Values for content-security-policy-report-only:
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report 146
default-src 'self'; frame-ancestors 'self'; base-uri 'none'; object-src 'none'; connect-src 'self' adservice.google.com/pagead/regclk api.audible.com audible.sc.omtrdc.net/b/ss/ audible.tt.omtrdc.net/rest/v1/delivery dpm.demdex.net fls-na.amazon.com m.media-amazon.com pagead2.googlesyndication.com/pagead/buyside_topics/set/ siteintercept.qualtrics.com tr.snapchat.com unagi-na.amazon.com unagi.amazon.com www.audible.com www.facebook.com/tr/ www.google.com/pagead/landing; img-src 'self' ad.doubleclick.net bat.bing.com/action/0 fls-na.amazon.com googleads.g.doubleclick.net/pagead/viewthroughconversion/ images-eu.ssl-images-amazon.com images-na.ssl-images-amazon.com m.media-amazon.com s.amazon-adsystem.com/iui3 www.facebook.com www.google.ca/pagead/1p-user-list/ www.google.ch/pagead/1p-user-list/ www.google.ee/pagead/1p-user-list/ www.google.pt/pagead/1p-user-list/ www.google.ro/pagead/1p-user-list/ www.google.se/pagead/1p-user-list/ www.google.co.cr/pagead/1p-user-list/ www.google.co.il/pagead/1p-user-list/ www.google.co.in/pagead/1p-user-list/ www.google.co.ke/pagead/1p-user-list/ www.google.co.kr/pagead/1p-user-list/ www.google.co.nz/pagead/1p-user-list/ www.google.co.th/pagead/1p-user-list/ www.google.co.uk/pagead/1p-user-list/ www.google.co.za/pagead/1p-user-list/ www.google.com.ar/pagead/1p-user-list/ www.google.com.br/pagead/1p-user-list/ www.google.com.co/pagead/1p-user-list/ www.google.com.do/pagead/1p-user-list/ www.google.com.ec/pagead/1p-user-list/ www.google.com.hk/pagead/1p-user-list/ www.google.com.jm/pagead/1p-user-list/ www.google.com.mx/pagead/1p-user-list/ www.google.com.my/pagead/1p-user-list/ www.google.com.ng/pagead/1p-user-list/ www.google.com.pa/pagead/1p-user-list/ www.google.com.pe/pagead/1p-user-list/ www.google.com.ph/pagead/1p-user-list/ www.google.com.pk/pagead/1p-user-list/ www.google.com.sg/pagead/1p-user-list/ www.google.com/pagead/1p-user-list/ www.google.de/pagead/1p-user-list/ www.google.dk/pagead/1p-user-list/ www.google.es/pagead/1p-user-list/ www.google.ie/pagead/1p-user-list/ www.google.no/pagead/1p-user-list/ www.googleadservices.com/pagead/conversion/ www.googletagmanager.com; font-src www.audible.com m.media-amazon.com; frame-src 'self' 5164101.fls.doubleclick.net apps.rokt.com audible.demdex.net bs.serving-sys.com s.amazon-adsystem.com td.doubleclick.net tr.snapchat.com www.facebook.com; media-src 'self' images-na.ssl-images-amazon.com/images/ m.media-amazon.com samples.audible.co.uk samples.audible.com; script-src 'self' 'unsafe-inline' apps.rokt.com audible.sc.omtrdc.net bat.bing.com/bat.js bat.bing.com/p/action/4004590.js connect.facebook.net d.impactradius-event.com d1g3myji5lplsh.cloudfront.net d2nttevkh1mtzs.cloudfront.net googleads.g.doubleclick.net images-na.ssl-images-amazon.com sc-static.net siteintercept.qualtrics.com tr.snapchat.com www.googleadservices.com/pagead/conversion/ www.googletagmanager.com zn5ygnnjlk4oo0dy1-audible.siteintercept.qualtrics.com; style-src 'self' 'unsafe-inline' images-na.ssl-images-amazon.com; 127
default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; report-to blogspot; report-uri https://www.blogger.com/cspreport 94
92
frame-ancestors 'self' 53
default-src 'self' 'unsafe-eval' 'unsafe-inline' https: blob:; frame-ancestors 'self'; style-src https: 'unsafe-inline'; connect-src https:; frame-src https:; script-src 'unsafe-eval' 'unsafe-inline' 'self' https: blob: data:; font-src https: data:; img-src https: data:; media-src https: blob:; object-src 'none'; report-uri https://o144486.ingest.sentry.io/api/5543380/security/?sentry_key=e66dfe54be8e47219dd8103b4deb2f1a&sentry_environment=policy_reports 43
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://axaxl.com https://eus-prd-f8372a898644-xp2-cd.azurewebsites.net https://cdnjs.cloudflare.com https://cdnjs.cloudflare.com https://cf-images.us-east-1.prod.boltdns.net https://manifest.prod.boltdns.net https://bcbolt446c5271-a.akamaihd.net https://id.rlcdn.com *.company-target.com https://company-target.com https://api.company-target.com *.demandbase.com https://demandbase.com https://tag.demandbase.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.google.com *.gstatic.com *.googleadservices.com *.doubleclick.net *.fls.doubleclick.net https://www.google-analytics.com https://ajax.googleapis.com https://www.googletagmanager.com https://adservice.google.com https://www.google.com https://www.gstatic.com https://tagmanager.google.com https://ssl.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://ssl.gstatic.com https://www.gstatic.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.google.co.uk https://doubleclick.net https://bid.g.doubleclick.net https://match.prod.bidr.io *.linkedin.com https://snap.licdn.com https://px.ads.linkedin.com https://vjs.zencdn.net *.newrelic.com *.nr-data.net https://bam.nr-data.net https://js-agent.newrelic.com *.brightcove.com  *.brightcove.net *.media.brightcove.net *.api.brightcove.net https://secure.brightcove.com https://brightcove.com https://players.brightcove.net https://metrics.brightcove.com f1.media.brightcove.com https://edge.api.brightcove.com https://p.adsymptotic.com *.adsymptotic.com *.newscred.com analytics.newscred.com pixel.newscred.com t.newscred.com https://analytics.newscred.com https://pixel.newscred.com https://t.newscred.com https://img04.en25.com *.eloqua.com https://s754241824.t.eloqua.com https://view.ceros.com; report-uri https://axaxl.com/cspviolation; report-to https://axaxl.com/cspviolation 39
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://api.mapbox.com https://*.tiles.mapbox.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src *.facebook.com/static_resources/webworker_v1/init_script/ *.facebook.com/static_resources/webworker/init_script/ *.facebook.com/static_resources/sharedworker/init_script/ *.facebook.com/static_resources/webworker/map_libre/ *.facebook.com/static_resources/webworker/map_libre_rtl/ *.facebook.com/sw/ *.facebook.com/sw;block-all-mixed-content;report-uri https://www.facebook.com/csp/reporting/?minimize=0; 30
default-src 'self' https: ; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' ; script-src-elem 'self' https: 'unsafe-inline' 'unsafe-eval' ; style-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: data: ; form-action 'self' https: 'unsafe-inline' 'unsafe-eval'; 28
block-all-mixed-content; report-uri https://blog.hatena.ne.jp/api/csp_report 27
default-src *.facebook.com *.fbcdn.net *.instagram.com data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self' *.teststagram.com *.instagram.com static.cdninstagram.com *.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *.fbcdn.net *.facebook.com *.instagram.com *.teststagram.com static.cdninstagram.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* ws://localhost:* blob: *.instagram.com *.cdninstagram.com wss://*.instagram.com:* 'self' *.teststagram.com wss://edge-chat.instagram.com connect.facebook.net;font-src *.facebook.com data: fonts.gstatic.com *.fbcdn.net *.instagram.com *.teststagram.com static.cdninstagram.com *.intern.facebook.com;img-src *.instagram.com *.facebook.com *.fbcdn.net data: blob: *.cdninstagram.com *.fbsbx.com android-webview-video-poster: *.giphy.com *.teststagram.com *.igsonar.com *.google-analytics.com;media-src *.facebook.com *.fbcdn.net *.instagram.com *.cdninstagram.com cdn.fbsbx.com data: blob:;frame-src *.instagram.com *.facebook.com *.fbsbx.com fbsbx.com data:;worker-src *.instagram.com/static_resources/webworker_v1/init_script/ *.instagram.com/static_resources/webworker/init_script/ *.instagram.com/static_resources/sharedworker/init_script/ *.instagram.com/www-service-worker.js;block-all-mixed-content;report-uri https://www.facebook.com/csp/reporting/?minimize=0; 24
default-src 'self' blob: https: data: mediastream: 'unsafe-eval' 'unsafe-inline';report-uri https://metrics.media-amazon.com/ 24
default-src *; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src 'nonce-xsp7AIieRU2oQ8SMHCbQKA==' *; style-src 'unsafe-inline' *; report-uri https://prod-us-west-2.csp-report.marketing.aws.dev/submit 22
frame-ancestors 'self' https://skybox.eskypartners.com; report-uri https://secure.esky.com/csp-report 21
report-uri /report-csp-violation 20
default-src 'self'; img-src 'self' *.calconic.com *.hotjar.com *.bing.com *.clarity.ms *.theaccessgroup.com accessgroup-website-v8-preview.azureedge.net accessgrouppreviewweb.azureedge.net accessgroupuatweb.azureedge.net accessgroupweb.azureedge.net cdn.jsdelivr.net id.rlcdn.com match.prod.bidr.io px.ads.linkedin.com px4.ads.linkedin.com segments.company-target.com *.blob.core.windows.net *.placeholder.com *.doubleclick.net www.google.co.uk www.google.com bat.bing.com www.google-analytics.com www.facebook.com www.google-analytics.com data: cdn.bizible.com *.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com; script-src 'self' 'unsafe-inline' *.onetrust.com *.calconic.com *.hotjar.com cdn-3.convertexperiments.com ucalc.pro *.clarity.ms *.ucalc.pro analytics.twitter.com npmcdn.com app-lon05.marketo.com pages.theaccessgroup.com tracker.gaconnector.com api.ipify.org bat.bing.com static.ads-twitter.com snap.licdn.com www.googleadservices.com connect.facebook.net tag.demandbase.com tags.srv.stackadapt.com snap.licdn.com www.google-analytics.com www.googleadservices.com www.youtube.com secure.perk0mean.com static.hotjar.com script.hotjar.com widget.surveymonkey.com googleads.g.doubleclick.net www.googletagmanager.com code.jquery.com cdnjs.cloudflare.com stackpath.bootstrapcdn.com cdn.jsdelivr.net munchkin.marketo.net cdn.bizible.com *.visualwebsiteoptimizer.com app.vwo.com; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com; style-src 'self' 'unsafe-inline' *.salesforce.com *.calconic.com *.ucalc.pro tags.srv.stackadapt.com app-lon05.marketo.com cdn.jsdelivr.net fonts.googleapis.com cdnjs.cloudflare.com pro.fontawesome.com use.typekit.net p.typekit.net *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com; font-src 'self' *.hotjar.com cdn.jsdelivr.net fonts.gstatic.com cdnjs.cloudflare.com  pro.fontawesome.com; worker-src 'self' blob:; connect-src *.onetrust.com *.calconic.com *.hotjar.com *.hotjar.io *.clarity.ms *.mktoresp.com in.hotjar.com api.company-target.com tags.srv.stackadapt.com bat.bing.com www.google-analytics.com stats.g.doubleclick.net; frame-src *.salesforce.com *.ucalc.pro vars.hotjar.com app-lon05.marketo.com www.youtube.com player.vimeo.com www.facebook.com *.doubleclick.net app.vwo.com *.visualwebsiteoptimizer.com; 20
default-src 'self' 16
font-src *.googleapis.com *.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com www.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com/ *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/ *.adyen.com https://www.googletagmanager.com/ www.facebook.com https://googleads.g.doubleclick.net https://bid.g.doubleclick.net https://td.doubleclick.net/ https://www.google.com.ua/ https://www.google.bg/ https://ct.pinterest.com/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com *.googleapis.com *.gstatic.com https://images.unsplash.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.bing.com www.facebook.com https://cdn.kaffekapslen.be https://www.google.com.ua/ https://www.google.bg/ https://www.google.dk/ *.clarity.ms https://googleads.g.doubleclick.net *.googleadservices.com https://bid.g.doubleclick.net https://kaffekapslen.dk/ *.kaffekapslen.dk/ *.klarnacdn.net https://kaffekapslen.media *.pinterest.com/ *.cloudinary.com/ https://www.googletagmanager.com/ https://app.usercentrics.eu/ data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com *.googleapis.com *.gstatic.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ cdn.jsdelivr.net gtm.adt313.net *.bing.com *.facebook.net bam.eu01.nr-data.net https://www.google.com https://googleads.g.doubleclick.net https://www.google.com.ua/ https://www.google.bg/ *.clarity.ms *.klarnacdn.net https://s.pinimg.com https://apis.google.com/ https://cdn.matomo.cloud/ https://widgets.trustedshops.com/ *.usercentrics.eu/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cdn.jsdelivr.net *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudflare.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.googleapis.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ bam.eu01.nr-data.net *.clarity.ms www.facebook.com eu.playground.klarnaevt.com *.adt611.com *.pinterest.com/ *.kaffekapslen.dk/ https://az-apim-st-kaffekapslen.azure-api.net/ api.kaffekapslen.com https://www.google.com https://googleads.g.doubleclick.net https://bat.bing.com/ *.analytics.google.com/ https://kaffekapslen.matomo.cloud/ https://api.usercentrics.eu/ https://pagead2.googlesyndication.com/ 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 15
default-src https: wss: data: blob: 'unsafe-inline' 'unsafe-eval'; report-uri https://logger.kataweb.it/csp/ 13
default-src 'self'; script-src 'self' maps.googleapis.com *.youtube.com *.trustarc.com www.google-analytics.com www.googletagmanager.com cdnjs.cloudflare.com js-agent.newrelic.com bam.nr-data.net unpkg.com cdn.gbqofs.com *.cdn-net.com *.accdab.net *.worldpay.com https://static.cloudflareinsights.com 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' cdnjs.cloudflare.com 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' 'unsafe-inline' data: 'unsafe-eval' *.starbucks.eu maps.gstatic.com maps.googleapis.com *.trustarc.com www.googletagmanager.com www.google-analytics.com region1.google-analytics.com region1.analytics.google.com; media-src 'self'; frame-src 'self' gateway.switch.tj *.worldpay.com *.accdab.net *.trustarc.com *.youtube.com youtu.be; font-src 'self' *.trustarc.com https://fonts.gstatic.com; connect-src 'self' maps.googleapis.com *.accdab.net *.trustarc.com bam.nr-data.net www.google-analytics.com region1.google-analytics.com region1.analytics.google.com report.starbucks.gbqofs.io stats.g.doubleclick.net https://adservice.google.com; report-uri /report-uri/enforce 13
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri  /csp-report 12
font-src *.gstatic.com *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com *.adyen.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com *.trustpilot.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.adyen.com https://maps.gstatic.com data: 'self' 'unsafe-inline'; script-src geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com *.trustpilot.com https://maps.googleapis.com https://cdn.polyfill.io https://browser.sentry-cdn.com *.googleapis.com *.google.com *.gstatic.com *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.trustpilot.com *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.adyen.com https://maps.googleapis.com https://*.ingest.sentry.io http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 12
default-src https: 'self' *.facebook.net *.googletagmanager.com *.bizibly.com *.doubleclick.net https://*.intercomcdn.com https://*.datadoghq-browser-agent.com; font-src 'self' https://*.intercomcdn.com *.fontawesome.com data:; base-uri 'none'; object-src data: 'unsafe-eval'; img-src 'self' data: * ; script-src https: 'self' 'unsafe-eval' 'unsafe-inline' http://*.google-analytics.com http://*.gstatic.com http://*.bing.com http://*.googleadservices.com http://*.hs-scripts.com http://*.bizible.com *.facebook.net *.googletagmanager.com http://*.fontawesome.com http://*.outbrain.com blob:; style-src https: 'self' *.fontawesome.com 'unsafe-inline'; report-uri /rest/trackers/csp; 11
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data: 11
font-src 'self' https: data:; report-uri https://o98504.ingest.sentry.io/api/5871000/security/?sentry_key=7d320f4323694d468bd1a75eba48d37f&sentry_environment=production 11
default-src 'self'; 10
font-src *.fontawesome.com maxcdn.bootstrapcdn.com api.mapy.cz *.doubleclick.net *.facebook.com *.gstatic.com *.ppl.cz 'self' data: chat.fcc-online.pl https://geowidget.easypack24.net 'unsafe-inline' data: data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.youtube-nocookie.com secure.payu.com merch-prod.snd.payu.com chat.fcc-online.pl *.criteo.com *.criteo.net *.domodi.pl *.doubleclick.net facebook.com *.facebook.com fledge-eu.creativecdn.com *.google.com *.googlesyndication.com *.hotjar.com imgstatic.eu opineo.pl *.opineo.pl *.payu.com tradedoubler.com *.tradedoubler.com *.paypo.pl 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com https://www.magezon.com static.payu.com *.1rx.io *.360yield.com *.3lift.com *.ad.smaato.net *.adform.net *.admixer.net *.adnxs.com *.adscale.de *.adtarget.com.tr *.analytics.google.com api.mapy.cz *.betweendigital.com *.bidswitch.net *.bing.com *.casalemedia.com cm.mgid.com *.creativecdn.com *.criteo.com *.dmp.otm-r.com *.docomo.ne.jp *.domodi.pl *.doubleclick.net *.e-planning.net *.facebook.com *.facebook.net *.gemius.pl *.google-analytics.com *.google.bg *.google.com *.google.cz *.google.de *.google.hu *.google.pl *.google.ro *.googlesyndication.com *.googletagmanager.com *.gstatic.com hbx.media.net imgstatic.eu *.lijit.com *.loopme.me *.mobfox.com *.omnitagjs.com onetag-sys.com *.openx.net *.outbrain.com pixel.advertising.com pixel.rubiconproject.com *.ppl.cz *.pubmatic.com *.rmp.rakuten.com *.s3xified.com 'self' data: *.seznam.cz *.sharethrough.com *.smartadserver.com *.taboola.com *.thulium.com *.tiktok.com *.tmtarget.com *.trackmytarget.com tradedoubler.com *.tradedoubler.com *.trustx.org *.udmserve.net unpkg.com ups.analytics.yahoo.com *.visx.net *.wp.pl *.yieldmo.com widgets.trustedshops.com integrations.etrusted.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org data: 'self' 'unsafe-inline'; script-src www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io *.avada.io secure.payu.com secure.snd.payu.com api.mapy.cz *.bing.com chat.fcc-online.pl *.criteo.com *.criteo.net delivery.clickonometrics.pl *.domodi.pl *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.googleadservices.com *.googlesyndication.com *.googletagmanager.com *.hotjar.com imgstatic.eu integrations.etrusted.com js-agent.newrelic.com library.startquestion.com bam.eu01.nr-data.net opineo.pl *.opineo.pl *.ppl.cz *.seznam.cz static.payu.com tagmanager.google.com tags.creativecdn.com *.thulium.com *.tiktok.com *.tmtarget.com *.trackmytarget.com tradedoubler.com *.tradedoubler.com unpkg.com *.vimeo.com widgets.trustedshops.com *.wp.pl www.clarity.ms ssl.ceneo.pl https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org *.snrcdn.net *.google.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.fontawesome.com maxcdn.bootstrapcdn.com api.mapy.cz *.doubleclick.net *.facebook.com *.googleapis.com integrations.etrusted.com *.ppl.cz chat.fcc-online.pl fonts.googleapis.com tagmanager.google.com https://geowidget.easypack24.net *.snrcdn.net *.gstatic.com https://www.google-analytics.com https://www.google.com https://www.snrcdn.net https://www.googletagmanager.com https://static.hotjar.com https://script.hotjar.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.thulium.com https://geowidget.easypack24.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com vimeo.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io https://get.geojs.io *.avada.io secure.payu.com merch-prod.snd.payu.com ams.creativecdn.com *.analytics.google.com api.dhl.com api.mapy.cz app.startquestion.com chat.fcc-online.pl creativecdn.com *.facebook.com *.facebook.net *.g.doubleclick.net *.google-analytics.com *.google.bg *.google.com *.google.cz *.google.de *.google.hu *.google.pl *.google.ro *.googlesyndication.com *.googletagmanager.com *.hotjar.com *.hotjar.io integrations.etrusted.com measurement-api.criteo.com bam.eu01.nr-data.net *.opineo.pl *.payu.com *.thulium.com *.tiktok.com unpkg.com wss2.hotjar.com wss://chat.fcc-online.pl wss://chat-proxy-service.thulium.com wss://ws16.hotjar.com wss://ws36.hotjar.com wss://wsp10.hotjar.com y.clarity.ms *.easypack24.net *.inpost.pl *.openstreetmap.org *.snrbox.com 'self' 'unsafe-inline'; child-src *.domodi.pl imgstatic.eu tradedoubler.com *.tradedoubler.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri chat.fcc-online.pl 'self' 'unsafe-inline'; 10
