly 1
font-src fonts.googleapis.com fonts.gstatic.com https://cdn.checkout.com images.getfastr.com https://www.gstatic.com https://fonts.gstatic.com *.cloudfront.net *.reviews.io *.reviews.co.uk data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.nosto.com *.nos.to *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.reviews.io *.reviews.co.uk 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://js.checkout.com *.klarna.com consentcdn.cookiebot.com consentcdn.cookiebot.eu https://*.cylindo.com/ ls.smct.io td.doubleclick.net d2d7do8qaecbru.cloudfront.net ct.pinterest.com edigitalsurvey.com sst.heals.com https://*.fixtuur.io/ https://*.digitalbridgehq.com blob: intent: https://www.googletagmanager.com/ https://www.google.com *.nosto.com *.nos.to c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.reviews.io *.reviews.co.uk 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io maps.googleapis.com maps.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com imgsct.cookiebot.com imgsct.cookiebot.eu https://*.cylindo.com/ links.imagerelay.com images.getfastr.com gis.goinstore.com bat.bing.com c.az.contentsquare.net www.google.com.ua ad.doubleclick.net adservice.google.com sp.analytics.yahoo.com insight.adsrvr.org assets.reviews.io heals.content.fixtuur.io services.postcodeanywhere.co.uk js.checkout.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.nosto.com *.nos.to www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.cloudfront.net *.reviews.io *.reviews.co.uk data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://cdn.checkout.com *.klarnacdn.net consent.cookiebot.com consent.cookiebot.eu https://*.cylindo.com/ heals-1.store-uk1.advancedcommerce.services cas.zma.gs static.klaviyo.com static-tracking.klaviyo.com gis.goinstore.com sdk.fixtuur.io cdn.shipup.co cdn.usehero.com consentcdn.cookiebot.com s.pinimg.com smct.co t.contentsquare.net bat.bing.com analytics.webgains.io cdn.sub2tech.com assets.gocertify.me js.smct.io js-agent.newrelic.com ct.pinterest.com uk005.sub2tech.com s.yimg.com sm001.sub2tech.com viewer.cylindo.com scripts.sirv.com uk002.sub2tech.com www.google.com static-na.payments-amazon.com www.gstatic.com services.postcodeanywhere.co.uk cdn.checkout.com https://*.fixtuur.io/ https://*.digitalbridgehq.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://www.google.com https://www.gstatic.com *.nosto.com *.nos.to js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.reviews.io *.reviews.co.uk 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://cdn.checkout.com https://*.cylindo.com/ cdn.shipup.co widget.reviews.io assets.reviews.io gis.goinstore.com viewer.cylindo.com scripts.sirv.com js.checkout.com https://static.klaviyo.com *.nosto.com *.nos.to unsafe-inline assets.braintreegateway.com *.cloudfront.net *.reviews.io *.reviews.co.uk 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://js.checkout.com *.klarnaevt.com consentcdn.cookiebot.com consentcdn.cookiebot.eu https://*.cylindo.com/ sst.heals.com cas.zma.gs fast.a.klaviyo.com static-forms.klaviyo.com eu.prd.impact.fixtuur.com ct.pinterest.com ep.smct.co k-eu1.az.contentsquare.net api.usehero.com c.az.contentsquare.net srm.aa.contentsquare.net bam.nr-data.net s.yimg.com adservice.google.com api.reviews.io heals.content.fixtuur.io stats.sirv.com services.postcodeanywhere.co.uk js.checkout.com fpjs.checkout.com risk.checkout.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.nosto.com *.nos.to api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.cloudfront.net *.reviews.io *.reviews.co.uk 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src bat.bing.com k-eu1.az.contentsquare.net c.az.contentsquare.net bam.nr-data.net www.google.com google.com stats.sirv.com heals-1.tracking-uk1.advancedcommerce.services www.paypal.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://349fdf52-472e-46ad-8c8c-5e785e5026a3.sansec.watch/; report-to report-endpoint; 1
object-src 'none';base-uri 'self';script-src 'nonce-hIZfomxuP47FECSaOZPVFQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com https://geowidget.easypack24.net https://secure.tpay.com https://secure.sandbox.tpay.com https://tpay.com https://fonts.gstatic.com https://cdn.thulium.com https://fonts.bunny.net maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com https://www.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com https://geowidget-app.inpost.pl/ https://secure.tpay.com https://secure.sandbox.tpay.com https://tpay.com *.addthis.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com data.imoje.pl *.disqus.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org https://secure.tpay.com https://secure.sandbox.tpay.com https://tpay.com https://cmp.uniconsent.com https://www.google.pl https://www.facebook.com/ https://data.imoje.pl https://imgsct.cookiebot.com https://www.google.nl https://maps.gstatic.com/ *.clarity.ms *.clarity.com https://maps.googleapis.com https://c.bing.com blob: https://cdn.thulium.com https://e24files.com https://firebasestorage.googleapis.com https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com https://maps.googleapis.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js paywall.imoje.pl sandbox.paywall.imoje.pl *.disqus.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org https://secure.tpay.com https://secure.sandbox.tpay.com https://tpay.com *.snrbox.com https://connect.facebook.net https://cmp.uniconsent.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://analytics.tiktok.com *.clarity.ms *.clarity.com https://unpkg.com https://cdn.thulium.com https://browser.sentry-cdn.com *.addthis.com https://z.moatads.com https://v1.addthisedge.com https://cdn.jsdelivr.net *.avada.io cdn.jsdelivr.net js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com https://geowidget.easypack24.net https://geowidget.inpost.pl *.easypack24.net *.inpost.pl https://secure.tpay.com https://secure.sandbox.tpay.com https://tpay.com *.snrcdn.net https://fonts.googleapis.com https://cdn.jsdelivr.net https://fonts.bunny.net cdn.jsdelivr.net maxcdn.bootstrapcdn.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://geowidget.easypack24.net https://cdn.thulium.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net https://region1.analytics.google.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com  https://maps.googleapis.com/ https://player.vimeo.com *.easypack24.net *.inpost.pl *.openstreetmap.org https://secure.tpay.com https://secure.sandbox.tpay.com https://tpay.com *.snrbox.com https://www.sentry.macopedia-dev.pl https://cmp.uniconsent.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://www.google.pl https://www.google.com https://consent.cookiebot.com  https://consentcdn.cookiebot.com https://pagead2.googlesyndication.com https://js-agent.newrelic.com https://googleads.g.doubleclick.net https://analytics.tiktok.com *.clarity.ms *.clarity.com https://cdn.thulium.com wss://chat-proxy-service.thulium.com https://*.ingest.sentry.io https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.googleapis.com *.gstatic.com data: 'self' data: *.doubleclick.net *.facebook.com maxcdn.bootstrapcdn.com https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.google.com *.doubleclick.net *.facebook.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com www.google.com.ua ts.tradetracker.net www.magmodules.eu https://widgets.trustedshops.com https://widgets-qa.trustedshops.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com chimpstatic.com downloads.mailchimp.com *.list-manage.com tm.tradetracker.net https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com gzuvq.sanitairkamer.nl https: 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com downloads.mailchimp.com maxcdn.bootstrapcdn.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site gzuvq.sanitairkamer.nl https: 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://monitor.bigbridgedev.nl/csp; report-to report-endpoint; 1
base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' assets.talentio.com cdn.ravenjs.com widget.intercom.io js.intercomcdn.com www.google-analytics.com analytics.google.com translate.googleapis.com www.googletagmanager.com ; img-src 'self' data: blob: https: http:; child-src 'self' blob:; form-action 'self' www.facebook.com id.talentio.com api-iam.intercom.io ; font-src 'self' data: assets.talentio.com fonts.gstatic.com use.fontawesome.com use.typekit.net fonts.intercomcdn.com ; frame-ancestors 'self'; frame-src 'self' blob: youtube.com *.youtube.com speakerdeck.com *.speakerdeck.com slideshare.net *.slideshare.net twitter.com *.twitter.com note.com *.note.com google.com *.google.com google.co.jp *.google.co.jp facebook.com *.facebook.com backcheck.jp *.backcheck.jp s3.ap-northeast-1.amazonaws.com intercom-sheets.com; manifest-src 'none'; object-src 'self' blob: s3.ap-northeast-1.amazonaws.com; style-src 'self' 'unsafe-inline' assets.talentio.com fonts.googleapis.com use.typekit.net p.typekit.net use.fontawesome.com translate.googleapis.com ; media-src 'none'; worker-src 'self' blob:; connect-src 'self' assets.talentio.com *.sentry.io sentry.io api-iam.intercom.io uploads.intercomcdn.com wss://nexus-websocket-a.intercom.io www.google-analytics.com analytics.google.com s3.ap-northeast-1.amazonaws.com translate.googleapis.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob:; base-uri 'self'; style-src 'self' 'unsafe-inline' *.hotjar.com *.hubspot.com *.hsforms.com *.cookielaw.org *.cloudflare.com cdnjs.cloudflare.com; connect-src 'self' wss://*.hotjar.com *.hotjar.com *.hotjar.io *.google-analytics.com *.google.com google.com *.analytics.google.com *.googletagmanager.com *.doubleclick.net *.hubspot.com *.hubapi.com *.hs-analytics.net *.hsadspixel.net *.usemessages.com *.forms.hsforms.com forms.hsforms.com *.trendemon.com *.trackingapi.trendemon.com *.trinitymedia.ai *.techtarget.com *.trk.techtarget.com *.amazonaws.com *.cookielaw.org *.cdn.cookielaw.org *.ads.linkedin.com *.px.ads.linkedin.com *.licdn.com *.zoominfo.com *.zi-scripts.com *.ws.zoominfo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.doubleclick.net *.hotjar.com *.hubspot.com forms.hsforms.com *.hsforms.com *.hs-scripts.com *.hs-banner.com *.hs-analytics.net *.hsadspixel.net *.hsforms.net *.hsappstatic.net static.hsappstatic.net *.cloudflare.com *.calendly.com calendly.com *.cookielaw.org *.onetrust.com *.linkedin.com *.licdn.com *.twitter.com *.ads-twitter.com t.co *.trinitymedia.ai *.trk.techtarget.com *.techtarget.com *.trendemon.com *.trackingapi.trendemon.com *.zi-scripts.com static.addtoany.com; media-src 'self' *.youtube.com *.mediafly.com *.amazonaws.com *.s3.eu-west-1.amazonaws.com *.wp-marketing-prod-content.s3.eu-west-1.amazonaws.com; img-src 'self' data: blob: *.google-analytics.com *.googletagmanager.com *.google.com *.google.co.il *.doubleclick.net *.googleadservices.com *.hubspot.com *.hsforms.com *.linkedin.com *.twitter.com *.ads-twitter.com *.t.co t.co *.hotjar.com *.amazonaws.com *.s3.eu-west-1.amazonaws.com *.wp-marketing-prod-content.s3.eu-west-1.amazonaws.com *.cookielaw.org *.cdn.cookielaw.org *.trendemon.com *.trackingapi.trendemon.com *.gravatar.com secure.gravatar.com; frame-src 'self' *.youtube.com *.calendly.com *.comeet.co *.comeet.com *.google.com *.googletagmanager.com *.google.co.il *.doubleclick.net *.fls.doubleclick.net *.hubspot.com forms.hsforms.com *.hsforms.com *.outgrow.us *.mediafly.com mediafly.com vs02.mediafly.com; font-src 'self' data: *.hotjar.com; form-action 'self' *.hsforms.com *.hsforms.net *.hubspot.com; 1
report-uri https://www.yelp.com/csp_report_only?id=d4b4d2b812c6602c&page=csp_report_frame_directives%2Cfull_site_ssl_csp_report_directives&policy_hash=41d0c45536d2a082f11d1cd0e00fde7f&site=www&timestamp=1752196345; frame-ancestors 'self' https://*.yelp.com; default-src https:; img-src https: data: blob:; script-src https: data: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline' data:; font-src data: https:; child-src https: yelp-webview://* yelp://* data:; object-src 'none'; worker-src blob: https:; base-uri 'self'; form-action https: 1
default-src 'self';    connect-src 'self'  *.nixonpeabody.com *.nixonpeabody.localhost stats.g.doubleclick.net analytics.google.com region1.analytics.google.com *.typekit.net *.vercel.app *.linkedin.com *.clarity.ms *.bing.com *.onetrust.com *.google.com *.doubleclick.net apps.sitecore.net cdn.cookielaw.org googletagmanager.com www.google-analytics.com www.googleadservices.com snap.licdn.com cdn.pdst.fm pixels.spotify.com youtube.com www.youtube.com player.vimeo.com open.spotify.com vercel.com vercel.live vitals.vercel-insights.com wss://ws-us3.pusher.com www.googletagmanager.com *.google.com *.google.ca *.google.co.uk *.google.com.au *.google.co.in *.google.de *.google.fr *.google.it *.google.es *.google.jp *.google.com.br *.google.co.kr *.google.co.za *.google.com.mx *.google.nl *.google.se *.google.dk *.google.no *.google.ch *.google.be *.google.ie *.google.pl *.google.ro *.google.ru *.google.com.hk *.google.sg *.google.com.tw *.google.co.nz *.google.fi *.google.pt;    script-src 'self'  'unsafe-inline' *.searchstax.com *.clarity.ms cdn.cookielaw.org www.googletagmanager.com tagmanager.google.com snap.licdn.com vercel.live cdn.pdst.fm player.vimeo.com static.searchstax.com *.doubleclick.net;    script-src-elem 'self'  'unsafe-inline' *.searchstax.com *.clarity.ms cdn.cookielaw.org www.googletagmanager.com tagmanager.google.com snap.licdn.com vercel.live cdn.pdst.fm player.vimeo.com static.searchstax.com *.doubleclick.net googleads.g.doubleclick.net;    img-src * data: blob:;    style-src 'self' 'unsafe-inline' *.typekit.net use.typekit.net vercel.live *.googletagmanager.com tagmanager.google.com fonts.googleapis.com;    style-src-elem 'self' 'unsafe-inline' *.typekit.net use.typekit.net vercel.live *.googletagmanager.com tagmanager.google.com fonts.googleapis.com;    object-src 'self' data: blob:;    base-uri 'self';    form-action 'self';    font-src 'self' data: *.typekit.net use.typekit.net vercel.live assets.vercel.com fonts.gstatic.com;    frame-src 'self' vercel.live *.doubleclick.net player.vimeo.com youtube.com www.youtube.com cdn.yoshki.com open.spotify.com www.googletagmanager.com;    frame-ancestors 'none';    upgrade-insecure-requests;    report-to csp-report; 1
report-uri /api/v1/csp/violation; script-src https://*.intercom.io https://js.intercomcdn.com https://www.google-analytics.com 'unsafe-inline' https://optimize.google.com 'self' https://widget.trustpilot.com https://cdn.segment.com https://*.typekit.net https://www.googletagmanager.com https://cdn.mxpnl.com https://*.fullstory.com https://fullstory.com https://connect.facebook.net https://ajax.googleapis.com https://js.stripe.com https://bat.bing.com https://www.googleadservices.com 'unsafe-eval'; plugin-types application/pdf; frame-ancestors 'none'; child-src https://share.intercom.io https://intercom-sheets.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net https://*.doubleclick.net https://js.stripe.com; font-src https://js.intercomcdn.com https://fonts.gstatic.com 'self' https://*.typekit.net; media-src https://js.intercomcdn.com 'self'; base-uri 'none'; connect-src https://*.intercom.io wss://*.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://app.getsentry.com 'self' https://www.google-analytics.com https://*.doubleclick.net https://api.mixpanel.com https://*.fullstory.com https://*.typekit.net https://api.segment.io https://adservice.google.com https://*.launchdarkly.com; form-action 'self'; style-src 'unsafe-inline' https://optimize.google.com https://fonts.googleapis.com 'self' https://*.cloudfront.net https://*.typekit.net; object-src 'self'; default-src 'none'; frame-src https://optimize.google.com https://js.stripe.com https://*.doubleclick.net; img-src https://*.intercomcdn.com https://static.intercomassets.com https://uploads.intercomusercontent.com https://www.google-analytics.com https://optimize.google.com https: data: 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.angusrobertson.com.au; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.secure-afterpay.com.au bam.nr-data.net *.hotjar.com googleads.g.doubleclick.net *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.bing.com *.google.com *.gstatic.com *.forter.com *.visualwebsiteoptimizer.com *.cloudfront.net static.scarabresearch.com cdn.scarabresearch.com apis.google.com *.criteo.com static.criteo.net *.newrelic.com connect.facebook.net platform.twitter.com d.impactradius-event.com *.afterpay.com; connect-src 'self' blob: *.cloudfront.net *.google-analytics.com *.hotjar.io *.nr-data.net stats.g.doubleclick.net *.emarsys.net *.scarabresearch.com *.hotjar.com *.salecycle.com  *.forter.com opentag-stats.qubit.com *.visualwebsiteoptimizer.com recommender.scarabresearch.com angusrobertson.4tqiav.net; img-src 'self' data: *.criteo.net *.google-analytics.com *.google.com *.bing.com *.google.com.au *.pinterest.com *.cloudfront.net *.visualwebsiteoptimizer.com *.facebook.com syndication.twitter.com *.secure-afterpay.com.au *.angusrobertson.com.au *.loggly.com; frame-src 'self' *.cloudfront.net *.angusrobertson.com.au *.google.com platform.twitter.com www.facebook.com staticxx.facebook.com www.youtube.com *.criteo.com *.criteo.net *.hotjar.com *.salecycle.com bid.g.doubleclick.net 1
font-src fonts.gstatic.com use.typekit.net *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.doubleclick.net *.onetrust.com js.mollie.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com p.typekit.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://d1pna5l3xsntoj.cloudfront.net https://helloretailcdn.com https://images.unsplash.com *.ctfassets.net *.arvesta.eu *.google.be *.adnxs.com *.bing.com *.gstatic.com *.googleapis.com *.cookielaw.org *.facebook.com *.clarity.ms *.onetrust.com https://www.mollie.com 'self' data: *.googletagmanager.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com https://core.helloretail.com https://d1pna5l3xsntoj.cloudfront.net https://helloretailcdn.com https://maps.googleapis.com *.hotjar.com *.googleoptimize.com *.bing.com *.facebook.net *.adnxs.com gtmadapter-node-cbjg5cz5hq-ew.a.run.app *.clarity.ms *.googleapis.com *.npmcdn.com *.convertexperiments.com *.cookielaw.org *.onetrust.com js.mollie.com *.google.com *.gstatic.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com https://d1pna5l3xsntoj.cloudfront.net https://helloretailcdn.com *.typekit.net *.npmcdn.com *.googleapis.com *.gstatic.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com *.sentry.io https://core.helloretail.com https://helloretailcdn.com https://maps.googleapis.com https://player.vimeo.com *.cookielaw.org *.doubleclick.net *.clarity.ms gtmadapter-node-cbjg5cz5hq-ew.a.run.app *.googleapis.com *.npmcdn.com *.hotjar.com *.onetrust.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' sunpower.okta.com login.mysunpower.com *.oktacdn.com; connect-src 'self' sunpower.okta.com sunpower-admin.okta.com login.mysunpower.com *.oktacdn.com *.mixpanel.com *.mapbox.com sunpower.kerberos.okta.com sunpower.mtls.okta.com https://oinmanager.okta.com data: *.ingest.sentry.io; script-src 'unsafe-inline' 'unsafe-eval' 'self' 'report-sample' sunpower.okta.com login.mysunpower.com *.oktacdn.com; style-src 'unsafe-inline' 'self' 'report-sample' sunpower.okta.com login.mysunpower.com *.oktacdn.com; frame-src 'self' sunpower.okta.com sunpower-admin.okta.com login.mysunpower.com login.okta.com *.vidyard.com; img-src 'self' sunpower.okta.com login.mysunpower.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com *.vidyard.com data: blob:; font-src 'self' sunpower.okta.com login.mysunpower.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self' https://sds.mysunpower.com https://eddie.mysunpower.com 1
default-src 'self' https://*.zdassets.com https://*.zopim.com https://*.zendesk.com wss://*.zendesk.com wss://*.zopim.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.squarecdn.com https://api.smooch.io/ https://applepay.cdn-apple.com/ https://*.googleadservices.com/ https://assets.braintreegateway.com/web/ https://*.bazaarvoice.com/ https://*.doubleclick.net/ https://storage.googleapis.com/workbox-cdn/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://cfjump.skechers.com.au/ https://cfjump.skechers.co.nz/ https://*.fullstory.com https://www.googletagmanager.com/ https://analytics.tiktok.com https://cdn.unidays.world https://*.truefitcorp.com https://www.paypalobjects.com/api/checkout.min.js https://*.klaviyo.com https://t.cfjump.com/ https://*.zdassets.com https://connect.facebook.net/ https://maps.googleapis.com/ https://dma-cdn.staging.truefitcorp.com/fitrec/dma/js/tracker.js https://js-agent.newrelic.com/ js.datadome.co ct.captcha-delivery.com https://*.adobedtm.com https://*.afterpay.com https://*.demdex.net https://*.forter.com https://dlthst9q2beh8.cloudfront.net https://d2nww8zpyj5pk0.cloudfront.net https://*.google-analytics.com https://*.paypal.com afterpay.com https://foursixty.com https://*.useinsider.com https://*.roymorgan.com https://s.pinimg.com/ct/ https://lantern.roeyecdn.com/lantern_global_cf42725.min.js https://*.adobemc.com https://js-sandbox.squarecdn.com/ api.myunidays.com https://player.vimeo.com/ https://ct.pinterest.com/ ; style-src 'self' 'unsafe-inline' https://display.ugc.bazaarvoice.com/ https://maxcdn.bootstrapcdn.com/font-awesome/ https://*.typekit.net/ https://fonts.googleapis.com/ https://assets.braintreegateway.com/web/dropin/1.43.0/css/dropin.css https://assets.braintreegateway.com/web/dropin/1.16.0/css/dropin.css https://*.adobetm.com https://foursixty.com https://*.adobemc.com https://static.klaviyo.com/onsite/js/ ; img-src data: 'self' https://*.zendesk.com/ https://dpm.demdex.net/ https://www.googleadservices.com/ccm/ https://www.magentocommerce.com/products/media/ https://*.skechers.co.nz/ https://*.skechers.com.au/ https://cm.everesttech.net/cm/dd https://googleads.g.doubleclick.net/ https://ad.doubleclick.net/ https://www.google.com/ccm/ https://www.paypalobjects.com https://www.google.com/ https://www.google.com.au/ https://www.google.co.nz/ https://www.google.com.vn/ https://maps.gstatic.com/mapfiles/ https://scontent.cdninstagram.com/ https://*.afterpay.com/ https://*.accentgra.com https://www.googletagmanager.com/ https://www.facebook.com/ https://*.bazaarvoice.com https://t.paypal.com/ https://duuytoqss3gu4.cloudfront.net/ https://df45ay5pw60dy.cloudfront.net/ https://d3nocrch4qti4v.cloudfront.net/ https://*.google-analytics.com https://*.pinterest.com https://*.tiktok.com https://*.useinsider.com https://maps.googleapis.com/maps/ https://developers.google.com https://*.zopim.io https://*.zdassets.com blob https://amcglobal.sc.omtrdc.net/ https://adservice.google.com https://lantern.roeye.com/ https://i.vimeocdn.com/video/ ; object-src 'none' ; base-uri 'self' ; child-src 'self' ; connect-src 'self' https://analytics.google.com/g/collect https://iq.afterpay.com/us/v1/ https://iq.afterpay-beta.com/us/v1/ https://*.my.sentry.io/ wss://api.smooch.io/ https://*.accentgra.com/ https://www.facebook.com/tr/ https://google.com/ https://www.google.com/ https://collect-ap2.attraqt.io/ https://smetrics.skechers.co.nz/ https://*.fullstory.com https://*.klaviyo.com https://smetrics.skechers.com.au/ https://api-js.datadome.co https://*.adobedc.net https://*.afterpay.com https://*.bazaarvoice.com https://*.braintree-api.com https://*.braintreegateway.com https://*.demdex.net https://*.forter.com https://*.foursixty.com https://google.com/ccm/ https://www.google.com/ccm/ https://*.google-analytics.com https://*.googleapis.com https://*.nr-data.net https://*.paypal.com https://*.truefitcorp.com https://*.zdassets.com https://*.zendesk.com https://*.zopim.com https://accentgroupxpdev.112.2o7.net https://afterpay.com https://analytics.tiktok.com https://facebook.com https://*.roymorgan.com https://foursixty.com https://kleber.datatoolscloud.net.au https://sentry.io https://vimeo.com wss://widget-mediator.zopim.com https://d2o5idwacg3gyw.cloudfront.net https://dz8rit8v72mig.cloudfront.net https://d2lxqodqbpy7c2.cloudfront.net https://d6rak4b14t5gp.cloudfront.net https://d3k4bt74u9esq1.cloudfront.net wss://cdn0.forter.com api.useinsider.com api.myunidays.com https://ct.pinterest.com/stats/ https://ct.pinterest.com/static/ https://ct.pinterest.com/v3/ https://ct.pinterest.com/user/ https://lantern.roeye.com/ https://*.api.useinsider.com ; font-src data: 'self' https://maxcdn.bootstrapcdn.com/font-awesome/ https://fonts.gstatic.com https://*.truefitcorp.com https://*.useinsider.com static.klaviyo.com use.typekit.net ; frame-src 'self' https://www.googletagmanager.com/ geo.captcha-delivery.com https://*.formstack.com https://*.afterpay.com https://*.bazaarvoice.com https://*.demdex.net https://*.doubleclick.net https://*.facebook.com https://*.myunidays.com https://*.omniparcelreturns.com https://*.paypal.com https://*.paypalobjects.com https://*.truefitcorp.com https://*.useinsider.com https://*.vimeo.com https://*.youtu.be https://*.youtube.com https://afterpay.com https://assets.braintreegateway.com https://facebook.com https://foursixty.com https://google.com https://www.google.com/ vimeo.com https://*.pinterest.com ; worker-src 'self' blob: https://*.accentgra.com https://*.skechers.co.nz https://*.skechers.com.au; 1
require-trusted-types-for 'script'; report-uri https://cspreports.skiff.com 1
object-src 'none';base-uri 'self';script-src 'nonce-SPMeracyXX-xZB0SfrA5vw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-5yzgcmKa9K53mNf-AjRYLg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' blob:;script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: https://acc.cdn.dgv.aov.achmea.nl https://cdn.dgv.aov.achmea.nl *.googleadservices.com/* https://acc.cdn.dgv.aov.achmea.nl https://cdn.dgv.aov.achmea.nl https://snap.licdn.com/li.lms-analytics/insight.min.js https://www.google.com/* https://www.google.com https://d35vb5cccm4xzp.cloudfront.net/web-flow-libs/d6825fa30c83898df7774658d746d10c/web-version.min.js d35vb5cccm4xzp.cloudfront.net https://d1mj578wat5n4o.cloudfront.net/sitecore-engage-v.1.4.2.min.js https://api-engage-eu.sitecorecloud.io/v1.2/browser/create.json* https://d1mj578wat5n4o.cloudfront.net/sitecore-engage-v.1.4.2.min.js https://google.nl/pagead/1p-conversion/* *.r42tag.com https://admin.relay42.com analytics.interpolis.nl *.mopinion.com *.interpolis.nl az416426.vo.msecnd.net analytics.twitter.com  www.google-analytics.com static.ads-twitter.com www.googleoptimize.com www.googletagmanager.com *.doubleclick.net *.googleadservices.com https://googleads.g.doubleclick.net opzeggen.nl www.opzeggen.nl cdn.harvest.graindata.com widget.greenonline.nl http://*.hotjar.com https://*.hotjar.com https://js.arcgis.com https://*.hotjar.io http://*.hotjar.io *.pingvp.com tpc.googlesyndication.com *.visualwebsiteoptimizer.com *.youtube.com;script-src-elem https://d35vb5cccm4xzp.cloudfront.net/web-flow-libs/* https://acc.cdn.dgv.aov.achmea.nl https://cdn.dgv.aov.achmea.nl *.googleadservices.com/* www.googletagmanager.com/* https://acc.cdn.dgv.aov.achmea.nl https://cdn.dgv.aov.achmea.nl https://snap.licdn.com/li.lms-analytics/insight.min.js https://www.google.com/* https://admin.relay42.com analytics.interpolis.nl *.mopinion.com *.interpolis.nl *.visualwebsiteoptimizer.com *.youtube.com http://*.hotjar.com https://*.hotjar.com https://js.arcgis.com https://*.hotjar.io http://*.hotjar.io;style-src 'self' 'unsafe-inline' fonts.googleapis.com fast.fonts.net js.arcgis.com widget.greenonline.nl *.pingvp.com *.visualwebsiteoptimizer.com s3.amazonaws.com;img-src 'self' data: https://acc.cdn.dgv.aov.achmea.nl https://cdn.dgv.aov.achmea.nl *.googleadservices.com/* https://www.google.com/* https://px.ads.linkedin.com/ *.openstreetmap.org/ *.pingvp.com *.google-analytics.com www.google.com https://t.co/i/adsct www.googletagmanager.com https://i.ytimg.com/ img.youtube.com services.arcgisonline.com server.arcgisonline.com www.google.nl interpolis.imgix.com js.arcgis.com fls.doubleclick.net interpolis.imgix.net https://script.hotjar.com https://analytics.twitter.com https://ad.doubleclick.net https://googleads.g.doubleclick.net *.visualwebsiteoptimizer.com chart.googleapis.com ;font-src 'self' data: https://acc.cdn.dgv.aov.achmea.nl https://cdn.dgv.aov.achmea.nl *.pingvp.com fonts.gstatic.com js.arcgis.com widget.greenonline.nl https://script.hotjar.com;connect-src 'self' https://www.google.com https://api-engage-eu.sitecorecloud.io https://acc.cdn.dgv.aov.achmea.nl https://cdn.dgv.aov.achmea.nl *.googleadservices.com https://px.ads.linkedin.com em https://api-engage-eu.sitecorecloud.io/v1.2/browser/create.json.* https://pagead2.googlesyndication.com/pagead/landing https://google.nl/pagead/1p-conversion/* *.pingvp.com *.mopinion.com *.interpolis.nl dc.services.visualstudio.com *.google-analytics.com https://www.opzeggen.nl interpolis.imgix.net controle.achmea.consentmonitor.nl https://*.hotjar.io wss://*.hotjar.com services.arcgisonline.com adservice.google.com geocode.arcgis.com https://ad.doubleclick.net *.visualwebsiteoptimizer.com https://www.google.com/pagead/landing https://googleads.g.doubleclick.net/pagead/landing *.coveo.com;media-src 'self' *.pingvp.com *.interpolis.nl;object-src 'self' *.pingvp.com;child-src 'self' *.googleadservices.com *.google.com *.googletagmanager.com blob: t.svtrd.com youtube-nocookie.com www.youtube-nocookie.com *.doubleclick.net *.hotjar.com e.interpolis.nl widgets.bnr.nl www.youtube.com art19.com tpc.googlesyndication.com formulier.interpolis.nl;frame-ancestors 'self' *.googleadservices.com/* www.youtube-nocookie.com youtube-nocookie.com *.doubleclick.net e.interpolis.nl https://vars.hotjar.com tpc.googlesyndication.com *.visualwebsiteoptimizer.com;form-action 'self' t.svtrd.com https://transaction.acceptemail.com *.openstreetmap.org/ https://transaction.accepteasy.com;manifest-src 'self' t.svtrd.com *.interpolis.nl broker.nxtid.nl;report-uri https://interpolis.ams.report-uri.com/r/t/csp/reportOnly;report-to endpoint-csp-violation-report-only; 1
default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src https://* 'self' epichttp:;script-src 'nonce-bc7e338e5244494aa14dc0fdca84c7b7' https://ET1206RPMYCH101 'self';img-src https://* 'self' blob: data:;style-src https://ET1206RPMYCH101 'self' 'unsafe-inline';worker-src 'self' blob:;child-src 'self' blob:;form-action 'self';media-src https://* 'self' blob:; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com static.harveynorman.si static.mage.harvey.optiweb.serv.si media.flixfacts.com media.flixcar.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com https://lapp.leanpay.hr https://app.leanpay.hr https://stage-app.leanpay.si https://app.leanpay.si https://stage-app.leanpay.ro https://vendor.leanpay.ro *.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.weltpixel.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.paypal.com *.typekit.net *.gstatic.com https://firebasestorage.googleapis.com *.harveynorman.si *.harvey.optiweb.serv.si *.cookiebot.com *.doubleclick.net *.criteo.com *.criteo.net www.google.si *.creativecdn.com blob: *.facebook.com *.reddit.com static.youreko.com *.cloudfront.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com media.flixcar.com media.flixfacts.com rt.flix360.com logo.flix360.io data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.commerce-payment-services.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com s7.addthis.com *.avada.io *.segmentify.com cdn.sgmntfy.com api.squalomail.com *.criteo.com *.criteo.net *.googleapis.com cdnjs.cloudflare.com *.hotjar.com *.cookiebot.com *.harveynorman.si *.livechatinc.com *.creativecdn.com www.gstatic.com static.harveynorman.si static.mage.harvey.optiweb.serv.si https://www.googletagmanager.com tagmanager.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com unpkg.com maps.googleapis.com static.youreko.com api.youreko.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com button.loadbee.com cdn.loadbee.com media.flixcar.com media.flixfacts.com prod.flixgvid.flix360.io https://www.harveynorman.si 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.segmentify.com cdnjs.cloudflare.com www.googletagmanager.com static.harveynorman.si static.mage.harvey.optiweb.serv.si tagmanager.google.com static.youreko.com assets.braintreegateway.com media.flixcar.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com ekr.zdassets.com/ https://get.geojs.io *.avada.io *.segmentify.com *.criteo.com *.cookiebot.com pagead2.googlesyndication.com *.hotjar.io *.doubleclick.net *.creativecdn.com *.harveynorman.si capig.stape.host static.mage.harvey.optiweb.serv.si *.google-analytics.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.run.app maps.googleapis.com api.youreko.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com media.flixcar.com pk.takoleasy.si 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 33across.com *.33across.com adnxs.com *.adnxs.com adroll.com *.adroll.com ads-twitter.com *.ads-twitter.com adsrvr.org *.adsrvr.org ajax.googleapis.com *.ajax.googleapis.com browser-intake-datadoghq.com *.browser-intake-datadoghq.com clickcease.com *.clickcease.com cloudflare.com *.cloudflare.com cognito-idp.us-east-1.amazonaws.com *.cognito-idp.us-east-1.amazonaws.com crazyegg.com *.crazyegg.com datadoghq-browser-agent.com *.datadoghq-browser-agent.com doubleclick.net *.doubleclick.net ensighten.com *.ensighten.com facebook.com *.facebook.com facebook.net *.facebook.net fontawesome.com *.fontawesome.com found.ee *.found.ee geniusmonkey.com *.geniusmonkey.com fullstory.com *.fullstory.com google-analytics.com *.google-analytics.com google.ca *.google.ca google.co.in *.google.co.in google.com *.google.com google.com.gh *.google.com.gh google.fr *.google.fr google.gr *.google.gr google.ro *.google.ro googleadservices.com *.googleadservices.com googletagmanager.com *.googletagmanager.com hive.co *.hive.co hotjar.com *.hotjar.com jquery.com *.jquery.com jsdelivr.net *.jsdelivr.net launchdarkly.com *.launchdarkly.com maps.googleapis.com *.maps.googleapis.com pendo.io *.pendo.io pinimg.com *.pinimg.com pinterest.com *.pinterest.com prod-nts-bucket.s3-us-west-1.amazonaws.com *.prod-nts-bucket.s3-us-west-1.amazonaws.com queue-it.net *.queue-it.net rawgit.com *.rawgit.com resy.com *.resy.com rkiapps.com *.rkiapps.com rokt.com *.rokt.com sc-static.net *.sc-static.net scriptcdn.net *.scriptcdn.net seatsio.net *.seatsio.net seetickets.us *.seetickets.us seeticketsusa.us *.seeticketsusa.us snapchat.com *.snapchat.com stackadapt.com *.stackadapt.com storage.googleapis.com pendo-static-5459982631698432.storage.googleapis.com stripe.com *.stripe.com tiktok.com *.tiktok.com tradablebits.com *.tradablebits.com twitter.com *.twitter.com vimeo.com *.vimeo.com vor.us *.vor.us; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' 'unsafe-eval'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=Tl7VX51.DoikplYhJSFp3sLnHC84Y65cDTj1eFKczjY-1752197183-1.0.1.1-tRrgRzO9.zbrqXdQqYVOOuZY6LJwfTAyb78.ePC783WQl29BvS4rKyCjCsNNvUeCeOGMesTnNt9Cf_S18kDkaW2wvpW2wlp7RPujUdDioyF7TOj9Ka3GIZX0SvJOjXJ5Rv.TU9z1tsdYS5i3G4G9AbRexq5qZGyoUvNdOS3p_U.nzew5PIlCbRJu7h5KUBPXoT9DP5KtaEjUsXK1Z8OMeA; report-to cf-gocisxachusodkas 1
default-src https:; connect-src https: 'unsafe-eval' 'unsafe-inline' wss://pubsubsec.usedesk.ru; script-src https: 'unsafe-eval' 'unsafe-inline' pubsubsec.usedesk.ru; style-src https: 'unsafe-inline' pubsubsec.usedesk.ru; img-src https: data:; font-src https: data:; report-uri /csp-report 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://matomo.eah-jena.de/matomo.js https://*.openstreetmap.org 'report-sample'; style-src-attr 'unsafe-inline' 'report-sample'; img-src 'self' data: *.ytimg.com *.vimeocdn.com https://*.openstreetmap.org https://www.studycheck.de https://*.typo3.org https://https//www.studycheck.de/%2A https://matomo.eah-jena.de/matomo.php; base-uri 'self'; frame-src 'self' *.youtube-nocookie.com *.youtube.com *.vimeo.com https://www2.hochschulsport.eah-jena.de; connect-src 'self' data: https://*.openstreetmap.org https://www.eah-jena.de https://matomo.eah-jena.de; font-src 'self' data:; style-src blob: data: 'self' 'unsafe-inline' 'report-sample'; worker-src blob:; report-uri https://www.eah-jena.de/@http-reporting?csp=report&requestTime=1752198162840961&requestHash=7c2ec47c56b5fade0921860190750bf4631972a2 1
frame-ancestors 'self'; base-uri 'self'; object-src 'self'; script-src 'self' 'strict-dynamic' 'nonce-rand1752198736' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes' http: https:; 1
object-src 'none';base-uri 'self';script-src 'nonce-sVUVx9cSBr39Jha9ucOk3g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src data: *.gstatic.com oct8necdneu.azureedge.net *.oct8ne.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com sis-t.redsys.es:* sis.redsys.es sis-t.sermepa.es:* sis.sermepa.es *.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.googleapis.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.vimeo.com *.oct8ne.com *.marvimundo.es *.marvimundo.com *.asesorcoloracion.es *.asesordecuidado.es *.diadermine.es *.ekomi.es *.jebbit.com *.reskyt.com *.cookiebot.com *.facebook.com *.doubleclick.net *.sequrapi.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * sandbox.sequracdn.com live.sequracdn.com sandbox.sequrapi.com live.sequrapi.com www.xtento.com js.monei.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.googleapis.com *.google.com *.google.es *.google.com.br *.gstatic.com *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net oct8necdneu.azureedge.net *.oct8ne.com *.cookiebot.com *.google.com.ua *.facebook.com *.bing.com *.ggpht *.marvimundo.com *.ekomiapps.de cdn.doofinder.com *.clarity.ms *.rawgit.com *.jsdelivr.net *.doubleclick.net *.google.sm *.google.sk *.google.si *.google.se *.google.rs *.google.ro *.google.pt *.google.pl *.google.no *.google.me *.google.lv *.google.lu *.google.lt *.google.li *.google.it *.google.is *.google.ie *.google.hu *.google.hr *.google.gr *.google.fr *.google.fi *.google.ee *.google.de *.google.cz *.google.com.mt *.google.com.gi *.google.co.uk *.google.ch *.google.bg *.google.be *.google.at *.google.ad www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com sandbox.sequracdn.com live.sequracdn.com sandbox.sequrapi.com live.sequrapi.com maps.gstatic.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.connectif.cloud polyfill.io *.googleapis.com *.google.com *.google.es *.google.com.br *.gstatic.com *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net *.cookiebot.com *.oct8ne.com *.adyen.com *.webeyez.com *.nr-data.net *.facebook.net *.bing.com *.googlesyndication.com *.marvimundo.com *.ekomiapps.de *.cloudflare.com *.cloudflareinsights.com *.newrelic.com *.facebook.com *.clarity.ms *.doofinder.com *.doubleclick.net *.google.sm *.google.sk *.google.si *.google.se *.google.rs *.google.ro *.google.pt *.google.pl *.google.no *.google.me *.google.lv *.google.lu *.google.lt *.google.li *.google.it *.google.is *.google.ie *.google.hu *.google.hr *.google.gr *.google.fr *.google.fi *.google.ee *.google.de *.google.cz *.google.com.ua *.google.com.mt *.google.com.gi *.google.co.uk *.google.ch *.google.bg *.google.be *.google.at *.google.ad *.sequrapi.com *.hotjar.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com sandbox.sequracdn.com live.sequracdn.com sandbox.sequrapi.com live.sequrapi.com maps.googleapis.com www.xtento.com cdn.xtento.com js.monei.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.ekomiapps.de *.doofinder.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google.com *.google.es *.google.com.br *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net *.oct8ne.com *.adyen.com *.googleapis.com *.webeyez.com cognito-identity.eu-west-1.amazonaws.com firehose.eu-west-1.amazonaws.com *.trackingplan.com *.nr-data.net *.cookiebot.com *.googlesyndication.com *.bing.com *.marvimundo.com *.ekomiapps.de *.cloudflare.com *.cloudflareinsights.com *.newrelic.com *.doofinder.com wss://*.doofinder.com *.clarity.ms *.connectif.cloud *.facebook.com *.doubleclick.net *.google.sm *.google.sk *.google.si *.google.se *.google.rs *.google.ro *.google.pt *.google.pl *.google.no *.google.me *.google.lv *.google.lu *.google.lt *.google.li *.google.it *.google.is *.google.ie *.google.hu *.google.hr *.google.gr *.google.fr *.google.fi *.google.ee *.google.de *.google.cz *.google.com.ua *.google.com.mt *.google.com.gi *.google.co.uk *.google.ch *.google.bg *.google.be *.google.at *.google.ad *.sequrapi.com eu1-search.doofinder.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com sandbox.sequracdn.com live.sequracdn.com sandbox.sequrapi.com live.sequrapi.com api.monei.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src maxcdn.bootstrapcdn.com *.oct8ne.com fonts.gstatic.com *.azureedge.net *.doofinder.com *.typekit.net *.googleapis.com data: 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com *.storyblok.com 'self'; frame-src www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.facebook.com platform.twitter.com *.multisafepay.com https://pay.google.com *.oct8ne.com https://sandbox.sequracdn.com https://live.sequracdn.com *.hotjar.com *.pinterest.com *.doofinder.com *.empathybroker.com *.empathy.co *.criteo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com https://images.unsplash.com www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com *.multisafepay.com *.oct8ne.com https://sandbox.sequracdn.com https://live.sequracdn.com *.facebook.com *.google.com *.google.es widgets.trustedshops.com *.twitter.com t.co *.azureedge.net *.pinterest.com *.doofinder.com *.bing.com *.storyblok.com data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.salesmanago.pl *.salesmanago.es *.salesmanago.com connect.facebook.net twitter.com platform.twitter.com *.multisafepay.com https://pay.google.com *.oct8ne.com https://sandbox.sequracdn.com https://live.sequracdn.com www.googletagmanager.com *.googleoptimize.com widgets.trustedshops.com static-eu.oct8ne.com static.zdassets.com *.facebook.net *.tradedoubler.com *.doubleclick.net *.hotjar.com *.ads-twitter.com smct.co *.bsmartdata.com *.retargeted.co *.bing.com *.clarity.ms *.smartsuppcdn.com *.smartsuppchat.com *.smartsupp.com *.connectif.cloud *.klaviyo.com *.photoslurp.com *.pinimg.com *.nosto.com *.doofinder.com *.empathybroker.com *.unpkg.com *.storyblok.com *.usizy.es 'self' 'unsafe-inline' 'unsafe-eval'; style-src maxcdn.bootstrapcdn.com *.multisafepay.com *.photoslurp.com *.nosto.com *.doofinder.com *.klaviyo.com *.typekit.net *.storyblok.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.storyblok.com *.zdassets.com *.doofinder.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.multisafepay.com *.oct8ne.com https://sandbox.sequracdn.com https://live.sequracdn.com *.zendesk.com *.zopim.com *.doubleclick.net *.hotjar.com *.hotjar.io *.clarity.ms *.smartsuppcdn.com *.googleapis.com *.gstatic.com *.google-analytics.com *.google.es *.connectif.cloud *.klaviyo.com *.photoslurp.com *.zdassets.com *.pinterest.com *.nosto.com *.doofinder.com *.empathybroker.com *.empathy.co usizy.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.salesmanago.pl *.salesmanago.es *.salesmanago.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; form-action https://sis.redsys.es/ pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; 1
object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-8WX4b00oyCn2hbXUuZAWoA' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All 1
script-src 'strict-dynamic' 'nonce-111e077ae054bd16dc27d69705e92eb8' 'unsafe-inline' 'unsafe-eval' https: ; frame-ancestors 'self' ; base-uri 'self'; object-src 'none'; report-uri https://csp.phenompeople.com/violations; 1
base-uri *.wein.plus;connect-src *.wein.plus *.googleapis.com;child-src *.wein.plus;default-src 'none';media-src *.wein.plus;form-action *.wein.plus;img-src *.wein.plus data:;font-src *.wein.plus data: *.gstatic.com;manifest-src *.wein.plus;style-src *.wein.plus 'self' 'unsafe-inline';style-src-elem *.wein.plus 'unsafe-inline';script-src *.wein.plus 'self' 'unsafe-inline' *.etracker.com;script-src-elem *.wein.plus 'unsafe-inline' *.etracker.com 1
default-src 'self' *.gs.com; script-src 'unsafe-inline' 'unsafe-eval' *.gs.com:* https://assets.adobedtm.com https://gsgir.122.2o7.net https://*.tt.omtrdc.net https://view.ceros.com ir-vh.akamaihd.net https://amp.akamaized.net https://cdn.appdynamics.com; connect-src 'self' wss://*.gs.com:* *.gs.com:* https://assets.adobedtm.com https://gsgir.122.2o7.net https://*.tt.omtrdc.net https://view.ceros.com ir-vh.akamaihd.net https://amp.akamaized.net  https://col.eum-appdynamics.com https://girprod.akamaized.net https://irqa.akamaized.net https://video.goldmansachs.com *.datadoghq.com; img-src *.gs.com:* https://gsgir.122.2o7.net data: blob: https://col.eum-appdynamics.com; style-src 'unsafe-inline' *.gs.com:* https://fast.fonts.net; media-src 'self' *.gs.com ir-vh.akamaihd.net blob: https://girprod.akamaized.net https://irqa.akamaized.net https://video.goldmansachs.com; frame-ancestors 'self' https://goldmansachs.experiencecloud.adobe.com:*; worker-src blob: *.gs.com:* *.gs.com:*; 1
font-src fonts.gstatic.com use.typekit.net https://fonts.gstatic.com fonts.googleapis.com *.gstatic.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.googleapis.com https://api.systempay.fr/static/ *.fontawesome.com https://cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://paiement.systempay.fr/vads-payment/ https://api.systempay.fr/api-payment/ https://api.systempay.fr/static/ 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com https://*.pinterest.com/ https://wisepops.net/ https://*.wisepops.com/ *.weltpixel.com *.trustpilot.com *.dotdigital-pages.com *.dotdigital.com https://paiement.systempay.fr/vads-payment/ https://api.systempay.fr/static/ www.xtento.com *.sendcloud.sc *.jsdelivr.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net https://images.unsplash.com maps.googleapis.com maps.gstatic.com https://*.cdninstagram.com/ https://*.instagram.com/ https://*.google.com/ https://*.google.fr/ https://*.zdassets.com/ https://*.pinterest.com/ https://*.facebook.com/ *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.googleapis.com *.gstatic.com https://assets.shipup.co https://paiement.systempay.fr/static/latest/images/type-carte/ https://api.systempay.fr/static/ https://paiement.systempay.fr/vads-payment/ www.xtento.com cdn.xtento.com *.amazonaws.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com assets.adobedtm.com *.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js maps.googleapis.com maps.gstatic.com fonts.googleapis.com https://maps.googleapis.com/maps/api/mapsjs *.trustpilot.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.googleapis.com *.gstatic.com https://cdn.shipup.co *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com https://api.systempay.fr/api-payment/ https://api.systempay.fr/static/ https://www.googletagmanager.com tagmanager.google.com www.xtento.com cdn.xtento.com https://cdnjs.cloudflare.com *.sendcloud.sc *.jsdelivr.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com https://fonts.googleapis.com *.gstatic.com *.trustpilot.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.googleapis.com https://cdn.shipup.co https://api.systempay.fr/static/ *.fontawesome.com tagmanager.google.com https://cdnjs.cloudflare.com *.sendcloud.sc *.jsdelivr.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com https://*.zdassets.com/ 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.magento-datasolutions.com *.magento-ds.com https://maps.googleapis.com/maps/api/mapsjs https://api.shipup.co *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com https://paiement.systempay.fr/vads-payment/ https://api.systempay.fr/api-payment/ https://www.google-analytics.com *.sendcloud.sc *.cdn.jsdelivr.net *.mapbox.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com https://paiement.systempay.fr/vads-payment/ https://api.systempay.fr/api-payment/ https://api.systempay.fr/static/ 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self';base-uri 'self';frame-ancestors 'self' https://*.plannedparenthood.org;frame-src https://* 'self' epichttp:;script-src 'nonce-2e5afcc7cad048198691b3300258ff26' https://ET1154RPMYCH101 'self' https://*.plannedparenthood.org https://admin-plannedparenthood.lab.ppedit.org https://admin-plannedparenthood.prod.ppedit.org https://birthcontorlnomatterwhat.com https://birthcontorlnomatterwhat.net https://plannedparenthood-parallel-one.qa.ppedit.org https://plannedparenthood-parallel-two.qa.ppedit.org https://plannedparenthood.dev.ppedit.org https://plannedparenthood.qa.ppedit.org https://plannedparenthood.uat.ppedit.org https://plannedparenthoodaction.org https://www.ppolbuild.org;img-src https://* 'self' blob: data:;style-src https://ET1154RPMYCH101 'self' 'unsafe-inline';worker-src 'self' blob:;child-src 'self' blob:;form-action 'self';media-src https://* 'self' blob:; 1
script-src 'nonce-RQR+hYxI6nUPwrZ63hO+zw==' 'strict-dynamic' https: 'unsafe-inline' 'report-sample'; base-uri 'none'; report-uri https://events.mercadolibre.com/csp/reports?identifier=XJ9wXLk50PkpKcPzHNbsRD10FVb1duyt3s1Ba2hUDEDJhy2AhBzD8YZTC4UUxrXRKlqW9sCE9g==&policy_id=13&user_id=&request_id=745faab9-3b8a-4457-bd4e-4e3c58548cce; report-to csp-endpoint; object-src https://http2.mlstatic.com/ https://mlstaticquic-a.akamaihd.net/ 1
font-src data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com accounts.google.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com https://static.afterpay.com https://site-assets.afterpay.com/ maps.gstatic.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com https://js.sandbox.afterpay.com https://js.afterpay.com accounts.google.com maps.googleapis.com https://accounts.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com static.afterpay.com/ js.sandbox.afterpay.com js.afterpay.com accounts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com static.afterpay.com static.sandbox.afterpay.com js.sandbox.afterpay.com js.afterpay.com accounts.google.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
report-uri /core/api/Monitoring/SaveCSPReport 1
default-src 'self'; base-uri 'self'; img-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://img.youtube.com https://i.bojoko.com https://bojoko.com/assets; media-src 'self' https://i.bojoko.com; script-src 'report-sample' 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://static.cloudflareinsights.com https://cdn-4.convertexperiments.com https://bojoko.com/assets 'sha256-DTbEkHFgvUtFQTfjMrYQg7Y5+V+TkrorUrIwyvfty7w='; style-src 'report-sample' 'self' 'unsafe-inline' https://bojoko.com/assets; object-src 'none'; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com https://plausible.bojoko.com https://cdn-4.convertexperiments.com; frame-src 'self' https://www.youtube-nocookie.com/embed/ https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; frame-ancestors 'none'; worker-src 'none'; report-uri https://bojoko.endpoint.csper.io; 1
base-uri 'none'; font-src 'self' data: https://sumdog.com https://*.sumdog.com netdna.bootstrapcdn.com fonts.gstatic.com fonts.googleapis.com script.hotjar.com; img-src 'self' blob: data: visualisations0.sumdog.com https://sumdog.com https://*.sumdog.com imgsct.cookiebot.com s3.eu-west-1.amazonaws.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'wasm-unsafe-eval' https://sumdog.com https://*.sumdog.com https://students.sumdog.com/WebGL/Core/Build/ *.cookiebot.com www.googletagmanager.com/gtag www.google.com/recaptcha/api.js www.gstatic.com/recaptcha/* www.googleoptimize.com *.paypal.com www.paypalobjects.com *.cardinalcommerce.com *.hotjar.com 'unsafe-hashes' 'sha256-gPjlli1HEdLlR0AZTY971/wQVOdSkl9mEinLnxrPpJw=' 'nonce-e7effa7158205b4b16fafab8b1121784'; style-src 'self' 'unsafe-inline' https://sumdog.com https://*.sumdog.com *.cookiebot.com assets0.sumdog.com fonts.googleapis.com accounts.google.com assets.braintreegateway.com; report-uri /csp-violation-report; connect-src * blob: data:; media-src 'self' blob: https://sumdog.com https://*.sumdog.com questions-assets0.sumdog.com; frame-src * 1
font-src *.fontawesome.com *.fonts.googleapis.com *.gstatic.com data: *.cloudflare.com *.elecrow.com *.chromestatus.com *.bootcss.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com https://store.plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com *.addthis.com *.pinterest.com *.amazonaws.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://store.plumrocket.com cashier1.uat.useepay.com cashier.useepay.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.cloudflare.com *.cdn.klarna.com *.s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.gstatic.com *.addthis.com *.pinterest.com *.cdninstagram.com *.elecrow.com *.shopify.com github.com *.githubusercontent.com *.wp.com *.imgur.com bitronics.store www.longan-labs.cc www.facebook.com elecrow.s3.us-west-1.amazonaws.com *.sharethis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com 'self' data: blob: 'unsafe-inline' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.google-analytics.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.facebook.net *.pinterest.com *.instagram.com *.dwin1.com *.livechatinc.com *.elecrow.com *.bootcdn.net *.googletagmanager.com *.doubleclick.net t.contentsquare.net s7.addthis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com cashier.useepay.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.bootcss.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.cloudflare.com *.paypal.com *.googleapis.com *.addthis.com *.cardinalcommerce.com *.graph.instagram.com *.google-analytics.com *.elecrow.com *.googletagmanager.com *.doubleclick.net *.amazonaws.com ekr.zdassets.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' 'unsafe-inline' *.google-analytics.com go.trustpayments.com *.onetrust.com *.fontawesome.com *.gstatic.com *.googleapis.com *.cloudflareinsights.com *.trustpilot.com *.zdassets.com *.google.com *.omniconvert.com *.googletagmanager.com *.licdn.com *.facebook.net *.hotjar.com *.cloudflare.com *.yoast.com  *.dropbox.com *.live.net ; style-src 'self' 'unsafe-inline' *.onetrust.com *.fontawesome.com *.gstatic.com *.googleapis.com; style-src-elem * 'self' 'unsafe-inline'; img-src 'self' data: 'unsafe-inline' *.linkedin.com *.google.com *.google.co.uk *.onetrust.com *.gstatic.com *.gravatar.com *.trustpayments.com *.zdassets.com *.facebook.com *.google-analytics.com *.google.com.mt; font-src 'self' data: 'unsafe-inline' *.gstatic.com *.trustpayments.com *.fontawesome.com; connect-src 'self' 'unsafe-inline' *.onetrust.com *.google.com *.zendesk.com *.clarity.ms *.omniconvert.com *.fontawesome.com *.cloudflareinsights.com *.zdassets.com *.yoast.com *.linkedin.com *.doubleclick.net *.hotjar.io *.google-analytics.com; media-src 'self' 'unsafe-inline' data:; object-src 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; frame-src 'self' 'unsafe-inline' *.trustpilot.com *.google.com; worker-src 'self' 'unsafe-inline'; form-action 'self' 'unsafe-inline'; base-uri 'self'; manifest-src 'self' 'unsafe-inline'; report-uri https://www.trustpayments.com/csp-violation-report/ 1
default-src 'self' 'unsafe-inline'; object-src 'none'; connect-src 'self' yoast.com wpmudev.com translate.googleapis.com *.google-analytics.com cta-service-cms2.hubspot.com stats.g.doubleclick.net; font-src 'self' data: cdnjs.cloudflare.com fonts.gstatic.com s0.wp.com fonts.bunny.net; frame-src 'self' www.google.com www.youtube.com app.hubspot.com; img-src 'self' data: www.off2class.com secure.gravatar.com s0.wp.com wpmudev.com s.w.org track.hubspot.com perf-na1.hsforms.com www.google.com fonts.gstatic.com www.googletagmanager.com translate.google.com; media-src 'self' static.hsappstatic.net; style-src 'self' 'unsafe-inline' www.gstatic.com cdnjs.cloudflare.com fonts.googleapis.com fonts.bunny.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: cdnjs.cloudflare.com www.google.com www.googletagmanager.com www.gstatic.com www.youtube.com js.hubspot.com js.hubspotfeedback.com js-na1.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.usemessages.com www.youtube.com; script-src-elem 'self' 'unsafe-inline' cdnjs.cloudflare.com www.googletagmanager.com js.hubspot.com js.hubspotfeedback.com js-na1.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.usemessages.com www.youtube.com; report-uri /wp-json/csp/report 1
font-src https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.sharethis.com https://www.googletagmanager.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.sharethis.com https://www.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://bat.bing.com/ http://bat.bing.com/ www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.sharethis.com *.attn.tv events.attentivemobile.com https://www.dwin1.com https://widget.usersnap.com https://s.pinimg.com https://ct.pinterest.com https://connect.facebook.net https://analytics.tiktok.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://www.googletagmanager.com/ https://www.googletagmanager.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://bat.bing.com/ http://bat.bing.com/ www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.sharethis.com https://fonts.googleapis.com https://static.klaviyo.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.sharethis.com *.attn.tv events.attentivemobile.com https://www.facebook.com https://ct.pinterest.com https://analytics.tiktok.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://bat.bing.com/ http://bat.bing.com/ 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.googleapis.com *.gstatic.com *.klevu.com *.ksearchnet.com *.fontawesome.com *.cakebox.com fonts.gstatic.com fonts.googleapis.com cdn.jsdelivr.net *.typekit.net *.klaviyo.com cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * js.mollie.com *.trustpilot.com *.weltpixel.com *.adobedtm.com *.vimeo.com widget.trustpilot.com vars.hotjar.com *.doubleclick.net app.involve.me ssl.kaptcha.com *.onetrust.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com https://www.mollie.com *.adobedtm.com s.ytimg.com services.postcodeanywhere.co.uk bat.bing.com *.facebook.com *.google.co.in lantern.roeye.com static-tracking.klaviyo.com *.cloudfront.net *.cakebox.com *.cookiepro.com *.googletagmanager.com *.wepowerconnections.com *.zenaps.com ad.doubleclick.net cm.g.doubleclick.net *.google.com *.google.com.vn *.google.co.uk *.onetrust.com *.adroll.com x.bidswitch.net ml314.com pixel.tapad.com dsum-sec.casalemedia.com dsync.rlcdn.com pixel.rubiconproject.com *.openx.net sync.outbrain.com idsync.rlcdn.com *.pubmatic.com sync.taboola.com ib.adnxs.com eb2.3lift.com match.adsrvr.org *.stickyadstv.com *.sitescout.com *.springserve.com *.ipredictive.com *.turn.com *.mdhv.io dsp.360yield.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.klevu.com *.ksearchnet.com js.mollie.com *.trustpilot.com https://www.googletagmanager.com tagmanager.google.com *.adobedtm.com *.cardinalcommerce.com unpkg.com cdn.jsdelivr.net *.cloudflare.com *.braintreegateway.com *.livechatinc.com *.pcapredict.com storage.googleapis.com maps.google.com services.postcodeanywhere.co.uk bat.bing.com *.hotjar.com s.pinimg.com c3.adalyser.com connect.facebook.net rum-static.pingdom.net ct.pinterest.com lantern.roeyecdn.com *.soakandsleep.com cdn.bronto.com dynamic.criteo.com *.apptrian.com *.dwin1.com paperplaneslive.com *.cloudfront.net *.cookiepro.com *.googletagmanager.com stats.g.doubleclick.net *.amplitude.com *.sovendus.com *.zenaps.com www.google.com *.involve.me *.onetrust.com *.adroll.com js-agent.newrelic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com https://static.klaviyo.com *.klevu.com *.ksearchnet.com *.fontawesome.com *.trustpilot.com tagmanager.google.com static-tracking.klaviyo.com *.soakandsleep.com services.postcodeanywhere.co.uk www.google.com cdnjs.cloudflare.com *.typekit.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com https://www.google-analytics.com *.adobedtm.com *.adobe.com *.sentry.io *.braintreegateway.com *.gstatic.com *.telemetry-dev.adobe.io services.postcodeanywhere.co.uk ct.pinterest.com rum-collector-2.pingdom.net api.livechatinc.com paperplaneslive.com *.cloudfront.net *.trustpilot.com api2.amplitude.com *.googletagmanager.com *.onetrust.com invitejs.trustpilot.com *.google-analytics.com *.sovendus.com *.cookiepro.com *.bing.com www.google.com stats.g.doubleclick.net *.involve.me *.adroll.com bam.nr-data.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net use.fontawesome.com wsv3cdn.audioeye.com *.klevu.com *.ksearchnet.com *.gstatic.com cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com https://plumrocket.com *.punchout2go.com *.tradecentric.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.sharethis.com https://www.google.com googleads.g.doubleclick.net home-c36.nice-incontact.com td.doubleclick.net wsv3cdn.audioeye.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw www.xtento.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://plumrocket.com *.paymetric.com *.punchout2go.com *.tradecentric.com *.trustpilot.com gum.criteo.com static.criteo.net 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.sharethis.com www.bosspetedge.com cdn.jsdelivr.net fonts.gstatic.com aa.agkn.com c.clarity.ms www.zenaps.com cm.adgrx.com *.google.com bat.bing.com *.lightboxcdn.com imgsct.cookiebot.com trk.ometria.com api.soreto.com criteo-partners.tremorhub.com x.bidswitch.net visitor.omnitagjs.com r.casalemedia.com *.sync.com matching.ivitrack.com contextual.media.net exchange.mediavine.com jadserve.postrelease.com simage2.pubmatic.com pixel.rubiconproject.com match.sharethrough.com criteo-sync.teads.tv eb2.3lift.com ad.yieldlab.net sync-criteo.ads.yieldmo.com e1.emxdgt.com sync.targeting.unrulymedia.com mention-me.com *.soreto.com id5-sync.com c1.adform.net dis.criteo.com cm.adform.net ade.clmbtech.com ade.googlesyndication.com *.ometria.com c.bing.com sync.aralego.com sync.outbrain.com tags.bluekai.com widget.eu.criteo.com cdn.aralego.net s.ad.smaato.net ads.stickyadstv.com idsync.rlcdn.com cs.adingo.jp adx.dable.io gum.criteo.com tg.socdm.com *.googletagmanager.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw www.xtento.com cdn.xtento.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.paymetric.com *.klevu.com *.ksearchnet.com bat.bing.net cm.g.doubleclick.net ib.adnxs.com ad.360yield.com rtb-csync.smartadserver.com sync-t1.taboola.com sync.1rx.io dpm.demdex.net public-prod-dspcookiematching.dmxleo.com data: 'self' 'unsafe-inline'; script-src geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com assets.adobedtm.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.sharethis.com *.google-analytics.com *.googletagmanager.com s7.addthis.com home-c36.nice-incontact.com wsmcdn.audioeye.com wsv3cdn.audioeye.com bam.nr-data.net www.xtento.com cdn.xtento.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.paymetric.com js.klevu.com *.ksearchnet.com https://apis.google.com *.punchout2go.com *.tradecentric.com *.trustpilot.com kit.fontawesome.com js-agent.newrelic.com static.hotjar.com rum-static.pingdom.net bat.bing.com cdn.attn.tv static.criteo.net sslwidget.criteo.com widget.us.criteo.com https://js.klevu.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com *.sharethis.com *.googleapis.com www.googletagmanager.com use.typekit.net p.typekit.net use.fontawesome.com wsv3cdn.audioeye.com cdn.taggstar.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.paymetric.com *.klevu.com *.ksearchnet.com *.punchout2go.com *.tradecentric.com *.trustpilot.com cdnjs.cloudflare.com https://statsjs.klevu.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io *.sharethis.com www.google.com google.com report-prod.audioeye.com analytics.audioeye.com wsv3cdn.audioeye.com invitejs.trustpilot.com stats.g.doubleclick.net *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.paymetric.com *.klevu.com *.ksearchnet.com bam.nr-data.net region1.google-analytics.com rum-collector-2.pingdom.net bat.bing.net petedge.attn.tv events.attentivemobile.com https://region1.analytics.google.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
worker-src blob: self; font-src https://fonts.gstatic.com *.cloudfront.net *.cloudflare.com *.google.com *.gstatic.com *.googleapis.com *.bootstrapcdn.com data: *.yotpo.com *.perfectcircuit.com *.affirm.com *.fontawesome.com dhv2ziothpgrr.cloudfront.net use.fontawesome.com maxcdn.bootstrapcdn.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.kmail-lists.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.syfpos.com https://plumrocket.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src *.doubleclick.net fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.affirm.com *.affirm.ca *.google.com *.mixcloud.com *.spotify.com *.instagram.com *.facebook.com *.gleamjs.io gleam.io *.pepperjamnetwork.com *.perfectcircuit.com unbounce.com *.signifyd.com *.online-metrix.net linkin.bio *.crazyegg.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * syf.demdex.net *.syfpos.com *.syf.com https://plumrocket.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com www.xtento.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; img-src *.googletagmanager.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.affirm.com *.affirm.ca shipping-offers-static-images-bucket-platformsandbox.s3.amazonaws.com shipping-offers-static-images-bucket-stage.s3.amazonaws.com shipping-offers-static-images-bucket-prod.s3.amazonaws.com shipping-offers-static-images-bucket-dev.s3.amazonaws.com shipping-offers-static-images-bucket-demo.s3.amazonaws.com helloextend-static-assets.s3.amazonaws.com https://s3.amazonaws.com/ccspersistenceprod-contentstaticassets04b201d4-1apqb8dyegznm/offers/learnMoreModal-default-1654273334107-learnMoreModal.backgroundImageUrl_Generic_WomanwithBox2.jpg https://s3.amazonaws.com/ccspersistenceprod-contentstaticassets04b201d4-1apqb8dyegznm/offers/shippingProtectionCartOffer-default-1720746621507-extend_svg_cart.svg https://helloextend-static-assets.s3.amazonaws.com https://extendcoreoffersdemo-offersthemelogobucketeb21afa-19jnurg0a0o17.s3.amazonaws.com https://s3.amazonaws.com *.bootstrapcdn.com *.perfectcircuit.com *.cloudfront.net *.signifyd.com *.facebook.com *.instagram.com *.amazonaws.com *.gleam.io *.yotpo.com *.crazyegg.com *.klaviyo.com *.adroll.com *.google.com *.google.com.ua *.google.de/ *.yahoo.com *.doubleclick.net *.advertising.com *.casalemedia.com *.rubiconproject.com *.pubmatic.com *.outbrain.com *.taboola.com *.adnxs.com *.openx.net *.nr-data.net *.3lift.com *.rlcdn.com *.online-metrix.net *.bidswitch.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.syfpos.com *.syf.com analytics.synchrony.com *.d1.sc.omtrdc.net dhv2ziothpgrr.cloudfront.net www.xtento.com cdn.xtento.com swellrewards.com *.swellrewards.com data: 'self' 'unsafe-inline'; script-src *.redditstatic.com *.stackadapt.com *.googleoptimize.com *.jotform.com *.cycling74.com assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com polyfill.io *.affirm.com *.affirm.ca https://sdk.helloextend.com/ https://*.helloextend.com local.uprf.com *.cloudfront.net *.cloudflare.com *.google.com *.googleadservices.com *.google-analytics.com *.gstatic.com *.fontawesome.com *.paypalobjects.com *.paypal.com *.googletagmanager.com *.bootstrapcdn.com seal.godaddy.com *.cardinalcommerce.com *.klaviyo.com *.zdassets.com *.signifyd.com *.disqus.com *.instagram.com *.newrelic.com *.facebook.net *.facebook.com *.nr-data.net *.gleamjs.io *.yotpo.com *.crazyegg.com *.adroll.com *.consensu.org *.pepperjam.com *.ascendpartner.com *.perfectcircuit.com *.doubleclick.net *.luckyorange.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com *.syfpos.com analytics.synchrony.com *.mysynchrony.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net https://www.googletagmanager.com tagmanager.google.com unpkg.com www.xtento.com cdn.xtento.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.stackadapt.com *.adobe.com https://fonts.googleapis.com self *.cloudfront.net *.cloudflare.com *.googleapis.com *.google.com *.gstatic.com *.fontawesome.com *.youtube.com *.bootstrapcdn.com *.klaviyo.com *.yotpo.com linkin.bio *.crazyegg.com *.affirm.com https://static.klaviyo.com unsafe-inline assets.braintreegateway.com *.syfpos.com dhv2ziothpgrr.cloudfront.net tagmanager.google.com swellrewards.com *.swellrewards.com fonts.googleapis.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.amazonaws.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.affirm.com *.affirm.ca https://*.helloextend.com/ https://*.extend.com/ https://*.helloextend.com *.google-analytics.com *.cloudfront.net *.cloudflare.com *.google.com *.cardinalcommerce.com *.klaviyo.com *.zdassets.com *.signifyd.com *.signifyd.com:* *.zendesk.com *.googleapis.com *.facebook.com *.amazonaws.com *.disqus.com *.yotpo.com *.doubleclick.net *.crazyegg.com *.adroll.com *.consensu.org *.nr-data.net *.appspot.com *.visitors.live in.visitors.live *.luckyorange.com realtime.luckyorange.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com google.com *.syfpos.com *.syf.com *.d1.sc.omtrdc.net dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com *.facebook.net swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.klaviyo.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'self' 'unsafe-eval' chrome-extension: 'unsafe-inline' 'unsafe-inline' https://botadmin.yakutia.click https://admin.verbox.ru https://mc.yandex.ru https://api-maps.yandex.ru https://widget.me-talk.ru https://yastatic.net https://core-renderer-tiles.maps.yandex.net https://static.site-chat.me https://265061847.mc.yandex.ru https://1093744743.mc.yandex.ru https://1546922566.mc.yandex.ru blob: https://777313552.mc.yandex.ru https://static.me-talk.ru https://mc.yandex.kz https://320332180.mc.yandex.ru https://connect.facebook.net https://mc.yandex.com https://ucads-cdn.ucweb.com https://he70.82omyo.com 127.0.0.1:8182 127.0.0.1:8888 127.0.0.1:5005; frame-src 'self' https://mc.yandex.ru chrome-extension: https://mc.yandex.md cpnp-js-call https://metrika.yandex.ru 'unsafe-eval' 'unsafe-inline' 'unsafe-inline' https://mc.yandex.com https://ucads-cdn.ucweb.com https://pro.culture.ru https://connect.albank.ru https://dl.metabar.ru https://widget.me-talk.ru https://www.ciuvo.com https://m.youtube.com https://www.youtube.com https://div.show https://acestream.tv https://emet.live https://emet.news https://cashbacksurf.ru https://192.168.10.1 https://loader.media; object-src 'self'; report-uri /cspreportonly; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com data: *.fontawesome.com fonts.googleapis.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.woodpeck.com cdn.materialdesignicons.com mediacdn.espssl.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.certcapture.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.networkmerchants.com www.google.com *.certcapture.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * vars.hotjar.com www.paypalobjects.com *.g.doubleclick.net *.vimeo.com www.youtube-nocookie.com *.listrak.com secure.windriverfinancialgateway.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.networkmerchants.com *.googleapis.com *.certcapture.com magefan.com cm.magefan.com *.facebook.com https://firebasestorage.googleapis.com flagpedia.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://redchamps.com maps.gstatic.com *.woodpeck.com *.bm23.com *.g.doubleclick.net www.google.ae www.google.am www.google.com.ar www.google.at www.google.com.au www.google.az www.google.be www.google.com.bh www.google.com.br www.google.com.bs www.google.by www.google.ca www.google.ch www.google.cl www.google.com.co www.google.co.cr www.google.com.cy www.google.cz www.google.de www.google.dk www.google.com.do www.google.ee www.google.es www.google.fi www.google.fr www.google.gy www.google.com.hk www.google.hr www.google.hu www.google.gr www.google.co.id www.google.ie www.google.co.il www.google.co.in www.google.it www.google.je www.google.com.jm www.google.jo www.google.co.jp www.google.com.lb www.google.lk www.google.lu www.google.lv www.google.co.kr www.google.com.kw www.google.kz www.google.mk www.google.mn www.google.mw www.google.com.mx www.google.com.my www.google.com.ng www.google.nl www.google.no www.google.co.nz www.google.com.pa www.google.com.pe www.google.com.ph www.google.com.pk www.google.pl www.google.com.pr www.google.pt www.google.com.py www.google.com.qa www.google.ro www.google.ru www.google.com.sa www.google.se www.google.com.sg www.google.si www.google.sk www.google.com.sv www.google.co.th www.google.com.tr www.google.com.tw www.google.com.ua www.google.co.uk www.google.com.uy www.google.co.za translate.google.com www.facebook.com mediacdn.espssl.com *.listrakbi.com code.jquery.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.networkmerchants.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.certcapture.com *.googletagmanager.com *.facebook.net www.termsfeed.com *.avada.io *.shopify.com maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.woodpeck.com *.hotjar.com *.g.doubleclick.net browser-update.org www.google.com *.algolia.net *.algolianet.com connect.facebook.net *.listrak.com *.listrakbi.com code.jquery.com secure.windriverfinancialgateway.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.networkmerchants.com *.certcapture.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.gstatic.com assets.braintreegateway.com *.woodpeck.com *.googleapis.com translate.google.com cdn.materialdesignicons.com secure.windriverfinancialgateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.networkmerchants.com *.algolia.net *.algolianet.com *.insights.algolia.io insights.algolia.io *.googleapis.com *.certcapture.com *.google-analytics.com https://get.geojs.io *.avada.io www.gstatic.com maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.woodpeck.com *.hotjar.com *.hotjar.io secure.windriverfinancialgateway.com 'self' 'unsafe-inline'; child-src *.certcapture.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.paypalobjects.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com *.reviews.io *.reviews.co.uk 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.clearpay.co.uk *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.cookiebot.com *.doubleclick.net *.pinterest.com *.pinterest.co.uk *.bat.bing.com *.paypalobjects.com *.reviews.io *.reviews.co.uk *.pinterdev.com commerce-app.pintergration.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.afterpay.com *.clearpay.co.uk *.trackedlink.net www.feedoptimise.com cdn.feedoptimise.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.bing.com *.doubleclick.net *.ometria.com *.pinterest.com *.pinterest.co.uk *.bat.bing.com *.connect.facebook.net *.clarity.ms *.google.com *.google.co.uk *.googletagmanager.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.pinterdev.com *.pinimg.com commerce-app.pintergration.com *.gstatic.com *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io *.afterpay.com *.clearpay.co.uk *.squarecdn.com https://hbiq.net *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com www.feedoptimise.com cdn.feedoptimise.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.bing.com *.cookiebot.com *.dwin1.com *.googleoptimize.com *.ometria.com *.pinimg.com *.trustpilot.com *.connect.facebook.net *.bat.bing.com *.d.impactradius-event.com *.zdassets.com *.clarity.ms *.pinterest.com *.pinterest.co.uk *.impactcdn.com *.grahamandgreen.pxf.io grahamandgreen.pxf.io cdn.jsdelivr.net *.reviews.io *.reviews.co.uk *.pinterdev.com commerce-app.pintergration.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.afterpay.com/ *.squarecdn.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com unsafe-inline assets.braintreegateway.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.fontawesome.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io *.clearpay.co.uk *.squarecdn.com https://hbiq.net https://iq.afterpay-beta.com https://iq.afterpay.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.cookiebot.com *.doubleclick.net *.ometria.com *.pinterest.com *.pinterest.co.uk *.trustpilot.com *.clarity.ms *.grahamandgreen.pxf.io grahamandgreen.pxf.io *.bing.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.pinterdev.com commerce-app.pintergration.com *.google-analytics.com *.facebook.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-nf_NggzBYiRv_7FZzIpFng' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com https://static.klaviyo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.google.com *.doubleclick.net *.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * js.stripe.com *.hotjar.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net 'self' data: *.google.com *.google.bg www.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com bat.bing.com *.google.co.uk *.googleadservices.com *.google-analytics.com *.magentocommerce.com *.widgets.magentocommerce.com *.paypalobjects.com *.postcodeanywhere.co.uk www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com commerce.adobe.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com *.google.com *.google.bg *.googletagmanager.com connect.facebook.net *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com js-agent.newrelic.com bam.nr-data.net *.pcapredict.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com https://static.klaviyo.com unsafe-inline assets.braintreegateway.com services.postcodeanywhere.co.uk *.typekit.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.magento-datasolutions.com *.magento-ds.com *.google-analytics.com *.facebook.com *.facebook.net *.google.co.uk https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googlesyndication.com *.doubleclick.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self';script-src 'self';font-src 'self' fonts.gstatic.com;img-src 'self' secure.gravatar.com;style-src 'self' fonts.googleapis.com;frame-ancestors 'self'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.klarna.com *.klarnacdn.net *.klarnaevt.com *.script.crazyegg.com x.empathy.co *.cdn.aplazame.com api.aplazame.com *.maps.googleapis.com *.cdn.jsdelivr.net https://www.google-analytics.com https://cdnjs.cloudflare.com *.clarity.ms *.facebook.net *.facebook.com *.pinterest.com *.googletagmanager.com *.google.com *.google.es *.analytics.google.com *.connectif.cloud *.doubleclick.net *.googleadservices.com *.joseluisjoyerias.com *.pinimg.com *.googlesyndication.com *.google-analytics.com; script-src-elem 'unsafe-inline' *.klarna.com *.klarnacdn.net *.klarnaevt.com cdn.aplazame.com x.empathy.co cdn.jsdelivr.net script.crazyegg.com *.clarity.ms *.facebook.net *.facebook.com *.pinterest.com *.googletagmanager.com *.google.com *.google.es *.analytics.google.com *.connectif.cloud *.doubleclick.net *.googleadservices.com *.joseluisjoyerias.com *.pinimg.com *.googlesyndication.com *.google-analytics.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://fonts.googleapis.com; img-src 'self' data: https://www.joseluisjoyerias.com https://www.google-analytics.com *.clarity.ms c.bing.com *.facebook.net *.facebook.com *.pinterest.com *.googletagmanager.com *.google.com *.google.es *.analytics.google.com *.connectif.cloud *.doubleclick.net *.googleadservices.com *.joseluisjoyerias.com *.pinimg.com *.googlesyndication.com *.google-analytics.com; font-src 'self' *.klarna.com *.klarnacdn.net *.klarnaevt.com https://fonts.gstatic.com cdn.aplazame.com *.clarity.ms *.facebook.net *.facebook.com *.pinterest.com *.googletagmanager.com *.google.com *.google.es *.analytics.google.com *.connectif.cloud *.doubleclick.net *.googleadservices.com *.joseluisjoyerias.com *.pinimg.com *.googlesyndication.com *.google-analytics.com; connect-src 'self' *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com google.com  script.crazyegg.com maps.googleapis.com api.aplazame.com *.clarity.ms *.facebook.net *.facebook.com *.pinterest.com *.googletagmanager.com *.google.com *.google.es *.analytics.google.com *.connectif.cloud *.doubleclick.net *.googleadservices.com *.joseluisjoyerias.com *.pinimg.com *.googlesyndication.com *.google-analytics.com; frame-src 'self' *.clarity.ms *.facebook.net *.facebook.com *.pinterest.com *.googletagmanager.com *.google.com *.google.es *.analytics.google.com *.connectif.cloud *.doubleclick.net *.googleadservices.com *.joseluisjoyerias.com *.pinimg.com *.googlesyndication.com *.google-analytics.com *.klarna.com; child-src 'self'; form-action 'self'; base-uri 'self'; report-uri /csp-report-endpoint 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com data: *.lesandpit.org *.lowes-menswear.com.au *.lowes.com.au *.lowesleavers.com.au data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.dotdigital-pages.com *.dotdigital.com webchat.dotdigital.com webchat.staging.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.addressfinder.io *.adsrvr.org *.creativecdn.com gum.criteo.com *.doubleclick.net *.ezy-way.online www.facebook.com *.flowpaper.com *.freshchat.com *.google-analytics.com *.googleapis.com *.google.com.au *.googletagmanager.com *.gstatic.com *.impactcdn.com *.kaspersky-labs.com *.lesandpit.org *.lowes-menswear.com.au *.lowes.com.au *.lowesleavers.com.au *.newrelic.com *.paypalobjects.com *.pxf.io *.statsigapi.net *.stripe.com *.trackedweb.net *.typekit.net lowes.api.useinsider.com *.vimeo.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.googleapis.com *.trackedlink.net www.feedoptimise.com cdn.feedoptimise.com *.dycdn.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.addressfinder.io *.bing.com *.braintreegateway.com *.creativecdn.com *.dotdigital.com *.doubleclick.net *.ezy-way.online www.facebook.com *.freshchat.com *.google.com.au *.google.co.nz *.googletagmanager.com *.google.com *.impactcdn.com *.kaspersky-labs.com *.lesandpit.org *.lowes-menswear.com.au *.lowes.com.au *.lowesleavers.com.au *.newrelic.com *.paypalobjects.com *.pxf.io *.reddit.com *.statsigapi.net *.stripe.com *.trackedweb.net *.vimeo.com connect.facebook.net graph.facebook.com business.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.addressfinder.io *.googleapis.com *.gstatic.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal webchat.dotdigital.com webchat.staging.dotdigital.com www.feedoptimise.com cdn.feedoptimise.com *.dycdn.net dn1i8v75r669j.cloudfront.net dkpklk99llpj0.cloudfront.net ds9p2a60lh6fp.cloudfront.net d1y9qtn9cuc3xw.cloudfront.net d81mfvml8p5ml.cloudfront.net *.freshrelevance.com *.dotdigital.com cdn.jsdelivr.net cdnjs.cloudflare.com https://cdn.searchspring.net/intellisuggest/is.min.js js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.adsrvr.org *.amazonaws.com *.bing.com *.braintreegateway.com *.creativecdn.com *.criteo.com *.ezy-way.online www.facebook.com *.freshchat.com *.freshworksapi.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.hotjar.com *.impactcdn.com *.kaspersky-labs.com *.lesandpit.org *.lowes-menswear.com.au *.lowes.com.au *.lowesleavers.com.au *.redditstatic.com *.searchspring.io *.tiktok.com *.useinsider.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.addressfinder.io webchat.dotdigital.com webchat.staging.dotdigital.com cdn.jsdelivr.net cdnjs.cloudflare.com assets.braintreegateway.com *.braintreegateway.com *.creativecdn.com *.dotdigital.com *.doubleclick.net *.ezy-way.online *.facebook.com *.freshchat.com *.google-analytics.com *.googleapis.com *.google.com.au *.googletagmanager.com *.google.com *.gstatic.com *.impactcdn.com *.kaspersky-labs.com *.lesandpit.org *.lowes-menswear.com.au *.lowes.com.au *.lowesleavers.com.au *.newrelic.com *.paypal.com *.paypalobjects.com *.pxf.io *.statsigapi.net *.stripe.com *.trackedweb.net *.typekit.net *.useinsider.com *.vimeo.com *.youtube.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.addressfinder.io *.braintreegateway.com *.creativecdn.com *.dotdigital.com *.doubleclick.net *.ezy-way.online *.facebook.com *.freshchat.com *.google-analytics.com *.googleapis.com *.google.com.au *.googletagmanager.com *.google.com *.gstatic.com *.impactcdn.com *.kaspersky-labs.com *.lesandpit.org *.lowes-menswear.com.au *.lowes.com.au *.lowesleavers.com.au *.newrelic.com *.paypal.com *.paypalobjects.com *.pxf.io *.statsigapi.net *.stripe.com *.trackedweb.net *.typekit.net *.vimeo.com *.youtube.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.addressfinder.io *.googleapis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.dycdn.net *.freshrelevance.com wss://am.freshrelevance.com wss://am.dycdn.net dn1i8v75r669j.cloudfront.net *.dotdigital.com https://beacon.searchspring.io/beacon api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.aimtell.io *.braintreegateway.com *.creativecdn.com *.criteo.com *.doubleclick.net *.ezy-way.online www.facebook.com *.flowpaper.com *.freshchat.com *.google.com.au *.google.co.nz *.googletagmanager.com *.gstatic.com *.impactcdn.com *.kaspersky-labs.com *.lesandpit.org *.lowes-menswear.com.au *.lowes.com.au *.lowesleavers.com.au *.paypalobjects.com *.pxf.io *.reddit.com *.redditstatic.com *.statsigapi.net *.stripe.com *.typekit.net *.useinsider.com *.youtube.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.bing.com *.creativecdn.com *.criteo.net *.ezy-way.online *.google.com *.google.com.au *.lesandpit.org *.lowes-menswear.com.au *.lowes.com.au *.lowesleavers.com.au *.nr-data.net *.searchspring.io self *.tiktok.com *.trackedweb.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.fontawesome.com maxcdn.bootstrapcdn.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.facebook.net *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors https://api.clerk.io https://cdn.clerk.io *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ account.fetchify.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.facebook.com *.facebook.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.trustpilot.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com https://cdn.clerk.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.facebook.com *.facebook.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://redchamps.com 'self' data: *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://api.clerk.io https://cdn.clerk.io chimpstatic.com downloads.mailchimp.com *.list-manage.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.facebook.com *.facebook.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.google.com *.gstatic.com *.trustpilot.com https://www.googletagmanager.com tagmanager.google.com unpkg.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://api.clerk.io https://cdn.clerk.io downloads.mailchimp.com cc-cdn.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com *.trustpilot.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.facebook.com *.facebook.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com t.elasticsuite.io *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.gstatic.com 'self' data: use.fontawesome.com *.antartica.cl data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com webpay3g.transbank.cl webpay3gint.transbank.cl *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * tracking.bciplus.cl www.google.com wchat.freshchat.com *.antartica.cl www.mercadopago.cl www.mercadolibre.