default-src https: data: blob: 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com; 10
default-src 'self' https: mcdn.pybydl.com; font-src 'self' https: data:; img-src 'self' https: data: mcdn.pybydl.com; object-src 'none'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' mcdn.pybydl.com; style-src 'self' https: 'unsafe-inline' mcdn.pybydl.com; frame-src 'self' https: http: data:; connect-src 'self' https: wss: www.luck-nine.com; report-uri /csp_reports 10
font-src fonts.gstatic.com use.typekit.net https://*.gstatic.com data: *.sodatech.com *.sodatech.net *.gstatic.com *.typekit.net 'self' data: https://fonts.yieldify-production.com/fonts/100822/e6e8821f-e1ad-4601-aaed-5b3386a4580b.otf https://*.hotjar.io https://*.yieldify-production.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com api.bazaarvoice.com stg.api.bazaarvoice.com pal-test.adyen.com http://www.facebook.com/tr 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.adyen.com *.sharethis.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com www.xtento.com *.vimeo.com *.jsctool.com *.pinterest.com *.mmcagentur.at *.doubleclick.net *.facebook.com *.facebook.net *.google.com *.demdex.net *.authorize.net *.paypal.com *.googletagmanager.com *.xtento.com *.app-wallee.com *.waltpixel.com *.equitystory.com app-wallee.com www.jsctool.com *.weltpixel.com https://odr.promo.dev/ https://*.yieldify.com https://ohws.prospective.ch/ https://tpc.googlesyndication.com/ https://*.hotjar.io https://www.mainadv.com https://ad.ad-srv.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net p.typekit.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.adyen.com https://*.gstatic.com *.sharethis.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com www.xtento.com cdn.xtento.com blob: lindt.test *.lindt.test maps.googleapis.com *.pinterest.com *.postcodeanywhere.co.uk *.klarna.com *.invibes.com *.b26net.com https://www.google-analytics.com *.googletagmanager.com *.cloudfront.net *.teads.tv *.videostep.com *.facebook.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.taboola.com *.doubleclick.net *.outbrain.com *.adobedtm.com *.omtrdc.net *.demdex.net *.everesttech.net *.magentocommerce.com *.sodatech.com *.sodatech.net app-wallee.com d.ratepay.com maps.gstatic.com maps.google.com *.googleapis.com 'self' data: *.gstatic.com http://lindt-hg65tr.your-printq.com https://*.cookiepro.com https://assets-v2.yieldify.com/images/189494/2022/4/8/55c67825-1f9d-438d-815a-43a437f03af2.png https://assets-v2.yieldify.com/images/189494/2022/4/21/54125dc1-8b51-4175-bd53-7d33e427cc41.gif https://www.lindt-spruengli.com/ https://px.ads.linkedin.com/ https://*.seznam.cz https://*.hotjar.io https://*.yieldify.com https://i.cdn.nrholding.net https://*.sendtric.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.adyen.com *.sharethis.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com www.xtento.com cdn.xtento.com *.pcapredict.com *.newrelic.com *.nr-data.net lindt.slgnt.eu maps.googleapis.com *.pinterest.com *.postcodeanywhere.co.uk *.ratepay.com *.cloudflare.com *.teads.tv *.r66net.com *.facebook.net *.googleadservices.com *.doubleclick.net *.cookiepro.com *.cloudfront.net *.videostep.com *.mfgroup.ch *.taboola.com *.outbrain.com *.adobedtm.com *.authorize.net *.unpkg.com *.fontawesome.com *.sodatech.net *.sodatech.com app-wallee.com d.ratepay.com www.jsctool.com *.googleapis.com maps.google.com *.google.com *.gstatic.com https://www.googletagmanager.com tagmanager.google.com https://static-eu.payments-amazon.com/checkout.js https://*.yieldify.com https://www.googleoptimize.com/optimize.js https://custom.yieldify.com/v1/100510/100822/3d9a49d0c2/bundle.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://tpc.googlesyndication.com/sodar/1s9mPOHO.js https://*.adform.net https://*.seznam.cz https://analytics.tiktok.com/ https://*.hotjar.io https://*.pinimg.com https://*.daktela.com https://www.dwin1.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://fonts.googleapis.com/ *.sharethis.com display.ugc.bazaarvoice.com *.fonts.net *.postcodeanywhere.co.uk *.cloudfront.net *.cloudflare.com *.sodatech.com *.sodatech.net *.googleapis.com *.getfirebug.com d.ratepay.com *.gstatic.com tagmanager.google.com https://*.hotjar.io 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cloudfront.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.snplow.net commerce.adobedc.net api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io *.adyen.com *.sharethis.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.nr-data.net *.paypal.com *.postcodeanywhere.co.uk *.ratepay.com vimeo.com *.luckyorange.net *.cookiepro.com *.mfgroup.ch *.doubleclick.net *.visitors.live wss://in.visitors.live wss://visitors.live wss://in.visitors.live/ wss://visitors.live/ visitors.live *.taboola.com *.demdex.net *.omtrdc.net *.magento.com *.adobe.net *.adobedtm.com *.adobedc.net *.typekit.net *.magedevteam.com *.sodatech.com *.sodatech.net *.teads.tv d.ratepay.com www.jsctool.com t.elasticsuite.io *.google-analytics.com https://www.google-analytics.com https://*.criteo.com https://*.hotjar.io https://cdn.stickyadstv.com https://*.ads.linkedin.com https://snap.licdn.com *.analytics.google.com https://*.r66net.com https://*.yieldify.com wss://*.hotjar.io https://geolocation.onetrust.com https://*.googleapis.com https://*.daktela.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 10
default-src https: data: 'unsafe-inline' 'unsafe-eval' 9
report-uri https://cspr.app.rbb-cloud.de/cspr/;frame-ancestors 'self' https://www.rbb24.de https://*.rbb-online.de https://www.radioeins.de https://www.fritz.de https://www.antennebrandenburg.de https://www.inforadio.de https://www.rbb888.de; 9
default-src https:; child-src https: blob:; connect-src https: wss: data:; font-src https: data:; frame-src https:; img-src https: data:; media-src https: blob:;  object-src https:;  worker-src https: blob:;  script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; report-uri /app/api/cspViolation; 9
report-uri /report-csp-violation; upgrade-insecure-requests 9
font-src *.klarnacdn.net *.amazonaws.com *.zoovu.com *.sprinklr.com *.fontawesome.com *.gstatic.com *.iyzipay.com *.cloudfront.net *.bazaarvoice.com data: 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src *.amazon-adsystem.com *.google.com *.criteo.com *.salecycle.com *.teads.tv *.cloudfront.net *.demdex.net *.salecycle.com *.tradedoubler.com *.doubleclick.net *.adobe.com *.clickonometrics.pl *.bambuser.com *.googletagmanager.com *.adyen.com 'self' 'unsafe-inline'; img-src *.paypalobjects.com *.rubiconproject.com *.google.co.in *.googletagmanager.com *.aralego.net *.smartadserver.com *.taboola.com *.3lift.com *.socdm.com *.casalemedia.com *.dable.io *.adingo.jp *.stickyadstv.com *.360yield.com *.rlcdn.com *.mediavine.com *.pubmatic.com *.smaato.net *.clmbtech.com *.aralego.com  *.yieldmo.com  *.criteo.com *.sharethrough.com *.iyzipay.com omobikes.com paypalobjects.com *.doubleclick.net *.bidswitch.net *.adnxs.com *.media.net *.assetsadobe2.com *.roeye.com *.zoovu.com *.dyson.es *.dyson.nl saa.dyson.com.ee *.google-analytics.com saa.dyson.lt saa.dyson.lv saa.dyson.ee *.adobedc.net *.bing.com *.linksynergy.com gstatic.com *.teads.tv *.dyson.com.ro saa.dyson.hu *.google.com *.dyson.co.jp *.dyson.in *.cdninstagram.com *.mktgcdn.com dyson.co.uk *.dyson.in *.dyson.com *.dyson.com.sg *.linkedin.com *.net.pl *.greensender.pl *.dyson.pl *.gstatic.com *.dyson.com.tr *.assetsadobe2.com saa.dyson.sk *.emailpartners.net *.doubleclick.net *.bazaarvoice.com *.brightcove.com *.facebook.com *.riskified.com *.ytimg.com *.adyen.com *.dyson.cz *.yahoo.com *.outbrain.com *.amazonaws.com *.quantserve.com *.usehero.com *.boldchat.com *.boltdns.net *.adobedtm.com *.omtrdc.net *.demdex.net *.everesttech.net *.adobe.com *.magentocommerce.com data: *.googleadservices.com *.google-analytics.com *.ftcdn.net *.behance.net data: 'self' 'unsafe-inline'; script-src *.amazon-adsystem.com *.google.co.in *.dyson.com *.roeyecdn.com *.jsdelivr.net *.nanorep.co *.wondering.com *.roeyecdn.com *.cloudfront.net *.boldchat.com *.salecycle.com *.klarnaservices.com *.google-analytics.com *.doubleclick.net *.adobedc.net *.bing.com *.criteo.com *.tradedoubler.com *.optimalpeople.fr *.dyson.com *.zoovu.com *.sprinklr.com *.twitter.com *.rakuten.com *.ribbonapp.com *.confirmit.com *.teads.tv  *.cookielaw.org *.pardot.com js-cdn.dynatrace.com *.demdex.net *.dyson.com.sg *.optimizely.com *.iyzipay.com *.licdn.com *.tiktok.com *.clickonometrics.pl *.dwin1.com *.bambuser.com *.facebook.net *.nr-data.net *.bazaarvoice.com vjs.zencdn.net *.channeladvisor.com *.brightcove.net *.newrelic.com *.riskified.com *.google.com *.signifyd.com *.decibelinsight.net *.queue-it.net *.googletagmanager.com *.go-mpulse.net *.quantserve.com *.outbrain.com *.amazonaws.com *.usehero.com *.quantcount.com *.adobedtm.com *.adobe.com includestest.ccdc02.com *.googleadservices.com *.ytimg.com *.googleapis.com *.gstatic.com https://mt.adobe.launch.script.test.js/ *.adyen.com pay.google.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.dyson.com *.amazonaws.com *.klarnacdn.net *.adyen.com *.zoovu.com *.gstatic.com *.omtrdc.net *.go-mpulse.net *.sprinklr.com *.google.com *.doubleclick.net *.usehero.com *.googleapis.com *.decibelinsight.net *.akstat.io *.akamaihd.net *.boldchat.com *.adobe.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.brightcove.net *.assetsadobe.com *.brightcove.com *.akamaihd.net *.adobe.com *.boltdns.net blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src google.com *.wondering.com *.llnwd.net *.klarnaservices.com *.cloudfront.net wss://*.bold360.com *.nanorep.co *.nanorep.com *.bold360.com *.klarna.com *.adyen.com *.sciencebehindecommerce.com *.nr-data.net saa.dyson.com.ee saa.dyson.lt saa.dyson.lv saa.dyson.ee *.amazonaws.com *.zoovu.com *.adobedc.net *.google.com pay.google.com *.pangle-ads.com *.criteo.com *.dyson.hu *.optimalpeople.fr *.dyson.com.ro wss://collection.decibelinsight.net wss://ws.salecycle.com *.sprinklr.com *.teads.tv *.dyson.com.sg *.usehero.com *.dyson.com.sg *.usehero.com *.ribbonapp.com *.confirmit.com *.dyson.com.tr *.dynatrace.com *.clickonometrics.pl *.google.com *.nr-data.net *.edg.com *.tiktok.com *.boltdns.net *.akamaihd.net *.cookielaw.org *.google-analytics.com *.dyson.pl *.dyson.sk *.bambuser.com *.dyson.cz *.doubleclick.net *.decibelinsight.net *.edq.com *.assetsadobe.com *.omtrdc.net *.bazaarvoice.com *.oribi.io *.boldchat.com *.nr-data.net *.salecycle.com *.riskified.com *.brightcove.com *.demdex.net 'self' 'unsafe-inline'; base-uri 'self' 'unsafe-inline'; 9
font-src *.googleapis.com *.gstatic.com data: maxcdn.bootstrapcdn.com *.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com www.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com pay.google.com sandbox.secure.checkout.visa.com secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com *.mercadolibre.com www.facebook.com *.wesupply.xyz https://wesupplylabs.com c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com *.paypal.com * *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com www.gstatic.com sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.mercadolivre.com www.facebook.com *.google.com *.google-analytics.com *.googleadservices.com *.paypal.com https://www.google.com https://www.google.com.co maps.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.online-metrix.net testflex.cybersource.com flex.cybersource.com pay.google.com x.klarnacdn.net sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com chimpstatic.com downloads.mailchimp.com *.list-manage.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.mlstatic.com *.mercadopago.com static.zdassets.com connect.facebook.net rum-static.pingdom.net js-agent.newrelic.com bam.nr-data.net static.hotjar.com script.hotjar.com *.cloudflare.com maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com downloads.mailchimp.com https://static.klaviyo.com maxcdn.bootstrapcdn.com *.google.com *.googleapis.com *.gstatic.com *.bootstrapcdn.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.googleapis.com thm.visa.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.mercadopago.com *.mercadolibre.com www.facebook.com u.clarity.ms get.geojs.io stats.g.doubleclick.net ekr.zdassets.com slacorp.zendesk.com rum-collector-2.pingdom.net bam.nr-data.net kickssupport.zendesk.com maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 9
connect-src *;frame-src *;img-src https: data: blob: about: safari-extension: safari-resource: chrome-extension: http://*.rackcdn.com http://*.tumblr.com http://huaban.com;worker-src https: blob:;script-src https: 'unsafe-eval' 'unsafe-inline'; report-uri /log/csp 8
default-src https: 'unsafe-inline' 'unsafe-eval' wss: ;img-src https: data: blob: ; font-src https: data:; form-action https: http://www.last.fm; report-uri https://cbsi.report-uri.io/r/default/csp/enforce 8
frame-ancestors 'self'; report-uri https://www.couriermail.com.au/csp-reports 8
default-src 'self' wss: *.gravatar.com *.civicplus.com *.civicplus.pro *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdn.embedly.com/widgets/platform.js cdnjs.cloudflare.com static.cloudflareinsights.com; style-src 'self' 'unsafe-inline' *.civicplus.com *.civicplus.pro *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdn.embedly.com/widgets/platform.js cdnjs.cloudflare.com static.cloudflareinsights.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.googletagmanager.com *.civicplus.com *.civicplus.pro *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdn.embedly.com/widgets/platform.js cdnjs.cloudflare.com static.cloudflareinsights.com; img-src 'self' *.civicplus.com *.civicplus.pro *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdn.embedly.com/widgets/platform.js cdnjs.cloudflare.com static.cloudflareinsights.com data:; font-src 'self' *.civicplus.com *.civicplus.pro *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdn.embedly.com/widgets/platform.js cdnjs.cloudflare.com static.cloudflareinsights.com data:; form-action 'self'; frame-ancestors 'self'; 8
default-src https:; connect-src https: wss:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' *.google.com fonts.googleapis.com static.pazaruvaj.com unpkg.com api.mapbox.com cdn.jsdelivr.net geowidget.easypack24.net maxcdn.bootstrapcdn.com ssl.ceneo.pl s.kk-resources.com elnino.daktela.com www.wiarygodneopinie.pl ts.tradetracker.net cdn.foxentry.cz www.parfemy-elnino.cz geowidget.inpost.pl www.googletagmanager.com smartsuppcdn.com; object-src 'self'; img-src 'self' https: data:; font-src https: data:; frame-ancestors 'self' *.creativecdn.com *.hotjar.com *.googletagmanager.com; report-uri https://elnino.report-uri.com/r/d/csp/enforce 8
default-src 'self' *.roche.com *.roche.net *.gene.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.roche.com *.roche.net *.gene.com snap.licdn.com cdn.walkme.com apis.google.com tpc.googlesyndication.com api.html5media.info workdevapp.com cdn-js.net gdata.youtube.com twitter.com geolocation.onetrust.com api.flickr.com graph.facebook.com sharecdn.social9.com maps.googleapis.com use.typekit.com use.typekit.net munchkin.marketo.net img.en25.com w.likebtn.com cdn.mathjax.org sadmin.brightcove.com cdnjs.cloudflare.com releases.flowplayer.org script.crazyegg.com wi.likebtn.com pepperglobal.com analytics.twitter.com cdn.blueconic.net connect.facebook.net fullstory.com script.hotjar.com gnntch.blueconic.net rules.quantcount.com secure.quantserve.com static.hotjar.com www.youtube.com www.googletagmanager.com www.google-analytics.com google-analytics.com *.gstatic.com static.ads-twitter.com sjs.bizographics.com *.linkedin.com www.google.com w.soundcloud.com s.ytimg.com *.cloudflareaccess.com *.salesforceliveagent.com https://*.roche.com:8080 https://cdnjs.org https://service.force.com/* cdn.cookielaw.org static.cloudflareinsights.com googleads.g.doubleclick.net 7232514.collect.igodigital.com; style-src * 'self' 'unsafe-inline'; img-src * 'self' data:; font-src * 'self' data:; connect-src * 'self'; media-src * 'self' data:; object-src 'self'; child-src 'self' *.roche.com *.roche.net *.gene.com *.facebook.net qpcr.probefinder.com *.force.com *.hotjar.com www.facebook.com www.google.com www.googletagmanager.com www.youtube.com; frame-src 'self' *.roche.com *.roche.net *.gene.com www.youtube.com sites.google.com *.googleapis.com *.cloudfront.net *.facebook.net *.arcot.com live.sagepay.com player.vimeo.com tpc.googlesyndication.com players.brightcove.net qpcr.probefinder.com *.eloqua.com *.hotjar.com *.soundcloud.com *.facebook.com *.google.com *.googletagmanager.com *.youtube-nocookie.com *.youtube.com *.mendeley.com *.force.com https://cdn.walkme.com/*; worker-src 'self' *.roche.com *.roche.net *.gene.com; frame-ancestors 'self' *.roche.com *.roche.net *.gene.com datastudio.google.com sites.google.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com *.cloudflareworkers.com; form-action 'self' *.roche.com *.roche.net *.gene.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com; base-uri 'self' *.roche.com *.roche.net *.gene.com *.secure.roche.com 8
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/marketing_platform 7
default-src https: data: blob: wss: 'unsafe-inline' 'unsafe-eval'; report-uri /_csp 7
block-all-mixed-content; report-uri https://dmgm.report-uri.com/r/t/csp/reportOnly 7
default-src 'self' data: blob: *.verisign.com; img-src 'self' data: *.verisign.com *.siteimproveanalytics.io *.brightcove.com *.prod.boltdns.net; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.onetrust.com polyfill.io assets.adobedtm.com siteimproveanalytics.com players.brightcove.net *.zencdn.net *.verisign.com; style-src 'self' 'unsafe-inline'; connect-src 'self' *.prod.boltdns.net *.brightcove.com *.akamaihd.net *.greenhouse.io *.verisign.com; worker-src blob: 7