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.trackedlink.net *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: www.facebook.com www.google.cl *.antartica.cl www.gstatic.com www.mercadolibre.com www.mercadopago.cl *.google.com.ar antartica.cl data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.google.com *.gstatic.com *.mercadopago.cl *.googletagmanager.com *.facebook.net *.hotjar.com unpkg.com tracking.krip.cl r2-t.trackedlink.net www.clarity.ms static.trackedweb.net js-agent.newrelic.com wchat.freshchat.com static.zdassets.com *.antartica.cl sdk.mercadopago.com http2.mlstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com use.fontawesome.com *.antartica.cl www.mercadopago.cl www.gstatic.com *.googletagmanager.com *.cookielaw.org 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com t.elasticsuite.io *.google-analytics.com api.bciplus.cl ekr.zdassets.com libreriaantartica.zendesk.com wchat.freshchat.com bam.nr-data.net *.antartica.cl api.mercadopago.com www.mercadolibre.com events.mercadopago.com *.hotjar.com *.hotjar.io *.clarity.ms *.doubleclick.net *.cookielaw.org 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com www.google.com bam.nr-data.net r2.trackedweb.net commerce.adobedc.net *.antartica.cl 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-J_LHUt5TxAHeTaHqn2-CtQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.gstatic.com data: *.googleapis.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com https://cdnjs.cloudflare.com applepay.cdn-apple.com *.survicate.com https://github.com https://use.typekit.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.facebook.com *.monetico-services.com 'self' connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.google.com *.doubleclick.net www.facebook.com *.monetico-services.com connect.facebook.net graph.facebook.com business.facebook.com api.payplug.com secure.payplug.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com 'self' data: *.google.com *.google.bg www.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ connect.facebook.net graph.facebook.com business.facebook.com *.cdninstagram.com *.google.fr data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.gstatic.com *.google.com *.google.bg *.googletagmanager.com www.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ connect.facebook.net graph.facebook.com business.facebook.com https://cdnjs.cloudflare.com api.payplug.com applepay.cdn-apple.com https://cdn.payplug.com/js/integrated-payment/ survey.survicate.com sdk.privacy-center.org cdn.mouseflow.com *.clarity.ms 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com https://static.klaviyo.com *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com *.survicate.com *.typekit.net *.klaviyo.com *.clarity.ms 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.googleapis.com *.google-analytics.com www.facebook.com *.facebook.net *.google.com *.monetico-services.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ connect.facebook.net graph.facebook.com business.facebook.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://o2.mouseflow.com *.clarity.ms 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-174AX3Cmf6cygccShvh4Qg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com https://fonts.gstatic.com *.gstatic.com *.fontawesome.com https://fonts.bunny.net *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google.com https://www.gstatic.com https://cdnjs.cloudflare.com *.google:* cdn.honey.io *.tql.com moz-extension ms-browser-extension *.cloudflare.com *.twitter.com *.googleapis.com 'self' data: *.sitejabber.com https://static.klaviyo.com/ *.pinterest.com *.coversandall.com.au *.coversandall.eu *.coversandall.ca *.coversandall.co.uk *.google.co.in *.bing.com *.google.com *.adobedc.net *.tiktok.com *.adnxs.com *.affirm.com *.live:* *.rakuten.com *.jquery.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de https://seo.mageplaza.com https://plumrocket.com *.twitter.com *.facebook.com *.coversandall.com.au *.coversandall.eu *.coversandall.ca *.coversandall.co.uk 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.coversandall.co.uk *.coversandall.com www.coversandall.co.uk www.coversandall.com *.patiohq.com self *.googleapis.com pay.google.com 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com www.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://plumrocket.com self https://www.youtube.com http://www.sandbox.paypal.com *.twitter.com *.facebook.com *.freshchat.com *.sitejabber.com *.criteo.com *.criteo.net *.coversandall.com.au *.coversandall.eu *.coversandall.ca *.coversandall.co.uk *.rakuten.com *.jquery.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com https://firebasestorage.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://www.gstatic.com https://translate.googleapis.com https://fonts.gstatic.com http://translate.google.com *.adobe.com *.google:* *.adsrvr.org *.vwo.io *.steelhousemedia.com *.sitejabber.com *.freshchat.com *.sendtric.com *.office.net match.adsrvr.org *.invitereferrals.com insight.adsrvr.org cartera-cdn.freetls.fastly.net static.sitejabber.com static.rakuten.com *.cloudflare.com *.facebook.com *.criteo.com *.criteo.net *.googleadservices.com www.google-analytics.com *.visualwebsiteoptimizer.com d10lpsik1i8c69.cloudfront.net *.twitter.com 'self' data: *.bing.com *.doubleclick.net *.google.com *.payments-amazon.com *.bizrate.com cdn.coversandall.com insight.adsrvr.org/ *.alphaprints.in/ https://caterpillarsignscoversandallprod.112.2o7.net/ https://sync.targeting.unrulymedia.com/ https://cm.adgrx.com/ *.adnxs.com https://sync.1rx.io/ https://sync-criteo.ads.yieldmo.com/ https://eb2.3lift.com/ https://ade.clmbtech.com/ https://criteo-sync.teads.tv/ https://x.bidswitch.net/ https://rtb-csync.smartadserver.com/ https://sync-t1.taboola.com/ https://tg.socdm.com/ https://r.casalemedia.com/ https://adx.dable.io/ https://cs.adingo.jp/ https://ads.stickyadstv.com/ https://ad.360yield.com/ https://idsync.rlcdn.com/ https://contextual.media.net/ https://sync.outbrain.com/ https://simage2.pubmatic.com/ https://pixel.rubiconproject.com/ https://s.ad.smaato.net/ *.google.co.in https://www.awin1.com/ https://shareasale.com/ https://sync.aralego.com/ *.cloudfront.net https://caterpillarsignscoversandalluat.112.2o7.net/ *.coversandall.com *.googletagmanager.com/ *.dwin1.com *.awin1.com *.impactradius-event.com *.mountain.com *.tiktok.com *.demdex.net *.pinterest.com *.retention.com *.aralego.net *.dmxleo.com *.coversandall.com.au *.coversandall.eu *.coversandall.ca *.coversandall.co.uk *.adobedc.net *.affirm.com *.live:* *.rakuten.com *.casalemedia.com *.alocdn.com *.exelator.com *.addthis.com *.sharethrough.com *.scorecardresearch.com *.tapad.com *.jquery.com *.tarpsandall.com *.tarpsandall.alphaprints.in data: 'self' 'unsafe-inline'; script-src *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ www.google.com polyfill.io cdn.ampproject.org raw.githubusercontent.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.avada.io widget.freshworks.com m2epro.freshdesk.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://translate.googleapis.com http://translate.google.com www.googletagmanager.com https://translate-pa.googleapis.com *.google.com https://storage.googleapis.com *.google:* *.fatmedia.io *.mbirdcdn.net *.cloudflare.com *.twitter.com *.google-analytics.com *.fontawesome.com *.bing.com *.sitejabber.com *.doubleclick.net *.netcoresmartech.com *.steelhousemedia.com *.criteo.com https://js-agent.newrelic.com/ https://bam-cell.nr-data.net *.googletagmanager.com/ https://www.googleoptimize.com/ *.visualwebsiteoptimizer.com/ *.cloudfront.net/ https://d.impactradius-event.com/ https://www.googleadservices.com/ https://cdn.roirevolution.com/ https://connect.facebook.net/ https://wchat.freshchat.com/ https://static.criteo.net/ https://b-code.liadm.com/ *.amazonaws.com https://js.adsrvr.org/ https://widget.trustpilot.com/ *.visenze.com *.jsdelivr.net *.invitereferrals.com https://www.ref-r.com/ *.dwin1.com *.awin1.com *.impactradius-event.com *.mountain.com *.tiktok.com *.demdex.net *.pinterest.com *.retention.com *.coversandall.com.au *.coversandall.eu *.coversandall.ca *.coversandall.co.uk *.google.co.in *.adobedc.net *.adnxs.com *.affirm.com *.live:* *.rakuten.com *.jquery.com *.upsellit.com *.smartlook.com *.cfjump.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com unsafe-inline assets.braintreegateway.com *.fontawesome.com https://fonts.bunny.net widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com www.gstatic.com *.googleapis.com *.google.com *.gstatic.com https://cdnjs.cloudflare.com *.google:* *.cloudflare.com *.twitter.com *.bing.com *.freshchat.com *.sitejabber.com *.doubleclick.net *.cloudfront.net *.googletagmanager.com/ *.dwin1.com *.awin1.com *.impactradius-event.com *.mountain.com *.tiktok.com *.demdex.net *.pinterest.com *.retention.com *.coversandall.com.au *.coversandall.eu *.coversandall.ca *.coversandall.co.uk *.google.co.in *.adobedc.net *.adnxs.com *.affirm.com *.live:* *.rakuten.com *.jquery.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io cdn.ampproject.org api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de https://get.geojs.io *.avada.io widget.freshworks.com m2epro.freshdesk.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://translate.googleapis.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com *.google:* *.amazonaws.com 'self' ws: *.alocdn.com *.nimblecapture.com *.facebook.com *.datadome.co https://overbridgenet.com/ *.impct.site *.payments-amazon.com *.tiktok.com *.media-amazon.com *.samsung.com *.megaxt.com *.ver28r.net alocdn.com data: r.nimblecapture.com www.facebook.com *.bird.com *.adsrvr.org https://18.210.229.244/is www.google-analytics.com *.cloudflare.com *.twitter.com *.google-analytics.com https://stats.g.doubleclick.net https://www.sitejabber.com *.liadm.com *.omtrdc.net:* *.adobedc.net https://measurement-api.criteo.com/ https://caterpillarsignscoversandallprod.112.2o7.net/ *.visualwebsiteoptimizer.com https://caterpillarsignscoversandalluat.112.2o7.net/ *.visenze.com *.coversandall.com *.googletagmanager.com/ *.dwin1.com *.awin1.com *.impactradius-event.com *.mountain.com *.demdex.net *.pinterest.com *.retention.com *.bing.com *.luckyorange.net *.coversandall.com.au *.coversandall.eu *.coversandall.ca *.coversandall.co.uk *.google.co.in *.adnxs.com *.cloudfront.net *.affirm.com 'self' wss: *.live:* *.rakuten.com *.jquery.com *.alphaprints.in *.reviews.tarpsandall.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.coversandall.com/pr-csp/report/add/; report-to report-endpoint; 1
script-src 'nonce-904ece41b766a4204fdda1a796ad345e24813c692222011efdf4dfadcdcee5db' 'strict-dynamic';object-src 'none';base-uri 'none';frame-ancestors 'none'; 1
frame-src https://celesio.file.force.com *.force.com https://player.vimeo.com https://content.instrumentation.getconga.com https://*.aah.co.uk https://www.linkedin.com 'self' https://stats.g.doubleclick.net *.youtube.co.uk https://sfdc-link-preview.hk.salesforce.com https://checkoutshopper-test.adyen.com/ https://pal-test.adyen.com *.cybersource.com *.youtube.es https://*.googleapis.com https://gbr122.sfdc-5pakla.salesforce.com *.adis.ws https://www.gstatic.com https://celesio--c.um3.content.force.com https://composer.congamerge.com https://*.onetrust.com https://*.youtube.com *.youtube.ie https://www.youtube.com *.cloudinary.com https://www.google.com https://pay.google.com *.vimeo.com *.youtube.jp bcove.video https://region1.google-analytics.com *.youtube.fr https://cdn-ukwest.onetrust.com https://*.salesforce.com https://region1.analytics.google.com https://*.a.forceusercontent.com https://player.cloudinary.com https://sfdc-link-preview-staging.sfdc.sh https://s1.adis.ws *.forceusercontent.com https://data.instrumentation.getconga.com *.youtube.com *.brightcove.net https://ssl.gstatic.com https://*.supplier-point.com *.youtube.nl https://service.force.com/embeddedservice/ https://fast.wistia.net *.quip.com *.arkoselabs.com https://*.cookielaw.org *.youtube-nocookie.com https://www.paypal.com https://appiniummastertrial.secure.force.com https://play.vidyard.com https://youtu.be *.youtube.com.br *.salesforce-experience.com https://*.aah-point.com *.salesforceliveagent.com https://scormanywhere.secure.force.com https://celesio--4cdevflu--livepreview.cs110.force.com https://checkoutshopper-live.adyen.com/ *.sfdcfc.net https://*.force.com *.youtube.ca https://location.force.com *.vidyard.com https://*.linkedin.com https://*.trustarc.com https://tagmanager.google.com https://www.gstatic.com/recaptcha/ https://players.brightcove.net https://cdn.embedly.com https://*.medecator.co.uk https://www.google.com/recaptcha/ https://js.stripe.com/ https://www.sandbox.paypal.com https://try.abtasty.com https://px.ads.linkedin.com https://*.a.forceusercontent.com/lightningmaps/ https://www.googletagmanager.com *.wistia.net https://www.google-analytics.com *.salesforce.com https://www.google.co.uk *.youtube.pl; report-to sfdc-csp-ep; report-uri https://celesio.lightning.force.com/_/ContentDomainCSPNoAuth?tenantId=00D24000000aWJn&networkId=0DM4H000000TnMn&type=communities 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' lojavirus.com.br *.lojavirus.com.br wake-components.fbitsstatic.net lojavirus.fbitsstatic.net fbits.net nr-data.net newrelic.com google.com googletagmanager.com google-analytics.com facebook.net facebook.com jquery.com bootstrapcdn.com googleadservices.com yapay.com.br googlesyndication.com cloudflare.com cnt.my clearsale.com.br zdassets.com ebit.com.br traycheckout.com.br doubleclick.net ecommercemail.com.br online-metrix.net hertzen.com k-analytix.com zendesk.com citydsp.com *.fbits.net *.nr-data.net *.newrelic.com *.google.com *.googletagmanager.com *.google-analytics.com *.facebook.net *.facebook.com *.jquery.com *.bootstrapcdn.com *.yapay.com.br *.googleadservices.com *.cloudflare.com *.googlesyndication.com *.cnt.my *.ebit.com.br *.traycheckout.com.br *.clearsale.com.br *.zdassets.com *.k-analytix.com *.hertzen.com *.doubleclick.net *.ecommercemail.com.br *.online-metrix.net *.zendesk.com *.citydsp.com wss://signalr.fbits.net k-analytix.com *.k-analytix.com i.konduto.com *.yapay.com.br *.traycheckout.com.br h.online-metrix.net *.clearsale.com.br *.btg360.com.br dzpxyxks1bfmb.cloudfront.net *.zopim.com *.gstatic.com *.gstatic.com *.koin.com.br *.soclminer.com.br *.btg360.com.br *.socialminer.com signalrcore.fbits.net wss://signalrcore.fbits.net *.cloudfront.net *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadopago.com.br *.paypal.com *.paypalobjects.com *.fbits.store *.adyen.com *.pagar.me *.mundipagg.com *.getnet.com.br *.braintree-api.com *.braintreegateway.com *.pagseguro.com.br *.yourviews.com.br *.pagbank.com *.vindi.com.br *.cieloecommerce.cielo.com.br *.braspag.com.br *.pagador.com.br *.online-metrix.net *.ucarecdn.com *.uploadcare.com *.yviews.com.br *.lojaconfiavel.com *.lightwidget.com bt-wake-connector.com.br lojavirus.fbitsstatic.net *.fbitsstatic.net *.pagaleve.com.br *.pagaleve.io wake-api.pagaleve.com.br securegtm.despegar.com api.ipify.org browser-intake-datadoghq.com *.datadoghq-browser-agent.com *.datadoghq.com wake.koin.com.br paypal-wake.s3.us-east-1.amazonaws.com *.cardinalcommerce.com *.secureacs.com api.globalgetnet.com *.globalgetnet.com *.sandbox.3dsecure.io gstatic.com *.3dsecure.io ; img-src https: data:; style-src https: 'unsafe-inline'; font-src https: data:; frame-ancestors *.lojavirus.com.br lojavirus.com.br; report-uri https://pub-csp.fbits.net/checkout_sem_carrinho; report-to https://pub-csp.fbits.net/checkout_sem_carrinho; worker-src 'self' blob:; 1
default-src 'self' *.ctfassets.net;img-src data: blob: *;style-src 'self' 'unsafe-inline' *.gstatic.com;font-src 'self' fonts.gstatic.com;media-src 'self' *.ctfassets.net *.gstatic.com;frame-src 'self' *.ctfassets.net *.youtube.com *.ungpd.com;connect-src 'self' *.ctfassets.net *.contentful.com *.bugsnag.com *.swish.nu;object-src 'none';script-src 'self'; report-uri https://eo7f9vdutam5kd9.m.pipedream.net; report-to csp-report; 1
object-src 'none';base-uri 'self';script-src 'nonce-vpdqNRXu1pwtsufiSNyj-Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src https://* 'self' epichttp:;script-src 'nonce-955830e7ce2a436ab4d5b8b09c55055f' https://az-mychart.franciscanalliance.org 'self';img-src https://* 'self' blob: data:;style-src https://az-mychart.franciscanalliance.org 'self' 'unsafe-inline';worker-src 'self' blob:;child-src 'self' blob:;form-action 'self';media-src https://* 'self' blob:; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com cdn.jsdelivr.net cdn.almapay.com *.googleapis.com *.mauboussin.fr data: * *.fontawesome.com maxcdn.bootstrapcdn.com applepay.cdn-apple.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.adyen.com *.google.com *.mauboussin.fr * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.adyen.com *.getalma.eu *.gstatic.com *.mauboussin.fr * www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.googletagmanager.com/ api-qa.payplug.com secure-qa.payplug.com *.payplug.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.paypal.com *.typekit.net *.gstatic.com *.adyen.com *.googleapis.com *.mauboussin.fr * www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://secure-magenta.dalenys.com maps.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.adyen.com cdn.jsdelivr.net *.googleapis.com *.gstatic.com *.mauboussin.fr * www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ applepay.cdn-apple.com api-qa.payplug.com cdn-qa.payplug.com https://cdn-qa.payplug.com https://secure-magenta.dalenys.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cdn.jsdelivr.net *.googleapis.com/ *.mauboussin.fr * *.fontawesome.com maxcdn.bootstrapcdn.com https://secure-magenta.dalenys.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.adyen.com *.getalma.eu *.googleapis.com *.mauboussin.fr * www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ maps.googleapis.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.gstatic.com *.mauboussin.fr *.criteo.net *.pinterest.com *.googletagmanager.com *.snapppt.com *.360yield.com * 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self';style-src 'self' 'unsafe-inline';style-src-elem 'unsafe-inline' 'self' https://*.freshchat.com/ https://fonts.googleapis.com/css2;script-src https://*.freshchat.com https://*.freshworksapi.com/;script-src-elem 'self' 'unsafe-inline' https://*.freshchat.com/ https://www.googletagmanager.com/gtag/ https://fonts.googleapis.com/css2 https://*.freshworksapi.com/;img-src 'self' data: blob: https://images.stealthex.io https://stealthex.io/blog/wp-content/ https://*.freshchat.com	https://fc-use1-00-pics-bkt-00.s3.amazonaws.com/;media-src https://*.freshchat.com;frame-src https://*.freshchat.com;worker-src 'self' blob: https://*.freshchat.com/;font-src 'self' https://fonts.gstatic.com/ https://*.freshchat.com/;connect-src 'self' https://stealthex.io/api/ https://www.google-analytics.com/g/collect https://*.ingest.sentry.io/api/ wss://*.freshworksapi.com/ https://*.freshworksapi.com/;report-uri https://stealthex.report-uri.com/r/d/csp/reportOnly 1
frame-ancestors 'self'; report-uri https://www.escape.com.au/csp-reports 1
script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *.curtmfg.com googleads.g.doubleclick.net www.googletagmanager.com secure.quantserve.com www.google-analytics.com www.google.com connect.facebook.net static.hotjar.com stats.g.doubleclick.net www.gstatic.com maps.googleapis.com www.googleadservices.com rules.quantcount.com *.hotjar.com js-agent.newrelic.com bam-cell.nr-data.net; report-uri /.webscale/csp-report 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com maxcdn.bootstrapcdn.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.addtoany.com *.elfsight.com *.klaviyo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com www.xtento.com *.addtoany.com *.elfsight.com *.doubleclick.net *.facebook.com *.facebook.net *.googlesyndication.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.xtento.com cdn.xtento.com *.elfsight.com *.elfsightcdn.com *.cdninstagram.com https://phosphor.ivanenko.workers.dev *.facebook.com *.google.com *.google.co.uk https://cdn-cookieyes.com *.googlesyndication.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com www.xtento.com cdn.xtento.com *.addtoany.com *.elfsight.com *.elfsightcdn.com *.zendesk.com *.zdassets.com *.facebook.com *.facebook.net *.doubleclick.net *.klaviyo.com https://cdn-cookieyes.com *.googlesyndication.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://static.klaviyo.com maxcdn.bootstrapcdn.com *.stripe.network *.stripecdn.com *.digitalriverws.com *.typekit.net *.addtoany.com *.elfsight.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com static.zdassets.com *.vimeo.com https://download-video.akamaized.net *.gumlet.io 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.elfsight.com *.zendesk.com *.zdassets.com *.facebook.com *.facebook.net *.googlesyndication.com *.google-analytics.com *.doubleclick.net *.klaviyo.com *.cookieyes.com https://cdn-cookieyes.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.fontawesome.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com td.doubleclick.net 13605183.fls.doubleclick.net www.google.com cdn.octadesk.com *.infonet.com.py *.infonet.com.py:8888/ https://vpos.infonet.com.py:8888/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net static.tacdn.com www.facebook.com ad.doubleclick.net www.google.com.py adservice.google.com c.clarity.ms c.bing.com cellshop.com.py integration-5ojmyuq-qoiivjresdo6e.us-5.magentosite.cloud cdn.leadster.com.br https://desa.infonet.com.py:8035/ https://firebasestorage.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.gstatic.com *.googletagmanager.com ssl.gstatic.com www.gstatic.com *.google.co.in data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com commerce.adobe.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com static.cloudflareinsights.com connect.facebook.net js-agent.newrelic.com www.tripadvisor.com unpkg.com www.tripadvisor.es www.google.com static.tacdn.com www.gstatic.com www.clarity.ms www.jscache.com vpos.infonet.com.py www.tripadvisor.com.br cdn.octadesk.com *.cellshop.com.py *.infonet.com.py:8888/ *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com *.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com tagmanager.google.com ssl.google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com static.tacdn.com *.fontawesome.com https://fonts.bunny.net unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.magento-datasolutions.com *.magento-ds.com *.infonet.com.py:8888 *.infonet.com.py bam.nr-data.net t.clarity.ms https://viacep.com.br https://www.viacep.com.br https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.analytics.google.com *.google-analytics.com *.googletagmanager.com *.g.doubleclick.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com bam.nr-data.net t.clarity.ms commerce.adobedc.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-TdG6v5vqP6gnlktw6AvCqw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ chimpstatic.com downloads.mailchimp.com *.list-manage.com js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' bam.nr-data.net js-agent.newrelic.com tags.srv.stackadapt.com snap.licdn.com connect.facebook.net www.google-analytics.com www.googletagmanager.com googleads.g.doubleclick.net translate.googleapis.com prod.ally.ac a.omappapi.com a.opmnstr.com yoda.unifyed.com www.googleadservices.com js.adsrvr.org translate.google.com cdn01.basis.net translate-pa.googleapis.com cdn.gtranslate.net tags.srv.stackadapt.com *.google.com; style-src 'self' 'unsafe-inline' cloud.typography.com tags.srv.stackadapt.com a.omappapi.com prod.ally.ac translate.googleapis.com fonts.gstatic.com fonts.googleapis.com www.gstatic.com; img-src 'self' my.unifyed.com px.ads.linkedin.com www.gstatic.com www.facebook.com www.google.com pixel.sitescout.com www.google-analytics.com i.ytimg.com i.vimeocdn.com translate.google.com translate.googleapis.com fonts.gstatic.com ad.doubleclick.net manageimages-prod.s3.amazonaws.com data:; frame-src 'self' insight.adsrvr.org *.doubleclick.net www.youtube.com www.youtube-nocookie.com pixel.sitescout.com player.vimeo.com www.facebook.com; frame-ancestors 'self' insight.adsrvr.org *.doubleclick.net www.youtube.com www.youtube-nocookie.com pixel.sitescout.com player.vimeo.com www.facebook.com; child-src 'self' insight.adsrvr.org *.doubleclick.net www.youtube.com www.youtube-nocookie.com pixel.sitescout.com player.vimeo.com www.facebook.com; font-src 'self' themes.googleusercontent.com fonts.gstatic.com; connect-src 'self' cloud.typography.com tags.srv.stackadapt.com api.omappapi.com prod.ally.ac translate.googleapis.com yoda.unifyed.com www.google-analytics.com stats.g.doubleclick.net bam.nr-data.net play.google.com www.facebook.com https://px.ads.linkedin.com/wa/; report-uri /report-csp-violation; upgrade-insecure-requests 1
object-src 'none'; script-src 'nonce-G/a3G2LVQX02gGDSqIcHDg==' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:; base-uri 'none'; report-uri https://o463592.ingest.sentry.io/api/5471479/security/?sentry_key=ab531d6dca0d488898493ccc9706f202&sentry_environment=prod 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.yotpo.com *.gstatic.com *.hsforms.com *.duosecurity.com *.googletagmanager.com connect.breadpayments.com https://connect-preview.breadpayments.com https://api.sp-pv-ads.ue2.breadgateway.net https://api.pp-prod-ads.ue2.breadgateway.net *.fontawesome.com *.googleapis.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.north40.com *.facebook.com north40.com *.us19.list-manage.com *.hsforms.com *.duosecurity.com *.googletagmanager.com connect.breadpayments.com https://connect-preview.breadpayments.com https://api.sp-pv-ads.ue2.breadgateway.net https://api.pp-prod-ads.ue2.breadgateway.net *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com www.googletagmanager.com *.getbread.com *.breadpayments.com *.rbcpayplan.com *.weltpixel.com *.signifyd.com *.online-metrix.net *.facebook.com *.google.com snapwidget.com *.addthis.com *.weather.gov widget.surveymonkey.com *.surveymonkey.com *.paypalobjects.com *.hsforms.net *.hsforms.com *.hubspot.com *.duosecurity.com *.googletagmanager.com connect.breadpayments.com https://connect-preview.breadpayments.com https://api.sp-pv-ads.ue2.breadgateway.net https://api.pp-prod-ads.ue2.breadgateway.net www.xtento.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com p.typekit.net *.paypal.com *.typekit.net validator.swagger.io *.getbread.com *.breadpayments.com *.rbcpayplan.com maps.googleapis.com *.yotpo.com *.signifyd.com *.nexcesscdn.net *.unbxdapi.com *.fna.fbcdn.net *.bing.com *.cloudfront.net *.online-metrix.net *.facebook.com *.amazonaws.com *.weltpixel.com *.google-analytics.com *.north40.com *.google.com images.north40.com.global.prod.fastly.net *.zopim.com *.googleapis.com *.xtento.com waterdata.usgs.gov www.google.co.in widget.surveymonkey.com *.surveymonkey.com *.zopim.io n40.s3.us-east-1.amazonaws.com *.clarity.ms *.hsforms.net *.hsforms.com *.simpli.fi *.hubspot.com *.doubleclick.net *.3lift.com *.tremorhub.com *.exelator.com *.intentiq.com *.agkn.com *.tapad.com *.crwdcntrl.net  *.bluekai.com *.bfmio.com *.spotxchange.com *.rlcdn.com *.lijit.com *.openx.net *.rubiconproject.com *.adnxs.com *.pro-market.net cfvod.kaltura.com *.duosecurity.com *.hubspotusercontent-na1.net psyberware.com *.googletagmanager.com *.hotjar.com wss://ws.hotjar.com https://content.hotjar.io connect.breadpayments.com https://connect-preview.breadpayments.com https://api.sp-pv-ads.ue2.breadgateway.net https://api.pp-prod-ads.ue2.breadgateway.net *.hotjar.io www.xtento.com cdn.xtento.com https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com maps.gstatic.com *.gstatic.com *.cdninstagram.com *.fbcdn.net dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com *.commerce-payment-services.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net www.googletagmanager.com *.getbread.com *.breadpayments.com *.rbcpayplan.com ajax.googleapis.com maps.googleapis.com *.cloudflare.com *.cloudfront.net *.google.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.paypalobjects.com *.paypal.com *.googletagmanager.com *.youtube.com *.facebook.net *.yotpo.com *.signifyd.com *.unbxdapi.com *.unbxd.io *.gstatic.com *.bing.com *.addthis.com *.zdassets.com *.weltpixel.com *.zopim.com *.moatads.com *.addthisedge.com *.north40.com resources.xg4ken.com googleads.g.doubleclick.net widget.surveymonkey.com *.surveymonkey.com cdn.scarabresearch.com static.scarabresearch.com *.amazonaws.com *.acsbap.com *.acsbapp.com 'unsafe-inline' *.clarity.ms *.hubspot.com *.hsforms.net *.hsforms.com *.simpli.fi *.hs-scripts.com js.hs-banner.com js.hs-analytics.net *.hscollectedforms.net hubspot-forms-static-embed.s3.amazonaws.com *.hsadspixel.net *.hsleadflows.net js.hscta.net *.usemessages.com cdnapisec.kaltura.com *.duosecurity.com https://js-agent.newrelic.com/ *.newrelic.com *.nr-data.com *.nr-ext.net *.nr-assets.net *.hotjar.com wss://ws.hotjar.com https://content.hotjar.io connect.breadpayments.com https://connect-preview.breadpayments.com https://api.sp-pv-ads.ue2.breadgateway.net https://api.pp-prod-ads.ue2.breadgateway.net *.hotjar.io www.xtento.com cdn.xtento.com s7.addthis.com *.avada.io assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com *.instagram.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.yotpo.com *.cloudfront.net *.unbxdapi.com *.gstatic.com *.unbxd.io widget.surveymonkey.com *.mailchimp.com *.duosecurity.com *.googletagmanager.com *.hotjar.com wss://ws.hotjar.com https://content.hotjar.io connect.breadpayments.com https://connect-preview.breadpayments.com https://api.sp-pv-ads.ue2.breadgateway.net https://api.pp-prod-ads.ue2.breadgateway.net *.hotjar.io *.fontawesome.com unsafe-inline assets.braintreegateway.com tagmanager.google.com *.googleapis.com dhv2ziothpgrr.cloudfront.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com *.hsforms.com *.duosecurity.com *.googletagmanager.com connect.breadpayments.com https://connect-preview.breadpayments.com https://api.sp-pv-ads.ue2.breadgateway.net https://api.pp-prod-ads.ue2.breadgateway.net *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.paypal.com *.getbread.com *.breadpayments.com *.rbcpayplan.com *.yotpo.com *.instagram.com *.signifyd.com *.zdassets.com *.zendesk.com *.north40.com *.weltpixel.com *.google-analytics.com *.zopim.com wss://widget-mediator.zopim.com bt.signifyd.com:11103 stats.g.doubleclick.net widget.surveymonkey.com *.surveymonkey.com recommender.scarabresearch.com recommender-eu.scarabresearch.com *.clarity.ms *.us19.list-manage.com *.hsforms.net *.hsforms.com *.hscollectedforms.net hubspot-forms-static-embed.s3.amazonaws.com *.hubspot.com *.googleapis.com *.hubapi.com *.duosecurity.com *.unbxdapi.com *.unbxd.io analytics.google.com test-unbxd-console-platform.s3.amazonaws.com unbxd-console-platform.s3.amazonaws.com d3oudgusdzf61y.cloudfront.net *.googletagmanager.com *.newrelic.com *.nr-data.net *.hotjar.com wss://ws.hotjar.com https://content.hotjar.io *.hotjar.io connect.breadpayments.com https://connect-preview.breadpayments.com https://api.sp-pv-ads.ue2.breadgateway.net https://api.pp-prod-ads.ue2.breadgateway.net ekr.zdassets.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com https://www.google-analytics.com *.googleusercontent.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
font-src *.googleapis.com *.gstatic.com maxcdn.bootstrapcdn.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com data: *.facebook.com *.onetrust.com *.cookielaw.org *.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ data: *.google.com *.addthis.com *.tagembed.com *.flipsnack.com *.facebook.com bt.signifyd.com:11103 *.walls.io *.onetrust.com *.cookielaw.org *.equalada-api.herokuapp.com *.herokuapp.com *.doubleclick.net maps.googleapis.com chart.googleapis.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src *.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.googleapis.com *.gstatic.com *.cardinalcommerce.com *.facebook.com *.google.com www.google.co.in mcusercontent.com *.onetrust.com *.cookielaw.org *.clarity.ms *.googletagmanager.com *.google-analytics.com c.bing.com magefan.com cm.magefan.com https://img.youtube.com ssl.gstatic.com www.gstatic.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com data: *.cardinalcommerce.com *.facebook.net *.zassets.com static.zdassets.com *.google.com walls.io *.g.doubleclick.net *.moatads.com *.addthisedge.com *.addthis.com *.tagembed.com *.ccdc02.com chimpstatic.com *.authorize.net mc.us5.list-manage.com *.mailchimp.com *.zopim.com *.onetrust.com *.cookielaw.org *.hotjar.com *.smartlook.com *.clarity.ms *.googletagmanager.com maps.googleapis.com chart.googleapis.com https://includes.ccdc02.com/cardinalcruise/v1/songbird.js https://includestest.ccdc02.com/cardinalcruise/v1/songbird.js https://includestest.ccdc02.com/cardinalcruise/v1/0a125400b09de2105a63/5.0a125400b09de2105a63.songbird.js https://includes.ccdc02.com/cardinalcruise/v1/b109e0c6fd2a5b6b93b2/1.b109e0c6fd2a5b6b93b2.songbird.js https://jstest.authorize.net/v1/Accept.js https://jstest.authorize.net/v1/AcceptCore.js https://js.authorize.net/v1/Accept.js https://js.authorize.net/v1/AcceptCore.js s7.addthis.com tagmanager.google.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com data: *.mailchimp.com *.onetrust.com *.cookielaw.org maxcdn.bootstrapcdn.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src maps.googleapis.com chart.googleapis.com 'self' 'unsafe-inline'; media-src *.adobe.com data: *.zdassets.com *.onetrust.com *.cookielaw.org 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com data: wss: *.zendesk.com *.zopim.com widget-mediator.zopim.com stats.g.doubleclick.net bam-cell.nr-data.net *.authorize.net bt.signifyd.com:11103 *.onetrust.com *.cookielaw.org bam.nr-data.net vc.hotjar.io *.clarity.ms *.demdex.net *.cardinalcommerce.com *.google.com manager.eu.smartlook.cloud maps.googleapis.com chart.googleapis.com https://apitest.authorize.net/xml/v1/request.api https://api.authorize.net/xml/v1/request.api https://includes.ccdc02.com/cardinalcruise/v1/songbird.js https://includestest.ccdc02.com/cardinalcruise/v1/songbird.js https://includestest.ccdc02.com/cardinalcruise/v1/0a125400b09de2105a63/5.0a125400b09de2105a63.songbird.js https://includes.ccdc02.com/cardinalcruise/v1/b109e0c6fd2a5b6b93b2/1.b109e0c6fd2a5b6b93b2.songbird.js https://jstest.authorize.net/v1/Accept.js https://jstest.authorize.net/v1/AcceptCore.js https://js.authorize.net/v1/Accept.js https://js.authorize.net/v1/AcceptCore.js ekr.zdassets.com/ *.google-analytics.com *.analytics.google.com *.googletagmanager.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'none'; default-src https://www.czater.pl 'self'; script-src https://*.czater.pl https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com 'self' 'unsafe-inline'; img-src https:/*.www.googletagmanager.com 'self' static.sprintdatacenter.pl rapiddc.pl; style-src https://www.czater.pl 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com; form-action 'self'; connect-src wss://s2.czater.pl https://pagead2.googlesyndication.com https://*.google.com https://*.googletagmanager.com 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://*.publitas.com *.fontawesome.com *.kohlerbycochez.com https://script.hotjar.com *.algolia.com *.googleapis.com *.bootstrapcdn.com https://*.bazaarvoice.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com pay.google.com sandbox.secure.checkout.visa.com secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com https://*.publitas.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com * *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net www.gstatic.com sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.kohlerbycochez.com network-a.bazaarvoice.com maps.gstatic.com *.algolia.com media.flixcar.com rt.flix360.com *.google.com *.google-analytics.com *.googleadservices.com https://www.google.com https://www.google.com.co maps.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.facebook.com *.reddit.com https://*.bazaarvoice.com https://*.google.com.pa data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com pay.google.com x.klarnacdn.net sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://*.publitas.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://apps.bazaarvoice.com *.kohlerbycochez.com apps.bazaarvoice.com static.hotjar.com script.hotjar.com h.online-metrix.net js-agent.newrelic.com www.google.com www.gstatic.com maps.googleapis.com *.algolia.com media.flixfacts.com media.flixcar.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com unpkg.com https://cdn.jsdelivr.net https://scripts.publitas.com https://view.publitas.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://*.publitas.com *.fontawesome.com *.kohlerbycochez.com *.algolia.com *.google.com *.googleapis.com *.gstatic.com *.bootstrapcdn.com assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com videos.pexels.com *.algolia.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io thm.visa.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.kohlerbycochez.com bam.nr-data.net maps.googleapis.com https://surveystats.hotjar.io media.flixcar.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google-analytics.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.doubleclick.net *.run.app https://*.bazaarvoice.com https://*.hotjar.io 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src bam.nr-data.net *.kohlerbycochez.com ws.hotjar.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com https://*.typekit.net https://geowidget.easypack24.net https://wniosek.santanderconsumer.pl https://ewniosek.credit-agricole.pl/ *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com maxcdn.bootstrapcdn.com *.gstatic.com 'self' data: https://trustmate.io https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com sandbox.przelewy24.pl secure.przelewy24.pl https://www.facebook.com https://ewniosek.credit-agricole.pl/ 'self' 'unsafe-inline'; frame-ancestors pay.google.com 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com consentcdn.cookiebot.com consentcdn.cookiebot.eu https://www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.weltpixel.com pay.google.com apm.przelewy24.pl https://*.googletagmanager.com https://wniosek.eraty.pl https://wniosek.santanderconsumer.pl https://*.hotjar.com https://*.googleapis.com https://*.salesmanago.pl https://*.dpd.com.pl https://*.doofinder.com https://*.clarity.ms https://c.bing.com https://ewniosek.credit-agricole.pl/ 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com imgsct.cookiebot.com imgsct.cookiebot.eu cdn.doofinder.com https://*.facebook.com connect.facebook.net graph.facebook.com business.facebook.com static.przelewy24.pl www.gstatic.com gstatic.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://img.youtube.com https://roweroza.pl https://sprint-rowery.pl https://stage.roweroza-magento.centuria.pl https://i.ibb.co https://*.usercentrics.eu https://www.google-analytics.com https://www.google.com https://*.googletagmanager.com https://*.sharethis.com https://wniosek.santanderconsumer.pl https://*.googleapis.com https://*.doofinder.com https://*.clarity.ms https://c.bing.com https://ewniosek.credit-agricole.pl/ *.hsforms.net *.hsforms.com 'self' data: https://trustmate.io https://widgets.trustedshops.com https://widgets-qa.trustedshops.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ apis.google.com consent.cookiebot.com consent.cookiebot.eu cdn.doofinder.com https://connect.facebook.net connect.facebook.net graph.facebook.com business.facebook.com https://ssl.ceneo.pl/ sandbox.przelewy24.pl secure.przelewy24.pl pay.google.com apm.przelewy24.pl https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://*.typekit.net https://www.google-analytics.com https://platform-api.sharethis.com https://cdn.jsdelivr.net https://cdn.tmtarget.com https://cdnjs.cloudflare.com https://geowidget.easypack24.net https://biznes.furgonetka.pl https://*.googleapis.com https://*.hotjar.com https://wniosek.santanderconsumer.pl https://*.googletagmanager.com https://*.cookiebot.eu https://*.cookiebot.com https://*.newrelic.com https://*.dpd.com.pl https://*.doofinder.com https://*.clarity.ms https://c.bing.com https://ewniosek.credit-agricole.pl/ *.googleapis.com *.google.com *.gstatic.com *.hsforms.net *.hsforms.com https://trustmate.io https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.doofinder.com fonts.googleapis.com https://static.klaviyo.com https://*.typekit.net https://cdn.jsdelivr.net https://geowidget.easypack24.net https://wniosek.santanderconsumer.pl https://cdnjs.cloudflare.com https://*.googletagmanager.com *.googleapis.com https://*.doofinder.com https://*.clarity.ms https://c.bing.com https://ewniosek.credit-agricole.pl/ *.fontawesome.com *.google.com *.gstatic.com maxcdn.bootstrapcdn.com https://trustmate.io https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com consentcdn.cookiebot.com consentcdn.cookiebot.eu *.doofinder.com wss://*.doofinder.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com sandbox.przelewy24.pl secure.przelewy24.pl wss://sandbox-ws.przelewy24.pl wss://secure-ws.przelewy24.pl apple-pay-gateway.apple.com apm.przelewy24.pl https://*.google.com www.google.com pay.google.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://*.googlesyndication.com https://*.sharethis.com https://*.typekit.net https://*.googleapis.com https://*.analytics.google.com https://stats.g.doubleclick.net https://*.hotjar.com https://*.googletagmanager.com https://*.nr-data.net https://*.doofinder.com https://*.clarity.ms https://c.bing.com https://ewniosek.credit-agricole.pl/ http://dpm.demdex.net https://www.google.com https://www.gstatic.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com https://trustmate.io *.trustedshops.com *.etrusted.com https://integrations.etrusted.site https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' fonts.gstatic.com; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com ctrack.trafficjunky.net geo-tracker.smadex.com 'self' https://newassets.hcaptcha.com;;style-src 'self' 'unsafe-inline' fonts.googleapis.com;script-src 'self' 'unsafe-inline' *.googletagmanager.com mc.yandex.ru *.google-analytics.com *.youtube.com mc.yandex.com mc.yandex.ru *.google.com *.gstatic.com *.mightytips.com my.rtmark.net *.hybrid.ai https://*.g.doubleclick.net ctrack.trafficjunky.net geo-tracker.smadex.com;img-src * data:;font-src 'self' fonts.gstatic.com;connect-src 'self' mc.yandex.ru *.analytics.google.com *.google-analytics.com doubleclick.net *.googletagmanager.com mc.yandex.com mc.yandex.ru mc.yandex.md yandexmetrica.com *.mightytips.com https://*.g.doubleclick.net ctrack.trafficjunky.net geo-tracker.smadex.com https://analytics.google.com;frame-src 'self' *.youtube.com *.instagram.com *.twitter.com *.yandex.com *.google.com my.rtmark.net *.hybrid.ai https://*.g.doubleclick.net ctrack.trafficjunky.net geo-tracker.smadex.com 'self' https://newassets.hcaptcha.com;;script-src-elem 'self' 'unsafe-inline' *.instagram.com *.googletagmanager.com *.yandex.ru *.google-analytics.com *.twitter.com *.youtube.com mc.yandex.com *.google.com *.gstatic.com mc.yandex.ru *.mightytips.com my.rtmark.net *.hybrid.ai https://*.g.doubleclick.net ctrack.trafficjunky.net geo-tracker.smadex.com track.trackingtraffo.com https://www.hcaptcha.com/1/api.js;frame-ancestors 'self'; report-uri https://casinocanada.com/cspreport.php 1
default-src 'none'; worker-src 'self' blob:; base-uri 'self'; img-src * data:; frame-ancestors 'self' soderhamnnara.se *.gavlenet.se gavlenet.se gavleenergi.se; form-action 'self'; script-src 'self' 'nonce-4vXbpQD' api.livechatinc.com cdn.livechatinc.com functions.janjoo.se/js/informera-rss/app.js bankid.lime-technologies.com ajax.googleapis.com code.jquery.com *.gavlenet.se *.gavleenergi.se kit.fontawesome.com googletagmanager.com stats.gavleenergi.se cdn.gavleenergi.se t.adii.se; connect-src code.jquery.com maxcdn.bootstrapcdn.com gavchat.uc.tele2.se functions.janjoo.se *.gavleenergi.se maps.googleapis.com stats.gavleenergi.se simpliform.gavleenergi.se ka-p.fontawesome.com www.gavleenergi.se gavleenergi.se kit.fontawesome.com; style-src 'unsafe-inline' code.jquery.com/ui/1.12.1/themes/smoothness/jquery-ui.css maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/font-awesome.min.css cdn.gavleenergi.se;  style-src-elem * 'unsafe-inline'; style-src-attr * 'unsafe-inline'; frame-src secure.livechatinc.com *.youtube.com youtube.com gavleenergi.se *.gavlenet.se *.gavleenergi.se app.bwz.se gavleenergiab.webapp.virtaglobal.com; font-src *.fontawesome.com use.typekit.net fonts.gstatic.com data: *.gavleenergi.se www.gavleenergi.se/wp-includes/fonts/ maxcdn.bootstrapcdn.com; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.klevu.com *.ksearchnet.com *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com https://plumrocket.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.dotdigital-pages.com *.dotdigital.com https://plumrocket.com *.iubenda.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com js.mollie.com https://accounts.google.com www.xtento.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: track.goggles4u.info https://track.goggles4u.info www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.trackedlink.net https://images.unsplash.com *.iubenda.com *.klevu.com *.ksearchnet.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.mollie.com www.google.com.ua www.xtento.com cdn.xtento.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal https://maps.googleapis.com *.iubenda.com *.klevu.com *.ksearchnet.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.mollie.com https://accounts.google.com https://www.gstatic.com www.xtento.com cdn.xtento.com *.yotpo.com https://js.klevu.com sst.goggles4u.com https: 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.klevu.com *.ksearchnet.com https://accounts.google.com https://www.gstatic.com *.yotpo.com *.googleapis.com https://statsjs.klevu.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com https://maps.googleapis.com https://player.vimeo.com https://checkout.iwdagency.com *.iubenda.com *.klevu.com *.ksearchnet.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://accounts.google.com *.yotpo.com sst.goggles4u.com https: 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src 'self' data: fonts.gstatic.com *.flightio.com at.alicdn.com; frame-ancestors 'self' *.flightio.com; report-uri https://flightiorp.report-uri.com/r/d/csp/reportOnly; 1
font-src *.retailrocket.net *.embluemail.com stackpath.bootstrapcdn.com snapwidget.com widget.freshworks.com https://www.gstatic.com https://fonts.gstatic.com *.fontawesome.com fonts.gstatic.com data: *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com webpay3g.transbank.cl webpay3gint.transbank.cl *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self' *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.retailrocket.net *.embluemail.com stackpath.bootstrapcdn.com snapwidget.com widget.freshworks.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.retailrocket.net *.embluemail.com stackpath.bootstrapcdn.com snapwidget.com widget.freshworks.com *.google.com/ *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.commercepartnerhub.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * cdn.dnky.co amc.demdex.net www.google.com youtube.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.retailrocket.net *.embluemail.com stackpath.bootstrapcdn.com snapwidget.com widget.freshworks.com www.google.co.in cannonhome.cl magefan.com cm.magefan.com *.disqus.com https://www.magezon.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.gstatic.com maps.googleapis.com accounts.google.com *.yotpo.com *.afip.gob.ar data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.retailrocket.net *.embluemail.com stackpath.bootstrapcdn.com snapwidget.com widget.freshworks.com unpkg.com wchat.freshchat.com *.google.com/ https://www.gstatic.com *.disqus.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com cdn.dnky.co r1-t.trackedlink.net www.gstatic.com js-agent.newrelic.com bam.nr-data.net maps.googleapis.com player.vimeo.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.retailrocket.net *.embluemail.com stackpath.bootstrapcdn.com snapwidget.com widget.freshworks.com fonts.googleapis.com wchat.freshchat.com www.gstatic.com *.fontawesome.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com unsafe-inline assets.braintreegateway.com cdn.dnky.co *.googletagmanager.com *.cookielaw.org *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src *.retailrocket.net *.embluemail.com stackpath.bootstrapcdn.com snapwidget.com widget.freshworks.com 'self' 'unsafe-inline'; media-src *.adobe.com *.retailrocket.net *.embluemail.com stackpath.bootstrapcdn.com snapwidget.com widget.freshworks.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.retailrocket.net *.embluemail.com stackpath.bootstrapcdn.com snapwidget.com widget.freshworks.com stats.g.doubleclick.net videelect.icu regtech.sbs *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com api.comapi.com bam.nr-data.net *.cookielaw.org *.yotpo.com 'self' 'unsafe-inline'; child-src *.retailrocket.net *.embluemail.com stackpath.bootstrapcdn.com snapwidget.com widget.freshworks.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.retailrocket.net *.embluemail.com stackpath.bootstrapcdn.com snapwidget.com widget.freshworks.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' https://d1g5x7b3jtu99v.cloudfront.net;script-src 'self' 'unsafe-inline' js.stripe.com widget.intercom.io js.intercomcdn.com cdn.segment.com cdn.lr-in-prod.com https://*.google-analytics.com api.figma.com https://d1g5x7b3jtu99v.cloudfront.net data: connect.facebook.net https://googleads.g.doubleclick.net https://*.googletagmanager.com cdn.jsdelivr.net js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net js.hsforms.net static.hsappstatic.net https://www.googleadservices.com https://www.google.com https://pagead2.googlesyndication.com https://cdn.vector.co/pixel.js https://*.clarity.ms https://api.app.bullseye.so cdn.getkoala.com js.hsadspixel.net cdn.cr-relay.com a.usbrowserspeed.com d-code.liadm.com https://web.cmp.usercentrics.eu https://assets.revenuehero.io;style-src 'self' 'unsafe-inline' fonts.googleapis.com https://d1g5x7b3jtu99v.cloudfront.net;img-src *;font-src 'self' fonts.gstatic.com https://fonts.intercomcdn.com https://d1g5x7b3jtu99v.cloudfront.net;media-src 'self' https://js.intercomcdn.com https://d1g5x7b3jtu99v.cloudfront.net;connect-src 'self' https://*.chromatic.com https://index.chromatic.com snapshots.chromatic.com api-iam.intercom.io nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io https://cdn.segment.com https://*.google-analytics.com https://analytics.google.com https://api.segment.io https://stats.g.doubleclick.net https://api-us-east-1.graphcms.com https://r.lr-in-prod.com webmention.io hichroma.us15.list-manage.com https://*.ingest.sentry.io api.figma.com https://pagead2.googlesyndication.com https://forms.hscollectedforms.net https://api.hsforms.com forms.hsforms.com https://*.googletagmanager.com https://www.googleadservices.com https://www.google.com https://google.com api.vector.co https://*.clarity.ms https://api.app.bullseye.so https://pro.ip-api.com api.cr-relay.com https://www.facebook.com api.getkoala.com https://api.hubapi.com https://*.usercentrics.eu https://app.revenuehero.io;child-src 'self' blob:;frame-src 'self' https://www.chromatic.com https://index.chromatic.com snapshots.chromatic.com js.stripe.com https://www.youtube.com https://chromatic-interactive-demo.netlify.app https://*.chromatic.com https://td.doubleclick.net https://*.googletagmanager.com https://meetings.hubspot.com https://forms.hsforms.com;frame-ancestors 'self' https://*.chromatic.com 1
font-src fonts.gstatic.com use.typekit.net *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.gelproximity.com *.hipay-tpp.com *.hipay.com *.paypal.com https://www.googletagmanager.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.openstreetmap.org *.salesmanago.pl *.salesmanago.es *.salesmanago.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net * plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com unpkg.com commerce.adobedtm.com assets.adobedtm.com commerce.adobe.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.gelproximity.com *.hipay.com *.hipay-tpp.com https://mpsnare.iesnare.com *.zdassets.com *.newrelic.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com widget.freshworks.com m2epro.freshdesk.com mpsnare.iesnare.com *.paypal.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ s7.addthis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com cdn.scalapay.com b2c-cdn.scalapay.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com widget.freshworks.com m2epro.freshdesk.com *.hipay.com *.fontawesome.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.zdassets.com data: mpsnare.iesnare.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io p13n.adobe.io p13n-mr.adobe.io * plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com commerce.adobedtm.com commerce.adobedc.net *.snplow.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.zendesk.com *.zdassets.com *.zopim.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com widget.freshworks.com m2epro.freshdesk.com *.hipay-tpp.com *.hipay.com wss://mpsnare.iesnare.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ ekr.zdassets.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com cdn.livechatinc.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.paypal.com *.punchout2go.com *.tradecentric.com https://connect.punchout2go.com 'self' 'unsafe-inline'; frame-ancestors https://cdn.livechatinc.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.demdex.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.punchout2go.com *.tradecentric.com https://cdn.chatbot.com https://*.doubleclick.net https://*.livechatinc.com https://vars.hotjar.com https://*.paymetric.com https://stementorstg.wpengine.com https://calendar.time.ly https://*.worldpay.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net https://p.adsymptotic.com https://hm.baidu.com/hm.gif https://bat.bing.com https://c.bing.com https://c.clarity.ms https://*.doubleclick.net/ https://d3cgm8py10hi0z.cloudfront.net/is.gif https://www.facebook.com/privacy_sandbox/ https://www.facebook.com/tr/ https://maps.googleapis.com/maps/ https://maps.gstatic.com/mapfiles/ https://www.google.ca/pagead/ https://www.google.com/pagead/ https://www.google.ca/ads/ https://www.google.com/ads/ https://www.googletagmanager.com/ https://static.kameleoon.com https://px.ads.linkedin.com/ https://cdn.files-text.com/api/accounts/avatars/ https://connect.punchout2go.com https://*.stemcell.com https://t.co https://analytics.twitter.com https://sp.analytics.yahoo.com https://www.linkedin.com/ https://id.rlcdn.com https://aorta.clickagy.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com assets.adobedtm.com *.magento-ds.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.magento-datasolutions.com www.googletagmanager.com *.punchout2go.com *.tradecentric.com https://cdn.recapture.io https://maps.googleapis.com/ https://hm.baidu.com/hm.js https://bat.bing.com https://cdn.chatbot.com https://*.clarity.ms/ https://www.clickcease.com/ https://img.en25.com https://*.doubleclick.net https://connect.facebook.net https://ajax.googleapis.com/ajax/libs/ https://seal.geotrust.com/getgeotrustsslseal geoip-js.com https://*.hotjar.com https://*.livechatinc.com https://snap.licdn.com https://js-agent.newrelic.com https://bam.nr-data.net https://cmp.osano.com https://connect.punchout2go.com/jslib/ https://*.recapture.io/beacon/ https://cdn.recapture.io/sdk/ https://cdn.searchspring.net/intellisuggest/is.min.js https://*.stemcell.com/media/ https://*.twitter.com https://static.ads-twitter.com https://*.xisecurenet.com https://s.yimg.com/wi/ytc.js https://calendar.time.ly https://tags.clickagy.com https://unpkg.com/tabulator-tables@6.2.1/dist/js/tabulator.min.js https://ws.zoominfo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com *.magento-datasolutions.com *.magento-ds.com *.fontawesome.com *.punchout2go.com *.tradecentric.com https://connect.punchout2go.com/jslib/ https://www.googletagmanager.com/debug/badge.css 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com *.adobe.io performance.typekit.net *.paypal.com google.com *.google.com api.magento.com commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com https://app.recapture.io https://bat.bing.com/ https://cdn.chatbot.com https://*.clarity.ms/ https://*.doubleclick.net/ https://geoip-js.com https://www.googleadservices.com https://analytics.google.com/ *.google-analytics.com/ https://fonts.googleapis.com https://www.google.com/pagead/ https://maps.googleapis.com/ https://*.googlesyndication.com/ https://*.hotjar.com https://*.hotjar.io/ https://api.kameleoon.com https://na-data.kameleoon.io https://px.ads.linkedin.com/ https://cdn.linkedin.oribi.io https://*.livechatinc.com https://bam.nr-data.net https://*.api.osano.com/ https://connect.punchout2go.com https://d3peztlk7w3332.cloudfront.net *.searchspring.io *.searchspring.net https://s.yimg.com https://geo-ip.js wss://*.hotjar.com https://aorta.clickagy.com https://vc.hotjar.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com *.googleapis.com https://origin.xtlo.net https://mediacdn.espssl.com *.fontawesome.com *.richpanel.com *.gstatic.com https://fonts.gstatic.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.authorize.net *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.credova.com *.authorize.net 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ *.networkmerchants.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.credova.com * *.trysera.com https://td.doubleclick.net www.xtento.com *.authorize.net *.weltpixel.com *.googletagmanager.com *.doubleclick.net https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com *.networkmerchants.com *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.ammunitiondepot.com *.facebook.com *.symantec.com *.exitintel.com *.cloudfront.net credova.com *.credova.com *.clickagy.com *.adxcel-ec2.com *.googe.com *.provenpixel.com *.rlcdn.com *.google.com *.espssl.com *.google.co.in *.ytimg.com *.listrakbi.com https://guarantee-cdn.com *.amped.io https://origin.xtlo.net https://tracking.avantlink.com https://www.googletagmanager.com https://lh3.googleusercontent.com *.amazonaws.com *.richpanel.com www.xtento.com cdn.xtento.com https://firebasestorage.googleapis.com maps.gstatic.com *.gstatic.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.com *.klaviyo.com *.clarity.ms *.google-analytics.com *.googletagmanager.com *.doubleclick.net https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://maps.googleapis.com *.networkmerchants.com *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.credova.com *.hiconversion.com *.ammunitiondepot.com *.facebook.com *.facebook.net *.symantec.com *.exitintel.com *.gorgias.io *.listrakbi.com *.crazyegg.com *.qualaroo.com *.cloudfront.net *.listrak.com *.clickagy.com *.provenpixel.com *.gstatic.com *.nofraud.com https://guarantee-cdn.com *.sumo.com *.amped.io https://a.ads.rmbl.ws https://h64.online-metrix.net https://ammunition-depot.extole.io https://origin-4.xtlo.net https://ssl.avmws.com *.cloudflareinsights.com https://classic.avantlink.com/ *.richpanel.com www.xtento.com cdn.xtento.com https://developer.adobe.com https://magento.com https://cdn.avmws.com/ http://cdn.avmws.com/ *.avada.io *.shopify.com *.authorize.net maps.googleapis.com *.googletagmanager.com *.googleadservices.com *.google.com *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.clarity.ms *.klaviyo.com unpkg.com *.doubleclick.net https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com *.networkmerchants.com *.googleapis.com *.listrakbi.com https://mediacdn.espssl.com *.richpanel.com *.fontawesome.com https://fonts.googleapis.com https://fonts.bunny.net *.tagmanager.google.com *.googletagmanager.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.amazonaws.com *.richpanel.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com https://maps.googleapis.com https://player.vimeo.com *.networkmerchants.com *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.credova.com *.doubleclick.net *.listrak.com *.listrakbi.com *.signifyd.com *.signifyd.com:* bt.signifyd.com *.cloudfront.net *.crazyegg.com *.clickagy.com *.google.com *.mmapiws.com https://bl.listrakbi.com *.sumo.com *.amped.io *.tryamped.com https://sumo.com https://services.nofraud.com https://ipapi.co https://ammunition-depot.extole.io https://referral.ammunitiondepot.com *.richpanel.com https://t.lt02.net wss://*.richpanel.com https://developer.adobe.com https://cdn.avmws.com/ http://cdn.avmws.com/ https://ipinfo.io/json https://get.geojs.io *.avada.io *.authorize.net maps.googleapis.com *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.klaviyo.com *.clarity.ms *.run.app https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://cwi.shell.451.io/ https://cwi2.shell.451.io/ https://embed-forms.451.io/ https://js.hubspot.com/ https://maps.googleapis.com/ https://25livepub.collegenet.com/ https://ai.ocelotbot.com/ https://ajax.googleapis.com/ajax/libs/ https://analytics.tiktok.com/ https://analytics.tiktok.com/i18n/pixel/events.js https://api3.libcal.com/ https://cdn.jsdelivr.net/npm/ https://cdn.jsdelivr.net/gh/snowplow/ https://cdnjs.cloudflare.com/ajax/libs/ https://collector-16905.us.tvsquared.com/tv2track.js https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net/ https://cwi.edu/ https://cwidaho.libanswers.com/ https://embed.financialaidtv.com/ https://embed.ocelotbot.com/ https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1027274136/ https://googleads.g.doubleclick.net/pagead/ https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1027274136/ https://h5p.org/ https://imageserver.ebscohost.com/ https://js-agent.newrelic.com/ https://js.hs-analytics.net/analytics/1692888000000/21023521.js https://js.hs-analytics.net/analytics/ https://js.hs-banner.com/ https://js.hs-scripts.com/21023521.js https://js.hsadspixel.net/fb.js https://js.hscollectedforms.net/ https://js.hsforms.net/ https://js.hscta.net/cta/ https://cta-service-cms2.hubspot.com/ https://lgapi.libapps.com/ https://live.cwid7.lndo.site/ https://us2.siteimprove.com/ https://*.clarity.ms/ https://wufoo.com/scripts/embed/form.js https://www.google-analytics.com/ https://www.google.com/jsapi/ https://www.google.com/recaptcha/ https://www.google.com/pagead/ https://translate.google.com/ https://translate.googleapis.com/ https://dev.visualwebsiteoptimizer.com/ https://www.googletagmanager.com/ https://www.gstatic.com/ https://www.googleadservices.com/ https://unpkg.com/ https://*.googlesyndication.com/ https://app.vwo.com/ https://static.kuula.io/ https://use.typekit.net/ https://js.stripe.com/ https://snap.licdn.com/ https://c.lytics.io/ https://static.ads-twitter.com/ https://secure.qgiv.com/ https://bat.bing.com/ https://search.cwi.edu/ https://browsersync.cwidaho.ddev.site/ https://translate-pa.googleapis.com/; style-src 'report-sample' 'self' 'unsafe-inline' https://cwi.edu https://ai.ocelotbot.com https://fonts.googleapis.com https://p.typekit.net https://stackpath.bootstrapcdn.com https://use.typekit.net https://www.gstatic.com https://app.vwo.com https://c.lytics.io https://search.cwi.edu/ https://api.lytics.io/; object-src 'none'; base-uri 'self'; connect-src 'self' https://*.google-analytics.com https://analytics.google.com https://*.451.io/ https://*.hsforms.com https://api.hubapi.com/ https://cta-service-cms2.hubspot.com/ https://25livepub.collegenet.com https://ai.ocelotbot.com https://analytics.tiktok.com https://api3.libcal.com https://bam.nr-data.net https://*.siteimprove.com https://forms.hscollectedforms.net https://hubspot-forms-static-embed.s3.amazonaws.com https://live.cwid7.lndo.site https://*.clarity.ms https://*.doubleclick.net https://use.typekit.net https://pubsub.googleapis.com https://translate.googleapis.com/ https://www.facebook.com https://www.googletagmanager.com https://adservice.google.com https://www.google.com https://*.googlesyndication.com https://maps.googleapis.com https://*.visualwebsiteoptimizer.com/ https://px.ads.linkedin.com/ https://search.cwi.edu/ https://bat.bing.com/; font-src 'self' data: https://fonts.gstatic.com https://stackpath.bootstrapcdn.com https://use.typekit.net; frame-src 'self' https://cwi.messenger.451.io https://cwi.discoveredu.ai https://cwi2.messenger.451.io https://ctl.h5p.com https://*.hsforms.com https://embed-forms.451.io https://cwi.maps.arcgis.com https://cwi.wufoo.com https://cwilibrary.wufoo.com https://cwidaho.libanswers.com https://docs.google.com https://e.issuu.com https://embed.ocelotbot.com https://maps.google.com https://player.vimeo.com https://www.facebook.com https://www.google.com https://www.youtube.com https://yoshki.com https://*.doubleclick.net https://25livepub.collegenet.com https://*.googlesyndication.com https://www.googletagmanager.com https://creatorapp.zohopublic.com https://creator.zohopublic.com https://app.vwo.com https://kuula.co/ https://cwidaho.viewin360.co/ https://js.stripe.com/ https://cwi.bolt-discovery.451.io/ https://cwi2.bolt-discovery.451.io/ https://c.lytics.io/ https://secure.qgiv.com/; img-src https: data:; manifest-src 'self'; media-src 'self' data:; report-uri https://64dcbe2ca068cd9821c1af0b.endpoint.csper.io?v=41; worker-src 'self' blob:; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' app.hubspot.com cdn-3.convertexperiments.com cdnjs.cloudflare.com connect.facebook.net cta-service-cms2.hubspot.com js.hsforms.net js.hs-analytics.net js.hs-banner.com js.hsleadflows.net js.hubspotfeedback.com js.usemessages.com platform.twitter.com play.vidyard.com run.pstmn.io script.crazyegg.com script.hotjar.com static.hotjar.com static.hsappstatic.net use.typekit.net www.googletagmanager.com www.google-analytics.com www.hubspot.com 'strict-dynamic' 'nonce-QGPrPBN87gGtfdsc5Z0F7w=='; report-uri https://send.hsbrowserreports.com/csp/report 1
default-src 'self' *.nscc.ca; img-src 'self' *.nscc.ca *.gstatic.com *.fontawesome.com *.google.ca *.google.com www.google-analytics.com app.careerbeacon.com s3.amazonaws.com syndication.twitter.com www.facebook.com *.monsido.com data: www.googletagmanager.com maps.googleapis.com https://ad.doubleclick.net https://px.ads.linkedin.com/ https://www.linkedin.com/px/ https://i.ytimg.com/vi_webp/; font-src 'self' *.nscc.ca *.fontawesome.com *.googleapis.com *.gstatic.com cdn.kendostatic.com data:; style-src 'self' *.nscc.ca *.fontawesome.com *.googleapis.com *.google.com app.simplycast.ca widget.alongside.com cdn.kendostatic.com kendo.cdn.telerik.com tags.srv.stackadapt.com www.googletagmanager.com static-assets-ca.libanswers.com https://kendo.cdn.telerik.com 'unsafe-inline'; script-src 'self' *.nscc.ca *.google.com *.googleapis.com *.gstatic.com *.fontawesome.com *.google-analytics.com *.googletagmanager.com app.simplycast.ca *.youtube.com widget.alongside.com platform.twitter.com lgapi-ca.libapps.com islpronto.islonline.net ca.libraryh3lp.com api3-ca.libcal.com cdn.kendostatic.com *.monsido.com *.crazyegg.com connect.facebook.net tags.srv.stackadapt.com js.adsrvr.org blob: static-assets-ca.libanswers.com https://jsonip.com https://server402.islonline.net/live/islpronto https://code.jquery.com/jquery-3.7.0.min.js https://cdn.kendostatic.com/2023.3.1010/js/* https://kendo.cdn.telerik.com https://qvdt3feo.com/events.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://analytics.tiktok.com/i18n/pixel/events.js https://analytics.tiktok.com/i18n/pixel/static/ 'unsafe-inline'; connect-src 'self' *.nscc.ca www.google-analytics.com csp.withgoogle.com ka-p.fontawesome.com kit.fontawesome.com api3-ca.libcal.com *.crazyegg.com tags.srv.stackadapt.com *.monsido.com analytics.google.com stats.g.doubleclick.net maps.googleapis.com https://px.ads.linkedin.com/ https://px.ads.linkedin.com/wa/ https://analytics.tiktok.com/api/v2/pixel https://analytics.tiktok.com/api/v2/pixel/act; frame-src 'self' *.youtube.com *.google.com syndication.twitter.com platform.twitter.com ca.libraryh3lp.com *.fls.doubleclick.net insight.adsrvr.org cckc.airtime.pro www.facebook.com https://player.vimeo.com https://td.doubleclick.net https://app.simplycast.ca https://match.adsrvr.org/track/upb/*; frame-ancestors 'self' *.nscc.ca:*; 1
font-src https://fonts.gstatic.com fonts.gstatic.com *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.klarnaservices.com *.klarnacdn.net *.klarna.com *.addsauce.com *.fontawesome.com *.bootstrapcdn.com *.funky-buddha.com *.cloudfront.net fonts.googleapis.com skroutza.skroutz.gr data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com *.facebook.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com *.vivapayments.com skroutza.skroutz.gr *.modirum.com *.eurocommerce.gr 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com *.google.com *.doubleclick.net *.facebook.com *.klarna.com *.klarnacdn.net www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com bytedance: sslocal: connect.facebook.net graph.facebook.com business.facebook.com *.contactpigeon.com *.bestprice.gr *.googletagmanager.com *.cookiebot.com *.grxchange.gr *.criteo.com *.skroutz.gr skroutza.skroutz.gr https://player.vimeo.com https://www.youtube-nocookie.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io maps.googleapis.com maps.gstatic.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.plenigo.com *.klarnacdn.net *.klarnaservices.com *.klarna.com *.addsauce.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com connect.facebook.net graph.facebook.com business.facebook.com *.findbar.io *.contactpigeon.com *.designer-images.net *.bestprice.gr *.visualwebsiteoptimizer.com *.cloudflarestream.com *.rubiconproject.com *.smartadserver.com *.funky-buddha.com *.sharethrough.com *.casalemedia.com *.postrelease.com *.unrulymedia.com *.servenobid.com *.cookiebot.com *.bidswitch.net *.mediavine.com *.omnitagjs.com *.tremorhub.com *.linkedin.com *.outbrain.com *.360yield.com *.pubmatic.com *.yieldlab.net *.ivitrack.com *.taboola.com *.yieldmo.com *.demdex.net *.criteo.com *.google.gr *.3lift.com *.media.net *.adnxs.com *.teads.tv *.bing.com *.glami.gr *.emxdgt.com id5-sync.com trustmark.gr *.1rx.io *.e-satisfaction.com glamipixel.com fonts.googleapis.com skroutza.skroutz.gr blob: https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com https://img.youtube.com http://live.staticflickr.com https://live.staticflickr.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.playground.klarnaservices.com *.klarnacdn.net *.klarnaservices.com *.klarna.com *.funky-buddha.com *.addsauce.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com *.vivapayments.com connect.facebook.net graph.facebook.com business.facebook.com *.findbar.io *.contactpigeon.com *.avada.io *.stat-track.com polyfill.io *.moosend.com *.bestprice.gr *.visualwebsiteoptimizer.com *.googleoptimize.com *.googleapis.com *.cookiebot.com *.socital.com *.eyefitu.com *.simpler.so *.skroutz.gr *.hotjar.com *.clarity.ms *.criteo.com *.tiktok.com *.linkwi.se *.licdn.com glamipixel.com *.adman.gr *.bing.com trustmark.gr self data: snapppt.com *.e-satisfaction.com cdn.simpler.so sdk.local.simpler.so skroutza.skroutz.gr https://player.vimeo.com https://www.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.klarnacdn.net *.klarna.com *.addsauce.com *.findbar.io *.fontawesome.com *.moosend.com *.bootstrapcdn.com *.bestprice.gr *.contactpigeon.com *.funky-buddha.com *.cloudfront.net *.myfonts.net *.e-satisfaction.com skroutza.skroutz.gr https://fonts.googleapis.com http://fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.funky-buddha.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com *.findbar.io blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.playground.klarnaservices.com *.playground.klarnaevt.com *.klarnaservices.com *.addsauce.com *.klarnacdn.net *.klarna.com *.klarnaevt.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com connect.facebook.net graph.facebook.com business.facebook.com *.findbar.io *.contactpigeon.com https://get.geojs.io *.avada.io *.stat-track.com *.m-pages.com *.m-operations.com *.googlesyndication.com *.monitor.azure.com *.visualstudio.com *.funky-buddha.com *.googleapis.com *.cookiebot.com *.linkedin.com *.bestprice.gr *.socital.com *.eyefitu.com *.simpler.so *.criteo.com *.clarity.ms *.hotjar.io *.bing.com wss: *.e-satisfaction.com button.simpler.so button.staging.simpler.so analytics.simpler.so analytics.staging.simpler.so button.local.simpler.so fonts.googleapis.com skroutza.skroutz.gr https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io 'self' 'unsafe-inline'; child-src *.contactpigeon.com http: https: blob: 'self' 'unsafe-inline'; default-src *.funky-buddha.com *.clarity.ms *.criteo.net *.google.com *.tiktok.com *.bing.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri *.contactpigeon.com 'self' 'unsafe-inline'; 1
default-src https:; script-src 'self' blob: catalyst-analytics.net stats.catalyst-au.net cdnjs.cloudflare.com *.youtube.com *.twitter.com *.twimg.com *.ytimg.com *.googleapis.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net h5p.org *.wikipedia.org 'unsafe-inline' 'unsafe-eval'; font-src https: data:; style-src https: 'unsafe-inline'; img-src https: data: *.yimg.com *.twimg.com *.navy.gov.au *.army.gov.au amc.edu.au gfs.org.au abc.net.au catalyst-analytics.net; report-uri https://www.adele.edu.au/local/csp/collector.php?uid=0&cid=1 1
font-src *.gstatic.com 'self' data: *.fontawesome.com maxcdn.bootstrapcdn.com 'self' blob: *.klaviyo.com patrickmorin.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * patrickmorin.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com patrickmorin.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.hotjar.com *.klaviyo.com *.google.ca *.zendesk.com *.googletagmanager.com www.xtento.com patrickmorin.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com *.brsrvr.com *.bloomreach.cloud https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.hotjar.com *.klaviyo.com *.google.ca *.zendesk.com https://maps.gstatic.com https://maps.google.com *.googletagmanager.com *.flippenterprise.net *.smartadserver.com *.dyntrk.com *.dynstc.com www.xtento.com cdn.xtento.com 'self' data: www.facebook.com d3k81ch9hvuctc.cloudfront.net c.clarity.ms patrickmorin.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ cdn.brcdn.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.googletagmanager.com https://www.googletagmanager.com tagmanager.google.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.hotjar.com *.klaviyo.com *.google.ca *.newrelic.com https://bam.nr-data.net *.zendesk.com https://maps.google.com *.googleoptimize.com *.maze.co *.flippenterprise.net *.launchdarkly.com *.trackedlink.net *.facebook.net *.acuityplatform.com *.brcdn.com www.xtento.com cdn.xtento.com *.google.com *.gstatic.com www.clarity.ms connect.facebook.net patrickmorin.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://static.klaviyo.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com *.hotjar.com *.klaviyo.com *.google.ca *.zendesk.com *.googletagmanager.com *.flippenterprise.net *.googleapis.com *.gstatic.com patrickmorin.com 'self' 'unsafe-inline'; object-src patrickmorin.com 'self' 'unsafe-inline'; media-src *.adobe.com *.hotjar.com *.klaviyo.com *.google.ca *.zendesk.com *.flippenterprise.net patrickmorin.com 'self' 'unsafe-inline'; manifest-src patrickmorin.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.dxpapi.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.google-analytics.com https://www.google-analytics.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.hotjar.com *.hotjar.io *.klaviyo.com *.google.ca *.googleapis.com *.zendesk.com https://bam.nr-data.net *.googletagmanager.com *.maze.co *.flippenterprise.net *.launchdarkly.com *.doubleclick.net t.elasticsuite.io j.clarity.ms d.clarity.ms e.clarity.ms l.clarity.ms n.clarity.ms k.clarity.ms www.facebook.com s.clarity.ms i.clarity.ms f.clarity.ms a.clarity.ms o.clarity.ms b.clarity.ms q.clarity.ms h.clarity.ms cdn-gateflipp.flippback.com multi-item-broker.flippback.com patrickmorin.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com patrickmorin.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com patrickmorin.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri patrickmorin.com 'self' 'unsafe-inline'; report-uri /csp_reporter.php; 1
default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src https://* 'self' epichttp:;script-src 'nonce-feaff88623d64020a2749c10e33f4711' https://0747A0PMYC1001 'self';img-src https://* 'self' blob: data:;style-src https://0747A0PMYC1001 'self' 'unsafe-inline';worker-src 'self' blob:;child-src 'self' blob:;form-action 'self';media-src https://* 'self' blob:; 1
script-src  'unsafe-inline' 'self' https://payments.salesforce.com/ https://checkoutshopper-test.adyen.com/ https://pal-test.adyen.com https://my.tealiumiq.com https://use.typekit.net/xmf4nii.css https://www.gstatic.com https://consent.cookiebot.com/3d14d1a3-d863-4a70-b887-75c1d0baaf65/cdreport.js https://checkoutshopper-live.adyen.com/ https://cdn.content.aws-prod1-useast1.aws.sfdc.cl/ https://consent.cookiebot.com/3d14d1a3-d863-4a70-b887-75c1d0baaf65/cd.js https://www.google.com https://consentcdn.cookiebot.com https://pay.google.com https://www.gstatic.com/recaptcha/ https://uip.canary.lwc.dev https://cdn.content.aws-dev2-uswest2.aws.sfdc.cl/ https://tags.tiqcdn.com https://www.recaptcha.net https://consent.cookiebot.com/logconsent.ashx blob: https://consentcdn.cookiebot.com/consentconfig/3d14d1a3-d863-4a70-b887-75c1d0baaf65/state.js https://www.google.com/recaptcha/ https://js.stripe.com/ https://imgsct.cookiebot.com https://consent.cookiebot.com/uc.js import: *.salesforce.com https://www.paypal.com/sdk/js 'report-sample' https://service.force.com/embeddedservice/ https://consent.cookiebot.com/3d14d1a3-d863-4a70-b887-75c1d0baaf65/cc.js 'unsafe-eval'; report-to sfdc-csp-ep; report-uri https://amgenpatientservices.lightning.force.com/_/ContentDomainCSPNoAuth?tenantId=00D1N000002EbDA&networkId=0DM3m000000AaZ3&type=communities 1
script-src https: blob: mediastream: data: 'unsafe-inline' 'unsafe-eval' 1
font-src www.mygossip.in data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 'self' data: *.payu.in https://plumrocket.com www.mygossip.in 'self' 'unsafe-inline'; frame-ancestors 'self' data: *.payu.in *.facebook.com *.flydubai.com *.myshopify.com www.mygossip.in 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' data: *.payu.in *.facebook.com *.flydubai.com *.myshopify.com https://plumrocket.com api.razorpay.com *.weltpixel.com www.mygossip.in 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com cdn.razorpay.com www.mygossip.in data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.mgt.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.payu.in checkout.razorpay.com www.mygossip.in 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline www.mygossip.in 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.mygossip.in 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://get.geojs.io *.mgt.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.payu.in lumberjack.razorpay.com lumberjack-metrics.razorpay.com www.mygossip.in 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com www.mygossip.in http: https: blob: 'self' 'unsafe-inline'; default-src www.mygossip.in 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.googleapis.com *.gstatic.com 'self' data: https://widgets.trustedshops.com https://integrations.etrusted.com fonts.gstatic.com *.directplant.nl *.googleusercontent.com data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; form-action www.routexl.com *.facebook.com *.directplant.nl 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ https://www.paypal.com *.trustpilot.com *.newrelic.com *.weltpixel.com *.googletagmanager.com *.doubleclick.net *.aiden.cx *.bing.com *.cookiebot.com *.facebook.com *.google.com google.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.googleapis.com *.gstatic.com https://portal.payconiq.com https://static.buckaroo.nl https://www.paypalobjects.com bat.bing.com https://redchamps.com *.hsforms.net *.hsforms.com 'self' data: https://widgets.trustedshops.com https://integrations.etrusted.com *.facebook.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com *.baidu.com *.cookiebot.com directplant.nl *.directplant.nl *.facebook.net *.ggpht.com www.google.ad www.google.ae www.google.al www.google.am www.google.at www.google.az www.google.ba www.google.be www.google.bg www.google.by www.google.ca www.google.cg www.google.ch www.google.cl www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ma www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bh www.google.com.br www.google.com.co www.google.com.cy www.google.com.do www.google.com.ec www.google.com.eg www.google.com.gt www.google.com.hk www.google.com.jm www.google.com.lb www.google.com.ly www.google.com.mm www.google.com.mt www.google.com.mx www.google.com.my www.google.com.ng www.google.com.np www.google.com.om www.google.com.pa www.google.com.pe www.google.com.ph www.google.com.pk www.google.com.py www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.sv www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vn www.google.co.mz www.google.co.nz www.google.co.th www.google.co.tz www.google.co.uk www.google.co.uz www.google.co.za www.google.cv www.google.cz www.google.de www.google.dk www.google.dz www.google.ee www.google.es www.google.fi www.google.fr www.google.ge www.google.gm www.google.gr www.google.hn www.google.hr www.google.hu www.google.ie www.google.im www.google.iq www.google.is www.google.it www.google.je www.google.kg www.google.kz www.google.la www.google.lk www.google.lt www.google.lu www.google.lv www.google.md www.google.me www.google.mk www.google.mu www.google.nl www.google.no www.google.pl www.google.pt www.google.ro www.google.rs www.google.ru www.google.se www.google.si www.google.sk www.google.sn www.google.sr www.google.tn google.com *.googlesyndication.com *.googleusercontent.com data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com https://static.buckaroo.nl https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://buckaroo.nl https://www.paypal.com bat.bing.com api.ipify.org *.trustpilot.com *.hsforms.net *.hsforms.com *.google.com https://widgets.trustedshops.com https://integrations.etrusted.com *.googletagmanager.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.clarity.ms *.klaviyo.com unpkg.com *.doubleclick.net *.aiden.cx *.cookiebot.com *.directplant.nl *.google-analytics.com *.googlesyndication.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; style-src *.adobe.com fonts.googleapis.com https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl *.googleapis.com *.gstatic.com https://widgets.trustedshops.com https://integrations.etrusted.com *.trustpilot.com *.tagmanager.google.com *.googletagmanager.com *.directplant.nl 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.googleapis.com wss://websocketservice-externalapi.prod.buckaroo.io https://static.buckaroo.nl wss://websockets.buckaroo.io/ https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://applepay.buckaroo.io https://www.paypal.com bat.bing.com www.feedbackcompany.com www.routexl.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com *.trustedshops.com *.etrusted.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.doubleclick.net *.run.app *.aiden.cx *.cookiebot.com *.directplant.nl *.facebook.com www.google.al www.google.at www.google.be www.google.bg www.google.ca www.google.ch www.google.cl www.google.co.cr www.google.co.in www.google.co.jp www.google.co.ma www.google.com.au www.google.com.br www.google.com.eg www.google.com.lb www.google.com.mt www.google.com.om www.google.com.ph www.google.com.pk www.google.com.py www.google.com.sa www.google.com.tr www.google.com.tw www.google.com.ua www.google.co.nz www.google.co.th www.google.co.uk www.google.co.uz www.google.co.za www.google.cz www.google.de www.google.dk www.google.ee www.google.es www.google.fi www.google.fr www.google.ge www.google.gm www.google.gr www.google.hr www.google.hu www.google.ie www.google.im www.google.it www.google.je www.google.la www.google.lt www.google.lu www.google.lv www.google.md www.google.nl www.google.no www.google.pl www.google.pt www.google.ro www.google.rs www.google.se www.google.si www.google.sk www.google.sr *.google.com google.com *.googlesyndication.com *.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri *.clarity.ms 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; report-uri https://159deafb-d168-41e7-a7b8-8d8b5d09888c.sansec.watch/; report-to report-endpoint; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.googleapis.com https://staticw2.yotpo.com/ *.yotpo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com https://accounts.google.com https://www.facebook.com https://login.live.com *.twitter.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com https://static.addtoany.com/ *.twitter.com https://googletagmanager.com/ https://us.creativecdn.com/ https://vars.hotjar.com/ https://gum.criteo.com/ https://targeting.voxus.tv/ *.dotdigital-pages.com/ https://news.virtualjoias.com/ http://news.virtualjoias.com/ https://ct.pinterest.com/ https://static.criteo.net/ *.clearsale.com.br *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net data: *.disqus.com https://img.youtube.com www.google.com.ua *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.facebook.com/ *.google.com *.virtualjoias.com/* https://virtualjoias.com https://p.yotpo.com/ https://ct.pinterest.com/ https://secure.adnxs.com/ https://s3.amazonaws.com/ https://cdn-yotpo-images-production.yotpo.com/ https://staticw2.yotpo.com/ https://cfvod.kaltura.com/ www.google.com.br *.clearsale.com.br https://t.co/ https://c.clarity.ms/ https://cm.g.doubleclick.net/ https://x.bidswitch.net/ https://ib.adnxs.com/ https://sync-t1.taboola.com/ https://visitor.omnitagjs.com/ https://r.casalemedia.com/ https://gum.criteo.com/ https://ad.360yield.com/ https://contextual.media.net/ https://exchange.mediavine.com/ https://c.bing.com/ https://jadserve.postrelease.com/ https://sync.outbrain.com/ https://simage2.pubmatic.com/ https://trends.revcontent.com/ https://pixel.rubiconproject.com/ https://match.sharethrough.com/ https://s.ad.smaato.net/ https://criteo-sync.teads.tv/ https://criteo-partners.tremorhub.com/ https://ade.clmbtech.com/ https://eb2.3lift.com/ https://sync-criteo.ads.yieldmo.com/ https://e1.emxdgt.com/ https://dis.criteo.com/ https://sync.1rx.io/ https://ads.stickyadstv.com/ https://rtb-csync.smartadserver.com/ https://i.liadm.com/ https://sync.targeting.unrulymedia.com/ https://cm.adgrx.com/ *.yotpo.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com *.adobe.io *.commerce-payment-services.com *.magento-ds.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.magento-datasolutions.com https://static.addtoany.com/ *.disqus.com *.pagseguro.com.br *.pagseguro.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com https://www.googletagmanager.com/ *.dotdigital-pages.com/ https://webchat.dotdigital.com https://js-agent.newrelic.com/ https://static.zdassets.com/ https://ekr.zdassets.com/ wss://virtualjoias.zendesk.com/ https://*.zopim.com/ wss://*.zopim.com/ *.googleapis.com https://*.hotjar.com/ https://staticw2.yotpo.com/ https://www.dwin1.com/ https://s.pinimg.com/ https://cdn.targeting.voxus.com.br/ https://connect.facebook.net/ https://dynamic.criteo.com/ https://static.criteo.net/ https://googleads.g.doubleclick.net/ https://js.sddan.com/ https://aprtn.com/ https://www.rtb123.com/ https://vu.adschoom.com/ https://admaxium.com/ https://ca.enviou.com.br/ https://targeting.voxus.com.br/ https://files1.cybba.solutions/virtualjoias.com/ advcake.dataroyal.com.br https://news.virtualjoias.com/ http://news.virtualjoias.com/ https://s3.amazonaws.com/ https://cdnapisec.kaltura.com/ tag.goadopt.io static.ads-twitter.com analytics.tiktok.com n.clarity.ms https://www.clarity.com/ https://www.clarity.ms/ https://sslwidget.criteo.com/ https://ct.pinterest.com/ *.clearsale.com.br *.yotpo.com load.tatu.virtualjoias.com https: 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com https://staticw2.yotpo.com/ https://s3.amazonaws.com/ *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com https://static.zdassets.com/ https://us.creativecdn.com/ 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.magento-datasolutions.com *.magento-ds.com https://stats.addtoany.com/menu *.pagseguro.com.br *.pagseguro.com *.cloudflare.com *.twitter.com *.twimg.com https://google-analytics.com/ https://js-agent.newrelic.com/ https://static.zdassets.com/ https://ekr.zdassets.com/ https://virtualjoias.zendesk.com/ wss://*.zopim.com/ wss://virtualjoias.zendesk.com/ *.nr-data.net/ https://staticw2.yotpo.com/ https://in.hotjar.com/ https://ct.pinterest.com/ https://www.google-analytics.com/ wss://ws2.hotjar.com/ https://targeting.voxus.com.br/ https://api.ipify.org/ *.dotdigital-pages.com/ https://webchat.dotdigital.com *.mercadopago.com *.braintree-api.com https://iosite.reclameaqui.com.br/ api.reclameaqui.com.br analytics.tiktok.com https://v.clarity.ms/ https://analytics.pangle-ads.com/ https://stats.g.doubleclick.net/ *.clearsale.com.br https://www.google.com/ https://w.clarity.ms/ https://disclaimer-api.goadopt.io/ *.yotpo.com load.tatu.virtualjoias.com https: 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.store1.com/; report-to report-endpoint; 1