frame-ancestors 'self' *.qualtrics.com *.my.salesforce.com *.visualforce.com *.visual.force.com *.lightning.force.com; report-uri https://sjc1.qualtrics.com/csp-report 7
default-src 'self'; media-src https://static.zdassets.com; connect-src 'self' wss: https://protonmail.zendesk.com https://ekr.zdassets.com blob: https://account.proton.me https://reports.proton.me https://*.algolia.net https://*.algolianet.com https://go.getproton.me; script-src 'self' blob: 'unsafe-eval' 'unsafe-inline'  https://static.zdassets.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob: https:; object-src 'self' data: blob:; frame-src 'self' data: blob: https://www.youtube-nocookie.com; child-src 'self' data: blob:; report-uri https://reports.proton.me/reports/csp; frame-ancestors 'self'; 7
default-src 'self'; frame-ancestors 'self'; base-uri 'none'; object-src 'none'; connect-src 'self' api.audible.de audible.sc.omtrdc.net audible.tt.omtrdc.net consent-pref.trustarc.com/defaultconsentmanager/ ct.pinterest.com dpm.demdex.net fls-eu.amazon.com m.media-amazon.com ssl.google-analytics.com/j/__utm.gif stats.g.doubleclick.net/j/collect tr.outbrain.com tr.snapchat.com unagi-eu.amazon.com unagi.amazon.com www.facebook.com/tr/ www.google.com/pagead/landing; font-src m.media-amazon.com www.audible.com www.audible.de; frame-src 'self' 12320038.fls.doubleclick.net 8360274.fls.doubleclick.net ad3.adfarm1.adition.com audible.demdex.net consent-pref.trustarc.com consent.trustarc.com ct.pinterest.com d1eoo1tco6rr5e.cloudfront.net insight.adsrvr.org td.doubleclick.net tr.snapchat.com www.audiencemanager.de www.awin1.com www.everestjs.net www.facebook.com; img-src 'self' ad.doubleclick.net/activity ad.doubleclick.net/ddm/activity/ ad3.adfarm1.adition.com adservice.google.com alb.reddit.com bat.bing.com consent.trustarc.com ct.pinterest.com dpm.demdex.net dsp.adfarm1.adition.com fls-eu.amazon.com googleads.g.doubleclick.net/pagead/viewthroughconversion/ images-eu.ssl-images-amazon.com images-na.ssl-images-amazon.com imagesrv.adition.com m.media-amazon.com p.trackmytarget.com pixel.everesttech.net/1/cm/ ssl.google-analytics.com/__utm.gif ssl.google-analytics.com/r/__utm.gif stats.g.doubleclick.net tr.outbrain.com trck.spoteffects.net www.facebook.com www.google.at/ads/ga-audiences www.google.at/pagead/1p-user-list/ www.google.be/ads/ga-audiences www.google.be/pagead/1p-user-list/ www.google.ch/pagead/1p-user-list/ www.google.es/pagead/1p-user-list/ www.google.com www.google.de/ads/ga-audiences www.google.de/pagead/1p-user-list/ www.googletagmanager.com; media-src 'self' m.media-amazon.com samples.audible.de; script-src 'self' 'unsafe-inline' akt.audiencemanager.de amplify.outbrain.com audible.sc.omtrdc.net bat.bing.com cdn.tmtarget.com cdn.trackmytarget.com/tracking/s/checkout.min.js connect.facebook.net consent.trustarc.com d1g3myji5lplsh.cloudfront.net d2jpk0qucvwmsj.cloudfront.net googleads.g.doubleclick.net images-eu.ssl-images-amazon.com prf.audiencemanager.de s.pinimg.com sc-static.net ssl.google-analytics.com tr.outbrain.com tr.snapchat.com trck.spoteffects.net wave.outbrain.com www.dwin1.com www.everestjs.net/static/amo-conversion-mapper.js www.googleadservices.com www.googletagmanager.com www.redditstatic.com; style-src 'self' 'unsafe-inline' images-eu.ssl-images-amazon.com; 7
script-src 'unsafe-eval' blob: 'self' https: 'self' data: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline' internal-soap.wikia.com internal-soap.fandom.com internal-soap.wikia.org internal-soap.gamepedia.com www.fandom.com www.wikia.com www.wikia.org www.gamepedia.com; default-src 'self' data: blob: https://images.wikia.com https://static.wikia.nocookie.net https: 'self' data: blob: internal-soap.wikia.com internal-soap.fandom.com internal-soap.wikia.org internal-soap.gamepedia.com www.fandom.com www.wikia.com www.wikia.org www.gamepedia.com; style-src 'self' data: blob: https://images.wikia.com https://static.wikia.nocookie.net https: 'self' data: blob: internal-soap.wikia.com internal-soap.fandom.com internal-soap.wikia.org internal-soap.gamepedia.com www.fandom.com www.wikia.com www.wikia.org www.gamepedia.com 'unsafe-inline'; img-src * data: blob:; object-src 'none'; report-uri https://services.fandom.com/csp-logger/csp/ucp; worker-src 'self' blob: 7
font-src *.fontawesome.com data: *.gstatic.com *.photoslurp.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.adyen.com *.facebook.com *.mediquo.com *.hotjar.com *.criteo.com *.google.com *.clic2buy.com *.vimeo.com *.photoslurp.com *.sitescout.com *.criteo.net 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com cdn.doofinder.com *.cloudfront.net *.amazonaws.com *.bing.com *.facebook.com widget-mediator.zopim.com *.swogo.net *.criteo.com *.googleapis.com *.google.com *.google.es *.google.com.br *.gstatic.com *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net *.photoslurp.com *.googleusercontent.com *.clarity.ms *.smartadserver.com *.bidswitch.net *.adnxs.com *.casalemedia.com *.360yield.com *.media.net *.mediavine.com *.outbrain.com *.pubmatic.com *.rubiconproject.com *.sharethrough.com *.taboola.com *.teads.tv *.3lift.com *.yahoo.com *.adform.net *.omnitagjs.com id5-sync.com *.yieldlab.net *.yieldmo.com *.demdex.net *.krxd.net *.thebrighttag.com *.sitescout.com data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com cdn.doofinder.com *.naturitas.com naturitas.slgnt.eu static.zdassets.com bat.bing.com connect.facebook.net *.swogo.net *.hotjar.com *.mediquo.com static.criteo.net *.criteo.com *.typeform.com *.clic2buy.com polyfill.io *.googleapis.com *.google.com *.google.es *.google.com.br *.googleoptimize.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net *.photoslurp.com *.clarity.ms *.pixel.ad *.dwin1.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.doofinder.com *.fontawesome.com *.googleapis.com *.photoslurp.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.doofinder.com wss://*.doofinder.com *.naturitas.com *.naturitas.es naturitas-atc.zendesk.com ekr.zdassets.com wss://widget-mediator.zopim.com *.swogo.net *.googlesyndication.com *.hotjar.com *.google.com *.google.es *.google.com.br *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net *.photoslurp.com *.clarity.ms 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 7
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: gap://ready; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https:; img-src 'self' data: https:; font-src 'self' data: https:; report-uri https://thedatinglab.report-uri.com/r/d/csp/reportOnly 7
font-src *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://plumrocket.com *.revolut.com *.weltpixel.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com ebizmarts-website.s3.amazonaws.com https://redchamps.com *.gstatic.com data: 'self' 'unsafe-inline'; style-src *.adobe.com *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com releva.ai tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com releva.ai localhost *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; script-src https://www.steelslitting.com/wp-content/jquery.min.js uaEAgsI2PqeeSgtq58iDIVQIJ2tiKzvVnnnPH+eKPSQ= assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.chimpstatic.com *.googleapis.com *.google.com *.gstatic.com *.avada.io maps.googleapis.com releva.ai *.revolut.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; 7
default-src https: 'self' 'unsafe-inline' int-ds-shared-1.monetate.org *.247-inc.net 247-inc.net *.acuityplatform.com adform.net 112.2o7.net everesttech.net demdex.net adobedtm.com assets.adobetm.com *.scene7.com scene7.com tt.omtrdc.net *.typekit.net typekit.net advertising.com *.adyen.com adyen.com amazon-adsystem.com *.amazonaws.com amazonaws.com atdmt.com azureedge.net *.feedmagnet.com *.bazaarvoice.com bazaarvoice.com bidswitch.net bat.bing.com bing.com btttag.com *.btttag.com bluekai.com *.braintreegateway.com bugsnag.com cloudflare.com cloudfront.net d1af033869koo7.cloudfront.net *.columbiasportswear.co.uk columbia.com smetrics.columbia.com demandware.net *.emjcd.com emjcd.com cquotient.com *.cquotient.com criteo.com criteo.net us.criteo.com *.criteo.net *.curalate.com curalate.com dotomi.com connect.facebook.net facebook.com facebook.net *.sspinc.io columbia.sspinc.io fit-predictor.net sspinc.io fontawesome.com api2.fonts.com fullstory.com *.fullstory.com honey.io joinhoney.com *.hotjar.com hotjar.com hotjar.io static.hotjar.com instagram.com jquery.com *.klarnacdn.net *.klarnaservices.com locally.com *.microsoft.com microsoft.com *.monetate.net mountainhardwear.ca mountainhardwear.com cdn.cookielaw.org cookielaw.org agkn.com bam.nr-data.net js-agent.newrelic.com newrelic.com nr-data.net onetrust.com outbrain.com *.braintree-api.com *.paypal.com *.paypalobjects.com braintree-api.com paypal.com paypalobjects.com sandbox.paypal.com pinimg.com pinterest.com prana.com rlcdn.com *.krxd.net krxd.net *.scarabresearch.com cdn.scarabresearch.com sharethrough.com smartadserver.com sorel.com taboola.com adsrvr.org 3lift.com *.truefitcorp.com truefitcorp.com *.turn.com turn.com *.adstk.io *.onetrust.io *.px-client.net ad.smaato.net adstk.io collector-pxlkxie7oj.px-cloud.net fast.fonts.net onetrust.io px-client.net vimeo.com vimeocdn.com yahoo.com analytics.yahoo.com youtube.com ytimg.com *.zdassets.com *.zendesk.com zdassets.com zendesk.com *.zopim.com zopim.com *.perimeterx.net perimeterx.net data: blob:; 7
frame-src 'self' www.youtube.com widget.trustpilot.com www.google.com js.playground.klarna.com js.klarna.com https://checkoutshopper-test.adyen.com https://pay.google.com https://wchat.freshchat.com https://connect.getflowbox.com return.4sellers.de *.webpush.freshchat.com ct.pinterest.com vercel.live *.sovendus.com *.adyen.com *.dotdigital-pages.com dotdigital-pages.com 7
default-src data: blob: about: 'self' 'unsafe-inline' 'unsafe-eval' https: wss:; report-uri /csp/report?always; 6
child-src blob: data: https:; connect-src https: wss:; default-src blob: data: https: 'report-sample' 'unsafe-eval' 'unsafe-inline'; font-src data: https:; form-action https:; frame-src data: https:; img-src blob: data: https:; media-src blob: data: https:; object-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; report-uri https://csp.ffx.io/ 6
default-src 'self' wdr.de *.wdr.de ; img-src * data: ; script-src 'self' wdr.de *.wdr.de 'unsafe-inline' 'unsafe-eval' cdn.bunchbox.co script.ioam.de *.de.ioam.de de-config.sensic.net cdn-gl.nmrodam.com  www.bing.com cdn.ampproject.org cdn.tickaroo.com dev.virtualearth.net connect.facebook.net platform.twitter.com www.instagram.com www.gstatic.com www.tagesschau.de wdr.wdrmg-digital.de ; style-src 'self' wdr.de *.wdr.de 'unsafe-inline' wdr.wdrmg-digital.de *.tickaroo.com ; font-src  'self' wdr.de *.wdr.de data: fonts.gstatic.com/ ; media-src 'self' wdr.de *.wdr.de *.icecastssl.wdr.de wdrmedien-a.akamaihd.net wdradaptiv-vh.akamaihd.net *.akamaized.net blob: ; frame-src 'self' wdr.de *.wdr.de  cdn-gl.nmrodam.com de-config.sensic.net www.youtube-nocookie.com platform.twitter.com datawrapper.dwcdn.net www.instagram.com www.facebook.com www.tagesschau.de *.tickaroo.com ; connect-src 'self' wdr.de *.wdr.de *.planet-wissen.de wdrmedien-a.akamaihd.net wdradaptiv-vh.akamaihd.net www.tageschau.de cdn.ampproject.org *.akamaized.net *.sensic.net *.tickaroo.com ; child-src  'self' wdr.de *.wdr.de blob: ; frame-ancestors  'self' wdr.de *.wdr.de ; object-src 'self' wdr.de *.wdr.de ; manifest-src 'self' wdr.de *.wdr.de ; report-uri https://www.wdr.de/php/csp-reporting/logcspr.php 6
default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri /nmms/csp-reporting-lo 6
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/domain-registry 6
default-src *.irideos.it *.clouditalia.com 'self' cdnjs.cloudflare.com 'unsafe-inline' cdn.datatables.net www.googletagmanager.com *.cookiebot.com *.google-analytics.com fonts.gstatic.com code.ionicframework.com fonts.googleapis.com www.google.com www.google.it www.gstatic.com maxcdn.bootstrapcdn.com code.jquery.com cdn.matomo.cloud irideos.matomo.cloud googleads.g.doubleclick.net *.leadchampion.com; report-to csp~irideos.it 6
default-src https: wss:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report 6
default-src https: blob: 'unsafe-inline' 'unsafe-eval' wss://*.flightcentre.com.au:*; img-src https: blob: data:; font-src https: blob: data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.fcl.cloud https://*.flightcentre.com.au https://*.flightcentre.co.nz https://*.flightcentre.co.za https://*.flightcentre.ca https://*.flightcentre.co.uk https://www.googletagmanager.com https://*.google-analytics.com https://*.fullstory.com https://vxml4.plavxml.com https://*.nr-data.net https://*.newrelic.com https://*.usabilla.com http://*.usabilla.com https://d6tizftlrpuof.cloudfront.net https://cdnjs.cloudflare.com https://cdn.optimizely.com https://*.outbrain.com https://analytics.tiktok.com https://bat.bing.com https://cdn.abrankings.com https://connect.facebook.net https://edge.fullstory.com https://loader.wisepops.com https://wisepops.net https://s.pinimg.com https://snap.licdn.com https://googleads.g.doubleclick.net https://accounts.google.com https://*.evergage.com https://js.adsrvr.org https://static.criteo.net https://flightcentre-webchat.gotbot.co.za https://7226714.collect.igodigital.com https://cdn.pdst.fm https://*.hotjar.com https://tr.snapchat.com https://*.feefo.com https://koi-3qn5erhpry.marketingautomation.services https://cdn.jsdelivr.net https://*.stackla.com https://cdn.cookielaw.org https://sc-static.net https://cdn.polyfill.io https://developer.livehelpnow.net https://cdn.evgnet.com https://maps.googleapis.com https://sdk.joinsherpa.io; frame-ancestors 'self'; report-uri /api/csp_report; 6
default-src * 'self' data: https://*.launchdarkly.com/ https://*.zopim.com/ api-js.mixpanel.com https://api-js.mixpanel.com/decide https://api-js.mixpanel.com/engage https://api-js.mixpanel.com/track https://api-js.mixpanel.com/decide/ https://api-js.mixpanel.com/engage/ https://api-js.mixpanel.com/track/ https://api.mixpanel.com/ https://cdnjs.cloudflare.com/ https://ekr.zdassets.com/ https://ekr.zendesk.com/ https://knowbe4.zendesk.com/ https://knowbe4.zendesk.com/embeddable/config https://knowbe4.zendesk.com/embeddable_blip https://knowbe4.zendesk.com/frontendevents/dl https://knowbe4.zendesk.com/frontendevents/pv https://static.zdassets.com/ https://zendesk-eu.my.sentry.io/ wss://knowbe4.zendesk.com/ wss://*.zopim.com/ ; child-src * 'self' blob: ; connect-src * 'self' data: https://*.launchdarkly.com/ https://*.zopim.com/ api-js.mixpanel.com https://api-js.mixpanel.com/decide https://api-js.mixpanel.com/engage https://api-js.mixpanel.com/track https://api-js.mixpanel.com/decide/ https://api-js.mixpanel.com/engage/ https://api-js.mixpanel.com/track/ https://api.mixpanel.com/ https://cdnjs.cloudflare.com/ https://ekr.zdassets.com/ https://ekr.zendesk.com/ https://knowbe4.zendesk.com/ https://knowbe4.zendesk.com/embeddable/config https://knowbe4.zendesk.com/embeddable_blip https://knowbe4.zendesk.com/frontendevents/dl https://knowbe4.zendesk.com/frontendevents/pv https://static.zdassets.com/ https://zendesk-eu.my.sentry.io/ wss://knowbe4.zendesk.com/ wss://*.zopim.com/ ; frame-src * 'self' blob: android-webview-video-poster: ; font-src * 'self' data: fonts.gstatic.com ; img-src * 'self' blob: cid: data: file: android-webview-video-poster: https://cdn.mxpnl.com/ https://v2assets.zopim.io/ https://static.zdassets.com/ ; media-src * 'self' about: blob: data: ; object-src * 'self' ; script-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.launchdarkly.com/ https://*.zopim.com/ api-js.mixpanel.com https://api-js.mixpanel.com/decide https://api-js.mixpanel.com/engage https://api-js.mixpanel.com/track https://api-js.mixpanel.com/decide/ https://api-js.mixpanel.com/engage/ https://api-js.mixpanel.com/track/ https://api.mixpanel.com/ https://cdnjs.cloudflare.com/ https://ekr.zdassets.com/ https://ekr.zendesk.com/ https://knowbe4.zendesk.com/ https://knowbe4.zendesk.com/embeddable/config https://knowbe4.zendesk.com/embeddable_blip https://knowbe4.zendesk.com/frontendevents/dl https://knowbe4.zendesk.com/frontendevents/pv https://static.zdassets.com/ https://zendesk-eu.my.sentry.io/ wss://knowbe4.zendesk.com/ wss://*.zopim.com/ ; script-src-elem * 'self' 'unsafe-inline' 'unsafe-eval' blob: data: ; style-src * 'self' 'unsafe-inline' data: ; style-src-elem * 'self' 'unsafe-inline' data: ; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubf27996eb9977f34aa9f3376bd3939adc&dd-evp-origin=content-security-policy&ddsource=csp-report&app=kmsat&env=production-us-east-1 ; worker-src * 'self' blob: data: ; 6
default-src * 'self' data: https://*.launchdarkly.com/ https://*.zopim.com/ api-js.mixpanel.com https://api-js.mixpanel.com/decide https://api-js.mixpanel.com/engage https://api-js.mixpanel.com/track https://api-js.mixpanel.com/decide/ https://api-js.mixpanel.com/engage/ https://api-js.mixpanel.com/track/ https://api.mixpanel.com/ https://cdnjs.cloudflare.com/ https://ekr.zdassets.com/ https://ekr.zendesk.com/ https://knowbe4.zendesk.com/ https://knowbe4.zendesk.com/embeddable/config https://knowbe4.zendesk.com/embeddable_blip https://knowbe4.zendesk.com/frontendevents/dl https://knowbe4.zendesk.com/frontendevents/pv https://static.zdassets.com/ https://zendesk-eu.my.sentry.io/ wss://knowbe4.zendesk.com/ wss://*.zopim.com/ ; child-src * 'self' blob: ; connect-src * 'self' data: https://*.launchdarkly.com/ https://*.zopim.com/ api-js.mixpanel.com https://api-js.mixpanel.com/decide https://api-js.mixpanel.com/engage https://api-js.mixpanel.com/track https://api-js.mixpanel.com/decide/ https://api-js.mixpanel.com/engage/ https://api-js.mixpanel.com/track/ https://api.mixpanel.com/ https://cdnjs.cloudflare.com/ https://ekr.zdassets.com/ https://ekr.zendesk.com/ https://knowbe4.zendesk.com/ https://knowbe4.zendesk.com/embeddable/config https://knowbe4.zendesk.com/embeddable_blip https://knowbe4.zendesk.com/frontendevents/dl https://knowbe4.zendesk.com/frontendevents/pv https://static.zdassets.com/ https://zendesk-eu.my.sentry.io/ wss://knowbe4.zendesk.com/ wss://*.zopim.com/ ; frame-src * 'self' blob: android-webview-video-poster: ; font-src * 'self' data: fonts.gstatic.com ; img-src * 'self' blob: cid: data: file: android-webview-video-poster: https://cdn.mxpnl.com/ https://v2assets.zopim.io/ https://static.zdassets.com/ ; media-src * 'self' about: blob: data: ; object-src * 'self' ; script-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.launchdarkly.com/ https://*.zopim.com/ api-js.mixpanel.com https://api-js.mixpanel.com/decide https://api-js.mixpanel.com/engage https://api-js.mixpanel.com/track https://api-js.mixpanel.com/decide/ https://api-js.mixpanel.com/engage/ https://api-js.mixpanel.com/track/ https://api.mixpanel.com/ https://cdnjs.cloudflare.com/ https://ekr.zdassets.com/ https://ekr.zendesk.com/ https://knowbe4.zendesk.com/ https://knowbe4.zendesk.com/embeddable/config https://knowbe4.zendesk.com/embeddable_blip https://knowbe4.zendesk.com/frontendevents/dl https://knowbe4.zendesk.com/frontendevents/pv https://static.zdassets.com/ https://zendesk-eu.my.sentry.io/ wss://knowbe4.zendesk.com/ wss://*.zopim.com/ ; script-src-elem * 'self' 'unsafe-inline' 'unsafe-eval' blob: data: ; style-src * 'self' 'unsafe-inline' data: ; style-src-elem * 'self' 'unsafe-inline' data: ; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubf27996eb9977f34aa9f3376bd3939adc&dd-evp-origin=content-security-policy&ddsource=csp-report&app=kmsat&env=production-eu-west-1 ; worker-src * 'self' blob: data: ; 6