default-src 'self'; connect-src 'self' *.bing.com *.clarity.ms *.cookiebot.com *.doubleclick.net *.getresponse.com *.google-analytics.com *.google.com *.googlesyndication.com *.stape.tech *.tiktok.com; frame-src 'self' *.cookiebot.com *.doubleclick.net *.googletagmanager.com *.google.com *.inpost.pl *.youtube.com; img-src 'self' data: *.bing.com *.clarity.ms *.cookiebot.com *.facebook.com *.google-analytics.com *.google.com *.google.pl *.googletagmanager.com *.youtube.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bing.com *.clarity.ms *.cookiebot.com *.doubleclick.net *.facebook.net *.google-analytics.com *.google.com *.googletagmanager.com *.gr-cdn-e.eu *.gr-cdn.com *.gr-wcon.com *.gstatic.com *.getresponse.com *.hotjar.com *.inpost.pl *.katalogmarzen.pl *.tiktok.com; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.googleapis.com *.inpost.pl; font-src 'self' *.gstatic.com; 1
script-src-attr *.cupio.ro 'unsafe-inline' *.themarketer.com *.klarnaservices.com *.klarna.com *.googleapis.com; script-src-elem *.cupio.ro 'self' 'unsafe-inline' 'unsafe-eval' *.pinimg.com https://sc-static.net *.bing.com *.themarketer.com *.pinterest.com *.googleoptimize.com *.snapchat.com https://www.mczbf.com/ *.google-analytics.com/ https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/ https://www.google.com/ https://www.gstatic.com/ cdn-cookieyes.com *.klarna.com event.2performant.com attr-2p.com js.stripe.com connect.facebook.net analytics.tiktok.com aqurate.ai https://googleads.g.doubleclick.net *.klarnacdn.net *.klarnaservices.com https://js-agent.newrelic.com https://cdn.channelize.io https://www.youtube.com www.googleadservices.com https://cdn.cupio.ro https://merchant.revolut.com/ *.googleapis.com https://sandbox-merchant.revolut.com/; font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com *.revolut.com *.google.com google.com *.cdn-apple.com pay.google.com *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.googleapis.com *.zopim.com *.zopim.io *.klarnacdn.net https://fonts.bunny.net *.cupio.ro 'self' data: *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnaevt.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://plumrocket.com *.twitter.com *.cupio.ro https://www.facebook.com https://payflowlink.paypal.com https://sandbox.payu.ro/ https://secure.payu.ro/ *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.revolut.com *.google.com *.cdn-apple.com google.com pay.google.com *.gstatic.com *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com https://www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.instagram.com *.innoship.ro https://plumrocket.com *.revolut.com *.cdn-apple.com pay.google.com *.gstatic.com *.weltpixel.com https://www.youtube.com http://www.sandbox.paypal.com *.twitter.com *.klarna.com *.cupio.ro pinterest.com *.pinterest.com https://web.facebook.com *.vimeo.com tr.snapchat.com www.googletagmanager.com event.2performant.com td.doubleclick.net https://accounts.google.com *.stripe.com klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.googletagmanager.com *.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cdninstagram.com *.tiktok.com *.tile.openstreetmap.org *.openstreetmap.org https://www.magezon.com t.themarketer.com cdn1.themarketer.com *.revolut.com *.google.com *.cdn-apple.com pay.google.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.bing.com *.zopim.com *.zopim.io *.doubleclick.net *.google.co.in *.mastercard.com *.klarnaevt.com *.klarnacdn.net magefan.com cm.magefan.com https://firebasestorage.googleapis.com *.cupio.ro https://static-na.payments-amazon.com https://www.paypalobjects.com https://m.media-amazon.com https://bat.bing.net/ https://www.facebook.com https://www.google.com https://www.google.co.in https://i3.ytimg.com https://trusted.ro cdn-cookieyes.com https://www.google.ro https://www.emjcd.com https://cj.dotomi.com https://cdn.channelize.io https://primemessengeradmin.s3.amazonaws.com *.amazonaws.com *.googleapis.com https://redchamps.com *.facebook.com *.reddit.com *.googletagmanager.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ *.google.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.cdn-apple.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.instagram.com *.tiktok.com *.channelize.io *.themarketer.com cdn1.themarketer.com *.revolut.com pay.google.com *.gstatic.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.bing.com *.zopim.com *.zdassets.com *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.avada.io *.cupio.ro https://www.google.com/recaptcha/ *.clickonometrics.pl *.googletagmanager.com tagmanager.google.com unpkg.com *.googleapis.com https://accounts.google.com https://www.gstatic.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarnaevt.com *.amazon.com *.link.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com t.themarketer.com cdn1.themarketer.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.bing.com *.klarnacdn.net https://fonts.bunny.net *.cupio.ro https://cdn.channelize.io https://cdn.cupio.ro https://accounts.google.com https://www.gstatic.com *.stripe.network *.stripecdn.com *.amazon.com *.tagmanager.google.com *.googletagmanager.com 'self' 'unsafe-inline'; object-src *.cupio.ro www.youtube.com/ 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com *.zopim.com *.zopim.io *.cupio.ro https://cdn1.mktr2.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.tiktok.com *.channelize.io *.themarketer.com cdn1.themarketer.com *.revolut.com *.cdn-apple.com pay.google.com *.gstatic.com *.cloudflare.com *.twitter.com *.twimg.com *.zdassets.com *.zopim.com *.zopim.io wss://widget-mediator.zopim.com *.google-analytics.com https://stats.g.doubleclick.net *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com https://get.geojs.io *.avada.io *.cupio.ro *.demdex.net *.pinterest.com *.snapchat.com https://www.mczbf.com/ https://bat.bing.net/ *.analytics.google.com *.googlesyndication.com https://directory.cookieyes.com cdn-cookieyes.com *.cookieyes.com www.google.com stats.g.doubleclick.net https://cognito-identity.us-east-1.amazonaws.com *.amazonaws.com wss://am1p7ut7tcfuv-ats.iot.us-east-1.amazonaws.com tracker.aqurate.ai event.2performant.com https://cdn.cupio.ro *.googleapis.com https://accounts.google.com *.stripe.com klarna.com *.link.com *.amazon.com *.facebook.net *.redditstatic.com *.reddit.com *.doubleclick.net *.run.app 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com https://*.easypack24.net fonts.googleapis.com https://*.typekit.net https://font.static.useinsider.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com https://*.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com https://www.googletagmanager.com/ secure.payu.com merch-prod.snd.payu.com https://parcelshop.dhl.pl https://pudofinder.dpd.com.pl https://widget.packeta.com https://backup.widget.packeta.com https://*.dpd.com.pl/ https://*.dpd.cz/ www.facebook.com platform.twitter.com https://consentcdn.cookiebot.com https://*.livechatinc.com https://secure-fra.livechatinc.com https://creativecdn.com https://fitanu.api.useinsider.com https://ams.creativecdn.com https://*.doubleclick.net https://api.dpd.cz/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.paypal.com *.typekit.net *.gstatic.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ static.payu.com https://*.easypack24.net https://*.inpost.pl https://trustmate.io quickchart.io img.youtube.com www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com https://fitanu.com https://*.paynow.pl https://*.cookiebot.com https://*.glami.pl https://*.bing.com https://google.pl https://image.useinsider.com https://*.google.pl https://log.api.useinsider.com https://*.adnxs.com https://cm.g.doubleclick.net https://*.creativecdn.com https://*.udmserve.net https://*.rubiconproject.com https://*.wp.pl https://*.teads.tv https://*.taboola.com https://*.adscale.de https://*.3lift.com https://*.outbrain.com https://*.smartadserver.com https://*.yieldmo.com https://*.openx.net https://*.360yield.com https://*.33across.com https://*.seedtag.com https://sync.go.sonobi.com https://*.nexx360.io https://*.clarity.ms https://*.casalemedia.com https://*.lijit.com https://*.omnitagjs.com https://*.media.net https://*.loopme.me https://onetag-sys.com https://*.mgid.com https://*.ad.smaato.net https://*.rmp.rakuten.com https://*.visx.net http://*.credit-agricole.pl data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ secure.payu.com secure.snd.payu.com https://*.googlesyndication.com https://pagead2.googlesyndication.com https://widget.packeta.com https://backup.widget.packeta.com https://unpkg.com https://cdn.jsdelivr.net https://api.mapbox.com https://*.easypack24.net https://trustmate.io https://c.seznam.cz https://cz.im9.cz https://sk.im9.cz *.avada.io connect.facebook.net twitter.com platform.twitter.com https://*.paynow.pl https://*.intum.com https://*.demoup.com https://cdn.intum.com https://*.cookiebot.com https://*.clarity.ms https://*.azureedge.net https://*.livechatinc.com https://*.wp.pl https://*.dmdi.pl https://*.savecart.pl https://*.goadservices.com https://*.bing.com https://*.dwin1.com https://glamipixel.com https://trafficscanner.pl https://*.cloudflareinsights.com https://fitanu.api.useinsider.com/ https://tags.creativecdn.com https://script.ar-mtch1.com https://eitri.api.useinsider.com https://*.allekurier.pl 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com https://cdn.jsdelivr.net https://*.easypack24.net https://api.mapbox.com https://trustmate.io fonts.gstatic.com https://assets.api.useinsider.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ secure.payu.com merch-prod.snd.payu.com https://widget.packeta.com https://backup.widget.packeta.com https://*.easypack24.net https://api.mapbox.com https://events.mapbox.com https://trustmate.io https://get.geojs.io *.avada.io https://*.demoup.com https://mycliplister.com https://*.google-analytics.com https://*.livechatinc.com https://googleads.g.doubleclick.net https://ams.creativecdn.com https://lt.ar-mtch1.com https://*.cookiebot.com https://*.useinsider.com https://*.clarity.ms https://*.bing.com https://*.inpost.pl 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src https:; connect-src https: wss:; script-src https: 'unsafe-eval' 'unsafe-inline' blob:; script-src-elem https: 'unsafe-eval' 'unsafe-inline' blob:; img-src https: data: blob:; media-src https: data: blob:; frame-src https: data: blob:; form-action 'self' https://www.facebook.com; font-src https: data:; style-src 'unsafe-inline' https:; worker-src https: blob:;report-to csp-report-endpoint 1
object-src 'none';base-uri 'self';script-src 'nonce-WLMDnIE6B0ulI_KHQEVQNA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' *.antpedia.com v.antwebinar.com hmcdn.baidu.com hm.baidu.com m.baidu.com jspassport.ssl.qhimg.com *.google-analytics.com zz.bdstatic.com s.ssl.qhres.com sp0.baidu.com s.360.cn c.mipcdn.com wpa.qq.com res.wx.qq.com mp.weixin.qq.com msite.baidu.com ae.bdstatic.com share.baidu.com bdimg.share.baidu.com *.alicdn.com *.cn-hangzhou.log.aliyuncs.com *.dns-detect.alicdn.com browser.sentry-cdn.com push.zhanzhang.baidu.com po.srf.baidu.com toutong.baidu.com static.bshare.cn cdn.jsdelivr.net sentry.io *.googleapis.com *.cnzz.com api.map.baidu.com *.uc.cn uc.gre *.gstatic.com *.ucweb.com bshare.optimix.cn s2.pstatp.com *.googlesyndication.com *.googleadservices.com *.googletagmanager.com *.qhres2.com 'unsafe-inline' 'unsafe-eval'; img-src * data: ; frame-src https://*.qq.com https://*.antpedia.com https://*.g.doubleclick.net https://*.googlesyndication.com https://*.google.com webcompt:; 1
default-src 'none'; base-uri 'self'; connect-src 'self' https://*.google-analytics.com https://*.facebook.com https://*.doubleclick.net https://*.ytimg.com; frame-src 'self' https://*.youtube.com https://*.twitter.com https://*.vimeo.com https://*.trendmicro.com https://*.facebook.com https://*.google.com https://*.doubleclick.net https://*.googletagmanager.com https://*.clickdimensions.com https://*.maps.arcgis.com/*; form-action 'self' https://*.twitter.com https://*.facebook.com; frame-ancestors 'self'; font-src 'self' https://*.bootstrapcdn.com https://*.gstatic.com; img-src 'self' https://*.fireandemergency.nz https://*.google.com https://*.googletagmanager.com https://*.facebook.com https://*.fbcdn.net https://*.google.co.nz https://*.google.com.au https://*.google-analytics.com https://*.twimg.com https://*.ytimg.com https://*.doubleclick.net https://*.gstatic.com https://*.googleapis.com https://*.twitter.com https://i.creativecommons.org https://licensebuttons.net https://*.youtube.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'  https://www.googleadservices.com https://*.doubleclick.net https://*.google.com https://*.google-analytics.com https://maps.googleapis.com https://*.facebook.net https://cdn.syndication.twimg.com https://*.googletagmanager.com https://*.ytimg.com https://*.youtube.com https://code.jquery.com https://*.gstatic.com https://*.twitter.com; child-src https://*.doubleclick.net https://*.twitter.com https://*.facebook.com https://*.googletagmanager.com https://*.youtube.com; media-src 'self'; object-src 'self'; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.syndication.twimg.com data: https://*.facebook.net https://maps.googleapis.com https://*.ytimg.com https://*.twitter.com https://*.googletagmanager.com https://*.youtube.com https://*.google-analytics.com https://code.jquery.com https://*.gstatic.com https://*.google.com https://*.twitter.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.twitter.com https://*.twimg.com; style-src-elem 'self' https://*.bootstrapcdn.com 'unsafe-inline' https://*.googleapis.com https://*.twitter.com *.twimg.com; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.panafoto.com *.facebook.com *.hubspot.com *.facebook.net *.hsforms.com *.google.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com polyfill.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com js.hs-scripts.com content.syndigo.com cdn.cs.1worldsync.com media.flixfacts.com media.flixcar.com connect.facebook.net js.hscollectedforms.net ws.cs.1worldsync.com js.hubspot.com js.hsadspixel.net js.hs-analytics.net js.hs-banner.com static.klaviyo.com rum-static.pingdom.net *.klaviyo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com maxcdn.bootstrapcdn.com assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com https://www.google-analytics.com cta-service-cms2.hubspot.com api.hubapi.com forms.hscollectedforms.net content.syndigo.com media.flixcar.com fast.a.klaviyo.com rum-collector-2.pingdom.net static-forms.klaviyo.com *.doubleclick.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src https://* 'self' epichttp:;script-src 'nonce-a8f9b9bf455d423fb9119cc2db6c6c2c' https://ET0316RPMYCH101 'self';img-src https://* 'self' blob: data:;style-src https://ET0316RPMYCH101 'self' 'unsafe-inline';worker-src 'self' blob:;child-src 'self' blob:;form-action 'self';media-src https://* 'self' blob:; 1
script-src 'nonce-nZEdRtkl4G1F7tpi64RWOg==' 'strict-dynamic' https: 'unsafe-inline' 'report-sample'; base-uri 'none'; report-uri https://events.mercadolibre.com/csp/reports?identifier=uWeqk09P8XJfmcbz3f0uGdxBp7hiPupLDbm-HPYxpKk2HT54Um0hqHvPPSdb_FOBMVTaKhHIgg==&policy_id=13&user_id=&request_id=91ee5bc4-ce65-4615-8eeb-8932eb36fc8f; report-to csp-endpoint; object-src https://http2.mlstatic.com/ https://mlstaticquic-a.akamaihd.net/ 1
default-src 'self' https: https://accounts.google.com; font-src 'self' https: https://fonts.gstatic.com http://fonts.gstatic.com https://recaptcha.net; img-src 'self' https: data: blob:; object-src 'none'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://browser-update.org http://fonts.googleapis.com http://browser-update.org http://ajax.googleapis.com https://accounts.google.com; style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com http://fonts.googleapis.com; frame-ancestors 'self' https://admin.google.com https://www.google.com https://accounts.google.com https://ogs.google.com; frame-src 'self' https://accounts.google.com https://ogs.google.com https://datastudio.google.com https://admin.google.com https://js.stripe.com https://www.recaptcha.net https://lookerstudio.google.com/ 1
font-src *.googleapis.com *.gstatic.com *.klarnacdn.net *.fontawesome.com https://fonts.bunny.net *.oct8ne.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnaevt.com *.link.com *.amazon.com https://layer.accelasearch.io data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com localhost:* *.motive.co *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.instagram.com www.google.com *.conforama.it *.flipsnack.com *.facebook.com *.klarna.com *.oct8ne.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.stripe.com klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com https://td.doubleclick.net/ *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io https://images.unsplash.com *.cdninstagram.com *.googleapis.com *.gstatic.com *.avis-verifies.com *.facebook.com https://*.google.com *.google.it *.klarna.com *.klarnaevt.com *.klarnacdn.net https://firebasestorage.googleapis.com *.motive.co *.oct8ne.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://conforama.b-cdn.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js *.instagram.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.googleapis.com *.gstatic.com *.iubenda.com *.zdassets.com *.youtube.com *.facebook.com *.facebook.net *.newrelic.com *.nr-data.net *.klarna.com *.klarnacdn.net *.klarnaservices.com *.avada.io *.motive.co *.oct8ne.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarnaevt.com *.amazon.com *.link.com https://analytics.tiktok.com/ https://widgets.rr.skeepers.io/ https://ehatec.quest/ https://*.googletagmanager.com https://*.accelasearch.io https://svc11.accelasearch.io https://*.g.doubleclick.net https://layer.accelasearch.io/ https://www.googletagmanager.com tagmanager.google.com analytics.google.com unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.iubenda.com *.klarnacdn.net *.fontawesome.com https://fonts.bunny.net unsafe-inline assets.braintreegateway.com *.stripe.network *.stripecdn.com *.amazon.com https://layer.accelasearch.io tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com *.zendesk.com *.zdassets.com *.iubenda.com *.doubleclick.net *.nr-data.net *.newrelic.com *.demdex.net *.aptrinsic.com *.klarnaevt.com *.klarnaservices.com https://get.geojs.io *.avada.io *.motive.co *.oct8ne.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.link.com *.amazon.com https://analytics.tiktok.com/ https://pilotech.store/ https://*.accelasearch.io https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw *.google-analytics.com analytics.google.com *.facebook.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
report-uri /api/csp 1
font-src *.fontawesome.com *.cloudflare.com *.gstatic.com *.googleapis.com *.typekit.net 'self' data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://secure-test.worldpay.com/shopper/3ds/ddc.html 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.clearpay.co.uk https://pay.google.com https://secure-test.worldpay.com *.google.com 5900250.fls.doubleclick.net *.payments-amazon.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.afterpay.com *.clearpay.co.uk *.cloudflare.com *.gstatic.com *.google-analytics.com *.klarna.com *.googleadservices.com *.google.com *.google.co.uk *.paypal.com *.run4it.com *.fbcdn.net d23yuld0pofhhw.cloudfront.net ut.ra.linksynergy.com 'self' data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com *.afterpay.com *.clearpay.co.uk *.squarecdn.com https://hbiq.net https://www.google.com/recaptcha/api.js *.gstatic.com *.cloudflare.com https://pay.google.com/gp/p/js/pay.js https://applepay.cdn-apple.com/jsapi/v1/apple-pay-sdk.js *.google-analytics.com https://payments.worldpay.com/resources/cse/js/worldpay-cse-1.0.2.min.js *.avada.io *.googletagmanager.com *.googleapis.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.feefo.com *.run4it.com *.klevu.com *.payments-amazon.com googleads.g.doubleclick.net connect.facebook.net tag.rmp.rakuten.com *.typekit.net *.google.com theed11117.pcapredict.com *.newrelic.com *.nr-data.net 'self' 'unsafe-inline' 'unsafe-eval' 'sha256-sha256-U2Pr6nr/58DuOrqmOIptLSxY0eHWqp8OVjb169SPqqU='; style-src getfirebug.com *.afterpay.com/ *.squarecdn.com *.cloudflare.com *.fontawesome.com *.googleapis.com *.gstatic.com *.klevu.com *.run4it.com *.postcodeanywhere.co.uk unpkg.cm 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.clearpay.co.uk *.squarecdn.com https://hbiq.net https://iq.afterpay-beta.com https://iq.afterpay.com api.addressy.com https://get.geojs.io *.avada.io *.cloudflare.com *.paypal.com *.feefo.com *.instagram.com *.amazon.com *.google-analytics.com *.newrelic.com *.nr-data.net 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.squarecdn.com *.fontawesome.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com api.bazaarvoice.com stg.api.bazaarvoice.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com widgets.sandbox.afterpay.com *.cash.app display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com p.typekit.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.afterpay.com/ *.cash.app display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://firebasestorage.googleapis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com *.squarecdn.com https://hbiq.net *.cash.app apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com static.afterpay.com/ *.squarecdn.com *.cash.app display.ugc.bazaarvoice.com unsafe-inline assets.braintreegateway.com *.fontawesome.com https://fonts.bunny.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com *.adobe.io performance.typekit.net commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com *.sentry.io *.afterpay.com *.squarecdn.com https://hbiq.net https://iq.afterpay-beta.com https://iq.afterpay.com *.cash.app api.lab.amplitude.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'nonce-fG8vGqDiQaZ/LQsJVc2/dA==' 'strict-dynamic' https: 'unsafe-inline' 'report-sample'; base-uri 'none'; report-uri https://events.mercadolibre.com/csp/reports?identifier=nrVp6BJPrEu5rqGpESUUI2Rq9gV5o7PuBFVFCJsT5xoEqv_dI13H7IHQ0q151SkyGw9uizvOGw==&policy_id=13&user_id=&request_id=ab1d253f-6f2c-4340-b2e8-16ea2649199b; report-to csp-endpoint; object-src https://http2.mlstatic.com/ https://mlstaticquic-a.akamaihd.net/ 1
font-src *.fontawesome.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net *.adyen.com https://seo.mageplaza.com www.facebook.com my.pgcruises.com 'self' 'unsafe-inline'; frame-ancestors wordpress.pgcruises.com 'self'; frame-src secure.authorize.net test.authorize.net https://www.google.com/recaptcha/ *.adyen.com secure-gateway.hipay-tpp.com *.hipay.com libs.hipay.com media.ponant.com *.youtube.com *.google.com td.doubleclick.net asset.easydmp.net www.facebook.com *.vimeo.com https://kuula.co wordpress.pgcruises.com my.pgcruises.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.adyen.com validate.fishpig.co.uk *.ponant.com 'self' data: maps.gstatic.com *.googleapis.com *.ggpht.com img.youtube.com *.ytimg.com www.facebook.com d.adroll.com *.google.com *.google.fr bat.bing.com *.linkedin.com www.googletagmanager.com *.pgcruises.com https://kuula.co wordpress.pgcruises.com data: 'self' 'unsafe-inline'; script-src secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com secure-gateway.hipay-tpp.com *.hipay.com mpsnare.iesnare.com libs.hipay.com maps.googleapis.com *.gstatic.com *.google.com connect.facebook.net lib.paymentjs.firstdata.com js.authorize.net jstest.authorize.net po.ponant.com try.abtasty.com hermes.allo-media.net s.adroll.com d.adroll.com d.adroll.mgr.consensu.org ponant.script.admo.tv *.linkedin.com snap.licdn.com bat.bing.com atout.email-match.com www.googletagmanager.com googleads.g.doubleclick.net asset.easydmp.net *.en25.com *.vimeo.com wordpress.pgcruises.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adyen.com *.fontawesome.com *.hipay.com fonts.gstatic.com fonts.googleapis.com s.adroll.com wordpress.pgcruises.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src data: mpsnare.iesnare.com *.ponant.com *.pgcruises.com wordpress.pgcruises.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com *.adyen.com *.hipay.com wss://mpsnare.iesnare.com stage-data.hipay.com bat.bing.com data.ponant.com ponant.script.admo.tv ponant.admo.tv hermes.allo-media.net s.adroll.com ariane.abtasty.com dcinfos-cache.abtasty.com widgets.abtasty.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; base-uri 'self'; font-src 'self' https: data:; img-src 'self' data: https:; object-src 'none'; style-src 'self' https: 'unsafe-inline'; connect-src 'self' https:; frame-src 'self'; frame-ancestors 'self'; media-src 'self'; script-src 'self' https: 'unsafe-inline' http://connect.facebook.net/en_US/sdk.js https://connect.facebook.net/en_US/sdk.js; report-uri https://o466311.ingest.sentry.io/api/6004104/security/?sentry_key=2c284ff228ac4d0e8b8ad9ea17497eee&sentry_release=trusted-mfe@v1.1&sentry_environment=prod 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com cash-f.squarecdn.com https://*.gstatic.com *.googleapis.com *.fontawesome.com smct.co *.smct.co smct.io *.smct.io *.amazonaws.com *.akamaihd.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com * *.adyen.com *.facebook.com *.google.com *.list-manage.com *.americanexpress.com *.cartasi.it *.nexi.it 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com * *.adyen.com *.sharethis.com *.iubenda.com *.livechatinc.com *.online-metrix.net *.tracead.com tracead.com *.signifyd.com img.signifyd.com *.addthis.com *.jrs5.com pubxtag1.com amc.demdex.net *.facebook.com smct.co *.smct.co smct.io *.smct.io *.amazonaws.com *.hotjar.com *.cartasi.it *.nexi.it 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io * https://*.gstatic.com *.adyen.com *.sharethis.com *.googleapis.com *.feedaty.com *.payments-amazon.com *.linksynergy.com *.nxtck.com *.mediaforge.com *.jrs5.com *.dc-storm.com *.rd.linksynergy.com *.ra.linksynergy.com *.facebook.com *.google.it *.google.com *.signifyd.com *.e.aa.online-metrix.net smct.co *.smct.co smct.io *.smct.io *.amazonaws.com *.demdex.net *.ytimg.com *.facebook.net *.akamaihd.net *.photorank.me *.zoorate.com *.nomination.com *.bing.com *.livehelp.it *.doubleclick.net *.googletagmanager.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com *.sharethis.com *.googleapis.com *.gstatic.com *.feedaty.com *.iubenda.com *.googletagmanager.com *.chimpstatic.com chimpstatic.com *.doofinder.com *.signifyd.com *.livechatinc.com *.facebook.net *.rmtag.com *.tracead.com tracead.com *.addthis.com *.amazon.com *.amazonaws.com *.googleadservices.com *.google-analytics.com *.jsdelivr.net *.moatads.com *.addthisedge.com *.pinterest.com smct.co *.smct.co smct.io *.smct.io *.akamaihd.net *.zoorate.com *.cloudflare.com *.bing.com *.hotjar.com *.doubleclick.net *.livehelp.it 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.cash.app https://fonts.googleapis.com/ *.sharethis.com *.feedaty.com *.fontawesome.com *.cloudflare.com *.googleapis.com *.jsdelivr.net *.gstatic.com *.zoorate.com *.akamaihd.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com * *.adyen.com *.sharethis.com *.algolia.net *.algolia.io *.algolianet.com *.insights.algolia.io insights.algolia.io *.googleapis.com *.feedaty.com *.iubenda.com *.doofinder.com *.g.doubleclick.net *.doubleclick.net *.signifyd.com *.signifyd.com:11103 *.signifyd.com:11103/onload https://bt.signifyd.com:11103 https://bt.signifyd.com:11103/onload bt.signifyd.com *.facebook.com *.livechatinc.com *.addthis.com smct.co *.smct.co smct.io *.smct.io *.amazonaws.com *.akamaihd.net *.hotjar.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.googleapis.com *.gstatic.com data: *.yotpo.com *.bootstrapcdn.com maxcdn.bootstrapcdn.com *.yottaa.net *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.yotpo.com www.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com widget.nfusionsolutions.com *.yotpo.com s7.addthis.com *.doubleclick.net www.facebook.com vimeo.com *.userway.org *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com ssl.kaptcha.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.gstatic.com *.googleapis.com magefan.com cm.magefan.com *.yotpo.com *.reddit.com *.adswizz.com *.arttrk.com arttrk.com *.tapad.com mediacdn.espssl.com *.yottaa.net trkn.us *.bing.com www.facebook.com trends.revcontent.com www.govmint.com *.userway.org *.disqus.com *.listrakbi.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com *.googleapis.com www.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.alby.com www.google.com widget.nfusionsolutions.com *.northbeam.io *.yotpo.com cdnjs.cloudflare.com *.addthis.com z.moatads.com v1.addthisedge.com *.yottaa.net *.bing.com *.facebook.net *.signifyd.com *.userway.org *.google.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.disqus.com *.listrakbi.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com https://h64.online-metrix.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.yotpo.com *.googleapis.com *.bootstrapcdn.com *.yottaa.net getfirebug.com cdn.dnky.com *.userway.org cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.fontawesome.com *.listrakbi.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com *.sentry.io *.googleapis.com *.alby.com googletagmanager.com api.experianaperture.io *.northbeam.io https://*.px-cdn.net/api/ https://*.px-cloud.net/api/ *.yotpo.com *.facebook.com *.addthis.com *.yottaa.net stats.g.doubleclick.net bat.bing.com *.signifyd.com *.userway.org *.google.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.listrakbi.com i.govmint.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://a6dac31eed28614cb82d5fab502d6ef8.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=show&source%5Bapp%5D=ShopifyAppStore&source%5Bcontroller%5D=merchant%2Fpartners&source%5Buuid%5D=84a84813-0afb-4ff3-8bdb-22322a2de143-1752205564; report-to shopify-csp 1
font-src fonts.gstatic.com use.typekit.net maxcdn.bootstrapcdn.com 'self' data: cdnjs.cloudflare.com fonts.bunny.net cdn.jsdelivr.net data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://www.google.com/recaptcha/ servicepoints.sendcloud.sc c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.googletagmanager.com widget.trustpilot.com www.google.com consentcdn.cookiebot.com www.youtube-nocookie.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com p.typekit.net validator.swagger.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com log.pinterest.com ssl.google-analytics.com maps.googleapis.com maps.gstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.krale-wholesale.com *.krale.shop static.pay.nl 'self' data: www.snapengage.com lh3.ggpht.com imgsct.cookiebot.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com www.google.com www.gstatic.com t.trackedlink.net assets.pinterest.com maps.googleapis.com ssl.google-analytics.com embed.sendcloud.sc js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net servicepoints.sendcloud.sc widget.trustpilot.com storage.googleapis.com www.snapengage.com static.widget.trengo.eu consent.cookiebot.com consentcdn.cookiebot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com downloads.mailchimp.com maxcdn.bootstrapcdn.com assets.braintreegateway.com fonts.bunny.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.snapengage.com static.widget.trengo.eu 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adobe.io performance.typekit.net *.sentry.io form-assets.mailchimp.com *.intuit.com *.amazonaws.com log.pinterest.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com bam.nr-data.net bam-cell.nr-data.net www.snapengage.com api.widget.trengo.eu ws-eu.pusher.com consentcdn.cookiebot.com *.krale.shop 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.krale-wholesale.com *.krale.shop 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' stat.joomlapolis.com https:  data ;     script-src-attr 'self' 'unsafe-inline' stat.joomlapolis.com *.stripe.com *.stripe.network translate.google.com translate.googleapis.com      www.googletagmanager.comi www.google-analytics.com connect.facebook.net blob data ;     script-src 'self' 'unsafe-inline' 'unsafe-eval' stat.joomlapolis.com *.stripe.com *.stripe.network translate.google.com translate.googleapis.com      www.googletagmanager.comi www.google-analytics.com connect.facebook.net blob data ;     script-src-elem 'self' 'unsafe-inline' stat.joomlapolis.com *.stripe.com *.stripe.network translate.google.com translate.googleapis.com     www.google-analytics.com gc.kis.v2.scr.kaspersky-labs.com me.kis.v2.scr.kaspersky-labs.com *.kaspersky-labs.com www.pagespeed-mod.com connect.facebook.net  ;         style-src 'self' 'unsafe-inline' translate.google.com translate.googleapis.com ;     style-src-elem 'self' 'unsafe-inline' translate.googleapis.com  www.gstatic.com  fonts.googleapis.com gc.kis.v2.scr.kaspersky-labs.com me.kis.v2.scr.kaspersky-labs.com *.kaspersky-labs.com pwm-image.trendmicro.com adblockers.opera-mini.net ;     img-src 'self' data: www.joomlapolis.com stat.joomlapolis.com forge.joomlapolis.com *.stripe.com *.stripe.network *.ytimg.com www.gstatic.com www.google.com translate.google.com translate.googleapis.com www.google.com/images fonts.gstatic.com    yastatic.net i.imgur.com servimg.com tinypic.com www.google-analytics.com www.googleadservices.com www.facebook.com img391.imageshack.us blob data ;         frame-src 'self' *.stripe.com *.stripe.network www.youtube.com www.youtube-nocookie.com www.slideshare.net      mozbar.moz.com div.show pwm-image.trendmicro.com ;     font-src 'self' data: fonts.gstatic.com use.typekit.net     *.avast.com chrome-extension github.com/google/fonts/blob chrome-extension   ;     connect-src *.joomlapolis.com *.googleapis.com ;     report-uri /report-csp-jp-c.php ; 1
font-src *.amazonaws.com *.cloudfront.net *.fontawesome.com fonts.googleapis.com *.googleapis.com *.gstatic.com fonts.gstatic.com google.com gstatic.com *.hotjar.com *.alothemes.com *.magepow.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://seo.mageplaza.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors cf.dev-gorgany.com cf.gorgany.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com *.google.com/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.addthis.com cf.dev-gorgany.com cf.gorgany.com apptrian.com *.hotjar.com xtento.com creativecdn.com *.googletagmanager.com *.creativecdn.com *.doubleclick.net www.xtento.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://www.magezon.com *.amazonaws.com *.cloudfront.net * maps.gstatic.com maps.google.com cf.dev-gorgany.com cf.gorgany.com www.google.com.ua www.google.de www.xtento.com cdn.xtento.com *.alothemes.com *.magepow.com *.gstatic.com *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com *.google.com/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.amazonaws.com *.cloudfront.net *.fontawesome.com *.googleapis.com *.gstatic.com *.addthis.com *.moatads.com *.addthisedge.com *.pinterest.com https://static.addtoany.com * js-agent.newrelic.com *.doubleclick.net cf.dev-gorgany.com cf.gorgany.com *.hotjar.com *.googletagmanager.com https://accounts.google.com www.xtento.com cdn.xtento.com *.alothemes.com *.magepow.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.amazonaws.com *.cloudfront.net *.fontawesome.com cf.dev-gorgany.com cf.gorgany.com fonts.googleapis.com https://accounts.google.com *.alothemes.com *.magepow.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.amazonaws.com *.cloudfront.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.amazonaws.com *.cloudfront.net *.addthis.com *.esputnik.com esputnik.com maps.googleapis.com *.analytics.google.com *.doubleclick.net cf.dev-gorgany.com cf.gorgany.com *.googleadservices.com *.google-analytics.com paypalobjects.com paypal.com youtube.com *.googletagmanager.com xtento.com player.vimeo.com sandbox.paypal.com *.google.com *.creativecdn.com *.hotjar.io *.hotjar.com ws.hotjar.com *.alothemes.com *.magepow.com *.facebook.net 'self' 'unsafe-inline'; child-src cf.dev-gorgany.com cf.gorgany.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-eh7EOL9GGARe4-7CxHFzJQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; upgrade-insecure-requests; block-all-mixed-content; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://ajax.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://code.jquery.com https://challenges.cloudflare.com https://c.sproutvideo.com https://cdn.heyzine.com https://d1ajyp3swh7ygp.cloudfront.net https://dvtuw1sdeyetv.cloudfront.net https://fundraising.mentalhealth-uk.org https://heyzine.com https://hzstats.com https://maps.googleapis.com https://mentalhealth-uk.org https://mentalhealthuk.tfaforms.net https://pagead2.googlesyndication.com https://platform.twitter.com https://player.vimeo.com https://s3.amazonaws.com https://static.doubleclick.net https://static.hotjar.com https://td.doubleclick.net https://donorbox.org https://js.stripe.com https://checkout.stripe.com https://script.hotjar.com https://*.googletagmanager.com https://*.googleadservices.com https://*.doubleclick.net https://*.tfaforms.net https://www.tfaforms.com https://connect.facebook.net https://www.google.com https://www.gstatic.com https://unpkg.com https://videos.sproutvideo.com https://www.youtube-nocookie.com https://www.youtube.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' data: https://ajax.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://code.jquery.com https://challenges.cloudflare.com https://c.sproutvideo.com https://cdn.heyzine.com https://d1ajyp3swh7ygp.cloudfront.net https://dvtuw1sdeyetv.cloudfront.net https://fundraising.mentalhealth-uk.org https://heyzine.com https://hzstats.com https://maps.googleapis.com https://mentalhealth-uk.org https://mentalhealthuk.tfaforms.net https://pagead2.googlesyndication.com https://platform.twitter.com https://player.vimeo.com https://s3.amazonaws.com https://static.doubleclick.net https://static.hotjar.com https://td.doubleclick.net https://donorbox.org https://js.stripe.com https://checkout.stripe.com https://script.hotjar.com https://*.googletagmanager.com https://*.googleadservices.com https://*.doubleclick.net https://*.tfaforms.net https://www.tfaforms.com https://connect.facebook.net https://www.google.com https://www.gstatic.com https://unpkg.com https://videos.sproutvideo.com https://www.youtube-nocookie.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://c.sproutvideo.com https://cdnc.heyzine.com https://d1ajyp3swh7ygp.cloudfront.net https://dvtuw1sdeyetv.cloudfront.net https://fonts.googleapis.com https://fundraising.mentalhealth-uk.org https://labs.os.uk https://maxcdn.bootstrapcdn.com https://mentalhealth-uk.org https://mentalhealthuk.tfaforms.net https://unpkg.com https://www.tfaforms.com https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://*.exactdn.com https://euc7zxtct58.exactdn.com https://s3-eu-west-2.amazonaws.com https://s3.amazonaws.com https://imgsct.cookiebot.com https://api.os.uk https://cdn-thumbnails.sproutvideo.com https://cdnc.heyzine.com https://challenges.cloudflare.com https://d1ezvg7* 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com cash-f.squarecdn.com *.googleapis.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com * bpcepaymentservices-3ds-vdm.wlp-acs.com *.modirum.com *.wlp-acs.com *.cardinalcommerce.com *.cic.fr *.cafis-paynet.jp *.creditmutuel.fr *.lcl.fr *.americanexpress.com *.dnp-cdms.jp *.sg.fr *.viseca.ch *.redsys.es *.monext.fr *.rpc-raiffeisen.com *.sparda.de *.citibank.com sicher-bezahlen.sparkasse.at *.arcot.com 3ds-challenge.n26.com esecure.sia.eu *.uobgroup.com *.revolut.com *.fssnet.co.in *.e-i.com *.neuflizeobc.net *.cm-cic.com *.apata.io *.nexigroup.com *.cardcenter.ch *.gps.com.bh *.bkm.com.tr *.monzo.com *.airplus.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com * *.lamaisonduchocolat.com *.avis-verifies.com *.reetags.com *.prismic.io vimeo.com *.googletagmanager.com *.weltpixel.com *.paypalobjects.com bpcepaymentservices-3ds-vdm.wlp-acs.com *.modirum.com *.wlp-acs.com *.cardinalcommerce.com *.cic.fr *.cafis-paynet.jp *.creditmutuel.fr www.googletagmanager.com *.lcl.fr *.americanexpress.com *.dnp-cdms.jp *.sg.fr *.viseca.ch *.redsys.es *.monext.fr *.rpc-raiffeisen.com *.sparda.de *.citibank.com sicher-bezahlen.sparkasse.at *.arcot.com 3ds-challenge.n26.com esecure.sia.eu *.uobgroup.com *.revolut.com *.fssnet.co.in *.e-i.com *.neuflizeobc.net *.cm-cic.com *.apata.io *.nexigroup.com *.cardcenter.ch *.gps.com.bh *.bkm.com.tr *.monzo.com *.airplus.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com *.ftcdn.net *.behance.net * *.googleapis.com *.lamaisonduchocolat.com https://bat.bing.com https://sdk.privacy-center.org https://cm.g.doubleclick.net https://www.facebook.com https://www.google.com https://www.google.fr *.linkedin.com https://rum-metrics.quanta.io *.reetags.com https://sync-t1.taboola.com https://ad.360yield.com https://ad.yieldlab.net https://contextual.media.net https://e1.emxdgt.com https://eb2.3lift.com https://exchange.mediavine.com https://ib.adnxs.com https://id5-sync.com https://jadserve.postrelease.com https://matching.ivitrack.com https://match.sharethrough.com https://pixel.rubiconproject.com https://r.casalemedia.com https://rtb-csync.smartadserver.com https://secure.adnxs.com https://simage2.pubmatic.com https://sync.1rx.io https://sync.outbrain.com https://visitor.omnitagjs.com https://x.bidswitch.net *.prismic.io https://images.unsplash.com flagpedia.net lamaisonduchocolat.com *.clarity.ms *.google.com *.bing.com *.google.co.jp *.google.com.hk *.doubleclick.net *.google.ro *.google.com.sg *.google.at *.a8.net *.google.com.tw www.americanexpress.com *.googleusercontent.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com *.googleapis.com *.gstatic.com https://widgets.rr.skeepers.io/ https://api-product-reviews.rr.skeepers.io/ https://cl-ppr.rr.skeepers.io/ *.lamaisonduchocolat.com https://bat.bing.com https://sdk.privacy-center.org https://googleads.g.doubleclick.net https://connect.facebook.net https://snap.licdn.com https://www.clarity.ms https://appstatic.quanta.io *.reetags.com https://*.taboola.com https://analytics.tiktok.com https://acdn.adnxs.com https://ad.avtm.fr https://analytics.optimalpeople.fr https://trk.adbutter.net prismic.io https://maps.googleapis.com maps.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.zdassets.com *.vimeo.com *.a8.net *.tradedoubler.com *.algolia.net *.algolianet.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.cash.app *.lamaisonduchocolat.com *.reetags.com maxcdn.bootstrapcdn.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.lamaisonduchocolat.com *.prismic.io *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com * *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io *.googleapis.com https://widgets.rr.skeepers.io/ https://api-product-reviews.rr.skeepers.io/ https://cl-ppr.rr.skeepers.io/ *.lamaisonduchocolat.com *.privacy-center.org https://googleads.g.doubleclick.net https://www.facebook.com https://www.google.com *.linkedin.com *.reetags.com https://*.taboola.com https://analytics.tiktok.com https://analytics.optimalpeople.fr https://ib.adnxs.com https://maps.googleapis.com https://player.vimeo.com www.gstatic.com maps.googleapis.com https://www.google-analytics.com yubinbango.github.io *.clarity.ms rum-metrics.quanta.io *.zdassets.com *.zendesk.com *.bing.com *.bing.net *.googlesyndication.com *.vimeo.com *.trackingplan.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://c4297810fbb44aec095b20a73d3febec.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 1