font-src https://www.gstatic.com https://fonts.gstatic.com use.fontawesome.com maxcdn.bootstrapcdn.com fonts.gstatic.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * secure.payu.com merch-prod.snd.payu.com https://www.google.com www.xtento.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com static.payu.com www.xtento.com cdn.xtento.com *.yotpo.com swellrewards.com *.swellrewards.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com polyfill.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com secure.payu.com secure.snd.payu.com https://www.google.com https://www.gstatic.com www.xtento.com cdn.xtento.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://static.klaviyo.com unsafe-inline assets.braintreegateway.com *.yotpo.com swellrewards.com *.swellrewards.com fonts.googleapis.com maxcdn.bootstrapcdn.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.adyen.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com secure.payu.com merch-prod.snd.payu.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 6
report-uri /csp-report?p=; block-all-mixed-content; default-src 'none'; base-uri 'none'; img-src 'self' https://b.stripecdn.com https://q.stripe.com https://images.ctfassets.net https://assets.ctfassets.net data:; style-src 'unsafe-inline' 'self' https://b.stripecdn.com; connect-src 'self' https://stripe.com blob: https://stripe-images.s3.us-west-1.amazonaws.com https://errors.stripe.com https://b.stripecdn.com https://climate.stripe.com https://ext.stripe.com https://r.stripe.com https://c.increment.com https://c.stripe.dev https://c.stripe.global https://c.stripe.partners https://sales-live-chat.stripe.com https://y4pfttj91h-dsn.algolia.net/1/indexes/mkt_partners/query https://y4pfttj91h-1.algolianet.com/1/indexes/mkt_partners/query https://y4pfttj91h-2.algolianet.com/1/indexes/mkt_partners/query https://y4pfttj91h-3.algolianet.com/1/indexes/mkt_partners/query; font-src 'self' https://b.stripecdn.com; form-action 'self' https://stripe.com https://climate.stripe.com; frame-src 'self' https://js.stripe.com https://register.stripesessions.com https://b.stripecdn.com https://crypto-js.stripe.com https://sales-live-chat.stripe.com; media-src 'self' https://b.stripecdn.com https://videos.ctfassets.net https://assets.ctfassets.net; script-src 'self' https://js.stripe.com 'sha256-qAoigsbVsoqQigwSGiMYuTbAdza9vdqvOsA4UNSB54A=' 'sha256-cCM0Z4lzGkzQnmbdVw+ouz0JRawyaKcZ4yiqzqYS7ek=' 'sha256-5LtzXhT7UFn+GqP5pKEMGL08UNZsrzANHFEBW/mQHGw=' 'sha256-3aWvb9tRBjmz1OjR3n7mwiTm94+s4iki4mMZF82asmc=' 'sha256-4HwZEt/y+k0EIqGfaNZ1MRmRCUbC03K3G03imkZ/EyA=' 'sha256-T9Iq7ZVmxSNDo0MtKOVaMklBUMHeY5FCy6zb50dqr28=' 'sha256-eNaGg+YMox6LtUAMUegc8RPYMvlgqKfr5wXhQq7t0rU=' 'sha256-T7wrECq1xn0YM2QLoh1E2M9Uqf6wfmt2noqlHUzD+xk=' 'sha256-beLzNcen8LrazzSCRjAapoIMTgJI0osPWGNSX7aK6lc=' https://b.stripecdn.com https://crypto-js.stripe.com 'report-sample'; frame-ancestors 'self' https://app.contentful.com 5
frame-ancestors 'self'; object-src 'none'; report-uri /api/csp-reporting 5
default-src https: 'self' data: blob:; script-src https: 'self' data: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'self' 'unsafe-inline' blob:; report-uri https://services.fandom.com/csp-logger/csp/f2 5
frame-ancestors 'self'; report-uri https://www.dailytelegraph.com.au/csp-reports 5
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: logger.scot.nhs.uk *.fontawesome.com use.typekit.net *.google.com *.google.co.uk *.googleapis.com themes.googleusercontent.com *.gstatic.com code.jquery.com yui.yahooapis.com *.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net unpkg.com *.twitter.com *.twimg.com *.youtube.com youtu.be *.ytimg.com www.youtube-nocookie.com player.vimeo.com i.vimeocdn.com cdn.jwplayer.com content.jwplatform.com prd.jwpltx.com *.jwpcdn.com *.jwpsrv.com *.civiccomputing.com cc.cdn.civiccomputing.com secure.gravatar.com public.tableau.com www.openstreetmap.org browser-update.org s.w.org www.geoplugin.net *.wp.com hcaptcha.com *.hcaptcha.com www.careopinion.org.uk www.patientopinion.org.uk assets.nhs.uk www.travelinescotland.com; worker-src 'self' www.google.com; frame-ancestors 'self'; base-uri 'self'; report-to csp-endpoint; report-uri https://web-reports.scot.nhs.uk/api/v1/csp-report 5
default-src data: https: 'unsafe-eval' 'unsafe-inline' 'unsafe-hashes'; img-src data: *; script-src 'unsafe-inline' 'unsafe-hashes' *; style-src 'unsafe-inline' 'unsafe-hashes' *; connect-src *; child-src *; font-src *; report-uri /_csp; report-to default 5
img-src https:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'; 5
default-src https: 'unsafe-inline' 'unsafe-eval'; worker-src blob:; img-src https: data:; font-src https: data:; report-uri https://idg.report-uri.io/r/default/csp/reportOnly 5
font-src fonts.gstatic.com *.gstatic.com data: fonts.googleapis.com *.fontawesome.com *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.dotdigital-pages.com *.dotdigital.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com cdn.dnky.co webchat.dotdigital.com *.mercadolibre.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.gstatic.com *.googleapis.com maps.googleapis.com maps.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.facebook.com *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.mercadolivre.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com cdn.ampproject.org raw.githubusercontent.com *.googleapis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com cdn.dnky.co webchat.dotdigital.com *.googletagmanager.com *.facebook.net *.avada.io *.mlstatic.com *.mercadopago.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com unsafe-inline *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com cdn.ampproject.org *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com webchat.dotdigital.com *.google-analytics.com https://get.geojs.io *.avada.io *.mercadopago.com *.mercadolibre.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 5
default-src * 5
default-src * https: data: blob: 'unsafe-inline' 'unsafe-hashes'; 5
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data: blob:; font-src https: data:; report-uri /csp-report 5
default-src https: data:; script-src https: data: 'unsafe-inline' 'unsafe-eval'; style-src https: data: 'unsafe-inline'; frame-ancestors 'self'; report-uri https://stoklasa.report-uri.io/r/default/csp/reportOnly 5
default-src 'self' *.google.com google.com *.google.de google.de *.google.at google.at *.google.be google.be *.google.fi google.fi *.google.no google.no *.google.ru google.ru *.google.se google.se *.google.co.uk google.co.uk *.google.nl google.nl *.google.fr google.fr *.google.pl google.pl *.google.es google.es *.google.it google.it *.google.ch google.ch *.google.dk google.dk *.google.lt google.it *.google.cz google.cz *.google-analytics.com google-analytics.com *.googletagmanager.com googletagmanager.com *.googleapis.com googleapis.com *.sharp.de sharp.de *.sharp.at sharp.at *.sharp.be sharp.be *.sharp.fi sharp.fi *.sharp.no sharp.no *.sharp.ru sharp.ru *.sharp.se sharp.se *.sharp.co.uk sharp.co.uk *.sharp.nl sharp.nl *.sharp.fr sharp.fr *.sharp.pl sharp.pl *.sharp.es sharp.es *.sharp.it sharp.it *.sharp.ch sharp.ch *.sharp.se sharp.se *.sharp.dk sharp.dk *.sharp.cz sharp.cz *.sharp.eu sharp.eu *.sharpmarketing.eu imgs.aws.sharp.eu *.actonsoftware.com cdn.cookielaw.org stats.g.doubleclick.net bam.nr-data.net; script-src 'self' 'unsafe-inline' *.actonservice.com actonservice.com *.googletagmanager.com googletagmanager.com *.google-analytics.com *.google.com googleapis.com *.googleapis.com *.youtube.com youtube.com bam.nr-data.net js-agent.newrelic.com cdn.cookielaw.org *.sharpmarketing.eu *.gstatic.com *.hotjar.com snap.licdn.com bat.bing.com; style-src 'self' 'unsafe-inline' *.sharpmarketing.eu; img-src 'self' data: *.cookielaw.org cookielaw.org *.google.ca google.ca *.google.co.in google.co.in *.google.ro google.ro *.google.co.jp google.co.jp *.gogle.co.id google.co.id *.google.co.th google.co.th *.google.ae google.ae *.google.co.nz google.co.nz *.google.com google.com *.google.de google.de *.google.at google.at *.google.be google.be *.google.fi google.fi *.google.no google.no *.google.ru google.ru *.google.se google.se *.google.co.uk google.co.uk *.google.nl google.nl *.google.fr google.fr *.google.pl google.pl *.google.es google.es *.google.it google.it *.google.ch google.ch *.google.dk google.dk *.google.lt google.it *.google.cz google.cz imgs.aws.sharp.eu i.ytimg.com d35hoao4dw4qk2.cloudfront.net www.google-analytics.com *.sharpmarketing.eu *.actonsoftware.com px.ads.linkedin.com bat.bing.com px4.ads.linkedin.com www.google.co.za www.google.bg googleads.g.doubleclick.net www.google.gr; frame-src *; frame-ancestors 'self' *.sharp.de sharp.de *.sharp.at sharp.at *.sharp.be sharp.be *.sharp.fi sharp.fi *.sharp.no sharp.no *.sharp.ru sharp.ru *.sharp.sk sharp.sk *.sharp.se sharp.se *.sharp.co.uk sharp.co.uk *.sharp.nl sharp.nl *.sharp.fr sharp.fr *.sharp.pl sharp.pl *.sharp.es sharp.es *.sharp.it sharp.it *.sharp.ch sharp.ch *.sharp.se sharp.se *.sharp.dk sharp.dk *.sharp.hu sharp.hu *.sharp.lt sharp.it *.sharp.co.jp sharp.co.jp *.sharp.cz sharp.cz  *.sharp.eu sharp.eu; child-src *; font-src 'self' data:; connect-src 'self' *.google-analytics.com google-analytics.com cdn.linkedin.oribi.io bam.nr-data.net cdn.cookielaw.org stats.g.doubleclick.net privacyportal-eu.onetrust.com *.sharpmarketing.eu *.hotjar.com vc.hotjar.io bat.bing.com; report-uri https://apps.sharp.eu/sharp/apps/eu/csp-violation/report.php; upgrade-insecure-requests 5
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; report-uri https://xl86pc2ky3.execute-api.eu-central-1.amazonaws.com/prod/icorecspupload 5
report-uri https://8200068e1bbb5c22d2e57dd38c2ddbcf.report-uri.com/r/t/csp/wizard; 5
default-src 'self' wss: *.gravatar.com *.civicplus.com *.civicplus.pro *.civic.place *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdnjs.cloudflare.com static.cloudflareinsights.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.publicstuff.com *.googletagmanager.com *.civicplus.com *.civicplus.pro *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdnjs.cloudflare.com static.cloudflareinsights.com connect.facebook.net static.addtoany.com https://widgets.nrel.gov *.openstreetmap.org cdn-images.mailchimp.com platform.twitter.com blob:; object-src 'self' 'unsafe-inline' 'unsafe-eval' translate.googleapis.com iframe.publicstuff.com; style-src 'self' 'unsafe-inline' iframe.publicstuff.com  *.civicplus.com *.civicplus.pro *.civicclerk.com *.civic.place engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdnjs.cloudflare.com static.cloudflareinsights.com *.ctctcdn.com cdn-images.mailchimp.com data:; img-src 'self' 'unsafe-inline' iframe.publicstuff.com *.civicplus.com *.civicplus.pro *.civicclerk.com *.civic.place engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdnjs.cloudflare.com static.cloudflareinsights.com www.facebook.com https://widgets.nrel.gov www.facebook.com *.openstreetmap.org cdn-images.mailchimp.com i.ytimg.com data:; media-src 'self' translate.googleapis.com iframe.publicstuff.com data:; frame-src 'self' 'unsafe-inline' iframe.publicstuff.com *.youtube.com *.airtable.com *.swagit.com *.google.com *.civicplus.com *.novusagenda.com *.publicstuff.com *.audioeye.com acg.is *.maps.arcgis.com https://www.google.com/maps/embed *.googletagmanager.com https://www.youtube.com/embed https://www.youtube-nocookie.com/embed static.addtoany.com www.facebook.com m.facebook.com my.matterport.com ltfl.librarything.com player.vimeo.com *.granicus.com data:; frame-ancestors 'self' *.civicplus.com *.civicplus.pro *.civic.place *.civicclerk.com; child-src 'self' 'unsafe-inline' iframe.publicstuff.com *.youtube.com *.airtable.com *.swagit.com *.google.com *.civicplus.com *.novusagenda.com *.publicstuff.com *.audioeye.com acg.is *.maps.arcgis.com https://www.google.com/maps/embed *.googletagmanager.com https://www.youtube.com/embed https://www.youtube-nocookie.com/embed static.addtoany.com www.facebook.com m.facebook.com my.matterport.com ltfl.librarything.com player.vimeo.com *.granicus.com data:; font-src 'self' 'unsafe-inline' 'unsafe-eval' *.civicplus.com *.civicplus.pro *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdnjs.cloudflare.com static.cloudflareinsights.com user.govoutreach.com syndication.twitter.com data:; connect-src 'self' 'unsafe-inline' iframe.publicstuff.com  *.civicplus.com *.civicplus.pro *.civic.place *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdnjs.cloudflare.com static.cloudflareinsights.com stats.g.doubleclick.net; report-uri /report-csp-violation 5
default-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; font-src 'self' data: https: 'unsafe-inline'; connect-src https: wss: 'unsafe-inline'; report-uri https://hi.report-uri.com/r/d/csp/reportOnly 5
default-src 'self'; script-src 'report-sample' 'self' https://js.qualified.com/qualified.js https://www.googletagmanager.com/gtm.js; style-src 'report-sample' 'self'; object-src 'none'; base-uri 'self'; connect-src 'self' https://app.qualified.com wss://ws.qualified.com; font-src 'self'; frame-src 'self' https://app.qualified.com; img-src 'self' data: https://dms6j3xpg18d6.cloudfront.net https://d3s86tfxelgbdj.cloudfront.net https://huntscanlon.com https://images.cointelegraph.com https://mma.prnewswire.com https://s.yimg.com; manifest-src 'self'; media-src 'self'; report-uri https://altrata.report-uri.com/r/d/csp/wizard; worker-src 'none'; 5
require-trusted-types-for 'script';report-uri /_/Gstore/cspreport 4
default-src * 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' data: https: blob: android-webview-video-poster: android-webview: chrome-extension: moz-extension: ms-browser-extension: about: 4
default-src 'none'; frame-ancestors 'none'; connect-src 'self' www.ntppool.org st.ntppool.org 8ll7xvh0qt1p.statuspage.io; font-src fonts.gstatic.com; form-action 'self' mailform.ntppool.org checkout.stripe.com; img-src 'self' st.ntppool.org st.pimg.net news.ntppool.org *.mapper.ntppool.org; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.statuspage.io st.ntppool.org st.pimg.net news.ntppool.org www.mapper.ntppool.org js.stripe.com; style-src 'self' fonts.googleapis.com st.ntppool.org st.pimg.net news.ntppool.org; report-uri https://ntppool.report-uri.com/r/t/csp/wizard 4
default-src 'unsafe-inline' 'unsafe-eval' * data: blob: 4
default-src 'self' data: blob: https://*.bamboohr.com https://*.bamboohr.co.uk https://*.trustarc.com https://secure.feed5mown.com https://cdn.bizible.com https://bat.bing.com https://connect.facebook.com https://connect.facebook.net https://dbm.demdex.net https://bamboohr.demdex.net https://*.licdn.com https://*.hotjar.com https://tracking.g2crowd.com https://static.ads-twitter.com https://munchkin.marketo.com https://munchkin.marketo.net https://cdn.abrankings.com https://a.quora.com https://q.quora.com https://*.clarity.ms https://*.thebrightforks.com https://dx.mountain.com https://tag.clearbitscripts.com https://cdn.pdst.fm https://x.clearbitjs.com https://app.clearbitjs.com https://www.googletagmanager.com https://www.redditstatic.com https://snap.licdn.com https://www.google-analytics.com https://assets.adobedtm.com https://activitymap.adobe.com https://www.googleoptimize.com https://googleads.g.doubleclick.net https://abm-tracking.demandscience.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://match.prod.bidr.io https://bamboohr.zendesk.com https://*.zdassets.com https://assets.screensteps.com https://fast.wistia.com https://fast.wistia.net https://unpkg.com https://*.convertexperiments.com https://js.intercomcdn.com https://cdn.readme.io https://*.tiktok.com https://fonts.gstatic.com https://fonts.googleapis.com https://edge.adobedc.net https://adobedc.demdex.net https://stats.g.doubleclick.net https://www.google.com https://analytics.google.com https://*.mktoresp.com https://*.clearbit.com https://*.linkedin.com https://t.co https://*.twitter.com https://*.facebook.com https://tracking.contanuity.com https://c.bing.com https://*.hlx.page https://*.hlx.live https://bamboohr--webchat.sandbox.my.site.com https://bamboohr--webchat.sandbox.my.salesforce-scrt.com https://bamboohr.my.site.com https://bamboohr.my.salesforce-scrt.com 'unsafe-inline' 'unsafe-eval'; report-uri https://app.bamboohr.com/ajax/parse_csp_report.php; 4
default-src https: 'unsafe-inline' 'unsafe-eval' 4
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google.com.tr *.doubleclick.net www.google.ca www.google.lk www.google.ie www.google.co.id www.google.com.eg www.google.com.et www.google.de *.imperva.com www.google.com.sg analytics.google.com bam.nr-data.net imperva.containers.piwik.pro www.google.com.sa js.driftt.com www.google.co.jp www.google.it www.google.co.kr *.googleapis.com www.google.pl b.6sc.co www.google.co.uk gc.kis.v2.scr.kaspersky-labs.com ipv6.6sc.co *.gstatic.com www.google.com.co www.google.co.il www.google.com.pk secure.gravatar.com www.google.com.ng munchkin.marketo.net www.google.com.bd *.vimeo.com www.google.com.my www.google.co.th www.google.es www.google.com.tw cdn.bizible.com www.googletagmanager.com www.google.com.br js-agent.newrelic.com *.adroll.com www.google.com.hk cdn.cookielaw.org cdn.bizibly.com adservice.google.com www.google.fr www.google.com.au region1.analytics.google.com edge.fullstory.com www.google.com.ph www.youtube.com www.google.com.mx rs.fullstory.com www.brighttalk.com privacy-policy.truste.com www.google.com.ua www.google.nl www.google-analytics.com *.onetrust.com translate.google.com *.mktoresp.com c.6sc.co jscloud.net www.google.com *.mktoutil.com www.google.co.za www.google.co.ke imperva.piwik.pro j.6sc.co *.optimizely.com www.google.co.in ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 4