default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com *.myheritage.dk https://www.myheritage.dk  'unsafe-eval' 'nonce-82d433f484a45a28d3fdd083c5463c55' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com https://www.google.com/ccm/collect https://cdn.builder.io *.myheritage.dk;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self' https://builder.io;img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=report&canonical_page_id=/company/home/ 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' *.amazonaws.com; connect-src 'self' *.gyandhan.com wss: http://localhost:3000 http://localhost:3001 fonts.googleapis.com cdn.ckeditor.com d1i7580riw15wg.cloudfront.net www.googletagmanager.com *.clarity.ms connect.facebook.net *.gdinternal.com *.gstatic.com static.addtoany.com td.doubleclick.net *.digio.in *.razorpay.com *.google.com *.youtube.com *.avanse.com *.signzy.tech *.karza.in *.recaptcha.net code.jquery.com cdnjs.cloudflare.com cke4.ckeditor.com *.youtube-nocookie.com *.googleadservices.com *.google-analytics.com *.gyandhan.localhost px.ads.linkedin.com; font-src 'self'  https: data:; frame-src 'self'  *.gyandhan.com blob: *.amazonaws.com http://localhost:3000 cdn.ckeditor.com d1i7580riw15wg.cloudfront.net www.googletagmanager.com *.clarity.ms connect.facebook.net *.gdinternal.com *.gstatic.com fonts.googleapis.com static.addtoany.com td.doubleclick.net *.digio.in *.razorpay.com *.google.com *.youtube.com *.avanse.com *.signzy.tech *.karza.in *.recaptcha.net code.jquery.com cdnjs.cloudflare.com cke4.ckeditor.com *.youtube-nocookie.com *.googleadservices.com *.google-analytics.com *.gyandhan.localhost px.ads.linkedin.com; img-src 'self'  *.amazonaws.com data: https: http://localhost:3000 cdn.ckeditor.com d1i7580riw15wg.cloudfront.net www.googletagmanager.com *.clarity.ms connect.facebook.net *.gdinternal.com *.gstatic.com fonts.googleapis.com static.addtoany.com td.doubleclick.net *.digio.in *.razorpay.com *.google.com *.youtube.com *.avanse.com *.signzy.tech *.karza.in *.recaptcha.net code.jquery.com cdnjs.cloudflare.com cke4.ckeditor.com *.gyandhan.com *.youtube-nocookie.com *.googleadservices.com *.google-analytics.com *.gyandhan.localhost px.ads.linkedin.com; media-src 'self'  *.gyandhan.com blob: *.amazonaws.com http://localhost:3000 cdn.ckeditor.com d1i7580riw15wg.cloudfront.net www.googletagmanager.com *.clarity.ms connect.facebook.net *.gdinternal.com *.gstatic.com fonts.googleapis.com static.addtoany.com td.doubleclick.net *.digio.in *.razorpay.com *.google.com *.youtube.com *.avanse.com *.signzy.tech *.karza.in *.recaptcha.net code.jquery.com cdnjs.cloudflare.com cke4.ckeditor.com *.youtube-nocookie.com *.googleadservices.com *.google-analytics.com *.gyandhan.localhost px.ads.linkedin.com; object-src *.gyandhan.com *.amazonaws.com http://localhost:3000 http://localhost:3001 cdn.ckeditor.com d1i7580riw15wg.cloudfront.net www.googletagmanager.com *.clarity.ms connect.facebook.net *.gdinternal.com *.gstatic.com fonts.googleapis.com static.addtoany.com td.doubleclick.net *.digio.in *.razorpay.com *.google.com *.youtube.com *.avanse.com *.signzy.tech *.karza.in *.recaptcha.net code.jquery.com cdnjs.cloudflare.com cke4.ckeditor.com *.youtube-nocookie.com *.googleadservices.com *.google-analytics.com *.gyandhan.localhost px.ads.linkedin.com; script-src 'self'  'unsafe-inline' 'unsafe-eval' https: http://localhost:3000 cdn.ckeditor.com d1i7580riw15wg.cloudfront.net www.googletagmanager.com *.clarity.ms connect.facebook.net *.gdinternal.com *.gstatic.com fonts.googleapis.com static.addtoany.com td.doubleclick.net *.digio.in *.razorpay.com *.google.com *.youtube.com *.avanse.com *.signzy.tech *.karza.in *.recaptcha.net code.jquery.com cdnjs.cloudflare.com cke4.ckeditor.com *.gyandhan.com *.youtube-nocookie.com *.googleadservices.com *.google-analytics.com *.gyandhan.localhost px.ads.linkedin.com; style-src 'self'  'unsafe-inline' https: http://localhost:3000 cdn.ckeditor.com d1i7580riw15wg.cloudfront.net www.googletagmanager.com *.clarity.ms connect.facebook.net *.gdinternal.com *.gstatic.com fonts.googleapis.com static.addtoany.com td.doubleclick.net *.digio.in *.razorpay.com *.google.com *.youtube.com *.avanse.com *.signzy.tech *.karza.in *.recaptcha.net code.jquery.com cdnjs.cloudflare.com cke4.ckeditor.com *.gyandhan.com *.youtube-nocookie.com *.googleadservices.com *.google-analytics.com *.gyandhan.localhost px.ads.linkedin.com; report-uri /csp_reports?report_only=true 1
object-src 'none';base-uri 'self';script-src 'nonce-avlxx7_6wVvzMgwAxWWgqg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/passwords_google 1
font-src fonts.gstatic.com use.typekit.net *.gstatic.com *.stape.io static.klaviyo.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de https://plumrocket.com www.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.googletagmanager.com *.stape.io js.mollie.com https://plumrocket.com https://accounts.google.com *.consentmanager.net ridersdeal.mycleverpush.com www.sovendus-benefits.com www.facebook.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.ftcdn.net *.behance.net d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ magefan.com cm.magefan.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.gstatic.com *.doubleclick.net *.googletagmanager.com *.stape.io https://www.mollie.com *.consentmanager.net cookie-cdn.cookiepro.com www.googletagmanager.com pagead2.googlesyndication.com www.facebook.com *.hsforms.net *.hsforms.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.magento-ds.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com www.googletagmanager.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.gstatic.com *.googletagmanager.com *.doubleclick.net *.stape.io js.mollie.com https://accounts.google.com https://www.gstatic.com *.consentmanager.net maps.googleapis.com 'self' *.sovendus.com chimpstatic.com *.googlesyndication.com *.cookiepro.com connect.facebook.net *.hotjar.com static.cleverpush.com *.zdassets.com apis.google.com www.google.com www.gstatic.com cdn.jsdelivr.net static-eu.payments-amazon.com *.hsforms.net *.hsforms.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com https://static.klaviyo.com *.googleapis.com *.googletagmanager.com *.stape.io https://accounts.google.com https://www.gstatic.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.sentry.io *.magento-datasolutions.com *.magento-ds.com fcmregistrations.googleapis.com firebaseinstallations.googleapis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.google-analytics.com *.google.com *.doubleclick.net *.googlesyndication.com *.stape.io https://accounts.google.com api.cleverpush.com *.cookiepro.com data.ridersdeal.com *.zdassets.com ridersdeal.zendesk.com maps.googleapis.com *.sovendus.com www.chatbase.co bam.nr-data.net ridersdeal-web.talk.insaight.io t.elasticsuite.io *.hsforms.net *.hsforms.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' data: *.hotjar.com *.hotjar.io *.googleusercontent.com *.appdynamics.com *.tiktok.com https://dwin1.com https://*.dwin1.com http://dwin1.com http://*.dwin1.com https://songbirdstag.cardinalcommerce.com https://*.songbirdstag.cardinalcommerce.com http://songbirdstag.cardinalcommerce.com http://*.songbirdstag.cardinalcommerce.com https://awin1.com https://*.awin1.com http://awin1.com http://*.awin1.com https://zenaps.com https://*.zenaps.com http://zenaps.com http://*.zenaps.com https://the.sciencebehindecommerce.com https://*.the.sciencebehindecommerce.com http://the.sciencebehindecommerce.com http://*.the.sciencebehindecommerce.com https://intentclientscriptslon.s3.eu-west-2.amazonaws.com https://*.intentclientscriptslon.s3.eu-west-2.amazonaws.com http://intentclientscriptslon.s3.eu-west-2.amazonaws.com http://*.intentclientscriptslon.s3.eu-west-2.amazonaws.com *.inference.madewithintent.ai *.cloud.google.com *.fontawesome.com https://lc.golfbreaks.com https://alpha-lc.golfbreaks.com *.contentsquare.net *.cloudflarestream.com *.gstatic.com *.jsdelivr.net https://www.clarity.ms https://c.bing.com https://*.clarity.ms https://grwapi.net; img-src 'self' data: https: *.googletagmanager.com https://*.fullstory.com *.sleeknote.com *.cloudflarestream.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://flagcdn.com https://grwapi.net; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' optimize.google.com http://*.webtrends-optimize.com https://*.webtrends-optimize.com fonts.googleapis.com *.golfbreaks.com *.sleeknote.com *.feefo.com *.fontawesome.com *.jsdelivr.net https://grwapi.net; script-src 'self' 'self' data: 'unsafe-inline' 'unsafe-eval' https://*.webtrends-optimize.workers.dev https://lc.golfbreaks.com https://alpha-lc.golfbreaks.com https://api.feefo.com https://grwapi.net http://register.feefo.com wss://lc.golfbreaks.com wss://alpha-lc.golfbreaks.com optimize.google.com plausible.golfbreaks.com https://intentclientscriptslon.s3.eu-west-2.amazonaws.com https://*.intentclientscriptslon.s3.eu-west-2.amazonaws.com http://intentclientscriptslon.s3.eu-west-2.amazonaws.com http://*.intentclientscriptslon.s3.eu-west-2.amazonaws.com *.inference.madewithintent.ai https://dwin1.com https://*.dwin1.com http://dwin1.com http://*.dwin1.com https://awin1.com https://*.awin1.com http://awin1.com http://*.awin1.com https://zenaps.com https://*.zenaps.com http://zenaps.com http://*.zenaps.com https://the.sciencebehindecommerce.com https://*.the.sciencebehindecommerce.com http://the.sciencebehindecommerce.com http://*.the.sciencebehindecommerce.com *.appdynamics.com *.tiktok.com *.pw.adn.cloud *.tealiumiq.com plausible.io *.trustpilot.com *.fontawesome.com *.sleeknote.com *.contentsquare.net *.newrelic.com *.contentstack.com https://*.fullstory.com *.google-analytics.com *.gstatic.com *.doubleclick.net *.googleapis.com *.videodelivery.net *.googleadservices.com *.quantummetric.com *.analytics.yahoo.com *.googletagmanager.com *.salesforceliveagent.com *.facebook.net *.jsdelivr.net *.bing.com http://*.hotjar.com https://*.hotjar.com http://*.webtrends-optimize.com https://*.webtrends-optimize.com http://*.hotjar.io https://*.hotjar.io *.tiqcdn.com https://visitor-service-eu-central-1.tealiumiq.com *.yimg.com *.golfbreaks.com bam.eu01.nr-data.net google.com https://cdnjs.cloudflare.com https://c.bing.com https://*.clarity.ms https://cdn.heapanalytics.com *.auryc.com https://mixpanel.com https://cdn.mxpnl.com https://unpkg.com/date-time-format-timezone@latest/build/browserified/date-time-format-timezone-complete-min.js https://cdnjs.cloudflare.com/ajax/libs/socket.io/3.0.4/socket.io.min.js; connect-src 'self' *.feefo.com *.bing.com *.pw.adn.cloud plausible.golfbreaks.com https://region1.analytics.google.com https://www.google.com/pagead/landing https://www.google.com/pagead/landing* *.eum-appdynamics.com *.cloudflarestream.com *.tiktok.com dwin1.com awin1.com zenaps.com https://grwapi.net the.sciencebehindecommerce.com https://lc.golfbreaks.com https://alpha-lc.golfbreaks.com wss://lc.golfbreaks.com wss://alpha-lc.golfbreaks.com *.cloudflare.com data: cloudflare.com plausible.io *.tealiumiq.com https://collect.golfbreaks.com https://*.fullstory.com *.quantummetric.com https://google.com/pagead/form-data/1063337128 https://google.com/ccm/form-data/1063337128 https://cdn.jsdelivr.net/npm/@mdi/font@latest/css/materialdesignicons.min.css https://fonts.googleapis.com/css https://fonts.googleapis.com/css* http://*.webtrends-optimize.com https://*.webtrends-optimize.com https://intentclientscriptslon.s3.eu-west-2.amazonaws.com https://*.intentclientscriptslon.s3.eu-west-2.amazonaws.com http://intentclientscriptslon.s3.eu-west-2.amazonaws.com http://*.intentclientscriptslon.s3.eu-west-2.amazonaws.com *.inference.madewithintent.ai *.sleeknote.com *.google-analytics.com *.googleusercontent.com *.salesforceliveagent.com images.contentstack.io *.contentsquare.net *.yimg.com *.facebook.com https://maps.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/* http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com *.fontawesome.com *.doubleclick.net accounts.google.com sentry.io videodelivery.net bam.eu01.nr-data.net https://*.clarity.ms *.auryc.com https://cdnjs.cloudflare.com/ajax/libs/socket.io/3.0.4/socket.io.min.js; font-src 'self' data: http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io *.fontawesome.com *.jsdelivr.net *.gstatic.com; frame-src 'self' https://dwin1.com https://*.dwin1.com http://dwin1.com http://*.dwin1.com https://awin1.com https://*.awin1.com http://awin1.com http://*.awin1.com https://intentclientscriptslon.s3.eu-west-2.amazonaws.com https://*.intentclientscriptslon.s3.eu-west-2.amazonaws.com http://intentclientscriptslon.s3.eu-west-2.amazonaws.com http://*.intentclientscriptslon.s3.eu-west-2.amazonaws.com *.inference.madewithintent.ai *.doubleclick.net *.autoeurope.com *.trustpilot.com *.doubleclick.net *.cloudflarestream.com *.wufoo.com *.sleeknote.com optimize.google.com *.videodelivery.net https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io *.facebook.com *.tealiumiq.com https://grwapi.net *.centinelapistag.cardinalcommerce.com https://cdnjs.cloudflare.com/ajax/libs/socket.io/3.0.4/socket.io.min.js; child-src 'self' blob: *; media-src 'self' blob: *.google.com https://storage.googleapis.com/golfbreaks_public/ videodelivery.net *.googleusercontent.com *.cloudflarestream.com; form-action 'self' golfbreaks.secure.force.com *.facebook.com *.tealiumiq.com *.cs110.force.com *.salesforceliveagent.com *.cardinalcommerce.com; frame-ancestors 'self'; object-src 'self'; report-uri https://o246236.ingest.sentry.io/api/1470514/security/?sentry_key=aaa779434b65427fa3608b8938255828 1
font-src *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://plumrocket.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.awin1.com *.zenaps.com *.fls.doubleclick.net https://plumrocket.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.awin1.com *.zenaps.com *.wepowerconnections.com *.akamaihd.net *.ebit.com.br *.ebitemptresa.com.br www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.awin1.com *.dwin1.com *.zenaps.com *.wepowerconnections.com https://the.sciencebehindecommerce.com lantern.roeyecdn.com *.ebit.com.br www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.k-analytix.com *.cloudfront.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.ebit.com.br *.googleapis.com *.cloudfront.net assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.wepowerconnections.com https://the.sciencebehindecommerce.com *.akamaihd.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.konduto.com *.edrone.me api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com *.myheritage.no https://www.myheritage.no  'unsafe-eval' 'nonce-6ff2a387b865899bd3c38cd7b46fb50b' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com https://www.google.com/ccm/collect https://cdn.builder.io *.myheritage.no;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self' https://builder.io;img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=report&canonical_page_id=/company/home/ 1
frame-src 'self'; frame-ancestors 'self'; object-src 'none' 1
font-src fonts.gstatic.com use.typekit.net *.squarecdn.com *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudflare.com *.cloudfront.net *.gstatic.com *.typekit.net *.trustedshops.com *.trustpilot.com *.googleapis.com *.klaviyo.com *.zip.co data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.paymentexpress.com *.windcave.com *.klaviyo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com widgets.sandbox.afterpay.com *.cash.app winathuntingandfishing.co.nz *.laybuy.com *.addthis.com *.facebook.com huntingandfishing.freshdesk.com zip.co sandbox.zip.co zipmoney.com.au sandbox.zipmoney.com.au checkout.gb.zip.co checkout.quadpay.com checkout-sandbox.quadpay.com *.paymentexpress.com *.windcave.com www.xtento.com *.doubleclick.net *.issuu.com app.redpepperdigital.net *.afterpay.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.afterpay.com/ *.cash.app magefan.com cm.magefan.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.disqus.com https://img.youtube.com *.cloudflare.com *.cloudfront.net https://cdn.klarna.com *.gstatic.com *.paypal.com *.afterpay.com https://s.ytimg.com *.usercentrics.eu *.trustpilot.com *.googleapis.com *.cdninstagram.com *.instagram.com *.facebook.net *.facebook.com *.clarity.ms *.bing.com t.zip.co static.zipmoney.com.au *.paymentexpress.com *.windcave.com www.xtento.com cdn.xtento.com *.google.co.nz *.zip.co partpayassets.blob.core.windows.net tags.srv.stackadapt.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com *.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com https://api.addressfinder.io https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com *.squarecdn.com https://hbiq.net *.cash.app https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.disqus.com *.cloudflare.com *.cloudfront.net foursixty.com *.trustedshops.com *.usercentrics.eu *.trustpilot.com *.googleapis.com *.intercomcdn.com *.intercom.io *.addthis.com *.addthisedge.com *.moatads.com *.facebook.net *.clarity.ms *.freshworks.com s3.amazonaws.com/assets.freshdesk.com/ static.zipmoney.com.au zip.co *.paymentexpress.com *.windcave.com www.xtento.com cdn.xtento.com *.hotjar.com *.zip.co zipmoney.com.au app.redpepperdigital.net tags.srv.stackadapt.com *.google.co.nz 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com https://api.addressfinder.io static.afterpay.com/ *.squarecdn.com *.cash.app https://static.klaviyo.com *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudflare.com *.cloudfront.net *.typekit.net foursixty.com *.trustedshops.com *.usercentrics.eu *.trustpilot.com *.googleapis.com *.freshworks.com s3.amazonaws.com/assets.freshdesk.com/ *.zip.co tags.srv.stackadapt.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.cdninstagram.com *.instagram.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.magento-datasolutions.com *.magento-ds.com https://api.addressfinder.io *.afterpay.com *.squarecdn.com https://hbiq.net https://iq.afterpay-beta.com https://iq.afterpay.com *.cash.app api.lab.amplitude.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.cloudflare.com *.cloudfront.net foursixty.com *.paypal.com *.googleapis.com *.addthis.com *.addthisedge.com *.moatads.com *.intercom.io *.cdninstagram.com *.instagram.com *.clarity.ms *.doubleclick.net *.freshworks.com google.com *.hotjar.io *.zip.co tags.srv.stackadapt.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.klevu.com *.ksearchnet.com maxcdn.bootstrapcdn.com d17anp2eo56k6j.cloudfront.net d9h1vtbtgkgvf.cloudfront.net *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://plumrocket.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.affirm.com *.affirm.ca d17anp2eo56k6j.cloudfront.net d9h1vtbtgkgvf.cloudfront.net https://plumrocket.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.affirm.com *.affirm.ca https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com d17anp2eo56k6j.cloudfront.net d9h1vtbtgkgvf.cloudfront.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.hsforms.net *.hsforms.com 'self' data: https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com *.affirm.com *.affirm.ca https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.klevu.com *.ksearchnet.com d17anp2eo56k6j.cloudfront.net d9h1vtbtgkgvf.cloudfront.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com *.google.com *.gstatic.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com https://h64.online-metrix.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://static.klaviyo.com *.klevu.com *.ksearchnet.com maxcdn.bootstrapcdn.com d17anp2eo56k6j.cloudfront.net d9h1vtbtgkgvf.cloudfront.net unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.affirm.com *.affirm.ca https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com d17anp2eo56k6j.cloudfront.net d9h1vtbtgkgvf.cloudfront.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com data: https://fonts.gstatic.com tag.search.sensefuel.live *.fontawesome.com https://cdnjs.cloudflare.com * data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.hipay-tpp.com *.hipay.com *.weltpixel.com *.devatics.com *.hypay.com *.criteo.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.facebook.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com *.googleapis.com https://images.unsplash.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.amazonaws.com *.criteo.com *.googletagmanager.com *.google-analytics.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.doubleclick.net *.tremorhub.com *.dmxleo.com *.advertising.com *.yieldmo.com *.outbrain.com *.taboola.com *.artadserver.com *.3lift.com *.360yield.com *.smartadserver.com *.pubmatic.com *.casalemedia.com *.teads.tv *.media.net *.adform.net *.omnitagjs.com *.sharethrough.com *.ivitrack.com *.stickyadstv.com *.mediavine.com *.smaato.net *.adnxs.com *.bing.com *.yahoo.com *.liadm.com *.imgix.net *.bidswitch.net *.facebook.com * *.pubads.g.doubleclick.net *.google.com *.google.fr data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.hipay-tpp.com *.hipay.com *.iesnare.com *.paypal.com secure-gateway.hipay-tpp.com tag.search.sensefuel.live *.axept.io *.abtasty.com fw-cdn.com *.criteo.net *.criteo.com *.googletagmanager.com ssl.google-analytics.com https://www.googletagmanager.com tagmanager.google.com https://cdnjs.cloudflare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com *.facebook.net * *.googleads.g.doubleclick.net *.googleadservices.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.hipay.com https://fonts.googleapis.com tag.search.sensefuel.live *.hypay.com *.fontawesome.com tagmanager.google.com https://cdnjs.cloudflare.com assets.braintreegateway.com * 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com data: *.iesnare.com * 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.hipay-tpp.com *.hipay.com wss://mpsnare.iesnare.com *.google.fr *.axept.io *.hypay.com *.search.sensefuel.live *.googletagmanager.com *.analytics.google.com https://www.google-analytics.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.doubleclick.net * *.stats.g.doubleclick.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com * http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net www.paypalobjects.com *.typekit.net *.gstatic.com https://static.dhlecommerce.nl https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com https://www.googletagmanager.com/ https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com js.mollie.com *.trustpilot.com 'self' 'unsafe-inline'; img-src cdn.verfwinkel.nl data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com https://maps.googleapis.com https://maps.gstatic.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ magefan.com cm.magefan.com *.disqus.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com https://img.youtube.com https://www.mollie.com data: https: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com *.typekit.net google.com *.google.com *.cdn-apple.com https://maps.googleapis.com https://static.dhlecommerce.nl http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.disqus.com https://cdn.jsdelivr.net https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com js.mollie.com *.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://static.dhlecommerce.nl https://maps.googleapis.com https://fonts.googleapis.com https://cdn.jsdelivr.net https://hcaptcha.com https://*.hcaptcha.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com *.adobe.io performance.typekit.net *.sentry.io www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com https://maps.googleapis.com https://player.vimeo.com https://api-gw.dhlparcel.nl https://static.dhlecommerce.nl http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.googleapis.com *.gstatic.com 'self' data: *.fontawesome.com *.bootstrapcdn.com *.punchout2go.com *.tradecentric.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.cenpos.net *.cenpos.com *.google.com *.gstatic.com *.cardinalcommerce.com *.salesforce.com *.punchout2go.com 'self' 'unsafe-inline'; frame-ancestors *.certcapture.com *.schoolhealth.com mcstaging2.schoolhealth.com/ portal.punchout2go.com qa-portal.punchout2go.com dev-portal.punchout2go.com sapportal.ocps.net sapportalqap.ocps.net shop.equallevel.com *.punchout2go.com *.tradecentric.com *.ariba.com *.nps.k12.nj.us 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.sharethis.com https://static.addtoany.com/ *.certcapture.com *.cenpos.net *.cenpos.com *.google.com *.gstatic.com *.cardinalcommerce.com js.mollie.com *.schoolhealth.com *.punchout2go.com *.tradecentric.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: blob: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.sharethis.com *.gstatic.com *.googleapis.com *.certcapture.com *.b0e8.com *.cenpos.net *.cenpos.com https://images.unsplash.com https://www.mollie.com https://*.asknice.ly *.schoolhealth.com  *.chartbeat.com *.chartbeat.net *.pages03.net *.unbxdapi.com *.punchout2go.com *.tradecentric.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com *.adobe.io magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.magento-ds.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.sharethis.com https://static.addtoany.com/ *.googleapis.com *.gstatic.com *.certcapture.com *.b0e8.com *.bc0a.com *.cenpos.com *.cenpos.net *.google.com *.cardinalcommerce.com https://maps.googleapis.com js.mollie.com https://static.asknice.ly ssl.google-analytics.com *.cloudfront.net *.cloudflare.com *.pages03.net *.addtoany.com *.chartbeat.com *.punchout2go.com *.tradecentric.com *.unbxdapi.com *.unbxd.com *.unbxd.io data: *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com *.sharethis.com *.certcapture.com *.fontawesome.com https://static.asknice.ly *.bootstrapcdn.com *.punchout2go.com *.tradecentric.com *.googleapis.com *.unbxdapi.com *.unbxd.com *.unbxd.io tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io vimeo.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net api.magento.com *.adobe.io performance.typekit.net *.magento-datasolutions.com *.magento-ds.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.sharethis.com https://stats.addtoany.com/menu *.googleapis.com *.certcapture.com https://maps.googleapis.com https://player.vimeo.com https://*.asknice.ly *.doubleclick.net *.demdex.net *.punchout2go.com *.tradecentric.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src *.certcapture.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src * 'unsafe-eval' 'unsafe-inline' blob: data:; script-src 'self' 'unsafe-eval' 'report-sample' https://*.betgenius.com/ https://*.force.com/ https://*.geniussports.com/ https://*.kambicdn.com/ https://*.online-metrix.net/ https://*.paypal.com/ https://*.salesforce.com/ https://*.salesforceliveagent.com/ https://*.webpu.sh/ https://apis.google.com/ https://c.paypal.com/ https://cdn-gl.imrworldwide.com/ https://cdn.geocomply.com/ https://cdn.jsdelivr.net/ https://cdn.quantummetric.com/ https://challenges.cloudflare.com/turnstile/ https://connect.facebook.net/ https://h.online-metrix.net/ https://js.braintreegateway.com/ https://maps.googleapis.com/ https://micro-frontends.rushstreetcontent.com/ https://paywithmybank.com/ https://platform.twitter.com/ https://player.performgroup.com/ https://request.eprotect.vantivcnp.com/ https://service.riverscontent.com/ https://static.ads-twitter.com/ https://static.cloudflareinsights.com/ https://static.nps.today/ https://static.zdassets.com/ https://websdk.appsflyer.com/ https://www.datadoghq-browser-agent.com/ https://www.google-analytics.com/ https://www.google.com/ https://www.googleadservices.com/ https://www.googleoptimize.com/ https://www.googletagmanager.com/ https://www.paypalobjects.com/ https://hosted.paysafe.com/ 'nonce-Z9KwKheICpmiWL5JP9VBb/XBSQo='; worker-src 'self' blob:; report-uri https://pci.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubfbf01b16e06749de383ba09b993b5515&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env%3Aprod-ca-on; 1
base-uri 'self'; child-src 'self'; connect-src 'self'; default-src 'self'; font-src 'self'; form-action 'self'; frame-ancestors 'self'; img-src 'self'; manifest-src 'self'; media-src 'self'; navigate-to 'self'; object-src 'none'; script-src 'self'; script-src-attr 'self'; script-src-elem 'self'; style-src 'self'; style-src-attr 'self'; style-src-elem 'self'; worker-src 'self' 1
connect-src https://auth.sdc.dk https://api-proxy-neos.sdc.eu https://azure-sign-p1.sdc.dk data: https://*.dynamicyield.com/ https://*.dynamicyield.eu/ https://*.sdc.dk/ https://*.sdc.eu/ https://api.cludo.com https://bat.bing.com https://cdn.linkedin.oribi.io https://px.ads.linkedin.com https://cloud.lsb.dk https://consent.app.cookieinformation.com https://dc.services.visualstudio.com/ https://policy.app.cookieinformation.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://vimeo.com https://www.google.com https://www.totalkredit.dk/ 'self'; default-src https://api-shared-proxy.sdc.eu https://bundles.lsb.dk 'self'; font-src https://*.dynamicyield.com/ https://*.dynamicyield.eu/ https://fonts.gstatic.com/ 'self'; frame-src https://auth.sdc.dk https://azure-sign-p1.sdc.dk https://app.leaddoubler.com/ https://player.vimeo.com/ https://policy.app.cookieinformation.com https://td.doubleclick.net https://widget.trustpilot.com https://www.googletagmanager.com https://www.youtube.com/ 'self'; img-src *.siteimproveanalytics.io  data: https://*.dynamicyield.com/ https://*.dynamicyield.eu/ https://bat.bing.com https://bundles.lsb.dk https://customer.cludo.com https://i.ytimg.com/ https://maps.googleapis.com/ https://maps.gstatic.com/ https://px.ads.linkedin.com/ https://stm.totalkredit.dk/ https://www.google.com https://www.google.dk https://www.google-analytics.com https://www.google-analytics.dk https://www.googletagmanager.com 'self' www.facebook.com; script-src https://*.dynamicyield.com/ https://*.dynamicyield.eu/ https://bat.bing.com https://bundles.lsb.dk https://connect.facebook.net/ https://consent.cookiebot.com/ https://customer.cludo.com https://forms.lsb-kampagne.dk/ https://googleads.g.doubleclick.net https://maps.googleapis.com/ https://player.vimeo.com/ https://policy.app.cookieinformation.com https://policy.app.cookieinformation.com/ https://s.ytimg.com/ https://s2.adform.net https://s3-eu-west-1.amazonaws.com https://siteimproveanalytics.com https://snap.licdn.com https://track.adform.net https://widget.trustpilot.com https://www.google-analytics.com https://www.googleoptimize.com https://www.googletagmanager.com https://www.totalkredit.dk/ https://www.youtube.com/ 'self' 'unsafe-eval' 'unsafe-inline'; style-src https://*.dynamicyield.com/ https://*.dynamicyield.eu/ https://bundles.lsb.dk https://customer.cludo.com https://forms.lsb-kampagne.dk/ https://laanogsparneos.prod.ibn.host/ https://laanogspar-prd.neosbank-envr.com/ https://neosbank-laanogspar-prd.ibn.host/ https://policy.app.cookieinformation.com https://www.totalkredit.dk/ 'self' 'unsafe-inline'; report-uri /api/sdc/security/csp/report; report-to default 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.klevu.com *.ksearchnet.com *.cloudflare.com *.googleapis.com *.zopim.com *.tawk.to *.jsdelivr.net media.flixfacts.com 'unsafe-inline' data: data: 'self' 'unsafe-inline'; frame-ancestors *.hana.ondemand.com 'self'; img-src widgets.magentocommerce.com 'unsafe-inline' data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.paypal.com *.typekit.net *.gstatic.com *.klevu.com *.ksearchnet.com oppwa.com *.oppwa.com *.peachpayments.com *.eu-west-1.amazonaws.com *.cloudflare.com *.google.com *.google.lv *.google.co.za *.google.com.na *.google.na *.zopim.com *.nosto.com *.hotjar.com *.hotjar.io *.googletagmanager.com *.zopim.io *.sfdr.co sfdr.co *.tawk.to tawk.link *.tawk.link *.addthis.com *.jsdelivr.net *.facebook.com *.azurewebsites.net maps.googleapis.com app.mobicredwidget.co.za amcglobal.sc.omtrdc.net media.flixcar.com rt.flix360.com assets.secure.checkout.visa.com data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com s.ytimg.com www.googleapis.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com *.typekit.net google.com *.google.com *.cdn-apple.com https://browser.sentry-cdn.com js.klevu.com *.ksearchnet.com landofcoder.com maps.googleapis.com chart.googleapis.com *.oppwa.com oppwa.com *.peachpayments.com *.zopim.com *.videoly.co sfdr.co *.cnetcontent.com *.cloudfront.net *.newrelic.com *.klevu.com *.google.lv *.google.co.za *.google.com.na *.google.na *.cloudflare.com *.cloudflareinsights.com *.nosto.com *.hotjar.com *.googletagmanager.com *.criteo.net *.criteo.com *.sfdr.co *.tawk.to *.tawk.link *.jsdelivr.net *.addthis.com *.addthisedge.com *.moatads.com *.mouseflow.com *.nr-data.net *.facebook.com *.what3words.com commerce.adobedtm.com magento-recs-sdk.adobe.net static.zdassets.com app.mobicredwidget.co.za www.gstatic.com connect.facebook.net bam.nr-data.net js.testfreaks.com media.flixfacts.com media.flixcar.com security-hub.vaimo.network 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com *.klevu.com *.ksearchnet.com oppwa.com *.oppwa.com *.peachpayments.com *.cloudflare.com *.googleapis.com *.jsdelivr.net www.gstatic.com media.flixcar.com 'unsafe-inline' data: 'self' 'unsafe-inline'; object-src landofcoder.com maps.googleapis.com chart.googleapis.com 'self' 'unsafe-inline'; media-src *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adobe.io performance.typekit.net *.sentry.io www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com https://*.ingest.sentry.io *.klevu.com *.ksearchnet.com landofcoder.com maps.googleapis.com chart.googleapis.com oppwa.com *.oppwa.com *.peachpayments.com *.testfreaks.com *.nosto.com *.hotjar.io *.hotjar.com *.doubleclick.net *.zendesk.com *.tawk.to wss://*.tawk.to *.tawk.link *.addthis.com *.addthisedge.com *.nr-data.net *.what3words.com *.googleapis.com vsb111.tawk.to ekr.zdassets.com api.magento.com commerce.adobedc.net app.mobicredwidget.co.za wss://widget-mediator.zopim.com bam.nr-data.net *.googletagmanager.com security-hub.vaimo.network 'unsafe-eval' data: 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; form-action *.cognitoforms.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com https://secure.paygate.co.za/payweb3/process.trans oppwa.com *.oppwa.com peachpayments.com *.peachpayments.com *.facebook.com webchat.jdg.co.za *.jdg.co.za 'self' 'unsafe-inline'; frame-src *.cognitoforms.com *.peachpayments.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com *.braintreegateway.com *.paypal.com google.com *.google.com landofcoder.com maps.googleapis.com chart.googleapis.com oppwa.com *.oppwa.com peachpayments.com *.nosto.com *.issuu.com *.hotjar.com *.hotjar.io *.googletagmanager.com *.criteo.net *.criteo.com *.addthis.com *.facebook.com webchat.jdg.co.za *.jdg.co.za 'self' 'unsafe-inline'; 1
img-src *.force.com slack-imgs-mil-dev.com https://mzmoment-test.app https://www.vevromerike.no 'self' https://stats.g.doubleclick.net https://vevromerike.no https://img.youtube.com https://vev.my.site.com https://payments.salesforce.com/icons/ https://e360-tracking-service-cdp1.sfdc-yzvdd4.svc.sfdcfc.net https://login.salesforce.com/icons/ *.my-salesforce-cms.com https://vev.my.salesforce.com optimize.google.com lightning.force.com *.googlesyndication.com https://www.gstatic.com https://assets.mapquestapi.com *.slack-edge-gov.com *.my-salesforce.com https://www.youtube-nocookie.com *.cloudinary.com *.vevromerike.no www.google.no https://www.google.com https://www.googleoptimize.com https://romerikebb.sharepoint.com *.amazonaws.com https://region1.google-analytics.com blob: https://vev.lightning.force.com https://fra80.sfdc-urlt2q.salesforce.com/icons/ https://monitoringpublic.solaredge.com *.facebook.com https://d.la1-core1.sfdc-urlt2q.salesforceliveagent.com https://www.telia.no slack-imgs.com https://c.tiles.mapbox.com slack-gov-dev.com *.sfdcstatic.com https://tileproxy.cloud.mapquest.com *.twimg.com https://vev.my.salesforce-scrt.com https://vev--c.visualforce.com *.slack.com https://www.paypal.com *.google.no https://a.tiles.mapbox.com *.slack-imgs.com slack-imgs-gov.com https://i.ytimg.com https://cdn.content.aws-dev2-uswest2.aws.sfdc.cl/icons/ *.salesforce-experience.com https://d.la11-core1.sfdc-urlt2q.salesforceliveagent.com *.doubleclick.net https://www.mapquestapi.com slack-imgs-gov-dev.com *.slack-edge.com https://cdn.content.aws-prod1-useast1.aws.sfdc.cl/icons/ slack-mil-dev.com https://www.gstatic.com/recaptcha/ https://commonapi-gw.get.no https://d.tiles.mapbox.com https://artikler.get.no https://mapconfig.mqcdn.com https://www.google.com/recaptcha/ https://m83tkyrsgfqwkylcgqzgkzlbgy.c360a.salesforce.com *.slack-edge.mil https://www.sandbox.paypal.com *.vev.lightning.force.com https://www.arrowcommunications.co.uk https://i.vimeocdn.com https://vev.file.force.com https://www.googletagmanager.com https://d.la3-c2-fra.salesforceliveagent.com https://www.google-analytics.com https://b.tiles.mapbox.com *.salesforce.com https://vev--c.vf.force.com https://*.adyen.com slack-imgs.mil https://service.force.com https://vev.live-preview.salesforce-experience.com data:; report-to sfdc-csp-ep; report-uri https://vev.lightning.force.com/_/ContentDomainCSPNoAuth?tenantId=00D24000000Zs0w&networkId=0DM08000000sXzv&type=communities 1
default-src 'self'; script-src 'report-sample' 'self' https://app-script.monsido.com/v2/monsido-script.js https://apps.usw2.pure.cloud/genesys-bootstrap/genesys.min.js https://connect.facebook.net/en_US/fbevents.js https://js.adsrvr.org/up_loader.1.1.0.js https://s.swiftypecdn.com/install/v2/st.js https://sc-static.net/scevent.min.js https://ssl.google-analytics.com/ga.js https://static.ads-twitter.com/uwt.js https://tr.snapchat.com/config/com/f46d0350-ae7f-4886-b620-b497a4d93c9f.js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtm.js; style-src 'report-sample' 'self'; object-src 'none'; base-uri 'self'; connect-src 'self' https://capidashboard.ialottery.com https://tr.snapchat.com https://tr6.snapchat.com https://www.google-analytics.com; font-src 'self'; frame-src 'self' https://10921257.fls.doubleclick.net https://apps.usw2.pure.cloud https://insight.adsrvr.org https://pixel-sync.sitescout.com https://tr.snapchat.com https://www.youtube.com; img-src 'self' https://analytics.twitter.com https://ssl.google-analytics.com https://t.co https://tracking.monsido.com https://www.facebook.com https://www.google.com; manifest-src 'self'; media-src 'self'; report-uri https://668597ef014602b312931fd2.endpoint.csper.io/?v=0; worker-src 'none'; 1
font-src *.fontawesome.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://seo.mageplaza.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ maps.googleapis.com chart.googleapis.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io flagpedia.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com chart.googleapis.com *.gstatic.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com maxcdn.bootstrapcdn.com *.gstatic.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src maps.googleapis.com chart.googleapis.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com maps.googleapis.com chart.googleapis.com www.gstatic.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com https://fonts.gstatic.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com static.addtoany.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com mcstaging.trainworld.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ store.paradoxlabs.com *.yotpo.com maps.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com static.addtoany.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.authorize.net *.yotpo.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://static.klaviyo.com *.fontawesome.com *.googleapis.com *.addtoany.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://dpm.demdex.net *.paypal.com *.authorize.net *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src https://fonts.gstatic.com https://ws.colissimo.fr *.fontawesome.com https://cdnjs.cloudflare.com *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de https://plumrocket.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com https://plumrocket.com *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://maps.googleapis.com https://maps.gstatic.com https://ws.colissimo.fr https://*.tile.openstreetmap.fr *.gstatic.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com chimpstatic.com downloads.mailchimp.com *.list-manage.com https://maps.googleapis.com https://www.google.com https://www.gstatic.com https://ws.colissimo.fr https://api.mapbox.com *.avada.io https://cdnjs.cloudflare.com *.googletagmanager.com https://www.googletagmanager.com tagmanager.google.com *.yotpo.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com downloads.mailchimp.com https://fonts.googleapis.com https://ws.colissimo.fr https://api.mapbox.com *.fontawesome.com https://cdnjs.cloudflare.com tagmanager.google.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com https://nominatim.openstreetmap.org https://www.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.thuis.nl *.camcammer.com *.sensemakers.com *.test.paysafe.com *.cloudflare.com *.exoclick.com cdn.pushcrew.com *.ingest.sentry.io *.paysafe.com *.google.com *.google.nl *.google.sr *.google.be *.google.gr *.google.fr *.google-analytics.com stats.g.doubleclick.net *.doubleclick.net *.slack-edge.com *.googletagmanager.com analytics.sensemakers.nl *.hotjar.com *.hotjar.io; connect-src 'self' 'unsafe-inline' 'unsafe-eval' wss://*.thuis.nl/ wss://*.sensemakers.com wss://ws.hotjar.com/ *.sensemakers.com stats.g.doubleclick.net *.ingest.sentry.io analytics.sensemakers.nl *.google.com *.google.nl *.google.sr *.google.be *.google.gr *.google.fr *.analytics.google.com stats.g.doubleclick.net *.hotjar.io *.hotjar.com *.test.paysafe.com *.paysafe.com *.thuis.nl *.google-analytics.com; img-src * 'self' data: https: blob: https; font-src * 'self' data:; report-uri https://analytics.sensemakers.nl/csp/ 1
font-src fonts.gstatic.com use.typekit.net a.omappapi.com *.fontawesome.com *.alothemes.com *.magepow.com *.google.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://seo.mageplaza.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.pagar.me *.netsgroup.com *.sibs.pt *.seglan.com *.secureacs.com *.rsa3dsauth.com *.apata.io *.cardinalcommerce.com *.santander.com.br *.bradesco.com.br *.bradesco *.stone.com.br *.nubank.com.br *.itau.com.br *.bb.com.br *.caixa.gov.br *.inter.co *.bancointer.com.br *.c6bank.com.br *.bancobmg.com.br *.safra.com.br *.sicoob.com.br *.banrisul.com.br *.banrisul.b.br *.banorte.com *.xpi.com.br *.btgpactual.com *.btgpactualdigital.com *.picpay.com *.amedigital.com *.neon.tech *.neon.com.br *.wise.com *.revolut.com *.sandbox.3dsecure.io *.google.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com event.getblue.io static.omni.chat *.criteo.com static.criteo.net td.doubleclick.net *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com js.mollie.com *.pagar.me *.netsgroup.com *.sibs.pt *.seglan.com *.secureacs.com *.rsa3dsauth.com *.apata.io *.cardinalcommerce.com *.santander.com.br *.bradesco.com.br *.bradesco *.stone.com.br *.nubank.com.br *.itau.com.br *.bb.com.br *.caixa.gov.br *.inter.co *.bancointer.com.br *.c6bank.com.br *.bancobmg.com.br *.safra.com.br *.sicoob.com.br *.banrisul.com.br *.banrisul.b.br *.banorte.com *.xpi.com.br *.btgpactual.com *.btgpactualdigital.com *.picpay.com *.amedigital.com *.neon.tech *.neon.com.br *.wise.com *.revolut.com *.sandbox.3dsecure.io *.google.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net https://images.unsplash.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com www.oceandrop.com.br c.clarity.ms *.bing.com www.google.com.br cm.g.doubleclick.net collect.vendavalida.com.br *.criteo.com *.omappapi.com a.mgid.com *.alothemes.com *.magepow.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com https://www.mollie.com cdn.mundipagg.com api.pagar.me *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://maps.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com event.getblue.io widget.getblue.io static.omni.chat a.omappapi.com oceandrop-br.mais.social js-agent.newrelic.com www.clarity.ms *.hotjar.com bat.bing.com www.googleoptimize.com collect.vendavalida.com.br *.criteo.com secure.afilio.com.br a.mgid.com *.ubembed.com *.alothemes.com *.magepow.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com js.mollie.com 3ds2.pagar.me 3ds2-sdx.pagar.me *.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com oceandrop-br.mais.social a.omappapi.com *.fontawesome.com *.alothemes.com *.magepow.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.googleapis.com *.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io https://maps.googleapis.com https://player.vimeo.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com oceandrop-br.mais.social omnichat-web-chat.omni.chat webchat-adapter.omni.chat *.omappapi.com *.clarity.ms bam.nr-data.net ws.hotjar.com *.hotjar.io *.criteo.com stats.g.doubleclick.net collect.vendavalida.com.br bat.bing.com *.alothemes.com *.magepow.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com api.mundipagg.com api.pagar.me brasilapi.com.br viacep.com.br servicodados.ibge.gov.br *.google.com google.com pay.sandbox.google.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.checkout-api.avarda.com *.kekale.fi *.accolade.fi maxcdn.bootstrapcdn.com *.gstatic.com js.klevu.com *.cloudflare.com *.twitter.com *.google.com *.google.co.in *.google.fi *.google.ro *.facebook.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.amazonaws.com *.cookieinformation.com *.sizebay.technology *.pingdom.net *.avarda.com *.klevu.com *.ksearchnet.com 'self' data: data: 'self' 'unsafe-inline'; form-action *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com *.twitter.com https://www.facebook.com *.criteo.net *.criteo.com *.amazonaws.com *.cookieinformation.com *.sizebay.technology *.pinterest.com *.pingdom.net *.feedbackly.com *.doubleclick.net *.googletagmanager.com *.avarda.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.checkout-api.avarda.com *.kekale.fi *.accolade.fi *.paytrail.com *.placeholder.com *.zopim.com *.zopim.io *.klevu.com *.ctfassets.net *.facebook.com https://stats.g.doubleclick.net *.google.com *.google.co.in *.google.fi *.google.ro *.connect.facebook.net *.segmentify.com *.smaato.net *.doubleclick.net *.360yield.com *.adnxs.com *.rubiconproject.com *.yahoo.com *.yahoo.net *.smartadserver.com *.pubmatic.com *.outbrain.com *.casalemedia.com *.openx.net *.advertising.com *.ivitrack.com *.omnitagjs.com *.twiago.com *.3lift.com *.taboola.com *.adscale.de *.teads.tv *.media.net *.bidswitch.net *.yieldlab.net *.criteo.com *.1rx.io *.unrulymedia.com *.cookieinformation.com *.sizebay.technology *.google-analytics.com *.analytics.google.com *.clarity.ms *.pinterest.com *.bing.com *.pingdom.net *.sharethrough.com *.emxdgt.com https://id5-sync.com *.mediavine.com *.tremorhub.com *.yieldmo.com *.demdex.net *.krxd.net *.thebrighttag.com *.postrelease.com *.omappapi.com *.avarda.com *.dmxleo.com *.windows.net *.azureedge.net *.ksearchnet.com 'self' data: data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.avarda.com *.checkout-cdn.avarda.com *.kekale.fi *.accolade.fi *.google.com *.gstatic.com *.zdassets.com *.klevu.com *.zopim.com *.facebook.net *.custobar.com *.criteo.net *.criteo.com *.googleapis.com *.google.co.in *.facebook.com *.googleadservices.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.bootstrapcdn.com *.segmentify.com *.doubleclick.net *.amazonaws.com *.cookieinformation.com *.sizebay.technology *.clarity.ms *.pinimg.com *.pinterest.com *.bing.com *.sgmntfy.com *.pingdom.net https://rum-static.pingdom.net *.feedbackly.com *.omappapi.com *.tiktok.com *.ksearchnet.com https://policy.app.cookieinformation.com https://js.klevu.com 'self' 'unsafe-eval' 'strict-dynamic' 'nonce-bXZqMWMzOW9iZ3BjNTVxaXdicWYwYnc4cWdiYnJhOW8=' 'nonce-aXUydzEyYmd6N2R6YjltNnVkZmdnOXJkMTZ2MXhmNm0=' 'sha256-W5akSSK6LD5BjIlNICMcXaUObQSRAaj6bs7JHADURBA=' 'sha256-3qVqeAdyxxTdPkkRzqapjGkAUYLahxSrB7Mdup+GPQ0=' 'sha256-2rvfFrggTCtyF5WOiTri1gDS8Boibj4Njn0e+VCBmDI=' 'sha256-p8MCfMHqrovsjRYU9z0bU17dd0z81k/fVbGrtBBiM9g=' 'sha256-0pk2s4oXwBELlC6IBVb3nNaM2PjfjwI2N6OGIX5lx8Y=' 'sha256-nkEZknO0IxNxY/CkTMBhjNhwPvglpYumjx31B4fjkY8='; style-src fonts.googleapis.com *.kekale.fi *.accolade.fi maxcdn.bootstrapcdn.com fonts.gstatic.com js.klevu.com *.googleapis.com *.twitter.com *.google.com *.google.co.in *.google.fi *.google.ro *.facebook.com *.segmentify.com *.cookieinformation.com *.sizebay.technology *.google-analytics.com *.analytics.google.com *.pingdom.net *.omappapi.com *.avarda.com *.klevu.com *.ksearchnet.com *.gstatic.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com *.adobe.io performance.typekit.net *.sentry.io *.checkout-api.avarda.com *.kekale.fi *.accolade.fi *.authorize.net *.zdassets.com *.zendesk.com *.zopim.com wss://*.zopim.com *.google.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.googlesyndication.com *.doubleclick.net *.ksearchnet.com *.segmentify.com *.criteo.net *.criteo.com *.custobar.com *.facebook.com *.amazonaws.com *.cookieinformation.com *.sizebay.technology *.clarity.ms *.pinterest.com *.bing.com *.pingdom.net *.sharethrough.com *.emxdgt.com https://id5-sync.com *.mediavine.com *.tremorhub.com *.yieldmo.com *.demdex.net *.krxd.net *.thebrighttag.com *.omappapi.com *.feedbackly.com *.tiktok.com *.avarda.com *.klevu.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.scottdunn.com scottdunnsc.dev.local images.scottdunn.com apps.sitecore.net connect.facebook.net www.facebook.com *.google.com *.googletagmanager.com *.google-analytics.com www.googleadservices.com *.google.co.uk www.youtube.com *.cloudfront.net *.cloudfront.com *.cloudflarestream.com *.bc0a.com cdn.jsdelivr.net cdn.cookielaw.org cookie-cdn.cookiepro.com *.onetrust.com *.joinsherpa.io vxml4.plavxml.com *.sleeknote.com *.appspot.com *.doubleclick.net *.contentsquare.net *.newrelic.com *.pinterest.com *.pingdom.net *.nr-data.net *.trackedweb.net *.bing.com *.bing.net *.pinimg.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.scottdunn.com scottdunnsc.dev.local *.gstatic.com connect.facebook.net www.facebook.com *.google.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.google.co.uk *.apple.com www.youtube.com *.cloudfront.net *.cloudfront.com *.cloudflarestream.com *.bc0a.com cdn.jsdelivr.net *.mapbox.com cdn.cookielaw.org cookie-cdn.cookiepro.com *.onetrust.com geolocation.onetrust.com js.stripe.com code.jquery.com *.joinsherpa.io code.jquery.com vxml4.plavxml.com *.doubleclick.net *.sleeknote.com acsbapp.com *.trackedweb.net *.contentsquare.net *.pinimg.com *.bing.com *.bing.net *.newrelic.com *.pinterest.com *.pingdom.net *.nr-data.net *.appspot.com *.convertexperiments.com *.cht-srvc.net cht-srvc.net *.livechatinc.com data: https://www.googletagmanager.com blob:; img-src 'self' *.scottdunn.com scottdunnsc.dev.local images.scottdunn.com *.gstatic.com connect.facebook.net www.facebook.com *.google.com *.google-analytics.com www.google.com.au *.google.co.uk *.apple.com www.youtube.com *.cloudfront.net *.cloudfront.com *.cloudflarestream.com cdn.cookielaw.org cookie-cdn.cookiepro.com *.onetrust.com vxml4.plavxml.com *.contentsquare.net *.doubleclick.net *.pinterest.com *.pingdom.net *.nr-data.net *.trackedweb.net *.appspot.com *.bing.com *.bing.net *.pinimg.com *.newrelic.com data: https://s.gravatar.com https://*.wp.com/cdn.auth0.com/avatars https://www.googletagmanager.com https://www.google.co.uk blob: *.sleeknote.com *.bing.com *.bing.net; style-src 'self' 'unsafe-inline' *.scottdunn.com scottdunnsc.dev.local *.gstatic.com connect.facebook.net www.facebook.com *.google.com fonts.googleapis.com *.google.co.uk *.apple.com www.youtube.com *.cloudfront.net *.cloudfront.com *.cloudflarestream.com cdn.cookielaw.org cookie-cdn.cookiepro.com *.onetrust.com vxml4.plavxml.com *.doubleclick.net *.mapbox.com *.pinterest.com *.pingdom.net *.trackedweb.net *.bing.com *.bing.net *.pinimg.com *.newrelic.com data:; font-src 'self' 'unsafe-inline' *.scottdunn.com scottdunnsc.dev.local *.gstatic.com connect.facebook.net www.facebook.com *.google.com *.doubleclick.net *.apple.com www.youtube.com *.cloudfront.net *.cloudfront.com *.cloudflarestream.com *.mapbox.com cdn.cookielaw.org cookie-cdn.cookiepro.com *.onetrust.com *.sleeknote.com *.contentsquare.net *.pinterest.com *.pingdom.net *.nr-data.net *.trackedweb.net *.appspot.com *.bing.com *.bing.net *.pinimg.com *.newrelic.com; connect-src 'self' *.acsbapp.com *.bc0a.com cdn.cookielaw.org cookie-cdn.cookiepro.com *.onetrust.com geolocation.onetrust.com *.google.com google.com *.analytics.google.com *.googletagmanager.com *.google-analytics.com *.google.co.uk vxml4.plavxml.com *.mapbox.com *.sleeknote.com *.trackedweb.net *.pinterest.com *.appspot.com *.bing.com *.bing.net *.contentsquare.net *.pingdom.net *.nr-data.net *.doubleclick.net *.pinimg.com *.newrelic.com *.convertexperiments.com *.vercel.app; upgrade-insecure-requests; block-all-mixed-content; 1
font-src fonts.gstatic.com use.typekit.net *.cdnfonts.com *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com https://media.flixcar.com https://media.flixfacts.com *.oppwa.com https://cdn.cs.1worldsync.com *.placetopay.com https://3dsacs.placetopay.com https://eu-prod.ppipe.net *.ppipe.net *.alignet.io *.3dsecure.alignet.io *.googleads.g.doubleclick.net *.tpc.googlesyndication.com *.google.com.ec *.google.com *.google.it *.m.facebook.com *.media.flixcar.com *.google.co.ke *.google.es *.assets-jpcust.jwpsrv.com *.google.com.pe *.google.se *.google.co.in *.google.com.mx *.google.com.co *.adobedc.demdex.net *.pagead2.googlesyndication.com *.pos.baidu.com *.google.co.ve *.google.com.sv *.googletagmanager.com *.acs.api.alignet.io *.x3dsacs.placetopay.com *.authentication.cardinalcommerce.com/ThreeDSecure/V2_1_0/CReq *.geoissuer.cardinalcommerce.com/DeviceFingerprintWeb/V2/Browser/RenderMethodURL *.visa.acs.alignet.io/acs-authentication-rest/authentication *.otpbk.datafast.com.ec/OTPDFValida.aspx media.flixcar.com media.flixfacts.com *.flix360.io *.flix360.com media.flixsyndication.net syndication.flix360.com content.jwplatform.com assets-jpcust.jwpsrv.com ssl.p.jwpcdn.com https://d3nkfb7815bs43.cloudfront.net http://d2m3ikv8mpgiy8.cloudfront.net d3np41mctoibfu.cloudfront.net media.pointandplace.com player.pointandplace.com t.pointandplace.com intent://arvr.google.com delivery-alpha.flix360.io delivery-beta.flix360.io https://www.mcprod.courts.com *.criteo.com *.criteo.net https://ib.adnxs.com https://sync-t1.taboola.com/ https://visitor.omnitagjs.com/ https://exchange.mediavine.com/ https://sync.outbrain.com/ https://criteo-sync.teads.tv/ https://criteo-partners.tremorhub.com/ https://sync-criteo.ads.yieldmo.com/ https://sync.1rx.io/ data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com *.twitter.com https://credomatic.compassmerchantsolutions.com https://integracion.alignetsac.com https://eu-test.oppwa.com https://staging.ptranz.com/api/spi/Conductor https://gateway.ptranz.com/api/spi/Conductor https://eu-prod.oppwa.com https://otpbk.datafast.com.ec https://vpayment.verifika.com https://oppwa.com *.placetopay.com https://3dsacs.placetopay.com https://eu-prod.ppipe.net *.ppipe.net *.alignet.io *.3dsecure.alignet.io *.googleads.g.doubleclick.net *.tpc.googlesyndication.com *.google.com.ec *.google.com *.google.it *.m.facebook.com *.media.flixcar.com *.google.co.ke *.google.es *.assets-jpcust.jwpsrv.com *.google.com.pe *.google.se *.google.co.in *.google.com.mx *.google.com.co *.adobedc.demdex.net *.pagead2.googlesyndication.com *.pos.baidu.com *.google.co.ve *.google.com.sv *.googletagmanager.com *.acs.api.alignet.io *.x3dsacs.placetopay.com *.authentication.cardinalcommerce.com/ThreeDSecure/V2_1_0/CReq *.geoissuer.cardinalcommerce.com/DeviceFingerprintWeb/V2/Browser/RenderMethodURL *.visa.acs.alignet.io/acs-authentication-rest/authentication *.otpbk.datafast.com.ec/OTPDFValida.aspx media.flixcar.com media.flixfacts.com *.flix360.io *.flix360.com media.flixsyndication.net syndication.flix360.com content.jwplatform.com assets-jpcust.jwpsrv.com ssl.p.jwpcdn.com https://d3nkfb7815bs43.cloudfront.net http://d2m3ikv8mpgiy8.cloudfront.net d3np41mctoibfu.cloudfront.net media.pointandplace.com player.pointandplace.com t.pointandplace.com intent://arvr.google.com delivery-alpha.flix360.io delivery-beta.flix360.io *.criteo.com *.criteo.net https://ib.adnxs.com https://sync-t1.taboola.com/ https://visitor.omnitagjs.com/ https://exchange.mediavine.com/ https://sync.outbrain.com/ https://criteo-sync.teads.tv/ https://criteo-partners.tremorhub.com/ https://sync-criteo.ads.yieldmo.com/ https://sync.1rx.io/ *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors *.twitter.com https://service.force.com/ https://h.online-metrix.net https://www.facebook.com/ https://integracion.alignetsac.com https://eu-test.oppwa.com https://preaprobados.unicomer.com/ https://lacuracaoapps.com/ https://unicomer-ecuador-guayaquil.dispatchtrack.com/ https://unicomer-ecuador-quito.dispatchtrack.com/ https://ficohsa.pixelpay.app https://eu-prod.oppwa.com https://otpbk.datafast.com.ec https://ppipe.net https://vpayment.verifika.com https://media.flixcar.com https://hp.omnitok.com/ https://front-notrack.indexado.production.pmbox.cloud https://pagostest.datafast.com.ec https://eu-test.ppipe.net https://oppwa.com *.placetopay.com https://3dsacs.placetopay.com https://eu-prod.ppipe.net *.ppipe.net *.alignet.io *.3dsecure.alignet.io *.googleads.g.doubleclick.net *.tpc.googlesyndication.com *.google.com.ec *.google.com *.google.it *.m.facebook.com *.media.flixcar.com *.google.co.ke *.google.es *.assets-jpcust.jwpsrv.com *.google.com.pe *.google.se *.google.co.in *.google.com.mx *.google.com.co *.adobedc.demdex.net *.pagead2.googlesyndication.com *.pos.baidu.com *.google.co.ve *.google.com.sv *.googletagmanager.com *.acs.api.alignet.io *.x3dsacs.placetopay.com *.authentication.cardinalcommerce.com/ThreeDSecure/V2_1_0/CReq *.geoissuer.cardinalcommerce.com/DeviceFingerprintWeb/V2/Browser/RenderMethodURL *.visa.acs.alignet.io/acs-authentication-rest/authentication *.otpbk.datafast.com.ec/OTPDFValida.aspx media.flixcar.com media.flixfacts.com *.flix360.io *.flix360.com media.flixsyndication.net syndication.flix360.com content.jwplatform.com assets-jpcust.jwpsrv.com ssl.p.jwpcdn.com https://d3nkfb7815bs43.cloudfront.net http://d2m3ikv8mpgiy8.cloudfront.net d3np41mctoibfu.cloudfront.net media.pointandplace.com player.pointandplace.com t.pointandplace.com intent://arvr.google.com delivery-alpha.flix360.io delivery-beta.flix360.io *.criteo.com *.criteo.net https://ib.adnxs.com https://sync-t1.taboola.com/ https://visitor.omnitagjs.com/ https://exchange.mediavine.com/ https://sync.outbrain.com/ https://criteo-sync.teads.tv/ https://criteo-partners.tremorhub.com/ https://sync-criteo.ads.yieldmo.com/ https://sync.1rx.io/ 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.demdex.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com pay.google.com sandbox.secure.checkout.visa.com secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com *.google.com/ https://www.youtube.com *.twitter.com https://service.force.com/ https://h.online-metrix.net https://www.facebook.com/ https://integracion.alignetsac.com https://eu-test.oppwa.com https://preaprobados.unicomer.com/ https://lacuracaoapps.com/ https://unicomer-ecuador-guayaquil.dispatchtrack.com/ https://unicomer-ecuador-quito.dispatchtrack.com/ https://ficohsa.pixelpay.app https://eu-prod.oppwa.com https://otpbk.datafast.com.ec https://ppipe.net https://vpayment.verifika.com https://media.flixcar.com https://hp.omnitok.com/ https://front-notrack.indexado.production.pmbox.cloud https://pagostest.datafast.com.ec https://eu-test.ppipe.net https://oppwa.com *.placetopay.com https://3dsacs.placetopay.com https://eu-prod.ppipe.net *.ppipe.net *.alignet.io *.3dsecure.alignet.io *.googleads.g.doubleclick.net *.tpc.googlesyndication.com *.google.com.ec *.google.com *.google.it *.m.facebook.com *.media.flixcar.com *.google.co.ke *.google.es *.assets-jpcust.jwpsrv.com *.google.com.pe *.google.se *.google.co.in *.google.com.mx *.google.com.co *.adobedc.demdex.net *.pagead2.googlesyndication.com *.pos.baidu.com *.google.co.ve *.google.com.sv *.googletagmanager.com *.acs.api.alignet.io *.x3dsacs.placetopay.com *.authentication.cardinalcommerce.com/ThreeDSecure/V2_1_0/CReq *.geoissuer.cardinalcommerce.com/DeviceFingerprintWeb/V2/Browser/RenderMethodURL *.visa.acs.alignet.io/acs-authentication-rest/authentication *.otpbk.datafast.com.ec/OTPDFValida.aspx *.v1.modern-life-interactive.com https://v1.modern-life-interactive.com hn.ficoposonline.com *.cloudfront.net https://notrack.indexado.pmbox.cloud media.flixcar.com media.flixfacts.com *.flix360.io *.flix360.com media.flixsyndication.net syndication.flix360.com content.jwplatform.com assets-jpcust.jwpsrv.com ssl.p.jwpcdn.com https://d3nkfb7815bs43.cloudfront.net http://d2m3ikv8mpgiy8.cloudfront.net d3np41mctoibfu.cloudfront.net media.pointandplace.com player.pointandplace.com t.pointandplace.com intent://arvr.google.com delivery-alpha.flix360.io delivery-beta.flix360.io https://centinelapistag.cardinalcommerce.com/ https://www.mcprod.courts.com *.criteo.com *.criteo.net https://ib.adnxs.com https://sync-t1.taboola.com/ https://visitor.omnitagjs.com/ https://exchange.mediavine.com/ https://sync.outbrain.com/ https://criteo-sync.teads.tv/ https://criteo-partners.tremorhub.com/ https://sync-criteo.ads.yieldmo.com/ https://sync.1rx.io/ c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com *.paypal.com * https://plumrocket.com https://vpos.infonet.com.py/ https://vpos.infonet.com.py:8888/ https://centinelapi.cardinalcommerce.com https://centinelapi.cardinalcommerce.com/V1/Cruise/Collect 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io www.gstatic.com sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com https://www.magezon.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu https://lcoimgprod-grupounicomer.netdna-ssl.com https://cmsuat.lacuracaonline.com https://maps.gstatic.com https://maps.googleapis.com/ *.online-metrix.net https://radioshackla-uat-grupounicomer.netdna-ssl.com https://log.pinterest.com https://gollotienda-uat-24-grupounicomer.netdna-ssl.com https://eu-test.oppwa.com https://img.youtube.com https://www.facebook.com https://unicomer--c.na100.visual.force.com https://unicomer--c.vf.force.com https://unicomer.lightning.force.com https://unicomer.my.salesforce.com https://unicomer--uat.sandbox.my.site.com https://eu-prod.oppwa.com https://otpbk.datafast.com.ec *.demoup.com https://media.flixcar.com https://rt.flix360.com https://event.syndigo.cloud https://event.webcollage.net https://fonts.gstatic.com https://www.googletagmanager.com https://d3np41mctoibfu.cloudfront.net https://media.flixfacts.com https://content.syndigo.com https://s3-sa-east-1.amazonaws.com *.oppwa.com *.placetopay.com https://3dsacs.placetopay.com https://eu-prod.ppipe.net *.ppipe.net *.alignet.io *.3dsecure.alignet.io *.googleads.g.doubleclick.net *.tpc.googlesyndication.com *.google.com.ec *.google.com *.google.it *.m.facebook.com *.media.flixcar.com *.google.co.ke *.google.es *.assets-jpcust.jwpsrv.com *.google.com.pe *.google.se *.google.co.in *.google.com.mx *.google.com.co *.adobedc.demdex.net *.pagead2.googlesyndication.com *.pos.baidu.com *.google.co.ve *.google.com.sv *.googletagmanager.com *.acs.api.alignet.io *.x3dsacs.placetopay.com *.authentication.cardinalcommerce.com/ThreeDSecure/V2_1_0/CReq *.geoissuer.cardinalcommerce.com/DeviceFingerprintWeb/V2/Browser/RenderMethodURL *.visa.acs.alignet.io/acs-authentication-rest/authentication *.otpbk.datafast.com.ec/OTPDFValida.aspx *.ggpht.com https://cdn.cs.1worldsync.com https://files.alquimio.cloud https://fichashppervasive.blob.core.windows.net *.cc.cnetcontent.com https://mycliplister.com/ *.igodigital.com/ https://grupounicomerhelp.zendesk.com https://static.zdassets.com *.zendesk.com/ media.flixcar.com media.flixfacts.com *.flix360.io *.flix360.com media.flixsyndication.net syndication.flix360.com content.jwplatform.com assets-jpcust.jwpsrv.com ssl.p.jwpcdn.com https://d3nkfb7815bs43.cloudfront.net http://d2m3ikv8mpgiy8.cloudfront.net d3np41mctoibfu.cloudfront.net media.pointandplace.com player.pointandplace.com t.pointandplace.com intent://arvr.google.com delivery-alpha.flix360.io delivery-beta.flix360.io https://www.mcprod.courts.com *.criteo.com *.criteo.net https://ib.adnxs.com https://sync-t1.taboola.com/ https://visitor.omnitagjs.com/ https://exchange.mediavine.com/ https://sync.outbrain.com/ https://criteo-sync.teads.tv/ https://criteo-partners.tremorhub.com/ https://sync-criteo.ads.yieldmo.com/ https://sync.1rx.io/ https://cdn.cookielaw.org/ https://vibra.work/  https://lavenderblush-shrew-391234.hostingersite.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com * www.googleadservices.com www.google-analytics.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com www.paypalobjects.com js.braintreegateway.com www.paypal.com assets.adobedtm.com commerce.adobe.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com www.googletagmanager.com *.fontawesome.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com pay.google.com x.klarnacdn.net sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu https://h.online-metrix.net *.oppwa.com *.placetopay.com https://3dsacs.placetopay.com https://eu-prod.ppipe.net *.ppipe.net *.alignet.io *.3dsecure.alignet.io *.googleads.g.doubleclick.net *.tpc.googlesyndication.com *.google.com.ec *.google.it *.m.facebook.com *.media.flixcar.com *.google.co.ke *.google.es *.assets-jpcust.jwpsrv.com *.google.com.pe *.google.se *.google.co.in *.google.com.mx *.google.com.co *.adobedc.demdex.net *.pagead2.googlesyndication.com *.pos.baidu.com *.google.co.ve *.google.com.sv *.googletagmanager.com *.acs.api.alignet.io *.x3dsacs.placetopay.com *.authentication.cardinalcommerce.com/ThreeDSecure/V2_1_0/CReq *.geoissuer.cardinalcommerce.com/DeviceFingerprintWeb/V2/Browser/RenderMethodURL *.visa.acs.alignet.io/acs-authentication-rest/authentication *.otpbk.datafast.com.ec/OTPDFValida.aspx media.flixcar.com media.flixfacts.com *.flix360.io *.flix360.com media.flixsyndication.net syndication.flix360.com content.jwplatform.com assets-jpcust.jwpsrv.com ssl.p.jwpcdn.com https://d3nkfb7815bs43.cloudfront.net http://d2m3ikv8mpgiy8.cloudfront.net d3np41mctoibfu.cloudfront.net media.pointandplace.com player.pointandplace.com t.pointandplace.com intent://arvr.google.com delivery-alpha.flix360.io delivery-beta.flix360.io https://www.mcprod.courts.com *.criteo.com *.criteo.net https://ib.adnxs.com https://sync-t1.taboola.com/ https://visitor.omnitagjs.com/ https://exchange.mediavine.com/ https://sync.outbrain.com/ https://criteo-sync.teads.tv/ https://criteo-partners.tremorhub.com/ https://sync-criteo.ads.yieldmo.com/ https://sync.1rx.io/ assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://digital-gollo.cs24.force.com https://unicomer--digital.cs24.my.salesforce.com https://c.la1-c1cs-ph2.salesforceliveagent.com/content 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com *.cdnfonts.com *.fontawesome.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu https://service.force.com https://integracion.alignetsac.com https://gollotienda-uat-24-grupounicomer.netdna-ssl.com https://eu-test.oppwa.com https://gollo.force.com https://unicomer.my.site.com https://eu-prod.oppwa.com https://otpbk.datafast.com.ec https://vpayment.verifika.com https://unicomer--uat.sandbox.my.site.com https://media.flixcar.com https://www.googletagmanager.com https://oppwa.com *.placetopay.com https://3dsacs.placetopay.com https://eu-prod.ppipe.net *.ppipe.net *.alignet.io *.3dsecure.alignet.io *.googleads.g.doubleclick.net *.tpc.googlesyndication.com *.google.com.ec *.google.com *.google.it *.m.facebook.com *.media.flixcar.com *.google.co.ke *.google.es *.assets-jpcust.jwpsrv.com *.google.com.pe *.google.se *.google.co.in *.google.com.mx *.google.com.co *.adobedc.demdex.net *.pagead2.googlesyndication.com *.pos.baidu.com *.google.co.ve *.google.com.sv *.googletagmanager.com *.acs.api.alignet.io *.x3dsacs.placetopay.com *.authentication.cardinalcommerce.com/ThreeDSecure/V2_1_0/CReq *.geoissuer.cardinalcommerce.com/DeviceFingerprintWeb/V2/Browser/RenderMethodURL *.visa.acs.alignet.io/acs-authentication-rest/authentication *.otpbk.datafast.com.ec/OTPDFValida.aspx *.1worldsync.com media.flixcar.com media.flixfacts.com *.flix360.io *.flix360.com media.flixsyndication.net syndication.flix360.com content.jwplatform.com assets-jpcust.jwpsrv.com ssl.p.jwpcdn.com https://d3nkfb7815bs43.cloudfront.net http://d2m3ikv8mpgiy8.cloudfront.net d3np41mctoibfu.cloudfront.net media.pointandplace.com player.pointandplace.com t.pointandplace.com intent://arvr.google.com delivery-alpha.flix360.io delivery-beta.flix360.io https://www.mcprod.courts.com *.criteo.com *.criteo.net https://ib.adnxs.com https://sync-t1.taboola.com/ https://visitor.omnitagjs.com/ https://exchange.mediavine.com/ https://sync.outbrain.com/ https://criteo-sync.teads.tv/ https://criteo-partners.tremorhub.com/ https://sync-criteo.ads.yieldmo.com/ https://sync.1rx.io/ unsafe-inline assets.braintreegateway.com https://digital-gollo.cs24.force.com https://unicomer--digital.cs24.my.salesforce.com https://c.la1-c1cs-ph2.salesforceliveagent.com/content 'self' 'unsafe-inline'; object-src https://h.online-metrix.net *.oppwa.com *.placetopay.com https://3dsacs.placetopay.com https://eu-prod.ppipe.net *.ppipe.net *.alignet.io *.3dsecure.alignet.io *.googleads.g.doubleclick.net *.tpc.googlesyndication.com *.google.com.ec *.google.com *.google.it *.m.facebook.com *.media.flixcar.com *.google.co.ke *.google.es *.assets-jpcust.jwpsrv.com *.google.com.pe *.google.se *.google.co.in *.google.com.mx *.google.com.co *.adobedc.demdex.net *.pagead2.googlesyndication.com *.pos.baidu.com *.google.co.ve *.google.com.sv *.googletagmanager.com *.acs.api.alignet.io *.x3dsacs.placetopay.com *.authentication.cardinalcommerce.com/ThreeDSecure/V2_1_0/CReq *.geoissuer.cardinalcommerce.com/DeviceFingerprintWeb/V2/Browser/RenderMethodURL *.visa.acs.alignet.io/acs-authentication-rest/authentication *.otpbk.datafast.com.ec/OTPDFValida.aspx media.flixcar.com media.flixfacts.com *.flix360.io *.flix360.com media.flixsyndication.net syndication.flix360.com content.jwplatform.com assets-jpcust.jwpsrv.com ssl.p.jwpcdn.com https://d3nkfb7815bs43.cloudfront.net http://d2m3ikv8mpgiy8.cloudfront.net d3np41mctoibfu.cloudfront.net media.pointandplace.com player.pointandplace.com t.pointandplace.com intent://arvr.google.com delivery-alpha.flix360.io delivery-beta.flix360.io https://www.mcprod.courts.com *.criteo.com *.criteo.net https://ib.adnxs.com https://sync-t1.taboola.com/ https://visitor.omnitagjs.com/ https://exchange.mediavine.com/ https://sync.outbrain.com/ https://criteo-sync.teads.tv/ https://criteo-partners.tremorhub.com/ https://sync-criteo.ads.yieldmo.com/ https://sync.1rx.io/ 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com https://image.unicomermktg.com 'self' blob: *.demoup.com *.oppwa.com https://static.zdassets.com *.placetopay.com https://3dsacs.placetopay.com https://eu-prod.ppipe.net *.ppipe.net *.alignet.io *.3dsecure.alignet.io *.googleads.g.doubleclick.net *.tpc.googlesyndication.com *.google.com.ec *.google.com *.google.it *.m.facebook.com *.media.flixcar.com *.google.co.ke *.google.es *.assets-jpcust.jwpsrv.com *.google.com.pe *.google.se *.google.co.in *.google.com.mx *.google.com.co *.adobedc.demdex.net *.pagead2.googlesyndication.com *.pos.baidu.com *.google.co.ve *.google.com.sv *.googletagmanager.com *.acs.api.alignet.io *.x3dsacs.placetopay.com *.authentication.cardinalcommerce.com/ThreeDSecure/V2_1_0/CReq *.geoissuer.cardinalcommerce.com/DeviceFingerprintWeb/V2/Browser/RenderMethodURL *.visa.acs.alignet.io/acs-authentication-rest/authentication *.otpbk.datafast.com.ec/OTPDFValida.aspx media.flixcar.com media.flixfacts.com *.flix360.io *.flix360.com media.flixsyndication.net syndication.flix360.com content.jwplatform.com assets-jpcust.jwpsrv.com ssl.p.jwpcdn.com https://d3nkfb7815bs43.cloudfront.net http://d2m3ikv8mpgiy8.cloudfront.net d3np41mctoibfu.cloudfront.net media.pointandplace.com player.pointandplace.com t.pointandplace.com intent://arvr.google.com delivery-alpha.flix360.io delivery-beta.flix360.io https://www.mcprod.courts.com *.criteo.com *.criteo.net https://ib.adnxs.com https://sync-t1.taboola.com/ https://visitor.omnitagjs.com/ https://exchange.mediavine.com/ https://sync.outbrain.com/ https://criteo-sync.teads.tv/ https://criteo-partners.tremorhub.com/ https://sync-criteo.ads.yieldmo.com/ https://sync.1rx.io/ 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.snplow.net commerce.adobedc.net * www.google-analytics.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.magento-datasolutions.com *.magento-ds.com thm.visa.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com https://maps.googleapis.com https://service.force.com/ https://log.pinterest.com https://h.online-metrix.net https://gollotienda-uat-24-grupounicomer.netdna-ssl.com https://integracion.alignetsac.com https://eu-test.oppwa.com https://eu-prod.oppwa.com https://otpbk.datafast.com.ec https://oppwa.com *.placetopay.com https://3dsacs.placetopay.com https://eu-prod.ppipe.net *.ppipe.net *.alignet.io *.3dsecure.alignet.io *.googleads.g.doubleclick.net *.tpc.googlesyndication.com *.google.com.ec *.google.com *.google.it *.m.facebook.com *.media.flixcar.com *.google.co.ke *.google.es *.assets-jpcust.jwpsrv.com *.google.com.pe *.google.se *.google.co.in *.google.com.mx *.google.com.co *.adobedc.demdex.net *.pagead2.googlesyndication.com *.pos.baidu.com *.google.co.ve *.google.com.sv *.googletagmanager.com *.acs.api.alignet.io *.x3dsacs.placetopay.com *.authentication.cardinalcommerce.com/ThreeDSecure/V2_1_0/CReq *.geoissuer.cardinalcommerce.com/DeviceFingerprintWeb/V2/Browser/RenderMethodURL *.visa.acs.alignet.io/acs-authentication-rest/authentication *.otpbk.datafast.com.ec/OTPDFValida.aspx blob: media.flixcar.com media.flixfacts.com *.flix360.io *.flix360.com media.flixsyndication.net syndication.flix360.com content.jwplatform.com assets-jpcust.jwpsrv.com ssl.p.jwpcdn.com https://d3nkfb7815bs43.cloudfront.net http://d2m3ikv8mpgiy8.cloudfront.net d3np41mctoibfu.cloudfront.net media.pointandplace.com player.pointandplace.com t.pointandplace.com intent://arvr.google.com delivery-alpha.flix360.io delivery-beta.flix360.io *.criteo.com *.criteo.net https://ib.adnxs.com https://sync-t1.taboola.com/ https://visitor.omnitagjs.com/ https://exchange.mediavine.com/ https://sync.outbrain.com/ https://criteo-sync.teads.tv/ https://criteo-partners.tremorhub.com/ https://sync-criteo.ads.yieldmo.com/ https://sync.1rx.io/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com google.com https://digital-gollo.cs24.force.com https://unicomer--digital.cs24.my.salesforce.com https://c.la1-c1cs-ph2.salesforceliveagent.com/content 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' https://topechelon.com; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://js.partnerstack.com https://api.livechatinc.com https://cdn.livechatinc.com https://www.google.com https://www.gstatic.com https://topechelon.activehosted.com https://prism.app-us1.com https://assets.calendly.com https://maps.googleapis.com https://cdnjs.cloudflare.com https://www.youtube.com https://*.fontawesome.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.bunny.net https://*.fontawesome.com; img-src 'self' data: https://www.google.com https://www.googletagmanager.com https://topechelon.com https://cdn.files-text.com https://tplabs.co https://i.ytimg.com https://cdn.livechat-files.com; connect-src 'self' https://www.google.com https://grsm.io https://get.topechelon.com https://partnerlinks.io https://analytics.google.com https://www.google-analytics.com https://google.com https://cdn.livechatinc.com https://stats.g.doubleclick.net https://maps.googleapis.com; font-src 'self' data: https://fonts.gstatic.com https://topechelon.com https://topechelon1dev.wpenginepowered.com/ https://fonts.bunny.net https://*.fontawesome.com; frame-ancestors 'self'; object-src 'none'; frame-src 'self' https://td.doubleclick.net/ https://www.googletagmanager.com/ https://secure.livechatinc.com/ https://www.google.com/ https://calendly.com/ https://www.youtube.com 1
default-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.steeple.com *.steeple.fr www.googletagmanager.com  www.googletagmanager.com/gtag/js cdn.jsdelivr.net js-na1.hs-scripts.com js.hs-banner.com js.hs-scripts.com js.hsleadflows.net js.hsadspixel.net js.hs-analytics.net js.usemessages.com js.hubspot.com px.ads.linkedin.com snap.licdn.com connect.facebook.net; style-src 'self' 'unsafe-inline' *.steeple.com *.steeple.fr fonts.googleapis.com; img-src 'self' *.steeple.com *.steeple.fr steeple.com *.cloudfront.net px.ads.linkedin.com i.giphy.com perf-na1.hsforms.com/embed/v3/counters.gif track.hubspot.com *.google.fr *.google.com data:; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com; connect-src 'self' ws: *.steeple.com *.steeple.fr www.google.com *.s3.eu-west-3.amazonaws.com api.honeybadger.io *.facebook.com region1.analytics.google.com *.google-analytics.com google.fr stats.g.doubleclick.net google.com api.hubapi.com cta-service-cms2.hubspot.com api.hubspot.com forms.hubspot.com px.ads.linkedin.com api.giphy.com https://browser-intake-datadoghq.eu; frame-src 'self' *.steeple.com *.steeple.fr pdfjs.steeple.fr www.googletagmanager.com; object-src 'none'; form-action 'self' internal.steeple.com; manifest-src 'self' *.steeple.com *.steeple.fr; media-src 'self' *.cloudfront.net files.steeple.fr; worker-src 'self' blob:; report-uri https://csp-report.browser-intake-datadoghq.eu/api/v2/logs?dd-api-key=pub8c68f388104ea42a032532e46c91bf1d&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=policy-type%3Areport-only%2Capplication%3Asteeple-core%2Cenv%3Aprd 1
default-src 'self' 'unsafe-inline' www.googletagmanager.com www.google-analytics.com ipv4check.ec-elements.com ipv6check.ec-elements.com data: 'unsafe-eval'; report-uri /csp-violation-report-endpoint/ 1
object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-nwzAoFOe5A4C32RQMgtXnw' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All 1
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/mapsplatform_google_com 1
default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' support.webkeeper.ch wss://support.webkeeper.ch www.google-analytics.com my.webkeeper.ch stats.g.doubleclick.net; font-src * data:; form-action 'self' www.webkeeper.ch; frame-ancestors 'none'; frame-src support.webkeeper.ch; img-src * data:; manifest-src 'self'; media-src support.webkeeper.ch; script-src 'self' 'unsafe-inline' 'unsafe-eval' support.webkeeper.ch www.google-analytics.com maps.googleapis.com developers.google.com treellionaire.com data:; style-src 'self' 'unsafe-inline' support.webkeeper.ch fonts.googleapis.com data:; report-uri /csp-report.php 1
default-src 'self' https://*.alltuu.live https://alltuu-frontend-log-tracking.cn-hangzhou.log.aliyuncs.com https://www.gstatic.com https://alltuu-help-video.oss-cn-shanghai.aliyuncs.com https://open.work.weixin.qq.com https://cdn.jsdelivr.net https://cdnjs.cloundflare.com https://gw.alipayobjects.com https://lf1-cdn-tos.bytegoofy.com https://alltuu.cc https://s9.cnzz.com https://zz.bdstatic.com https://v1.cnzz.com https://g.alicdn.com https://mp.weixin.qq.com https://res.wx.qq.com https://open.weixin.qq.com https://turing.captcha.qcloud.com https://sp0.baidu.com/ https://turing.captcha.gtimg.com https://at.alicdn.com data: blob: https://*.alltuu.ren https://*.alltuu.com 'unsafe-eval' 'unsafe-inline'; report-uri https://csp-page.alltuu.com;connect-src 'self' https://*.alltuu.live https://mcs.snssdk.com https://alltuu-storage.oss-accelerate.aliyuncs.com https://alltuu-prsoon-private.oss-cn-hangzhou.aliyuncs.com https://aegis.qq.com https://mp.weixin.qq.com/ https://alltuu-msg.cn-hangzhou.log.aliyuncs.com/ https://alltuu-flashapp.cn-hangzhou.log.aliyuncs.com https://ai-platform-data-analysis.cn-hangzhou.log.aliyuncs.com https://ai-data-analysis.cn-hangzhou.log.aliyuncs.com https://*.alltuu.com wss://*.alltuu.com https://alltuu-frontend-log.cn-hangzhou.log.aliyuncs.com https://videocloud.cn-hangzhou.log.aliyuncs.com https://alltuu-storage.oss-cn-hangzhou.aliyuncs.com https://alltuu-frontend-log-tracking.cn-hangzhou.log.aliyuncs.com data: blob:;frame-src 'self' https://* blob: data: ; 1
worker-src blob:; font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com fonts.gstatic.com *.kxcdn.com https://fonts.cdnfonts.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.googlesyndication.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ https://secure.asxgw.com *.google.com/ *.doubleclick.net *.facebook.com *.googlesyndication.com facebook.com www.facebook.com *.kxcdn.com youtube.com www.youtube.com platform.twitter.com *.google.com *.addthis.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.googlesyndication.com *.roeye.com *.cdninstagram.com *.kxcdn.com *.twitter.com *.googleapis.com *.fbcdn.net blob: ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://verify.etrustmark.rs https://rs.beosport.com maps.gstatic.com *.ggpht https://www.magezon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://asxgw.com https://asxgw.paymentsandbox.cloud https://secure.asxgw.com *.google.com/ *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com *.googleapis.com *.google.com cdn.ampproject.org connect.facebook.net googletagmanager.com *.kxcdn.com platform.twitter.com *.addthis.com *.addthisedge.com *.moatads.com chimpstatic.com downloads.mailchimp.com *.list-manage.com https://s-eu-1.pushpushgo.com form.beosport.rs/static_files/js/form.widget.js https://maps.googleapis.com https://cdnjs.cloudflare.com *.avada.io s7.addthis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-eval' 'sha256-W5akSSK6LD5BjIlNICMcXaUObQSRAaj6bs7JHADURBA=' 'sha256-3qVqeAdyxxTdPkkRzqapjGkAUYLahxSrB7Mdup+GPQ0=' 'sha256-2rvfFrggTCtyF5WOiTri1gDS8Boibj4Njn0e+VCBmDI=' 'sha256-p8MCfMHqrovsjRYU9z0bU17dd0z81k/fVbGrtBBiM9g=' 'sha256-0pk2s4oXwBELlC6IBVb3nNaM2PjfjwI2N6OGIX5lx8Y=' 'sha256-nkEZknO0IxNxY/CkTMBhjNhwPvglpYumjx31B4fjkY8=' 'sha256-OIkmMoDWrMET+9yYXfy4kYiZBSGdTuH3/LGJwXz4dbQ=' 'sha256-sA4VQiCGZ0SoC9lRUhrksOsX2gyXQEuHg4kSBIW0NEE=' 'sha256-c0lCqfyjzjX/z/E3XbnFt91p2H29aTfAgw8EjWp/fZI=' 'sha256-vEvkWASy62ASaFxwu/PJbHplao3U4RHMscHIG0WJ/Bk=' 'sha256-kcLwbkMxoYXD1+pfTCjKcZiKwrSg1OvWbfrbGCEKCJk=' 'sha256-jFhMjIj2mk11gJ73zMfIxd2bY7KD+ytCtZ/D9ManRc8=' 'sha256-6ixR+oMcnzgWfqUMhTzL7wXbLD5XOuFMHNcTSt5qov0=' 'sha256-LDIYwFJ02I7TUBglvosPtK0tPqIZkCRZMbWutdyCCAQ=' 'sha256-nf8KOhKoAdxPSwpv2RidJS8ZZzJhFY7WlN7FC+qdWc8=' 'sha256-3WKFMY9tUFN5N13PAP/JYO8r7IKSLJh0/tgh/V9MkRQ=' 'sha256-T3EuRb1GGbNmQ0vw9RUrW9VEstcYOrsXAoxvhYdOvIk=' 'sha256-coL0pEv1rb+grF9AzX+5ontRniER4BFzra+DqTYSAis=' 'sha256-5C79GT8eq2lLXsap6ckT7RIW2BBB6xceZxo8HZDjwyE=' 'sha256-Kj8xM4xKFKZOhkroQhn0wDm7HLvSMJ5jjXf4wDD9kLQ=' 'sha256-kDNtJT2efDxEQCDHPhzf12/6ZKrOJgpR7ze4tIpOkzg=' 'sha256-Y0D3AiTZ5scvOayGpk638SU9EGZdZCxmdS81i5h7sR0=' 'sha256-bpKe9LdxDRMgKSQ0H1JxXAYFf/zUg/V89o4nC7fFLIM='; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.google.com *.kxcdn.com downloads.mailchimp.com https://fonts.cdnfonts.com *.fontawesome.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://asxgw.com https://asxgw.paymentsandbox.cloud https://www.google-analytics.com *.facebook.com *.facebook.net *.google.com *.doubleclick.net *.googlesyndication.com https://www.paypal.com/xoplatform/logger/api/logger cdn.ampproject.org *.kxcdn.com *.instagram.com https://get.geojs.io *.avada.io ekr.zdassets.com/ *.google-analytics.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'self' 'unsafe-eval' chrome-extension: 'unsafe-inline' https://bitrix.info https://pos.gosuslugi.ru https://mc.yandex.ru 127.0.0.1:8182 127.0.0.1:8888 127.0.0.1:5005; frame-src 'self' https://mc.yandex.ru chrome-extension: https://pos.gosuslugi.ru https://mc.yandex.com https://127.0.0.1:20490 https://acestream.tv https://emet.live https://emet.news; object-src 'self' https://mc.yandex.ru chrome-extension:; report-uri /cspreportonly; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.vimeo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.vimeo.com *.vimeocdn.com *.newrelic.com *.nr-data.net google-analytics.com www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net ajax.googleapis.com www.googletagmanager.com googletagmanager.com tagmanager.google.com; style-src 'self' 'unsafe-inline' data: *.vimeocdn.com fonts.googleapis.com www.googletagmanager.com tagmanager.google.com; img-src 'self' data: secure.gravatar.com www.gravatar.com data: blob: google-analytics.com www.google-analytics.com ssl.google-analytics.com www.google.com www.googletagmanager.com; connect-src 'self' *.vimeo.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com about: www.googletagmanager.com; font-src 'self' data: data: fonts.gstatic.com fonts.googleapis.com; frame-src 'self' *.vimeo.com *.vimeocdn.com www.googletagmanager.com; child-src 'self' *.vimeo.com *.vimeocdn.com www.googletagmanager.com; 1
default-src 'self';script-src 'self' https://www.googletagmanager.com/gtag/js;style-src 'unsafe-inline' https://meebits.app;object-src 'none';base-uri 'self';connect-src 'self' https://ethgasstation.info https://min-api.cryptocompare.com https://www.google-analytics.com;font-src 'self';frame-src 'self';img-src 'self' data: https://images.meebits.app;manifest-src 'self';media-src 'self';worker-src 'none';frame-ancestors 'self'; 1