object-src 'none'; connect-src 'self' https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.cpggpc.ca https://www.google-analytics.com https://siteintercept.qualtrics.com https://www.facebook.com https://sslstats.canadapost.ca https://*.wistia.com https://dpm.demdex.net https://csi.gstatic.com https://adservice.google.com https://*.googlesyndication.com https://*.g.doubleclick.net https://maps.googleapis.com https://vmss.boldchat.com https://www.linkedin.com https://canadapost.tt.omtrdc.net https://services.postcodeanywhere.co.uk https://embedwistia-a.akamaihd.net https://cdn.cookielaw.org https://geolocation.onetrust.com; font-src 'self' https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://fonts.gstatic.com https://*.arcgis.com; form-action 'self' https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.canadapost.ca  https://*.epost.ca https://www.facebook.com https://google.com; frame-ancestors 'self' https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.canadapost.ca; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.epost.ca https://*.cpggpc.ca https://www.adobetag.com https://assets.adobedtm.com https://siteintercept.qualtrics.com  https://zn0xleir6swszany9-canadapostdigital.siteintercept.qualtrics.com https://connect.facebook.net https://snap.licdn.com https://z.moatads.com https://static.ads-twitter.com https://www.googletagmanager.com https://www.google.com https://www.googletagservices.com https://*.google-analytics.com https://*.googleadservices.com https://www.gstatic.com https://*.googlesyndication.com https://adservice.google.com https://adservice.google.ca https://maps.googleapis.com https://cdn.ampproject.org https://*.doubleclick.net https://*.twitter.com https://cdn.syndication.twimg.com https://dpm.demdex.net https://*.wistia.com https://*.frontlinesvc.com https://*.arcgis.com https://www.linkedin.com https://vmss.boldchat.com https://sb.scorecardresearch.com https://www.rnengage.com https://sjs.bizographics.com https://www.instagram.com https://secure.adnxs.com https://app.five9.com https://cdn.cookielaw.org; style-src 'self' 'unsafe-inline' https://*.frontlinesvc.com https://fonts.googleapis.com https://translate.googleapis.com https://*.twitter.com https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.epost.ca https://*.arcgis.com https://*.arcgisonline.com https://app.five9.com; report-uri https://www.canadapost-postescanada.ca/cwc/components/rs/csp-reports; 4
default-src 'self' blob: https://staffbase.com https://s15952.pcdn.co; report-uri https://casper-de1.staffbase.com/report/staffbase.com; script-src 'report-sample' 'self' blob: 'unsafe-eval' 'unsafe-inline' https://*.google-analytics.com https://ab-eu-prod-partner-locator.s3-eu-central-1.amazonaws.com/partnerlocator-bundle.js https://analytics.twitter.com https://bat.bing.com https://cdn.cookielaw.org https://cdn.linkedin.oribi.io/34930/ https://cdnjs.cloudflare.com/ajax/libs/dompurify/ https://connect.facebook.net https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.hubspot.com https://js.hscta.net https://*.hubspot.net https://*.hsforms.com https://googleads.g.doubleclick.net https://hackerone.com https://npmcdn.com/pikasso@4.2.0/build/umd.min.js https://pikasso-preview.bananatag.com https://j.6sc.co/6si.min.js https://*.hs-analytics.net https://*.hs-banner.com https://*.hs-scripts.com https://*.hsforms.net https://*.hsleadflows.net https://*.qualified.com https://maps.googleapis.com https://rum-static.pingdom.net https://snap.licdn.com https://static.ads-twitter.com https://tagmanager.google.com https://tags.clickagy.com/data.js https://tracking.g2crowd.com https://ws.zoominfo.com https://www.gartner.com/reviews/public/Widget/js/widget.js https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://s15952.pcdn.co; font-src 'self' data: application/x-font-woff https://*.google-analytics.com https://cdn.getspeechify.com/hosted-fonts/GreycliffCF-*.woff2 https://fonts.staffbase.com https://www.gartner.com https://s15952.pcdn.co; img-src 'self' data: image/svg+xml https: https://s15952.pcdn.co; style-src https: 'self' 'unsafe-inline' 'report-sample'; connect-src https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat  'self' https://*.google-analytics.com https://*.pingdom.net https://*.ads.linkedin.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://aorta.clickagy.com/data https://api.allbound.eu/v5/public/ https://api.ipstack.com https://app.qualified.com https://bat.bing.com https://c.6sc.co https://cdn.cookielaw.org https://cdn.linkedin.oribi.io/partner/34930/domain/staffbase.com/token https://*.hubapi.com https://js.hscta.net https://*.hsforms.com https://*.hubspot.com https://geolocation.onetrust.com https://hackerone.com https://hemsync.clickagy.com/external/hasHashes https://hubspot-forms-static-embed.s3.amazonaws.com https://ipv6.6sc.co https://*.hs-banner.com https://*.linkedin.oribi.io/event https://privacyportal.onetrust.com https://secure.adnxs.com/getuidj https://staffbase-privacy-request.my.onetrust.com/request/v1/consentreceipts https://stats.g.doubleclick.net https://ws.zoominfo.com/pixel/collect https://www.facebook.com wss://app.qualified.com wss://ws.qualified.com https://s15952.pcdn.co; frame-src https:; media-src https:; frame-ancestors 'none'; object-src 'none'; 4
report-uri https://52723791ca12811bfedec52ea4c44290.report-uri.com/r/d/csp/reportOnly; default-src 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; script-src-elem * 'unsafe-inline'; script-src-attr 'unsafe-inline'; style-src 'self' 'unsafe-inline'; style-src-elem * 'unsafe-inline'; style-src-attr 'self' 'unsafe-inline'; img-src * data:; font-src * data:; connect-src *; media-src * blob:; object-src 'none'; frame-src *; frame-ancestors *; form-action 'self' 4
default-src https: data: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; report-uri /csp-violation-report-endpoint.php; report-to csp-endpoint 4
default-src 'self' *; media-src 'self' * data: ; font-src 'self' * data: ; img-src 'self' data: blob: *; script-src * 'unsafe-inline' 'unsafe-eval' data: *; style-src 'self' 'unsafe-inline' *; worker-src 'self' * blob: ; report-uri /api/csp-violation 4
frame-src https://www.google.com; font-src 'self' https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://img6.wsimg.com; style-src 'self' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://www.gstatic.com; report-uri https://sentry.brandsight.com/api/25/security/?sentry_key=d2a6cc459b0c48dd91884e7063bbddb4 script-src 'self' https://cdnjs.cloudflare.com https://www.googletagmanager.com https://js.hs-scripts.com https://tags.tiqcdn.com https://snap.licdn.com https://www.google.com https://www.gstatic.com https://www.googleadservices.com https://www.google-analytics.com https://js.hs-analytics.net https://js.hs-banner.com 'sha256-0GmZYAqaqzetS+w1EyLdzTxUer98JQtlleth+bhMzm4=' 'sha256-h4kRXx7uh9BDCM48lIeC8OTw0+lUQIlD+u3Rsxo8ixg='; 4
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: cdn.privacy-mgmt.com maps.googleapis.com www.news.co.uk uk-script.dotmetrics.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com cdn.privacy-mgmt.com *.tiqcdn.com unpkg.com uk-script.dotmetrics.net *.scorecardresearch.com *.google-analytics.com; style-src 'self' 'unsafe-inline' data: use.fontawesome.com fonts.googleapis.com use.typekit.net maps.google.com unpkg.com; img-src 'self' data: *.googleapis.com *.gstatic.com *.google-analytics.com *.scorecardresearch.com *.news.co.uk www.news.co.uk *.dotmetrics.net newsuk.s3.amazonaws.com s.w.org ps.w.org ts.w.org secure.gravatar.com www.gravatar.com; font-src 'self' data: fonts.gstatic.com; frame-src 'self' *.youtube.com *.vimeo.com *.brightcove.com cdn.privacy-mgmt.com; report-uri https://www.news.co.uk?gdsih-csp-report; 4
font-src fonts.gstatic.com use.typekit.net *.gstatic.com 'self' data: *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adyen.com *.dotdigital-pages.com *.dotdigital.com js.stripe.com cdn.dnky.co webchat.dotdigital.com *.us1.gigya.com *.openpay.mx *.openpay.co *.mercadolibre.com *.opencontrol.mx *.kaptcha.com *.openpay.pe *.paynet.com.mx *.google.com *.google.com.br *.criteo.com *.doubleclick.net *.cloudfront.net *.nr-data.net *.enviou.com.br *.facebook.com *.facebook.net *.newrelic.com http://receiver.posclick.dinamize.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net p.typekit.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.adyen.com *.us1.gigya.com 'self' data: 'unsafe-inline' data: *.postimg.cc *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.mercadolivre.com *.openpay.mx *.google.com *.google.com.br *.panini.canto.global https://panini.canto.global *.cloudfront.net *.doubleclick.net *.g.doubleclick.net *.ivitrack.com *.bidswitch.net *.criteo.com *.nr-data.net *.enviou.com.br *.facebook.com *.facebook.net *.newrelic.com http://receiver.posclick.dinamize.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net unpkg.com commerce.adobedtm.com www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com *.adyen.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com js.stripe.com cdn.conekta.io conektaapi.s3.amazonaws.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.us1.gigya.com s7.addthis.com *.mlstatic.com *.mercadopago.com *.s3.amazonaws.com *.openpay.co *.openpay.pe *.google-analytics.com *.google.com/recaptcha/ *.gstatic.com/recaptcha/ *.google.com *.google.com.br *.vendavalida.com.br *.zdassets.com *.criteo.com *.enviou.com.br *.cloudfront.net *.nr-data.net *.facebook.com *.facebook.net *.newrelic.com http://receiver.posclick.dinamize.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.gstatic.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com getfirebug.com cdn.dnky.co webchat.dotdigital.com 'unsafe-inline' data: unsafe-inline *.googleapis.com *.gstatic.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net api.magento.com commerce.adobe.io commerce.adobedtm.com commerce.adobedc.net *.adobe.io performance.typekit.net www.sandbox.paypal.com commerce.adobe.net qa-api.magedevteam.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adyen.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.conekta.io api.comapi.com webchat.dotdigital.com *.openpay.mx *.openpay.co ekr.zdassets.com/ *.mercadopago.com *.mercadolibre.com *.openpay.pe *.google.com *.google.com.br *.criteo.com *.vendavalida.com.br *.zendesk.com *.doubleclick.net *.us1.gigya.com *.cloudfront.net *.nr-data.net *.enviou.com.br *.facebook.com *.facebook.net *.newrelic.com http://receiver.posclick.dinamize.com www.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com t.elasticsuite.io *.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 4
frame-ancestors 'none'; report-uri https://endpoint3.collection.us2.sumologic.com/receiver/v1/http/ZaVnC4dhaV30Tj5vtZfuZ0tYPfqb8xOSxI9TJ5CbQ_ZE4W4aGoGW8HViqViD0nttCcDqHOZNNhObvJtSbYn1XDP7uSjlITCzSLlNsuSdwZ46El5dcVC6kg== 4
default-src 'self'; img-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 4
default-src 'self' data: 'unsafe-eval' 'unsafe-inline' *.shopmetrics.com *.gigspot.com *.research-cloud.com https://*.jsdelivr.net https://unpkg.com https://*.unpkg.com https://*.googleapis.com https://*.google-analytics.com https://*.gstatic.com https://*.search.windows.net https://cdnjs.cloudflare.com https://code.jquery.com *.facebook.net *.facebook.com *.doubleclick.net *.googletagmanager.com *.bootstrapcdn.com *.typekit.net https://rmvelocityfrontend.blob.core.windows.net https://rec.i-say.com; script-src 'self' data: 'unsafe-eval' 'unsafe-inline' *.shopmetrics.com *.gigspot.com *.research-cloud.com https://*.jsdelivr.net https://unpkg.com https://*.unpkg.com https://*.googleapis.com https://*.google-analytics.com https://*.gstatic.com https://*.search.windows.net https://cdnjs.cloudflare.com https://code.jquery.com *.facebook.net *.facebook.com *.doubleclick.net *.googletagmanager.com *.bootstrapcdn.com *.typekit.net https://rmvelocityfrontend.blob.core.windows.net; frame-src 'self' blob: *.shopmetrics.com *.gigspot.com *.research-cloud.com *.velocity.online *.youtube.com *.youtu.be; base-uri 'self'; form-action 'self' *.shopmetrics.com *.gigspot.com *.velocity.online; img-src * data: about: blob: filesystem: ma-file:; object-src 'none'; font-src 'self' data: *.shopmetrics.com *.bootstrapcdn.com *.typekit.net *.gstatic.com *.jsdelivr.net *.pstatic.net *.github.com; report-uri https://training89.shopmetrics.com/CSPEndpoint.aspx; Report-To default; 4
font-src *.googleapis.com *.gstatic.com data: fonts.googleapis.com fonts.gstatic.com *.yotpo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com *.facebook.net *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com *.affirm.com *.affirm.ca *.google.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.facebook.net *.facebook.com *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com maps.googleapis.com maps.gstatic.com *.affirm.com *.affirm.ca https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://www.magezon.com store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com secure.adnxs.com *.bing.com px.ads.linkedin.com *.facebook.net *.facebook.com snap.licdn.com *.github.io *.clarity.ms google.co.kr *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.affirm.com *.affirm.ca https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.google.com/ *.authorize.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com stats.g.doubleclick.net *.bing.com *.facebook.net *.facebook.com snap.licdn.com *.clarity.ms secure.adnxs.com *.maxmind.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://static.klaviyo.com unsafe-inline *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com *.affirm.com *.affirm.ca https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com stats.g.doubleclick.net *.clarity.ms *.facebook.net *.facebook.com *.mmapiws.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 4
img-src https: data:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline' 4
object-src 'none'; script-src 'self' cdn.jsdelivr.net cdnjs.cloudflare.com https://cse.google.com https://js.hsforms.net https://rebilly.github.io https://use.fontawesome.com https://ws.sharethis.com platform.instagram.com platform.twitter.com; script-src-attr 'self'; style-src 'self' https://cloud.typography.com https://use.fontawesome.com; style-src-attr 'self'; frame-ancestors 'self' 4
font-src *.gstatic.com data: *.fontawesome.com fonts.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googleapis.com *.yotpo.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.meetanshi.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com www.google.com *.google.com *.doubleclick.net *.facebook.com account.fetchify.com *.meetanshi.com js.mollie.com *.trustpilot.com www.xtento.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.gstatic.com *.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.meetanshi.com https://www.mollie.com https://redchamps.com www.xtento.com cdn.xtento.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.googleapis.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com cdn.jsdelivr.net www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://stackpath.bootstrapcdn.com https://display.powerreviews.com https://ui.powerreviews.com *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.fontawesome.com *.avada.io *.meetanshi.com js.mollie.com *.trustpilot.com www.xtento.com cdn.xtento.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://static.klaviyo.com *.fontawesome.com unsafe-inline cdn.jsdelivr.net fonts.googleapis.com https://ui.powerreviews.com https://fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com cc-cdn.com *.trustpilot.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.getalma.eu https://display.powerreviews.com https://ui.powerreviews.com *.google-analytics.com *.facebook.com *.facebook.net api.craftyclicks.co.uk pcls1.craftyclicks.co.uk https://get.geojs.io *.avada.io *.meetanshi.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 4
font-src *.typekit.net data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com www.novaturas.lt dev-lt-novaturas.readymage.com * 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com www.novaturas.lt  https://track.adform.net https://master.d28zlv4dg2b2g7.amplifyapp.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io https://img.youtube.com 'self' https://localhost https://novaturas-gwe-1661146907.readymage.com https://novaturas-gwe-1661146907.readymage-media.com https://prod-lt-novaturas.readymage.com https://www.google.com https://hatscripts.github.io https://omnisnippet1.com https://wt.soundestlink.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ s7.addthis.com 'unsafe-inline' 'unsafe-eval' https://static.hotjar.com https://googleads.g.doubleclick.net https://connect.facebook.net https://www.google.com https://s2.adform.net  https://track.adform.net https://omnisnippet1.com https://forms.soundestlink.com https://svht.tradedoubler.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.googletagmanager.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com 'unsafe-inline' 'unsafe-eval' *.typekit.net unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com ekr.zdassets.com/ 'self' https://bam.eu01.nr-data.net https://staging.nov.indvp.com https://pim.novatours.eu https://development.nov.indvp.com https://analytics.google.com https://stats.g.doubleclick.net ws: api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' https://dev-lt-novaturas.readymage.com https://stage-lt-novaturas.readymage.com https://staging.nov.indvp.com https://pim.novatours.eu https://development.nov.indvp.com https://novaturas-gwe-1661146907.readymage-media.com https://use.typekit.net https://www.googletagmanager.com https://localhost 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 4
default-src blob: https:;	img-src data: https:;	script-src 'unsafe-inline' 'unsafe-eval' blob: https:;	style-src 'unsafe-inline' https:;	font-src data: https:;	frame-src https:;	media-src data: https:;	object-src 'none';	connect-src https:;	frame-ancestors 'self'; 4