script-src 'nonce-4tlQBcSnSncGxV6rvNDYZw' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1
object-src  'none'; connect-src 'self' *.famedigital.com cognito-identity.us-east-1.amazonaws.com backend.getbeamer.com *.comm100.io *.algolia.net insights.algolia.io *.algolianet.com *.gammaapis.com *.gammacdn.com analytics.google.com *.google-analytics.com adservice.google.com *.analytics.google.com *.doubleclick.net *.pubnub.com *.lovense.com *.handyfeeling.com www.gammaentertainment.com *.tiypa.com *.recombee.us dasasoveekepl.cloudfront.net capture.trackjs.com ws: jlduihq7lrcdxgw4vrndhdfcsq.appsync-api.us-east-1.amazonaws.com tcs4u525zrg5hnnoe5kzndxuaq.appsync-api.us-east-1.amazonaws.com xtnzefcqrb.execute-api.us-east-1.amazonaws.com 2aed6ghjsb4436qtebuqk3gfzq0xeauy.lambda-url.us-east-1.on.aws lzzos7clo5.execute-api.us-east-1.amazonaws.com *.izooto.com www.idealgasm.com 3tt0xhv5u7.execute-api.us-east-1.amazonaws.com; form-action 'self' *.famedigital.com join.gammasecure.com; script-src 'self' *.famedigital.com app.getbeamer.com static.getbeamer.com blob: vue.comm100.com standby.comm100vue.com *.gammacdn.com www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com code.jquery.com d3a3ewgd1iewwz.cloudfront.net cdn.izooto.com 'unsafe-eval' 'unsafe-inline'; frame-src 'self' *.famedigital.com push.getbeamer.com app.getbeamer.com www.google.com *.doubleclick.net cdn.izooto.com *.banhq.com; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub787d5a6164b329b26f2e4f7956bbed10&dd-evp-origin=content-security-policy&ddsource=csp-prod&ddtags=CSP-Prod; 1
default-src 'self'; connect-src 'self' ws: palmsbet.co.ke *.google.com google.com *.google-analytics.com *.ctogs.com *.ctrgs.com *.eskimi.co *.palmsbet.co.ke *.palmsbet.com *.tawk.to *.sportradar.com *.analytics.google.com *.google.bg *.biahosted.com *.biahosted.net; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' palmsbet.co.ke *.biahosted.com *.biahosted.net *.sportradar.com *.eskimi.co *.palmsbet.co.ke *.tawk.to *.googletagmanager.com *.google-analytics.com *.facebook.net; style-src 'self' 'unsafe-inline' palmsbet.co.ke *.palmsbet.co.ke *.sportradar.com *.googleapis.com embed.tawk.to data:; img-src 'self' palmsbet.co.ke *.palmsbet.com *.googletagmanager.com *.palmsbet.co.ke *.ctrgs.com *.tawk.to *.sportradar.com gis-static.com *.biahosted.net agstatic.com *.fazi.rs *.pragmaticplay.net *.google-analytics.com *.googleapis.com *.facebook.com data: blob:; font-src 'self' palmsbet.co.ke *.palmsbet.co.ke *.tawk.to *.gstatic.com data:; media-src 'self' data: blob:; frame-src 'self' data: blob: support.palmsbet.co.ke *.tawk.to *.googletagmanager.com bl-ke-site.palmsbet.co.ke; object-src 'none'; base-uri 'self'; form-action 'self' facebook.com; frame-ancestors 'self'; upgrade-insecure-requests; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?account=5baa497bf9c94336a5ba957a2c36d2e3&domain=www.palmsbet.co.ke 1
default-src 'self' https:; font-src 'self' https: data:; img-src 'self' https: data:; object-src 'none'; frame-src 'self' www.youtube.com challenges.cloudflare.com td.doubleclick.net outlook.office365.com; worker-src 'self' blob:; child-src 'self' blob: www.youtube.com; script-src 'self' https: 'strict-dynamic' 'unsafe-inline' wasm-eval 'nonce-28iTivjZDNP+vzdWTrHbwA=='; style-src 'self' https: 'unsafe-inline'; connect-src 'self' https: wss: *.sentry.io; base-uri 'none'; report-uri https://o92134.ingest.us.sentry.io/api/218571/security/?sentry_key=c01e0509572348fca8b65b3fe0ad16f3 1
font-src fonts.gstatic.com use.typekit.net https://*.gstatic.com https://*.typekit.net *.klevu.com *.ksearchnet.com *.fontawesome.com *.salesfire.co.uk *.typekit.net *.klarnacdn.net *.yotpo.com *.googleapis.com *.gstatic.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.sharethis.com www.google.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com pay.google.com sandbox.secure.checkout.visa.com secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com https://*.doubleclick.net https://*.google.com https://*.hotjar.com *.weltpixel.com c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com *.paypal.com * *.rvvuptech.com *.clearpay.co.uk *.sandbox.paypal.com *.salesfire.co.uk *.wesupply.xyz https://wesupplylabs.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com p.typekit.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.sharethis.com www.gstatic.com sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com https://*.doubleclick.net https://*.google.com https://*.google.co.uk https://*.cloudfront.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.afterpay.com *.sandbox.paypal.com *.stats.paypal.com *.salesfire.co.uk *.gstatic.com *.facebook.com *.yotpo.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com *.sharethis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.online-metrix.net testflex.cybersource.com flex.cybersource.com pay.google.com x.klarnacdn.net sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.plugins.emarsys.net *.scarabresearch.com https://*.pcapredict.com/js/sensor.js https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://*.hotjar.com https://*.doubleclick.net https://secure.leadforensics.com https://*.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.klevu.com *.ksearchnet.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.afterpay.com *.sandbox.paypal.com *.salesfire.co.uk *.cloudflare.com tagmanager.google.com *.facebook.net unpkg.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net https://js.klevu.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.sharethis.com https://*.googleapis.com https://*.typekit.net https://static.klaviyo.com *.klevu.com *.ksearchnet.com *.fontawesome.com unsafe-inline assets.braintreegateway.com *.salesfire.co.uk *.typekit.net tagmanager.google.com *.yotpo.com *.googleapis.com dhv2ziothpgrr.cloudfront.net https://statsjs.klevu.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com *.adobe.io performance.typekit.net commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com *.sentry.io *.sharethis.com thm.visa.com *.scarabresearch.com *.eservice.emarsys.net https://*.hotjar.com https://*.adobedc.net https://*.nr-data.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.sandbox.paypal.com *.salesfire.co.uk *.smartmetrics.co.uk *.google-analytics.com *.facebook.net *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-O8lzO_O2cwLqbLlUNlfv-g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; report-uri https://www.miteksystems.com/report-uri/reportOnly 1
object-src *; script-src 'self' https://stats.inalco.fr/matomo.js https://cdnjs.cloudflare.com; script-src-attr 'self' 'unsafe-inline'; style-src-attr 'self' 'unsafe-inline'; report-uri https://www.inalco.fr/report-uri/reportOnly 1
object-src 'none';base-uri 'self';script-src 'nonce-QjGISefHwOpilLY9hwTkbg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
child-src 'self' *.youtube.com; default-src * 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com https://fonts.intercomcdn.com data:; frame-src 'self' https://challenges.cloudflare.com *.plaid.com js.stripe.com *.youtube.com https://www.googletagmanager.com https://*.doubleclick.net https://www.facebook.com/ https://tpc.googlesyndication.com https://intercom-sheets.com/ https://calendly.com https://*.calendly.com https://capture.navattic.com https://guideline.navattic.com https://insight.adsrvr.org https://iframe.cloudflarestream.com/; img-src 'self' *.guideline.io cms-assets.guideline.com https://*.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://googleads.g.doubleclick.net https://www.google.com https://*.google-analytics.com https://pagead2.googlesyndication.com https://www.facebook.com ads-twitter.com *.bing.com *.microsoft.com https://*.adsymptotic.com https://t.co https://*.linkedin.com https://analytics.twitter.com https://cdn.cookielaw.org https://trkn.us https://www.gravatar.com https://*.googleadservices.com https://alb.reddit.com https://*.intercomcdn.com https://*.intercomassets.com https://*.intercomusercontent.com data:; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'self' https://challenges.cloudflare.com https://cdn-assets-prod.s3.amazonaws.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://tracking-api.g2.com https://cdn.prod.uidapi.com https://*.googletagmanager.com https://tagmanager.google.com 'unsafe-eval' 'nonce-5a1a7f753c25ecea6fc98cc6c35bce43' 'strict-dynamic'; worker-src 'self' *.youtube.com; base-uri 'self'; frame-ancestors 'self' https://*.squareup.com https://squareup.com https://*.squareupstaging.com https://squareupstaging.com https://*.checkhq.com https://*.eddy.com https://eddy.com https://app.belfrysoftware.com https://*.joinwarp.com https://*.monograph.com https://*.enkempass.com https://*.central.inc https://*.keka.com https://*.lumberfi.com https://*.workstream.us https://pro.housecallpro.com https://*.tryplayground.com  https://*.7shifts.com https://app.getthera.com  https://dashboard.miter.com https://*.zenoti.com https://*.prod.aioapp.com https://app.gosteelhead.com https://*.encompassfi.com https://*.joinhomebase.com; report-uri https://sentry2.guideline.tools/api/6/security/?sentry_key=f678b7ad3eade55e6da26393e869e420; 1
default-src 'self';script-src 'self' 'nonce-wXRnveGFKQjVdys6b9VL+EIS' 'unsafe-eval' https://cdn.cookielaw.org https://*.googletagmanager.com http://jsi-cdn.steelcentral.net;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.googletagmanager.com;img-src 'self' http://tsys.d2.sc.omtrdc.net http://beacons.apm.my.aternity.com https://*.google-analytics.com https://*.googletagmanager.com blob: data:;font-src 'self' https://fonts.gstatic.com data:;connect-src 'self' https://cdn.cookielaw.org https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com;report-uri /Centre/Public/CspReporter/Report 1
font-src fonts.gstatic.com use.typekit.net *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ api.hubspot.com app.hubspot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.ftcdn.net *.behance.net * https://* data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net use.typekit.net *.magento-datasolutions.com *.magento-ds.com * maps.locationiq.com maps.google.com cdnjs.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.fontawesome.com maps.locationiq.com unpkg.com cdnjs.cloudflare.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com commerce.adobe.io performance.typekit.net *.magento-datasolutions.com *.magento-ds.com *.adobe.io *.sentry.io maps.locationiq.com maps.googleapis.com maps.google.com cdnjs.cloudflare.com forms.hscollectedforms.net api.hubspot.com api.locationiq.com nominatim.openstreetmap.org 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.gstatic.com *.typekit.net *.cloudflare.com *.fontawesome.com *.salesfire.co.uk *.klarnacdn.net fonts.gstatic.com *.twitter.com *.twimg.com *.trustedshops.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.twitter.com 'self' 'unsafe-inline'; frame-ancestors https://api.clerk.io https://cdn.clerk.io 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com https://*.doubleclick.net https://*.google.com https://*.hotjar.com *.salesfire.co.uk *.trustpilot.com *.twitter.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com https://cdn.clerk.io cdn.flbx.io *.cloudfront.net https://*.doubleclick.net https://*.google.com https://*.google.co.uk *.gstatic.com *.googleapis.com *.onesignal.com onesignal.com *.salesfire.co.uk *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com https://api.clerk.io https://cdn.clerk.io *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.getflowbox.com https://*.pcapredict.com/js/sensor.js https://www.googletagmanager.com https://www.google.com *.gstatic.com https://*.hotjar.com https://*.doubleclick.net https://secure.leadforensics.com https://*.googleapis.com player.vimeo.com *.googleapis.com *.onesignal.com onesignal.com *.salesfire.co.uk *.trustpilot.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://api.clerk.io https://cdn.clerk.io cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com https://*.googleapis.com *.typekit.net *.fontawesome.com *.googleapis.com *.cloudflare.com *.onesignal.com onesignal.com *.salesfire.co.uk fonts.googleapis.com *.trustpilot.com *.twitter.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.getflowbox.com https://*.hotjar.com https://*.adobedc.net https://*.nr-data.net *.googleapis.com *.onesignal.com onesignal.com *.salesfire.co.uk *.smartmetrics.co.uk *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.klevu.com *.ksearchnet.com *.fontawesome.com *.typekit.net https://widgets.trustedshops.com integrations.etrusted.com maxcdn.bootstrapcdn.com *.gstatic.com 'self' data: *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://seo.mageplaza.com www.facebook.com *.copernica.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com player.vimeo.com https://www.paypal.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com https://*.dpdconnect.nl *.dpdconnect.nl service2.loyaltyinabox.com *.pinterest.com www.facebook.com www.youtube.com view.publitas.com www.google.com www.google.nl www.google.de *.google.com maps.google.com chat.babypark.nl *.doubleclick.net td.doubleclick.net googleads.g.doubleclick.net widget.trustpilot.com *.cookiebot.com *.cookiebot.eu chatwidget-prod.web.app platform.twitter.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com https://portal.payconiq.com https://static.buckaroo.nl https://www.paypalobjects.com *.klevu.com *.ksearchnet.com www.babypark.nl www.babypark.de m2.babypark.mavendev.com m2.babypark-de.mavendev.com www.ikenik.nl m2.ikenik.mavendev.com m2.babydump.mavendev.com m2.babydump-de.mavendev.com www.google.com www.google.nl www.google.de www.google.com.ua www.facebook.com ct.pinterest.com www.googletagmanager.com www.zenaps.com www.awin1.com static.zdassets.com bat.bing.com www.thuiswinkel.org i.ytimg.com img.youtube.com blob: lantern.roeye.com *.bing.com *.clarity.ms *.cookiebot.com *.cookiebot.eu integrations.etrusted.com pinterest.com assets.pinterest.com syndication.twitter.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com 'self' data: maps.gstatic.com https://widgets.trustedshops.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com https://static.buckaroo.nl https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://buckaroo.nl https://www.paypal.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com https://*.dpdconnect.nl js.klevu.com *.ksearchnet.com *.avada.io www.googletagmanager.com checkout.buckaroo.nl *.clarity.ms lantern.roeyecdn.com widgets.trustedshops.com web-sdk.smartlook.com www.dwin1.com s.pinimg.com connect.facebook.net static.buckaroo.nl view.publitas.com api.360productviewer.com googleads.g.doubleclick.net bat.bing.com static.zdassets.com js-agent.newrelic.com *.livechatinc.com bam.eu01.nr-data.net chat.babypark.nl widget.trustpilot.com *.pinterest.com *.hotjar.com *.hotjar.io *.cookiebot.com *.cookiebot.eu integrations.etrusted.com chatwidget-prod.web.app twitter.com platform.twitter.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.google.com *.gstatic.com maps.googleapis.com https://widgets.trustedshops.com *.yotpo.com sst.babypark.nl https: 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl cdn.dnky.co webchat.dotdigital.com *.klevu.com *.ksearchnet.com *.fontawesome.com *.typekit.net checkout.buckaroo.nl integrations.etrusted.com maxcdn.bootstrapcdn.com unsafe-inline *.googleapis.com *.gstatic.com https://widgets.trustedshops.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src static.zdassets.com integrations.etrusted.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com wss://websocketservice-externalapi.prod.buckaroo.io https://static.buckaroo.nl wss://websockets.buckaroo.io/ https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://applepay.buckaroo.io https://www.paypal.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.klevu.com *.ksearchnet.com *.clarity.ms *.pinterest.com *.doubleclick.net stats.g.doubleclick.net googleads.g.doubleclick.net manager.eu.smartlook.cloud ekr.zdassets.com wss://widget-mediator.zopim.com api.360productviewer.com www.facebook.com livechat.fabulor.eu bam.eu01.nr-data.net region1.analytics.google.com *.google.com *.hotjar.com *.hotjar.io analytics.google.com bat.bing.com *.cookiebot.com *.cookiebot.eu *.copernica.com integrations.etrusted.com www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.google-analytics.com *.trustedshops.com *.etrusted.com *.yotpo.com sst.babypark.nl https: 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.google.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 1
font-src *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.paypal.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self' 'unsafe-inline'; frame-ancestors *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.googletagmanager.com *.grudado.com.br *.doubleclick.net *.paypal.com *.mercadolibre.com *.pinterest.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.addthis.com *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.googletagmanager.com *.grudado.com.br *.facebook.com *.google.com *.google.com.br *.mercadolibre.com *.mercadolivre.com *.mercadolivre.com.br *.doubleclick.net *.bing.com *.pinimg.com *.pinterest.com *.mercadopago.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com https://images.unsplash.com magefan.com cm.magefan.com https://firebasestorage.googleapis.com *.hsforms.net *.hsforms.com 'self' data: www.google.com.ua *.gstatic.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://cdn.mixpnl.com https://analytics.tiktok.com *.clarity.ms *.logr-ingest.com *.googleadservices.com *.google-analytics.com *.paypalobjects.com *.paypal.com *.vimeo.com *.video.google.com *.facebook.net *.doubleclick.net *.mlstatic.com *.mercadopago.com *.bing.com *.pinimg.com *.sgtm.grudado.com.br ct.pinterest.com *.mercadolibre.com.br *.mercadopago.com.br *.mercadolivre.com.br google.com *.facebook.com  'unsafe-inline'  *.mercadolivre.com *.mercadolibre.com https://mercadopago.com.br https://maps.googleapis.com s7.addthis.com *.addthis.com https://z.moatads.com https://v1.addthisedge.com https://cdn.jsdelivr.net *.avada.io *.shopify.com *.hsforms.net *.hsforms.com *.google.com *.gstatic.com https://www.googletagmanager.com tagmanager.google.com unpkg.com www.xtento.com cdn.xtento.com load.sgtm.grudado.com.br https: 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com https://cdn.jsdelivr.net *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.googleapis.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://*.mixpanel.com https://cdn.growthbook.io https://analytics.tiktok.com https://*.clarity.ms https://*.grudado.com.br https://viacep.com.br *.doubleclick.net *.google.com *.mercadopago.com *.mercadolibre.com *.pinterest.com *.pinpiaa.com *.bing.com *.mercadolibre.com.br *.mercadopago.com.br *.mercadolivre.com.br google.com *.facebook.com *.mercadolivre.com https://mercadopago.com.br *.mlstatic.com https://maps.googleapis.com https://player.vimeo.com ekr.zdassets.com/ https://get.geojs.io *.avada.io t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com *.facebook.net load.sgtm.grudado.com.br https: 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'none'; report-uri https://vault.gostatera.com/collect/csp 1
font-src fonts.gstatic.com use.typekit.net https://editor.printess.com https://resource.printess.com https://plugin-magento-ui.glopalservice.com *.fontawesome.com *.appzi.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.bootstrapcdn.com 'unsafe-inline' data: *.bounceexchange.com tag.mention-me.com cdn.my1styears.com *.global-e.com *.google.com *.google.dk db.onlinewebfonts.com *.cloudflare.com *.adobe.io use.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.nosto.com *.nos.to https://plumrocket.com *.facebook.com *.facebook.net *.appzi.io *.reviews.io *.reviews.co.uk *.bounceexchange.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk account.fetchify.com *.nosto.com *.nos.to https://plumrocket.com https://accounts.google.com *.addthis.com *.facebook.com *.facebook.net portal.sandbox.clearpay.co.uk *.appzi.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.reviews.io *.reviews.co.uk *.bounceexchange.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * tag.mention-me.com cdn.my1styears.com *.global-e.com *.google.com *.google.dk *.hotjar.com *.cloudflare.com *.adobe.io *.freshchat.com *.pinterest.com *.googleapis.com www.xtento.com yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'unsafe-inline' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.ftcdn.net *.behance.net data: validator.swagger.io https://images.unsplash.com https://static.afterpay.com https://site-assets.afterpay.com/ https://resource.printess.com https://printess-prod.s3.eu-central-1.amazonaws.com www.feedoptimise.com cdn.feedoptimise.com https://cdn-redirector.glopal.com https://plugin-magento-ui.glopalservice.com magefan.com cm.magefan.com *.nosto.com *.nos.to https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.facebook.com *.facebook.net https://img.youtube.com *.convertexperiments.com *.tvsquared.com *.cookiepro.com *.nr-data.net *.onefeed.co.uk *.clarity.ms *.appzi.io *.adalyser.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.my1styears.com *.visualwebsiteoptimizer.com *.bing.com t.co *.pinterest.com *.curalate.com *.google.co.uk *.adroll.com *.advertising.com *.casalemedia.com *.rubiconproject.com *.wisepops.com *.pubmatic.com *.outbrain.com *.taboola.com *.3lift.com *.yahoo.com *.bidswitch.net *.openx.net *.adnxs.com *.bounceexchange.com *.bouncex.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com tag.mention-me.com https://gex.global-e.com *.global-e.com cdn.my1styears.com *.cloudflare.com *.adobe.io *.twitter.com *.google.pl *.google.dk *.cdnwidget.com *.tiktok.com https://js-agent.newrelic.com/ https://unpkg.com/ https://www.google.com maps.gstatic.com www.xtento.com cdn.xtento.com yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com *.squarecdn.com https://hbiq.net https://cdn.jsdelivr.net https://editor.printess.com https://cdnjs.cloudflare.com/polyfill/ www.feedoptimise.com cdn.feedoptimise.com https://cdn-redirector.glopal.com https://plugin-magento-ui.glopalservice.com cdn-renderer.glopalstore.com *.nosto.com *.nos.to https://accounts.google.com https://www.gstatic.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ s7.addthis.com *.addthis.com https://z.moatads.com https://v1.addthisedge.com *.facebook.com *.facebook.net *.avada.io cdn-sitegainer.com *.cookiepro.com *.mouseflow.com *.tvsquared.com wisepops.net *.mention-me.com *.typeform.com *.appzi.io *.googlesyndication.com *.onetrust.com *.cloudfront.net *.adalyser.com *.cloudflareinsights.com *.pinterest.com *.evri.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.reviews.io *.reviews.co.uk *.visualwebsiteoptimizer.com *.curalate.com *.dwin1.com xtento.com *.bing.com *.ads-twitter.com *.twitter.com *.wisepops.com *.onefeed.co.uk *.my1styears.com *.convertexperiments.com *.pinimg.com *.b-cdn.net *.zdassets.com *.livechatinc.com *.yieldify.com *.adroll.com *.consensu.org *.bglobale.com *.klarnaservices.com *.wknd.ai *.bounceexchange.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com tag.mention-me.com cdn.my1styears.com https://gex.global-e.com *.global-e.com https://www.google.com https://www.google.dk https://vars.hotjar.com https://site-assets.afterpay.com https://js-agent.newrelic.com/ https://unpkg.com/ *.cloudflare.com *.adobe.io *.hotjar.com *.freshchat.com *.tiktok.com *.doubleclick.net *.clarity.ms maps.googleapis.com *.googleapis.com www.xtento.com cdn.xtento.com yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com static.afterpay.com/ *.squarecdn.com https://cdn.jsdelivr.net https://editor.printess.com cc-cdn.com https://cdn-redirector.glopal.com https://plugin-magento-ui.glopalservice.com *.nosto.com *.nos.to https://accounts.google.com https://www.gstatic.com https://static.klaviyo.com *.fontawesome.com *.appzi.io *.cloudfront.net *.reviews.io *.reviews.co.uk *.googleapis.com *.bootstrapcdn.com *.bglobale.com *.bounceexchange.com unsafe-inline assets.braintreegateway.com tag.mention-me.com cdn.my1styears.com https://gex.global-e.com *.global-e.com *.google.com *.google.dk *.cloudflare.com *.adobe.io *.freshchat.com *.eu.freshchat.com *.klarnacdn.net yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.appzi.io *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.snplow.net commerce.adobedc.net *.adobe.io performance.typekit.net *.sentry.io static.afterpay.com static.sandbox.afterpay.com *.squarecdn.com https://hbiq.net https://iq.afterpay-beta.com https://iq.afterpay.com *.clearpay.co.uk https://editor.printess.com https://api.printess.com https://resource.printess.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk https://api-plugin-facade.glopalservice.com https://cognito-idp.eu-west-1.amazonaws.com api.glopaltranslator.com *.nosto.com *.nos.to https://accounts.google.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ ekr.zdassets.com/ *.facebook.com *.facebook.net https://get.geojs.io *.avada.io wisepops.net *.cookiepro.com wss://ws.hotjar.com *.hotjar.io *.typeform.com *.appzi.io *.googlesyndication.com *.onetrust.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.wisepops.com *.curalate.com *.google-analytics.com *.doubleclick.net *.pinterest.com *.zdassets.com *.zendesk.com wss://widget-mediator.zopim.com *.adobedc.net tryblackbird.com *.bing.com *.klarnaservices.com *.bouncex.net *.bounceexchange.com *.cdnwidget.com *.cdnbasket.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com tag.mention-me.com cdn.my1styears.com *.global-e.com *.google.dk *.analytics.google.com *.hotjar.com *.cloudflare.com *.tiktok.com *.amplitude.com *.clarity.ms *.googleapis.com yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com *.myheritage.cz https://www.myheritage.cz  'unsafe-eval' 'nonce-65bbbfc6861e3ad450567752a20af4ff' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com https://www.google.com/ccm/collect https://cdn.builder.io *.myheritage.cz;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self' https://builder.io;img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=report&canonical_page_id=/company/home/ 1
base-uri 'none'; object-src 'none'; script-src 'strict-dynamic' 'report-sample' https: 'unsafe-inline' 'nonce-bfe528d076df521815bbb8fe11406caa'; report-uri https://o109800.ingest.sentry.io/api/1323222/security/?sentry_key=23c48c605cea4da7b42d295927d29b7a 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.cloudflare.com *.adbr.io *.googleapis.com *.amicafarmacia.com *.fontawesome.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.facebook.com *.amicafarmacia.com 'self' 'unsafe-inline'; frame-ancestors *.adabra.com *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com *.doubleclick.net *.facebook.com *.trustpilot.com *.criteo.com *.cookiebot.com *.hotjar.com *.adbr.io *.amicafarmacia.com service.force.com ad4m.at *.ad4m.at *.ad-srv.net *.mateti.net *.awin1.com *.zenaps.com *.tncid.app *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.google.de *.google.it *.bing.com *.adbr.io maps.googleapis.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.stickyadstv.com *.criteo.com criteo-partners.tremorhub.com *.analytics.yahoo.com *.adnxs.com *.smartadserver.com *.smartclip.net *.rubiconproject.com *.outbrain.com *.casalemedia.com *.360yield.com *.pubmatic.com *.yahoo.com *.taboola.com *.tapad.com *.advertising.com *.sharethrough.com *.3lift.com *.revcontent.com *.addthis.com *.postrelease.com *.amicafarmacia.com *.smaato.com *.smaato.net *.liadm.com *.adform.net *.teads.tv *.bidswitch.net *.media.net *.omnitagjs.com *.ivitrack.com *.yieldmo.com *.dmxleo.com *.clarity.ms amicafarmacia.shop *.ad4m.at *.yieldlab.net *.adscale.de *.mediavine.com id5-sync.com *.thebrighttag.com *.krxd.net *.rlcdn.com *.twiago.com *.awin1.com *.zenaps.com *.tncid.app *.weborama.fr *.exelator.com *.thenewco.id *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.hsforms.net *.hsforms.com *.flavedo.io data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ *.google.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.trustpilot.com *.criteo.com *.criteo.net *.newrelic.com *.cookiebot.com bam.nr-data.net *.google.de *.google.it *.bing.com *.hotjar.com *.adbr.io *.googleapis.com *.zdassets.com *.cloudflareinsights.com *.nr-data.net *.amicafarmacia.com *.amicafarmacia.shop amicafarmacia.shop *.zopim.com *.kk-resources.com *.noibu.com *.flx1.com *.clarity.ms *.shippypro.com service.force.com *.salesforceliveagent.com *.salesforce.com ad4m.at *.cookieless-data.com *.mateti.net *.scalapay.com analytics-manager.com *.awin1.com *.zenaps.com www.dwin1.com the.sciencebehindecommerce.com js.sddan.com trk.datnova.com sdk.privacy-center.org api.privacy-center.org *.tncid.app ced.sascdn.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com *.connectif.cloud *.development.scalapay.com *.staging.scalapay.com *.hsforms.net *.hsforms.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.cloudflare.com *.adbr.io *.amicafarmacia.com *.shippypro.com service.force.com *.fontawesome.com *.stripe.network *.stripecdn.com *.amazon.com cdn.dnky.co webchat.dotdigital.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.google-analytics.com *.facebook.com *.facebook.net *.google.com bam.nr-data.net *.doubleclick.net *.trustpilot.com pagead2.googlesyndication.com consentcdn.cookiebot.com *.adbr.io *.nr-data.net *.zdassets.com *.zendesk.com *.zopim.com wss://widget-mediator.zopim.com *.cloudflareinsights.com *.amicafarmacia.com *.amicafarmacia.shop *.noibu.com wss://input.noibu.com *.flx1.com *.clarity.ms *.kk-resources.com secure.force.com *.wt-eu02.net *.hotjar.com *.mateti.net *.adyen.com *.google.it sdk.privacy-center.org api.privacy-center.org *.tncid.app ced.sascdn.com *.smartadserver.com *.googleapis.com *.shippypro.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com *.connectif.cloud t.elasticsuite.io *.hsforms.net *.hsforms.com *.citrusad.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; font-src 'self' fonts.gstatic.com; img-src 'self' cdn.conservadoresdigitales.cl www.google-analytics.com www.googletagmanager.com; script-src 'self' www.googletagmanager.com www.google-analytics.com www.gstatic.com www.google.com ajax.googleapis.com analytics.google.com; style-src 'self' inline fonts.googleapis.com; frame-ancestors 'self' 1
object-src 'none';base-uri 'self';script-src 'nonce-ldEWaFt_Dg7RzIeFlgVB4g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net *.klarnacdn.net *.cloudfront.net *.zopim.com *.sfdcstatic.com https://c1.sfdcstatic.com/etc/clientlibs/sfdc-aem-master/clientlibs_base/fonts/SalesforceSans-Regular.ttf use.fontawesome.com maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.klarna.com landofcoder.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://plumrocket.com speedsize.com *.speedsize.com www.xtento.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net widgets.automizely.com widgets.automizely.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.klarna.com *.klarnaevt.com *.klarnacdn.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://img.youtube.com *.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.scosche.com *.google.co.in *.sharethis.com *.adnxs.com *.adsrvr.org *.b1img.com *.amazon.com/* http://b1img.com *.force.com *.cloudfront.net speedsize.com *.speedsize.com www.xtento.com cdn.xtento.com *.yotpo.com swellrewards.com *.swellrewards.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com ajax.googleapis.com fonts.googleapis.com widgets.automizely.com widgets.automizely.io *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.klarna.com *.klarnacdn.net *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.kaptcha.com landofcoder.com s7.addthis.com *.googletagmanager.com *.facebook.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.cardinalcommerce.com g.doubleclick.net *.google.com *.zdassets.com *.nmgassets.com *.expertrec.com *.tiktok.com *.trackedweb.net *.shop.pe *.google.co.in *.sharethis.com *.zopim.com *.adnxs.com *.b1js.com *.cloudfront.net *.hotjar.com *.b1img.com http://shop.pe *.amazonaws.com http://b1img.com *.jsdelivr.net *.zendesk.com *.newrelic.com *.force.com https://service.force.com/embeddedservice/5.0/esw.min.js *.shopbox.ai https://shopbox-widgets-storybook.pages.dev/sbmain.min.js https://d.la1-core1.sfdc-lywfpd.salesforceliveagent.com *.salesforceliveagent.com https://d41000002lgrjea2.my.salesforce-sites.com *.my.salesforce-sites.com https://d41000002lgrjea2.my.salesforce.com/lightning/lightning.out.js https://d41000002lgrjea2.my.salesforce.com/lightning/lightning.out.delegate.js https://cdnjs.cloudflare.com/ajax/libs/dompurify/1.0.10/purify.js https://cmp.osano.com/AzqbnpTQhAyVm3E99/8df62698-cfde-462e-8a72-94fe3192c7c1/osano.js https://s.pinimg.com/ct/core.js https://s.pinimg.com/ct/lib/main.15f60036.js https://d41000002lgrjea2.my.salesforce-sites.com/liveAgentSetupFlow/embeddedService/sidebarApp.app *.iesnare.com *.pinimg.com *.pinterest.com speedsize.com *.speedsize.com www.xtento.com cdn.xtento.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com widgets.automizely.com widgets.automizely.io *.klarnacdn.net https://static.klaviyo.com unsafe-inline assets.braintreegateway.com *.cloudfront.net *.addshoppers.com *.fontawesome.com *.force.com https://d41000002lgrjea2.my.salesforce-sites.com https://d.la1-core1.sfdc-lywfpd.salesforceliveagent.com *.salesforceliveagent.com *.my.salesforce-sites.com https://static-tracking.klaviyo.com/onsite/js/532.fa051703115da6a50763.css *.klaviyo.com speedsize.com *.speedsize.com *.yotpo.com swellrewards.com *.swellrewards.com maxcdn.bootstrapcdn.com *.googleapis.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com *.iesnare.com *.zdassets.com speedsize.com *.speedsize.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com *.sentry.io api.automizely.com api.automizely.io *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.kaptcha.com landofcoder.com ekr.zdassets.com/ *.google-analytics.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.sharethis.com *.trackedweb.net *.klaviyo.com *.zopim.com *.zendesk.com *.hotjar.io *.shop.pe wss://widget-mediator.zopim.com wss://pod-27.zendesk.com *.nr-data.net https://bam.nr-data.net *.jsdelivr.net *.my.sentry.io *.hotjar.com/* wss://ws.hotjar.com *.safeopt.com *.scosche.com *.force.com *.run.app *.a.run.app https://d.la1-core1.sfdc-lywfpd.salesforceliveagent.com *.salesforceliveagent.com https://d41000002lgrjea2.my.salesforce-sites.com *.my.salesforce-sites.com *.tiktok.com *.pinterest.com *.googleapis.com *.iesnare.com *.osano.com *.api.osano.com  wss://mpsnare.iesnare.com/star speedsize.com *.speedsize.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src speedsize.com *.speedsize.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://*.publitas.com *.fontawesome.com *.kohlerbycochez.com https://script.hotjar.com *.algolia.com *.googleapis.com *.bootstrapcdn.com https://*.bazaarvoice.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com pay.google.com sandbox.secure.checkout.visa.com secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com https://*.publitas.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com * *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net www.gstatic.com sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.kohlerbycochez.com network-a.bazaarvoice.com maps.gstatic.com *.algolia.com media.flixcar.com rt.flix360.com *.google.com *.google-analytics.com *.googleadservices.com https://www.google.com https://www.google.com.co maps.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.facebook.com *.reddit.com https://*.bazaarvoice.com https://*.google.com.pa data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com pay.google.com x.klarnacdn.net sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://*.publitas.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://apps.bazaarvoice.com *.kohlerbycochez.com apps.bazaarvoice.com static.hotjar.com script.hotjar.com h.online-metrix.net js-agent.newrelic.com www.google.com www.gstatic.com maps.googleapis.com *.algolia.com media.flixfacts.com media.flixcar.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com unpkg.com https://cdn.jsdelivr.net https://view.publitas.com https://scripts.publitas.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://*.publitas.com *.fontawesome.com *.kohlerbycochez.com *.algolia.com *.google.com *.googleapis.com *.gstatic.com *.bootstrapcdn.com assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com videos.pexels.com *.algolia.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io thm.visa.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.kohlerbycochez.com bam.nr-data.net maps.googleapis.com https://surveystats.hotjar.io media.flixcar.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google-analytics.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.doubleclick.net *.run.app https://*.bazaarvoice.com https://*.hotjar.io 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src bam.nr-data.net *.kohlerbycochez.com ws.hotjar.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'self' 'unsafe-inline' https://cdn.cookielaw.org https://www.googletagmanager.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://js.monitor.azure.com azure.com https://www.google-analytics.com https://www.google.com https://amrest.containers.piwik.pro https://amrest.piwik.pro/ppms.js https://cdnjs.cloudflare.com https://unpkg.com https://www.gstatic.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://maps.googleapis.com/ https://js.monitor.azure.com azure.com https://www.google.com https://amrest.containers.piwik.pro https://amrest.piwik.pro/ppms.js https://cdnjs.cloudflare.com https://unpkg.com https://www.gstatic.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://unpkg.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com blob: https://www.gstatic.com https://www.google.com https://cdnjs.cloudflare.com https://unpkg.com; base-uri 'self'; frame-ancestors 'self'; report-uri https://www.amrest.eu/en/report-uri/reportOnly 1
object-src 'none';base-uri 'self';script-src 'nonce-uPgCaCrp1Y5Vgmnuk30OKQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' 1003891.track.convertexperiments.com app.hubspot.com cdn-3.convertexperiments.com cdn-4.convertexperiments.com cdn.pdst.fm connect.facebook.net js.hs-analytics.net js.hs-banner.com js.hsforms.net js.hsleadflows.net js.hubspotfeedback.com js.usemessages.com play.vidyard.com script.hotjar.com snap.licdn.com static.hotjar.com static.hsappstatic.net www.google-analytics.com www.googletagmanager.com www.recaptcha.net code.highcharts.com www.youtube.com js.hubspot.com www.dropbox.com widget.altrulabs.com www.google.com maps.googleapis.com wt-assets.hubteam.com cdn2.hubspot.net www.redditstatic.com cdn.veritonic.com gosniply.com d.impactradius-event.com test.test.com js.hubspot.com analytics.tiktok.com 'strict-dynamic' 'nonce-pUs/g98CqlttmgEOyy1ZrA=='; report-uri https://send.hsbrowserreports.com/csp/report 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' abcdaconstrucao.com.br *.abcdaconstrucao.com.br wake-components.fbitsstatic.net abcdaconstrucao.fbitsstatic.net fbits.net nr-data.net newrelic.com google.com googletagmanager.com google-analytics.com facebook.net facebook.com jquery.com bootstrapcdn.com *.fbits.net *.nr-data.net *.newrelic.com *.google.com *.googletagmanager.com *.google-analytics.com *.facebook.net *.facebook.com *.jquery.com *.bootstrapcdn.com wss://signalr.fbits.net k-analytix.com *.k-analytix.com i.konduto.com *.yapay.com.br *.traycheckout.com.br h.online-metrix.net *.ebit.com.br *.moz.com *.googleadservices.com *.btg360.com.br *.clearsale.com.br *.targeting.voxus.com.br cdn.targeting.voxus.com.br api.ipify.org api.voxus.tv *.loggly.com *.voxus.com.br targeting.voxus.tv *.google.com.br google-analytics.com *.google-analytics.com *.googleapis.com storage.googleapis.com *.googletagmanager.com *.g.doubleclick.net *.criteo.net *.criteo.com *.plataformasocial.com.br *.lomadee.com *.googlesyndication.com *.hotjar.com *.hotjar.io *.*hotjar.com *.hotjar wss://ws4.hotjar.com wss://ws1.hotjar.com wss://ws2.hotjar.com wss://ws3.hotjar.com wss://ws5.hotjar.com wss://ws6.hotjar.com wss://ws7.hotjar.com wss://ws8.hotjar.com wss://ws9.hotjar.com wss://ws10.hotjar.com wss://ws11.hotjar.com wss://ws12.hotjar.com wss://ws13.hotjar.com wss://ws14.hotjar.com wss://ws15.hotjar.com wss://ws16.hotjar.com wss://ws17.hotjar.com wss://ws18.hotjar.com wss://ws19.hotjar.com connect.facebook.net static.fbits.net *.segment.com *.securiti.ai *.pingdom.net *.clarity.ms *.1rocket.io *.dito.com.br *.segment.io *.abcdaconstrucao.com.br produtos.abcdaconstrucao.com.br produtos.devabc.com.br *.marketingautomation.services *.getblue.io dzpxyxks1bfmb.cloudfront.net *.digitalabc.com.br *.gstatic.com gstatic.com *.koin.com.br *.soclminer.com.br *.btg360.com.br *.socialminer.com signalrcore.fbits.net wss://signalrcore.fbits.net *.cloudfront.net maps.googleapis.com samuraiexpertsstorage.blob.core.windows.net ameprod.azurewebsites.net *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadopago.com.br *.paypal.com *.paypalobjects.com checkout.abcdaconstrucao.com.br *.tiktok.com *checkout.abcdaconstrucao.com.br *.fbits.store *.adyen.com *.pagar.me *.mundipagg.com *.getnet.com.br *.braintree-api.com *.braintreegateway.com *.pagseguro.com.br *.pagbank.com *.vindi.com.br *.cieloecommerce.cielo.com.br *.braspag.com.br *.pagador.com.br *.online-metrix.net bt-wake-connector.com.br *.pagaleve.com.br *.pagaleve.io wake-api.pagaleve.com.br securegtm.despegar.com api.ipify.org browser-intake-datadoghq.com *.datadoghq-browser-agent.com *.datadoghq.com wake.koin.com.br paypal-wake.s3.us-east-1.amazonaws.com *.abcevoce.com.br *.cardinalcommerce.com *.secureacs.com api.globalgetnet.com *.globalgetnet.com *.sandbox.3dsecure.io leadwake.br-s1.cloudhub.io cdn.jsdelivr.net *.3dsecure.io ; img-src https: data:; style-src https: 'unsafe-inline'; font-src https: data:; frame-ancestors *.abcdaconstrucao.com.br abcdaconstrucao.com.br; report-uri https://pub-csp.fbits.net/checkout_sem_carrinho; report-to https://pub-csp.fbits.net/checkout_sem_carrinho; worker-src 'self' blob:; 1
object-src 'none';base-uri 'self';script-src 'nonce-1VE32l3RIXeaLwbIbU4JQA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'self' https://static.apisearch.cloud 1
font-src fonts.gstatic.com use.typekit.net fonts.googleapis.com *.googleapis.com *.gstatic.com data: *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.klarnacdn.net *.fontawesome.com maxcdn.bootstrapcdn.com https://*.dnafactory.it https://*.dnalab.online https://*.semprefarmacia.it https://*.cloudflare.com https://*.shippypro.com https://*.google.com https://*.klarna.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://*.dnafactory.it https://*.dnalab.online https://*.semprefarmacia.it https://*.shippypro.com https://*.google.com https://*.klarna.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com www.gstatic.com *.sella.it *.gestpay.net 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com *.sella.it *.gestpay.net https://*.tiktokcdn-eu.com https://*.tiktok.com https://www.googletagmanager.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://*.klarna.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://*.dnafactory.it https://*.dnalab.online https://*.semprefarmacia.it https://*.shippypro.com https://*.google.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.e