font-src *.fontawesome.com fonts.gstatic.com *.klarnacdn.net maxcdn.bootstrapcdn.com *.googleapis.com *.gstatic.com *.hotjar.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com sandbox.przelewy24.pl secure.przelewy24.pl facebook.com www.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.facebook.com *.kinderkraft.fr *.kinderkraft.pl kinderkraft.fr kinderkraft.pl *.trustpilot.com *.criteo.gum *.cookiebot.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ consentcdn.cookiebot.com *.klarna.com pay.google.com secure.payu.com merch-prod.snd.payu.com *.trustpilot.com *.facebook.com www.facebook.com *.instagram.com *.hotjar.com *.criteo.com *.criteo.net *.youtube-nocookie.com *.google.com *.kinderkraft.fr kinderkraft.fr kinderkraft.pl *.pinterest.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'unsafe-inline' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io https://images.unsplash.com *.klarna.com *.klarnaevt.com *.klarnacdn.net static.przelewy24.pl www.gstatic.com gstatic.com static.payu.com *.gstatic.com *.googleapis.com *.ggpht ts.tradetracker.net www.magmodules.eu *.ytimg.com www.google.com www.google.pl kinderkraft.com pixel.wp.pl www.facebook.com *.instagram.com *.payu.com *.hotjar.com www.googletagmanager.com googleads.g.doubleclick.net *.criteo.com *.adobedtm.com *.doubleclick.net *.outbrain.com *.rubiconproject.com *.yahoo.com *.3lift.com *.smartadserver.com *.adnxs.com *.tapad.com *.casalemedia.com *.360yield.com *.taboola.com *.pubmatic.com *.media.net *.teads.tv *.adform.net *.bidswitch.net *.sharethrough.com *.smaato.net *.socdm.com *.adscale.de *.advertising.com *.dable.io *.co.kr *.stickyadstv.com *.twiago.com *.omnitagjs.com *.liadm.com *.yieldmo.com *.postrelease.com *.addthis.com *.revcontent.com *.mail.ru *.yieldlab.net *.rambler.ru *.bing.com *.openx.net *.nate.com *.mediawallahscript.com id5-sync.com *.rlcdn.com *.adingo.jp *.tremorhub.com *.yandex.ru *.aralego.com/ *.ad-stir.com *.adtdp.com *.meba.kr *.1rx.io *.toast.com *.turn.com *.dmxleo.com *.mediavine.com *.ivitrack.com *.smartclip.net *.krxd.net *.emxdgt.com *.pinterest.com *.bluekai.com *.thebrighttag.com kinderkraft.pl *.user.com *.trustpilot.com *.trustpilot.net *.metaffiliation.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ consent.cookiebot.com *.klarna.com *.klarnaservices.com sandbox.przelewy24.pl secure.przelewy24.pl pay.google.com *.avada.io secure.payu.com secure.snd.payu.com *.googleapis.com *.gstatic.com *.trustpilot.com tm.tradetracker.net *.googletagmanager.com kinderkraft-staging.user.com *.user.com consentcdn.cookiebot.com *.g.doubleclick.net *.adyen.com *.facebook.net pixel.wp.pl *.hotjar.com *.criteo.com *.newrelic.com *.criteo.net *.nr-data.net *.cloudflare.com *.clickcease.com *.pinimg.com *.googleoptimize.com *.youtube.com *.klarnacdn.net *.kinderkraft.pl *.kinderkraft.fr *.kinderkraft.de *.kinderkraft.it *.kinderkraft.co.uk *.kinderkraft.es *.metaffiliation.com *.bing.com *.clarity.ms *.cux.io *.taboola.com *.luigisbox.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com fonts.googleapis.com *.klarnacdn.net maxcdn.bootstrapcdn.com *.googleapis.com *.gstatic.com *.trustpilot.com *.instagram.com *.cloudflare.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.googlevideo.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.klarnaevt.com sandbox.przelewy24.pl secure.przelewy24.pl wss://sandbox-ws.przelewy24.pl wss://secure-ws.przelewy24.pl apple-pay-gateway.apple.com *.klarnaservices.com https://get.geojs.io *.avada.io secure.payu.com merch-prod.snd.payu.com *.instagram.com kinderkraft-staging.user.com wss://kinderkraft-staging.user.com *.adyen.com yt2html5.com *.user.com www.google.com googleads.g.doubleclick.net stats.g.doubleclick.net wss://kinderkraft.user.com *.hotjar.com wss://ws3.hotjar.com analytics.google.com *.paypal.com https://paypal.com paypal.com *.nr-data.net consentcdn.cookiebot.com *.hotjar.io *.criteo.com wss://ws29.hotjar.com *.pinterest.com *.google.com wss://ws11.hotjar.com *.klarnacdn.net google.pl google.com *.kinderkraft.fr *.metaffiliation.com *.sentry.io sentry.io *.clarity.ms *.cux.io *.facebook.com facebook.com *.google.pl wss://* *.openfpcdn.io *.google-analytics.com *.taboola.com *.luigisbox.com *.bing.com *.klarna.com 'self' 'unsafe-inline'; child-src *.instagram.com http: https: blob: 'self' 'unsafe-inline'; default-src *.adyen.com *.instagram.com *.googleoptimize.com *.bing.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 4
font-src *.klarnacdn.net *.fontawesome.com maxcdn.bootstrapcdn.com *.gstatic.com https://geowidget.easypack24.net 'self' data: data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ pay.google.com pay-accept.bm.pl pay.bm.pl cards-accept.bm.pl cards.bm.pl *.klarna.com https://www.googletagmanager.com/ *.packeta.com c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com *.paypal.com secure.payu.com merch-prod.snd.payu.com https://geowidget-app.inpost.pl/ consentcdn.cookiebot.com *.facebook.com web.facebook.com trustmate.io 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io platnosci.bm.pl www.gstatic.com *.klarna.com *.klarnaevt.com *.klarnacdn.net http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com static.payu.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org 'self' data: *.facebook.com/ *.google.pl bat.bing.com cdn.klarna.com *.analytics.google.com *.googleapis.com *.mapbox.com trustmate.io cdn.trustmate.io *.facebook.com www.google.pl *.wp.pl data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cards-accept.bm.pl cards.bm.pl pay.google.com *.klarna.com *.klarnacdn.net *.klarnaservices.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io *.packeta.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com secure.payu.com secure.snd.payu.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org *.google.com *.gstatic.com www.googletagmanager.com d3bo67muzbfgtl.cloudfront.net consent.cookiebot.com consentcdn.cookiebot.com connect.facebook.net googleads.g.doubleclick.net bat.bing.com clarity.ms static.payu.com nominatim.openstreetmap.org cdngazeta.pl gazeta.pl google.pl mail.desportivo.pl ga.getresponse.com us-an.gr-cdn.com popups1-show.getresponse.com us-wbe.gr-cdn.com *.recostream.com trustmate.io trustmate.tech ga2.getresponse.com mail.desportivo.pl/de/rocz/sk wbe1.getresponse.com mail.desportivo.de mail.desportivo.ro mail.desportivo.cz mail.desportivo.sk recostream.com js-agent.newrelic.com/ *.wp.pl wp.pl pixel.wp.pl 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com pay-accept.bm.pl pay.bm.pl cards-accept.bm.pl cards.bm.pl *.googleapis.com *.klarnacdn.net *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline https://geowidget.easypack24.net https://geowidget.inpost.pl *.gstatic.com secure.przelewy24.pl static.payu.com trustmate.io 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://geowidget.easypack24.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://get.geojs.io *.avada.io *.packeta.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com secure.payu.com merch-prod.snd.payu.com *.easypack24.net *.inpost.pl *.openstreetmap.org t.elasticsuite.io *.google-analytics.com api.edrone.me stream.cloud.witbee.com j.clarity.ms google.com google.pl *.analytics.google.com consentcdn.cookiebot.com googleads.g.doubleclick.net static.payu.com *.facebook.net *.facebook.com app2.recostream.com  ga2.getresponse.com/ bam.nr-data.net clk.leadexpert.pl 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 4
font-src *.klevu.com *.ksearchnet.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com player.vimeo.com *.hotjar.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com data: *.xsmanguasjad.ee *.google.com *.google.lv *.klevu.com *.ksearchnet.com https://omnisnippet1.com https://wt.soundestlink.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.newrelic.com *.hotjar.com *.doubleclick.net *.googletagmanager.com *.nr-data.net *.zdassets.com *.klevu.com *.ksearchnet.com https://omnisnippet1.com https://forms.soundestlink.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.klevu.com *.ksearchnet.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.hotjar.com *.doubleclick.net *.nr-data.net *.zdassets.com *.zendesk.com *.zopim.com *.klevu.com *.ksearchnet.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 4
default-src https: blob: wss: data: android-webview-video-poster: android-webview: chrome-extension: safari-extension: 'unsafe-eval' 'unsafe-inline'; report-uri https://www.dailymotion.com/content_security_policy_report_uri 3
script-src 'unsafe-inline' 'unsafe-eval' 'self' blob: data: https:; style-src 'self' 'unsafe-inline' blob: data: https:; default-src 'self' https:; img-src https: blob: data: android-webview-video-poster:; frame-src blob: data: https:; worker-src blob: data: https:; child-src blob: data: https:; object-src 'self'; font-src 'self' https: blob: data: safari-extension://*; media-src 'self' blob: data: https:; connect-src wss: blob: data: https:; report-uri /csp_ep 3
object-src *.leboncoin.fr *.leboncoin.io *.leboncoin.ci; frame-ancestors *.leboncoin.fr *.leboncoin.io *.leboncoin.ci; report-uri https://api.leboncoin.fr/api/csp-report/v1/report/; 3
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.hollywoodreporter.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.kwai-pro.com http://*.kwai-pro.com http://*.kwai.net https://*.kwai.net *.kwai.com *.snackvideo.in *.kwai.me *.kwai.app *.kwimgs.com *.yximgs.com *.cloudfront.net *.kuaishou.com https://*.gifshow.com http://*.gifshow.com https://log-sdk.ksapisrv.com https://www.googletagmanager.com https://gifshow-static.download.ks-cdn.com https://static3.avast.com https://translate.google.com https://www.gstatic.com https://fonts.gstatic.com https://connect.facebook.net www.google-analytics.com hm.baidu.com m.snackvideo.com http://*.ap4r.com https://*.ap4r.com https://*.typekit.net http://*.typekit.net ak-sgp-pic.snackvideo.in tx-sgp-pic.snackvideo.in ws-sgp-pic.snackvideo.in g-us-kampic.golden49.net g-us-kamcdn.golden49.net m.kwai.com sentry.kuaishou.com https://cdn.jsdelivr.net https://at.alicdn.com https://www.facebook.com https://snap.licdn.com https://px.ads.linkedin.com https://cdn.linkedin.oribi.io https://www.linkedin.com https://*.google.com https://*.google-analytics.com https://*.doubleclick.net asset: data: blob: android-webview-video-poster: ikwai: chrome-extension:;img-src http: https: asset: data: blob: android-webview-video-poster: ikwai: chrome-extension:;connect-src http: https: asset: data: blob: android-webview-video-poster: ikwai: chrome-extension:;report-uri https://csplog.kwai-pro.com/log/kwai/wwwkwai 3
default-src 'self'; report-uri https://csp.loopia.se;form-action 'self' https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://bib.eway2pay.com https://ticket.siriusit.net https://payment.architrade.com https://www.facebook.com;font-src 'self' https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://tpc.googlesyndication.com https://fonts.gstatic.com https://chat.puzzel.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' https://chat.puzzel.com https://www.google.com https://www.googletagmanager.com https://ssl.google-analytics.com https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://www.youtube.com https://*.ytimg.com https://tpc.googlesyndication.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.google.se https://bat.bing.com https://connect.facebook.net https://api.exponea.com https://widget.trustpilot.com https://static.hotjar.com https://script.hotjar.com https://active24.ladesk.com https://api.infinario.com https://g.microsoft.com https://snap.licdn.com https://sc.lfeeder.com;connect-src 'self' https://chat.puzzel.com https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://www.facebook.com https://stats.g.doubleclick.net https://www.google-analytics.com https://api.exponea.com https://in.hotjar.com https://bat.bing.com https://vc.hotjar.io https://api.infinario.com https://datainsights.loopia.se https://sc.lfeeder.com wss://*.hotjar.com https://www.google.com https://www.google.se https://www.google.be https://cdn.linkedin.oribi.io https://*.analytics.google.com https://adservice.google.com https://analytics.google.com https://content.hotjar.io;img-src 'self' https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://ssl.google-analytics.com https://*.ytimg.com https://track.double.net https://tbs.tradedoubler.com https://sealserver.trustkeeper.net https://www.gstatic.com https://track.adform.net https://www.googletagmanager.com https://chat.puzzel.com https://www.google.com.cy https://www.google.no https://www.google.rs https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.google.es https://googleads.g.doubleclick.net https://www.facebook.com https://www.google.se https://bat.bing.com https://www.google.fi https://www.google.gr data: https://*.ads.linkedin.com https://www.linkedin.com https://www.google.be https://fonts.gstatic.com https://tr.lfeeder.com;media-src https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://chat.puzzel.com;frame-src https://*.facebook.com https://player.vimeo.com https://*.mynewsdesk.com https://tpc.googlesyndication.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://*.soundcloud.com https://www.youtube.com https://widget.trustpilot.com https://vars.hotjar.com https://active24.ladesk.com https://1-vbus-eu.ladesk.com https://datainsights.loopia.se;object-src 'self';style-src 'self' 'unsafe-inline' https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://chat.puzzel.com https://fonts.googleapis.com;script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' https://chat.puzzel.com https://www.google.com https://www.googletagmanager.com https://ssl.google-analytics.com https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://www.youtube.com https://*.ytimg.com https://tpc.googlesyndication.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.google.se https://bat.bing.com https://connect.facebook.net https://api.exponea.com https://widget.trustpilot.com https://static.hotjar.com https://script.hotjar.com https://active24.ladesk.com https://api.infinario.com https://g.microsoft.com https://snap.licdn.com https://sc.lfeeder.com https://www.gstatic.com 3
default-src 'self' *.roche.com *.roche.net *.gene.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.roche.com *.roche.net *.gene.com cdn.walkme.com apis.google.com tpc.googlesyndication.com api.html5media.info workdevapp.com cdn-js.net gdata.youtube.com twitter.com geolocation.onetrust.com api.flickr.com graph.facebook.com sharecdn.social9.com maps.googleapis.com use.typekit.com munchkin.marketo.net img.en25.com w.likebtn.com cdn.mathjax.org sadmin.brightcove.com cdnjs.cloudflare.com releases.flowplayer.org script.crazyegg.com wi.likebtn.com pepperglobal.com analytics.twitter.com cdn.blueconic.net connect.facebook.net fullstory.com script.hotjar.com gnntch.blueconic.net rules.quantcount.com secure.quantserve.com static.hotjar.com www.youtube.com www.googletagmanager.com www.google-analytics.com google-analytics.com *.gstatic.com static.ads-twitter.com sjs.bizographics.com *.linkedin.com www.google.com w.soundcloud.com s.ytimg.com *.cloudflareaccess.com *.salesforceliveagent.com https://*.roche.com:8080 https://cdnjs.org https://service.force.com/* cdn.cookielaw.org static.cloudflareinsights.com googleads.g.doubleclick.net 7232514.collect.igodigital.com; style-src * 'self' 'unsafe-inline'; img-src * 'self' data:; font-src * 'self' data:; connect-src * 'self'; media-src * 'self' data:; object-src 'self'; child-src 'self' *.roche.com *.roche.net *.gene.com *.facebook.net qpcr.probefinder.com *.force.com *.hotjar.com www.facebook.com www.google.com www.googletagmanager.com www.youtube.com; frame-src 'self' *.roche.com *.roche.net *.gene.com www.youtube.com sites.google.com *.cloudfront.net *.facebook.net *.arcot.com live.sagepay.com player.vimeo.com tpc.googlesyndication.com players.brightcove.net qpcr.probefinder.com *.eloqua.com *.hotjar.com *.soundcloud.com *.facebook.com *.google.com *.googletagmanager.com *.youtube-nocookie.com *.youtube.com *.mendeley.com *.force.com https://cdn.walkme.com/*; worker-src 'self' *.roche.com *.roche.net *.gene.com; frame-ancestors 'self' *.roche.com *.roche.net *.gene.com datastudio.google.com sites.google.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com *.cloudflareworkers.com; form-action 'self' *.roche.com *.roche.net *.gene.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com; base-uri 'self' *.roche.com *.roche.net *.gene.com *.secure.roche.com; report-uri https://ayba8dhs.uriports.com/reports/report; report-to default 3
script-src 'self' addtocalendar.com cdn.amcharts.com cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://script.crazyegg.com https://stage-unifiedsearch.geapps.io https://unifiedsearch.geapps.io https://unpkg.com; script-src-attr 'self'; style-src 'self' addtocalendar.com cdn.jsdelivr.net cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://stage-unifiedsearch.geapps.io https://unifiedsearch.geapps.io maxcdn.bootstrapcdn.com; style-src-attr 'self'; frame-ancestors 'self' 3
frame-ancestors 'self'; block-all-mixed-content;script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://cdn.jsdelivr.net https://connect.facebook.net https://munchkin.marketo.net https://script.crazyegg.com https://static.zdassets.com https://js.hs-scripts.com https://js.hs-banner.com https://js.hsadspixel.net https://js.hs-analytics.net https://cdn.cookie-script.com https://s.adroll.com https://c.seznam.cz https://mc.yandex.ru https://static.zdassets.com https://www.snapengage.com https://*.googleapis.com https://d.adroll.com https://snap.licdn.com https://storage.googleapis.com https://u.heatmap.it https://script.hotjar.com https://static.hotjar.com https://*.doubleclick.net https://*.google.com https://*.cloudfront.net https://*.googleadservices.com https://*.googlesyndication.com https://*.googletagservices.com https://*.googleoptimize.com https://*.nebula.zyxel.com https://cdnjs.cloudflare.com https://google-analytics.com https://maxcdn.bootstrapcdn.com https://netdna.bootstrapcdn.com https://static.addtoany.com https://stackpath.bootstrapcdn.com https://ssl.google-analytics.com https://www.google-analytics.com https://*.zyxel.com https://*.myzyxel.com;style-src 'self' 'report-sample' 'unsafe-inline' *.nebula.zyxel.com *.google.com *.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net *.googleapis.com https://*.s3.amazonaws.com https://www.gstatic.com;object-src *.googlesyndication.com;child-src 'self' blob: *.addtoany.com *.googlesyndication.com *.google.com *.doubleclick.net;base-uri 'self';form-action 'self' *.google.com;worker-src 'self' blob: www.google.com; 3
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://bgr.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 3
child-src 'self' tickets.papaki.com help.papaki.com support.papaki.gr accounts.google.com cdn.papaki.com payform.everypay.gr esecure.sia.eu payform-api.everypay.gr tpc.googlesyndication.com vpos.eurocommerce.gr; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: wss:; form-action 'self' vpos.eurocommerce.gr www.facebook.com eu.gateway.mastercard.com; frame-ancestors 'self'; frame-src 'self' https:; img-src 'self' data: https:; font-src 'self' https:; media-src assets-eu1-cloud.deskpro.com cdn.papaki.com; object-src 'self'; style-src 'self' 'unsafe-inline' assets-eu1-cloud.deskpro.com cdn.papaki.com cdnjs.cloudflare.com code.jquery.com fonts.googleapis.com maxcdn.bootstrapcdn.com; report-uri https://53af897d0dcebe7788bb17e0b500e3ef.report-uri.com/r/d/csp/wizard 3
default-src https: 'unsafe-inline' data: 3
script-src 'self'; 3
upgrade-insecure-requests; base-uri 'self'; style-src-attr 'unsafe-inline'; style-src-elem 'unsafe-inline' https://fonts.googleapis.com https://sdk.primer.io https://a.loveholidays.com; report-uri /csp-report/ 3
default-src 'none'; form-action https://tr.snapchat.com https://nowtv.secure.force.com https://nowtv.my.salesforce.com https://nowtv.my.salesforce-sites.com; font-src 'self' https://web.static.nowtv.com https://www.sky.com https://static.skyassets.com https://*.leadoo.com https://cdn-eu.dynamicyield.com https://fonts.gstatic.com https://use.fontawesome.com https://cdn.braze.eu data: https://tr.snapchat.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://web.static.nowtv.com https://cdn3.optimizely.com https://cdn.optimizely.com https://cmp.sky.de https://cdn-eu.dynamicyield.com https://st-eu.dynamicyield.com https://*.content-square.fr https://*.contentsquare.net https://analytics.global.sky.com https://*.demdex.net https://d3c3cq33003psk.cloudfront.net https://connect.facebook.net https://static.ads-twitter.com https://analytics.twitter.com https://*.doubleclick.net https://www.googleadservices.com https://*.myvisualiq.net https://www.dwin1.com https://www.zenaps.com https://polyfill.io https://browser.sentry-cdn.com https://whatfix.com https://*.salesforce.com https://*.salesforceliveagent.com https://nowtv.my.salesforce.com https://*.force.com https://*.salesforce-sites.com https://opentag-stats.qubit.com https://*.sp-prod.net https://smetrics.sky.com https://smetrics.nowtv.com https://cdn.privacy-mgmt.com https://assets.adobedtm.com https://tapestry.tapad.com https://bat.bing.com https://www.googletagmanager.com https://help.nowtv.com https://core.spreedly.com https://the.sciencebehindecommerce.com https://*.klarnacdn.net https://*.klarnaservices.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://sc-static.net https://cl.qualaroo.com/ https://help.stage.nowtv.com https://*.leadoo.com https://analytics.tiktok.com https://s.pinimg.com https://cdn.ravenjs.com https://smct.co https://js.smct.co https://ipb.smct.co https://js.smct.io https://www.google-analytics.com https://www.google.com https://secure.quantserve.com https://gdpr-tcfv2.sp-prod.net https://jssdkcdns.mparticle.com https://www.redditstatic.com https://www.paypal.com https://servedby.flashtalking.com; connect-src 'self' https://*.nowtv.com https://*.optimizely.com https://direct.dy-api.eu https://direct-collect.dy-api.eu https://async-px-eu.dynamicyield.com https://rcom-eu.dynamicyield.com https://cmp.sky.de https://*.ottcds.com https://*.skycdc.com https://*.sky.at https://*.bskyb.com https://*.sky.com https://ott-clients.s3.amazonaws.com https://*.demdex.net https://graph.facebook.com https://connect.facebook.com https://*.contentsquare.net wss://*.nowtv.lightstreamer.com https://*.nowtv.lightstreamer.com wss://*.nowtv-dev.lightstreamer.com https://*.nowtv-dev.lightstreamer.com https://*.force.com https://*.salesforce.com https://*.salesforce-sites.com https://opentag-stats.qubit.com  https://*.sp-prod.net https://sourcepoint.mgr.consensu.org https://cdn.privacy-mgmt.com https://dcd12547fac74c3cb90d3307a66b8089.apm.eu-west-1.aws.cloud.es.io https://9993578564234b6d9966074b92f26161.apm.us-east-1.aws.cloud.es.io https://cdn.privacy-mgmt.com https://bat.bing.com https://www.facebook.com https://the.sciencebehindecommerce.com https://sdk.fra-01.braze.eu https://*.klarnaevt.com https://*.klarnauserservices.com https://mytv.clients.stable-int.ott.sky wss://*.bskyb.com wss://*.nowtv.com https://tr.snapchat.com https://*.leadoo.com https://adm.dynamicyield.eu https://cdn-eu.dynamicyield.com https://px-eu.dynamicyield.com https://st-eu.dynamicyield.com https://analytics.tiktok.com https://js.smct.io https://js.smct.co https://ipb.smct.io https://ipb.smct.co https://dpm.demdex.net https://ct.pinterest.com https://jssdks.mparticle.com https://identity.mparticle.com https://checkoutshopper-test.adyen.com https://checkoutshopper-live.adyen.com https://www.paypal.com; img-src 'self' data: https://*.nowtv.com https://skyx.sky.at https://*.skyx.sky.at https://*.sky.com web.static.nowtv.com https://t.co https://www.facebook.com https://*.contentsquare.net https://www.awin1.com https://www.zenaps.com https://*.epgsky.com https://*.documentforce.com https://*.force.com https://*.salesforce.com https://*.salesforce-sites.com https://cm.everesttech.net https://*.demdex.net https://aa.agkn.com https://pm.w55c.net https://cm.everesttech.net https://*.adnxs.com https://*.doubleclick.net https://rtd.tubemogul.com https://analytics.twitter.com https://p.rfihub.com https://a.collective-media.net https://pixel.quantserve.com https://*.bing.com https://pixel.advertising.com https://image5.pubmatic.com https://a.tribalfusion.com https://cms.analytics.yahoo.com https://odr.mookie1.com https://dmp.v.fwmrm.net https://sync-tm.everesttech.net https://spl.zeotap.com https://uk.imageservice.sky.com https://ee1.uk.imageservice.sky.com http://ee1.uk.imageservice.sky.com https://smetrics.sky.com https://smetrics.nowtv.com https://*.myvisualiq.net https://tapestry.tapad.com https://www.googletagmanager.com https://www.google.com https://www.google.co.uk https://bat.bing.com https://cx.atdmt.com https://cdn.braze.eu http://imageservice.sky.com https://*.leadoo.com  https://cdn.dynamicyield.com https://analytics.tiktok.com https://s.pinimg.com https://events.smct.co https://res.newsletter.contact.sky https://ct.pinterest.com https://connect.facebook.net https://googleads.g.doubleclick.net https://www.pinterest.com https://t.myvisualiq.net https://www.gstatic.com https://www.redditstatic.com https://alb.reddit.com https://checkoutshopper-test.adyen.com https://checkoutshopper-live.adyen.com https://www.paypalobjects.com https://servedby.flashtalking.com; style-src 'self' 'unsafe-inline' https://static.skyassets.com https://web.static.nowtv.com https://*.salesforce.com https://*.force.com https://*.salesforce-sites.com https://help.nowtv.com https://*.leadoo.com https://cdn-eu.dynamicyield.com https://fonts.googleapis.com  https://use.fontawesome.com; media-src 'self' data: blob: distro002-gb-vod-prd-ak.cdn.skycdp.com https://*.sky.at https://*.nowtv.com; frame-src https://core.spreedly.com https://pay.sky.com https://signup.nowtv.com https://ottsas.sky.com https://client-payments.ott.sky.com https://web.static.nowtv.com https://uat-p.ottsas.sky.com https://client-payments.pfunc.ott.sky.com https://ad3.adfarm1.adition.com https://vars.hotjar.com https://bskyb.demdex.net https://nowtv.my.salesforce.com https://nowtv.secure.force.com https://nowtv.my.salesforce-sites.com https://*.sp-prod.net https://cdn.privacy-mgmt.com https://*.fls.doubleclick.net https://*.klarna.com https://*.klarnacdn.net https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://dntcl.qualaroo.com/ https://tr.snapchat.com https://js.smct.io https://js.smct.co https://www.zenaps.com https://checkoutshopper-test.adyen.com https://checkoutshopper-live.adyen.com https://www.paypal.com https://ct.pinterest.com https://www.youtube.com; worker-src blob:; prefetch-src 'self' https://web.static.nowtv.com/; upgrade-insecure-requests; 3
base-uri 'none'; report-uri https://vault.gostatera.com/collect/csp 3
block-all-mixed-content; report-uri https://events.ocdn.eu/v2/csp-report?_ac=events&_fv=www.onet.pl::R_APROD_3_7_0 3
default-src 'self'; connect-src 'self' https://analytics.pangle-ads.com https://analytics.tiktok.com https://api-js.mixpanel.com https://bat.bing.com https://d1lu3pmaz2ilpx.cloudfront.net https://d330aiyvva2oww.cloudfront.net https://dvqigh9b7wa32.cloudfront.net https://getroman.pxf.io https://*.clarity.ms https://stats.g.doubleclick.net https://www.google-analytics.com https://rum.browser-intake-datadoghq.com https://sslwidget.criteo.com https://dynamic.criteo.com https://www.facebook.com https://www.google.com https://adservice.google.com https://pagead2.googlesyndication.com https://region1.google-analytics.com https://client-analytics.braintreegateway.com https://payments.braintree-api.com https://maps.googleapis.com https://us-street.api.smartystreets.com https://measurement-api.criteo.com https://www.paypal.com https://vimeo.com https://api.braintreegateway.com https://assets.ctfassets.net https://sentry.ro.co https://login.ro.co; font-src 'self' https: data:; frame-src https://gum.criteo.com https://www.facebook.com https://www.youtube.com https://iframe.ro.co https://gumi.criteo.com https://static.criteo.net https://js.stripe.com https://checkout.paypal.com https://www.sandbox.paypal.com https://td.doubleclick.net https://tpc.googlesyndication.com https://player.vimeo.com https://fledge.us.criteo.com https://www.paypal.com https://www.paypalobjects.com; img-src 'self' https: data:; manifest-src 'self'; media-src 'self' data: https://videos.ctfassets.net https://player.vimeo.com https://download-video.akamaized.net; object-src none; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://acdn.adnxs.com https://analytics.tiktok.com https://bat.bing.com https://connect.facebook.net https://d2hrivdxn8ekm8.cloudfront.net https://dynamic.criteo.com https://googleads.g.doubleclick.net https://sslwidget.criteo.com https://start.ro.co https://utt.impactcdn.com https://www.clarity.ms https://www.datadoghq-browser-agent.com https://www.google-analytics.com https://www.googleadservices.com https://www.googleoptimize.com https://www.googletagmanager.com https://maps.googleapis.com https://polyfill.io https://static.legitscript.com https://stats.wp.com https://ajax.cloudflare.com https://js.stripe.com https://www.paypal.com https://js.braintreegateway.com https://player.vimeo.com https://www.paypalobjects.com https://cdn.jsdelivr.net/npm/@editorjs/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; worker-src 'self' blob:; report-uri https://healthbyro.report-uri.com/r/t/csp/reportOnly 3
frame-src https://www.facebook.com https://go.nexon.com.au *.google.com; 3
default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.adobedtm.com *.amazon-adsystem.com *.appdemostore.com *.atdmt.com *.avocet.io *.blubrry.com *.clicktale.net *.craftyclicks.co.uk *.doubleclick.net *.everesttech.net *.facebook.com *.facebook.net *.fca.org.uk *.google.co.uk *.google.com *.googleadservices.com *.jwpcdn.com *.liveperson.net *.linkedin.com *.lpsnmedia.net *.neolane.net *.omguk.com *.omtrdc.net *.pinimg.com *.pinterest.com *.raptmedia.com *.rbos.com *.rbs.co.uk *.rbs.com *.rbsdigital.com *.supportcentre-rbs.co.uk *.snapchat.com *.userzoom.com *.youtube.com *.ytimg.com analytics.twitter.com api.swiftype.com dcs.demdex.net dpm.demdex.net fast.demdex.net fast.rbs.demdex.net jwpltx.com rbs.demdex.net sc-static.net search-rbs.co.uk *.qumucloud.com static.ads-twitter.com t.co www.brightedge.com;https://public.tableau.com; upgrade-insecure-requests; report-uri https://rbspersonal.report-uri.com/r/t/csp/reportOnly 3
default-src 'self' https://*.ebizautos.com; img-src *; script-src 'self' 'unsafe-inline' *; font-src *; media-src *; frame-src *; manifest-src 'self'; style-src 'self' 'unsafe-inline' *; connect-src https://*; object-src 'none'; worker-src 'none'; base-uri 'self'; 3
frame-ancestors 'self'; report-uri /stf/reportiframe 3
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: ipinfo.io cmp.osano.com *.gstatic.com commento.io bam.nr-data.net region1.google-analytics.com ficodotcom.prod.acquia-sites.com c.cintnetworks.com www.googletagmanager.com www.fico.com pi.pardot.com *.optimizely.com www.youtube.com cdn.jsdelivr.net wec-assets.terminus.services www.google-analytics.com js.driftt.com js-agent.newrelic.com consent.api.osano.com cdn.commento.io *.vimeo.com content.fico.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 3
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; media-src https: http: rtsp: rtmp: data:; report-uri /csp-report 3
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.parisaeroport.fr www.google.no www.google.ca search.aeroportsdeparis.fr www.google.cz api.geevisit.com www.google.pt *.clarity.ms analytics.google.com www.addictive-tracker.com *.googleapis.com manager.tagcommander.com www.google.co.uk api.geetest.com static.parisaeroport.fr cms.analytics.yahoo.com www.google.be sync.srv.stackadapt.com static.geetest.com www.google.at cdn.tagcommander.com www.google.it cdn.trustcommander.net www.youtube.com services.arcgisonline.com *.demdex.net *.gstatic.com *.adsrvr.org www.google.dk ssl.google-analytics.com region1.analytics.google.com www.googletagmanager.com *.facebook.com tag.yieldoptimizer.com c.bing.com *.facebook.net privacy.trustcommander.net www.google.nl www.google-analytics.com ipapi.co *.googleusercontent.com *.doubleclick.net tag.adaraanalytics.com www.google.fi www.google.de *.arcgis.com translate.google.com www.misterfly.com www.google.fr www.google.com github.com www.google.co.jp *.commander1.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 3
font-src fonts.gstatic.com use.typekit.net *.fontawesome.com data: *.gstatic.com *.googleapis.com *.klarnacdn.net *.worldpay.com *.cnetcontent.com *.1worldsync.com *.designo.software *.cloudflare.com static.criteo.net data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://secure-test.worldpay.com/shopper/3ds/ddc.html *.bazaarvoice.com www.facebook.com api.bazaarvoice.com stg.api.bazaarvoice.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com https://pay.google.com https://secure-test.worldpay.com *.bazaarvoice.com *.worldpay.com *.ometria.com *.sitescout.com *.doubleclick.net *.pixel.ad *.veinteractive.com www.facebook.com *.zenaps.com campaign.odicci.com g3d-app.com services.sdiapi.com *.addthis.com *.addtoany.com *.twitter.com *.ryman.co.uk *.robertdyas.co.uk *.londongraphics.co.uk *.commbox.io *.klarnaservices.com *.klarna.com *.google.com *.hotjar.com *.hotjar.io *.lightwidget.com www.paypalobjects.com ometria.email display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.criteo.com *.criteo.net *.pinterest.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.cloudflare.com *.gstatic.com *.bazaarvoice.com apps.bumpyardpro.com images.unsplash.com source.unsplash.com *.ryman.co.uk *.robertdyas.co.uk *.londongraphics.co.uk *.brsrvr.com cm.everesttech.net *.ometria.com *.googleapis.com *.awin1.com *.zenaps.com *.doubleclick.net *.sitescout.com *.google.com *.pixel.ad assets.robertdyas-static.co.uk www.google.com.ua www.google.com.uk www.facebook.com robertdyasuk.twgdns.com *.klarnacdn.net *.clarity.ms *.bing.com *.assets-servd.host *.contentsquare.net apps.commbox.io *.amazonaws.com *.twimg.com *.twitter.com *.cnetcontent.com *.1worldsync.com g3d-app.com *.cloudfront.net *.ediemidnightzombies.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com www.feedoptimise.com cdn.feedoptimise.com *.designo.software *.google.co.uk *.superpointlesshamsters.com *.criteo.com *.criteo.net *.nr-data.net tprg.cloudflareaccess.com *.google.co.in data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com *.newrelic.com *.nr-data.net assets.adobedtm.com commerce.adobe.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com https://storage.googleapis.com/prshim/v1/payment-shim.js https://www.google.com/recaptcha/api.js *.gstatic.com *.cloudflare.com https://pay.google.com/gp/p/js/pay.js https://payments.worldpay.com/resources/cse/js/worldpay-cse-1.0.2.min.js *.bazaarvoice.com *.iesnare.com apps.bumpyardpro.com *.brsrvr.com www.google.com *.cnetcontent.com *.worldpay.com *.ometria.com *.googleapis.com *.serving-sys.com *.doubleclick.net *.flx1.com *.veinteractive.com *.dwin1.com *.criteo.com static.cloudflareinsights.com *.criteo.net snap.licdn.com g3d-app.com *.klarnacdn.net *.klarnaservices.com *.facebook.net *.sdiapi.com *.googleoptimize.com *.taggstar.com *.commbox.io *.clarity.ms *.bing.com *.hotjar.com bam-cell.nr-data.net cdn.cookielaw.org *.contentsquare.net *.addthis.com *.addtoany.com *.addthisedge.com *.twitter.com *.twimg.com *.google.com *.1worldsync.com *.lightwidget.com *.ediemidnightzombies.com smct.co s7.addthis.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com www.feedoptimise.com cdn.feedoptimise.com *.designo.software *.moatads.com *.superpointlesshamsters.com *.flockr.co *.webtrends-optimize.com cdn.attn.tv *.webtrends-optimize.workers.dev *.attentivemobile.com ryman-gb.attn.tv robertdyas-gb.attn.tv 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.cloudflare.com *.fontawesome.com *.bazaarvoice.com *.cnetcontent.com apps.bumpyardpro.com *.googleapis.com cdn.taggstar.com cdn.cookielaw.org *.klarnacdn.net *.commbox.io *.worldpay.com *.twitter.com *.google.com *.1worldsync.com display.ugc.bazaarvoice.com *.designo.software *.flockr.co 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com apps.bumpyardpro.com apps.commbox.io *.cnetcontent.com *.1worldsync.com *.designo.software static.criteo.net 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.snplow.net commerce.adobedc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.net *.bolt.com qa-api.magedevteam.com *.bazaarvoice.com *.dxpapi.com api.edq.com *.ometria.com *.demdex.net *.serving-sys.com *.veinteractive.com *.sdiapi.com rum-collector-2.pingdom.net bam-cell.nr-data.net api.taggstar.com *.sciencebehindecommerce.com *.klarnaservices.com *.klarnacdn.net *.klarnaevt.com *.googleapis.com *.clarity.ms *.worldpay.com pay.google.com *.google.com *.hotjar.com *.hotjar.io wss://*.hotjar.com wss://*.hotjar.io cdn.cookielaw.org *.contentsquare.net *.onetrust.com *.cloudhub.io *.ryman.co.uk *.robertdyas.co.uk *.londongraphics.co.uk *.1worldsync.com *.cnetcontent.com *.addthis.com *.doubleclick.net *.ediemidnightzombies.com ekr.zdassets.com/ api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.google.com.ua bat.bing.com *.taggstar.com *.google.co.uk *.superpointlesshamsters.com *.criteo.com *.criteo.net 'self' 'unsafe-inline'; child-src *.criteo.com *.criteo.net http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
default-src 'self' *.smartschool.be; script-src 'self' 'unsafe-inline' 'unsafe-eval' c0.wp.com https://ssl.p.jwpcdn.com stats.wp.com use.typekit.net p.jwpcdn.com *.google-analytics.com; script-src-attr 'none'; style-src 'self' *.smartschool.be 'unsafe-inline' c0.wp.com; font-src 'self' *.smartschool.be *.typekit.net wordpress.com data:; img-src 'self' *.typekit.net pixel.wp.com *.google-analytics.com stats.g.doubleclick.net data:; connect-src performance.typekit.net stats.g.doubleclick.net; report-uri /csp-violation.php 3
default-src * data:;   script-src * 'unsafe-eval';   script-src-elem * 'unsafe-inline';   script-src-attr *;   style-src * 'unsafe-inline' blob:;   style-src-elem * 'unsafe-inline';   style-src-attr * 'unsafe-inline';   img-src * 'self' data: blob:;   font-src * 'self' data: blob:;   connect-src * 'self' blob:;   media-src * 'self' blob:;   object-src * 'self' 'unsafe-inline' blob:;   prefetch-src * 'self' blob:;   child-src * 'self' blob:;   frame-src * 'self' blob:;   worker-src * 'self' blob:;   frame-ancestors * 'self' blob:;   form-action *;   upgrade-insecure-requests;   base-uri * 'self';   manifest-src * blob: sandbox allow-downloads allow-forms allow-modals allow-popups allow-same-origin allow-scripts allow-top-navigation allow-top-navigation-to-custom-protocols; 3
frame-ancestors 'self' ; object-src 'none' ; report-uri https://cspreports.realpage.com/api/reports/save/report-only; 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.forgerock.com *.wistia.com *.wistia.net *.listenloop.com *.company-target.com *.google-analytics.com *.googleoptimize.com *.mktoresp.com *.doubleclick.net *.driftt.com *.techtarget.com *.driftqa.com *.pingdom.net *.swiftypecdn.com *.swiftype.com *.abtasty.com *.cookielaw.org *.hotjar.com *.hotjar.io *.nr-data.net *.marketo.com *.twitter.com *.soundcloud.com *.youtube.com *.akamaihd.net *.bing.com *.clarity.ms app.hushly.com hubfront.hushly.com cdn.bizible.com *.acquia.com *.bugsnag.com *.acquia.io *.demandbase.com; font-src * data:; frame-src 'self' static.addtoany.com *.lift.acquia.com *.acquia.io s.company-target.com go.forgerock.com fast.wistia.net; img-src * data: blob:; media-src * blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.forgerock.com *.google.com *.googletagmanager.com *.google-analytics.com *.googleoptimize.com *.mktoresp.com cdn.bizible.com *.googleadservices.com *.twitter.com *.ads-twitter.com *.licdn.com *.engagio.com *.listenloop.com *.demandbase.com *.driftt.com *.facebook.net *.adroll.com *.adroll.mgr.consensu.org *.newrelic.com *.hotjar.com googleads.g.doubleclick.net https://dn1f1hmdujj40.cloudfront.net *.swiftypecdn.com geoip-js.com *.pingdom.net *.abtasty.com *.techtarget.com *.cookielaw.org *.nr-data.net *.marketo.com *.marketo.net *.twimg.com app.hushly.com hubfront.hushly.com *.jquery.com *.onetrust.com *.maxmind.com s3.amazonaws.com *.bugsnag.com *.wistia.net *.bing.com *.clarity.ms www.forgerock.com *.lift.acquia.com *.acquia.io http://www.forgerock.com blob: *.adoberesources.net cdn.jsdelivr.net https://fast.wistia.com https://fast.wistia.net https://static.addtoany.com https://unpkg.com; style-src 'self' 'unsafe-inline' *.forgerock.com *.googleapis.com *.cloudflare.com *.swiftypecdn.com *.driftt.com *.marketo.com *.wistia.com *.wistia.net *.twitter.com *.twimg.com app.hushly.com hubfront.hushly.com *.typekit.net; report-uri https://forgerock.report-uri.com/r/t/csp/reportOnly 3
font-src *.head.com *.head-test.com *.zoggs.com *.zoggs-test.com *.mares.com *.mares-test.com *.tyrolia.com *.tyrolia-test.com cloud.webtype.com use.fontawesome.com *.hotjar.com oppwa.com *.oppwa.com *.fontawesome.com *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.facebook.com oppwa.com *.oppwa.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.adyen.com *.awin1.com *.zenaps.com *.fls.doubleclick.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.head.com *.head-test.com *.zoggs.com *.zoggs-test.com *.mares.com *.mares-test.com *.tyrolia.com *.tyrolia-test.com *.cookiebot.com www.youtube.com vars.hotjar.com oppwa.com *.oppwa.com *.adventr.io *.mainadv.com *.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.adyen.com *.awin1.com *.zenaps.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.head.com *.head-test.com *.zoggs.com *.zoggs-test.com *.mares.com *.mares-test.com *.tyrolia.com *.tyrolia-test.com pls.webtype.com www.w3.org data: www.google.com www.google.de www.google.com.ua googleads.g.doubleclick.net stats.g.doubleclick.net www.google-analytics.com *.ytimg.com bat.bing.com head.locally.com *.hotjar.com img.youtube.com *.oppwa.com oppwa.com *.ometria.com *.crobox.io *.crobox.com https://a.klaviyo.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com www.google-analytics.com www.youtube.com *.adyen.com *.awin1.com www.dwin1.com *.zenaps.com https://the.sciencebehindecommerce.com jquery.sellxed.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.head.com *.head-test.com *.zoggs.com *.zoggs-test.com *.mares.com *.mares-test.com *.tyrolia.com *.tyrolia-test.com js-agent.newrelic.com bam.nr-data.net www.google.com *.googleapis.com *.scarabresearch.com head.locally.com bat.bing.com hit.uptrendsdata.com/ static.hotjar.com script.hotjar.com www.googleadservices.com *.cookiebot.com connect.getflowbox.com www.gstatic.com *.abtasty.com *.oppwa.com oppwa.com *.ometria.com *.upsellit.com *.crobox.io https://static.klaviyo.com https://fast.a.klaviyo.com *.yotpo.com *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.head.com *.head-test.com *.zoggs.com *.zoggs-test.com *.mares.com *.mares-test.com *.tyrolia.com *.tyrolia-test.com cloud.webtype.com use.fontawesome.com oppwa.com *.oppwa.com *.typenetwork.com *.fontawesome.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src *.head.com *.head-test.com *.zoggs.com *.zoggs-test.com *.mares.com *.mares-test.com *.tyrolia.com *.tyrolia-test.com 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adyen.com https://the.sciencebehindecommerce.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.head.com *.head-test.com *.zoggs.com *.zoggs-test.com *.mares.com *.mares-test.com *.tyrolia.com *.tyrolia-test.com bam.nr-data.net webchannel-content.eservice.emarsys.net recommender-eu.scarabresearch.com www.google-analytics.com stats.g.doubleclick.net bat.bing.com *.hotjar.com *.hotjar.io wss://*.hotjar.com oppwa.com *.oppwa.com hit.uptrendsdata.com/ *.abtasty.com *.paypal.com https://static.klaviyo.com https://fast.a.klaviyo.com *.yotpo.com 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com http: https: blob: 'self' 'unsafe-inline'; default-src *.head.com *.head-test.com *.zoggs.com *.zoggs-test.com *.mares.com *.mares-test.com *.tyrolia.com *.tyrolia-test.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.cookielaw.org https://geolocation.onetrust.com https://cdn.livechatinc.com https://api.livechatinc.com https://www.googletagmanager.com https://www.google-analytics.com https://siteimproveanalytics.com https://scripts.demandbase.com https://edge.fullstory.com https://rs.fullstory.com https://js.adsrvr.org https://www.googleadservices.com https://googleads.g.doubleclick.net https://js-agent.newrelic.com https://bam.nr-data.net https://s.go-mpulse.net cdn.jsdelivr.net cdnjs.cloudflare.com https://cdn.siteimprove.net; script-src-attr 'self'; script-src-elem 'self' 'unsafe-inline' https://cdn.cookielaw.org https://geolocation.onetrust.com https://cdn.livechatinc.com https://api.livechatinc.com https://www.googletagmanager.com https://www.google-analytics.com https://siteimproveanalytics.com https://scripts.demandbase.com https://edge.fullstory.com https://rs.fullstory.com https://js.adsrvr.org https://www.googleadservices.com https://googleads.g.doubleclick.net https://s.go-mpulse.net cdn.jsdelivr.net cdnjs.cloudflare.com https://cdn.siteimprove.net; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net; style-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self'; report-uri https://www.hitmanpro.com/en-us/report-uri/reportOnly 3
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: a.omappapi.com *.hubspot.com services.postcodeanywhere.co.uk *.azure.com tracking.g2crowd.com a.opmnstr.com forms.hsforms.com *.wistia.com tag.demandbase.com scout.salesloft.com js.hs-scripts.com monitor.clickcease.com *.onetrust.com content.hotjar.io ipv6.6sc.co appapi.loqate.com b.6sc.co j.6sc.co *.doubleclick.net *.gbgplc.com www.google.co.uk www.google.com t.co *.licdn.com region1.google-analytics.com *.twitter.com *.ads-twitter.com adservice.google.com tiles.platform.loqate.com perf-na1.hsforms.com js.hs-banner.com *.facebook.net unpkg.com scout-cdn.salesloft.com *.hotjar.com www.clickcease.com www.googletagmanager.com js.hsadspixel.net cdnjs.cloudflare.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: ; img-src 'self' data: secure.gravatar.com www.gravatar.com; report-uri https://www.e2open.com?gdsih-csp-report; 3
frame-src 'self'             https://*.adyen.com             *.cookiebot.com             https://apps.apple.com             https://*.zebet.fr             https://*.zebet.com             https://*.zebet.be             https://*.zebet.es             https://*.zebet.nl             https://*.zeturf.be             https://*.zeturf.com             https://*.zeturf.es             https://*.zeturf.fr             https://*.zeturf.nl             https://*.m-itrust.com             https://*.redsys.es             https://*.apata.io             https://*.abanca.com             https://*.n26.com             https://*.postfinance.ch             https://*.ing.fr             https://*.monext.fr             https://*.ing.com             https://*.vinea.es             https://*.verifiedbyvisa.com             https://*.cic.fr             https://*.cm-cic.com             https://*.creditmutuel.fr             https://*.modirum.com             https://*.gbp.ma             https://*.cornercard.ch             https://*.wlp-acs.com ;    report-uri /en/webservice/api/report-csp 3
default-src 'self';base-uri 'self';script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline';script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' www.googletagmanager.com www.google-analytics.com *.getsmartcontent.com *.cookielaw.org fast.wistia.net *.fls.doubleclick.net;frame-src 'self' *.youtube.com script.hotjar.com vars.hotjar.com *.ceros.com *.guardiananytime.com *.adsrvr.org my.visme.co *.ipipeline.com guardianlife.com *.guardianlife.com guardianlife.uat.aws.glic.com *.bound360.com tagmanager.google.com www.podbean.com cloud.alert.guardiandirect.com cloud.connect.guardian pixel.mathtag.com/ pi.pardot.com go.pardot.com connect.guardiangroupbenefits.com guardianabsence.webflow.io *.ebix.com;font-src 'self' data: fast.wistia.net;media-src 'self' data: blob:;connect-src 'self' *.onetrust.com www.google-analytics.com *.cookielaw.org collectorprod.glic.com cdn.segment.com api.segment.io;style-src 'self' 'unsafe-inline' https:;object-src 'none';img-src 'self' data: *.ctfassets.net fast.wistia.net 3
default-src 'none'; style-src 'self' 'unsafe-inline' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src rs.fullstory.com/rec/bundle https:; font-src 'self' https: data:; img-src 'self' *.csagroup.org *.wpengine.com p.typekit.net stats.g.doubleclick.net www.google.ca/ads www.google.com/ads www.google-analytics.com https: data:; object-src 'none'; upgrade-insecure-requests; report-uri https://csagroup.report-uri.com/r/d/csp/reportOnly; 3
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudflare.com *.adbr.io fonts.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.adabra.com 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com *.doubleclick.net *.facebook.com *.trustpilot.com *.criteo.com *.cookiebot.com *.youtube.com *.hotjar.com *.adbr.io ad4m.at *.ad4m.at service.force.com *.marketingspray.com *.criteo.net *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.google.de *.google.it *.bing.com *.adbr.io maps.googleapis.com *.ad4m.at ih.adscale.de rtb-csync.smartadserver.com simage2.pubmatic.com dsum-sec.casalemedia.com *.twiago.com ad.yieldlab.net *.marketingspray.com *.adform.net *.clarity.ms *.bidswitch.net *.adnxs.com *.media.net *.rubiconproject.com *.sharethrough.com *.taboola.com *.teads.tv *.3lift.com *.yahoo.com *.omnitagjs.com *.casalemedia.com *.criteo.com id5-sync.com *.360yield.com *.ivitrack.com *.mediavine.com *.outbrain.com *.tremorhub.com *.yieldmo.com *.krxd.com *.thebrighttag.com maps.gstatic.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.trustpilot.com *.criteo.com *.criteo.net *.newrelic.com *.cookiebot.com bam.nr-data.net *.google.de *.google.it *.bing.com *.hotjar.com *.adbr.io ad4m.at pushpad.xyz service.force.com *.salesforceliveagent.com *.marketingspray.com *.shippypro.com *.kk-resources.com *.farmae.it *.clarity.ms *.googleoptimize.com *.tiktok.com *.dwin1.com sdk.privacy-center.org api.privacy-center.org *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com cdn.scalapay.com b2c-cdn.scalapay.com maps.googleapis.com tracking.trovaprezzi.it www.trovaprezzi.it 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudflare.com *.adbr.io service.force.com *.shippypro.com cdn.dnky.co webchat.dotdigital.com fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.google-analytics.com *.facebook.com *.facebook.net *.google.com bam.nr-data.net *.doubleclick.net *.trustpilot.com pagead2.googlesyndication.com consentcdn.cookiebot.com *.adbr.io *.googleapis.com *.shippypro.com pushpad.xyz *.clarity.ms *.tiktok.com *.criteo.com sdk.privacy-center.org api.privacy-center.org *.hotjar.io *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
default-src 'self' https://*.trustage.com;connect-src 'self' https://*.optimizely.com https://pagead2.googlesyndication.com https://cdn.linkedin.oribi.io https://s.yimg.com https://us-central1-adaptive-growth.cloudfunctions.net https://googleads.g.doubleclick.net https://www.google.com https://analytics.google.com https://cdn.cookielaw.org https://*.trustage.com https://cunamutual.okta.com https://*.bing.com https://www.googleadservices.com https://www.google-analytics.com https://*.qualtrics.com https://dc.services.visualstudio.com https://*.levelaccess.net https://www.googletagmanager.com https://*.googleapis.com https://*.oktacdn.com https://signal-intent-production-back.herokuapp.com https://stats.g.doubleclick.net;frame-ancestors 'self' https://*.optimizely.com https://*.trustage.com;frame-src 'self' https://a25241461358.cdn.optimizely.com https://a25241461358.cdn-pci.optimizely.com https://td.doubleclick.net https://8689224.fls.doubleclick.net https://*.trustage.com https://*.trustpilot.com https://*.flashtalking.com https://*.google.com https://*.qualtrics.com https://*.oktacdn.com https://www.googletagmanager.com https://az416426.vo.msecnd.net;script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com https://static.trustage.cloud https://snap.licdn.com https://cdn.pdst.fm https://connect.facebook.net https://s.yimg.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://cdn.cookielaw.org/ https://*.trustage.com https://*.salesforceliveagent.com https://*.oktacdn.com https://*.trustpilot.com https://*.gstatic.com https://*.googletagmanager.com https://az416426.vo.msecnd.net https://*.levelaccess.net https://www.google-analytics.com https://*.qualtrics.com https://www.googleoptimize.com https://bat.bing.com https://*.google.com https://*.signalintent.com https://solutions.invocacdn.com https://pnapi.invoca.net;style-src 'self' 'unsafe-inline' https://*.trustage.com https://*.trustpilot.com https://*.google.com https://*.googleapis.com https://*.signalintent.com https://rsms.me;img-src 'self' 'unsafe-inline' data: https://www.linkedin.com https://ad.doubleclick.net https://sp.analytics.yahoo.com https://www.facebook.com https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://insurance.mediaalpha.com https://cdn.cookielaw.org https://*.trustage.com https://*.force.com https://bat.bing.com https://www.google-analytics.com https://www.googletagmanager.com https://trustageimages.azureedge.net https://*.google.com https://*.qualtrics.com https://*.gstatic.com;font-src 'self' data: https://fonts.gstatic.com https://embed.signalintent.com https://fonts.googleapis.com https://rsms.me;report-uri /api/csp/report; 3
font-src https://geowidget.easypack24.net *.fontawesome.com fonts.gstatic.com fonts.googleapis.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de sandbox.przelewy24.pl secure.przelewy24.pl *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com https://vars.hotjar.com/ https://geowidget-app.inpost.pl/ pay.google.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org static.przelewy24.pl www.gstatic.com gstatic.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com https://vars.hotjar.com/ https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org sandbox.przelewy24.pl secure.przelewy24.pl pay.google.com *.avada.io *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com https://geowidget.easypack24.net https://geowidget.inpost.pl *.cloudfront.net *.fontawesome.com fonts.googleapis.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://geowidget.easypack24.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com *.easypack24.net *.inpost.pl *.openstreetmap.org sandbox.przelewy24.pl secure.przelewy24.pl wss://sandbox-ws.przelewy24.pl wss://secure-ws.przelewy24.pl apple-pay-gateway.apple.com https://get.geojs.io *.avada.io *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.clarity.ms oc-registry.opentable.com api-engage-us.sitecorecloud.io bat.bing.com *.boydgaming.com www.googletagmanager.com *.azureedge.net c.bing.com twin-iq.kickfire.com components.otstatic.com *.facebook.com *.cloudfront.net assets.adobedtm.com *.doubleclick.net www.youtube.com www.google-analytics.com adservice.google.com xd.wayin.com *.onetrust.com *.googleapis.com ad.ipredictive.com cdn.cookielaw.org menus.singleplatform.com places.singleplatform.com *.facebook.net www.google.com static.boydgaming.net www.opentable.com *.gstatic.com cdnjs.cloudflare.com youtube.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 3
default-src 'self' *.experteer.com gap://ready https:; font-src 'self' *.experteer.com fonts.gstatic.com https: data: 'unsafe-inline'; img-src 'self' *.experteer.com https: data: 'unsafe-inline'; object-src 'self'; script-src 'self' *.experteer.com www.google-analytics.com www.linkedin.com https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.experteer.com https: 'unsafe-inline'; connect-src 'self' *.experteer.com https: wss://ws.inspectlet.com www.google-analytics.com wss://ws.hotjar.com; report-uri https://www.experteer.com/csp_violation_notifications 3
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google.com.ua *.facebook.net *.zendesk.com www.youtube.com *.tiktok.com *.doubleclick.net www.google.com *.clarity.ms ekr.zdassets.com analytics.google.com *.facebook.com *.googleapis.com www.google-analytics.com static.zdassets.com adservice.google.com *.gstatic.com sensebank.com.ua www.googletagmanager.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 3
default-src 'self';           script-src 'self' 'unsafe-eval' 'unsafe-inline' pt www.googletagmanager.com *.dynatrace.com *.googleapis.com *.assurantsolutions.com *.optimizely.com www.google.com www.enterice.com www.google-analytics.com www.gstatic.com az416426.vo.msecnd.net ajax.aspnetcdn.com glassboxdigital.com cdn.gbqofs.com www.googleoptimize.com *.inmoment.com *.asapp.com *.trustarc.com stats.g.doubleclick.net;                   connect-src 'self' *.dynatrace.com *.optimizely.com www.enterice.com www.google-analytics.com dc.services.visualstudio.com report.assurant.gbqofs.io *.googleapis.com *.inmoment.com *.asapp.com *.trustarc.com stats.g.doubleclick.net;           img-src 'self' data: maps.gstatic.com *.googleapis.com *.ggpht.com www.trustlogo.com www.enterice.com www.google-analytics.com mywirelessclaim.com *.assurantsolutions.com www.google.com secure.comodo.com www.googletagmanager.com ajax.aspnetcdn.com mobileclaimstest.azureedge.net *.trustarc.com consent.truste.com stats.g.doubleclick.net;                       style-src 'self' 'unsafe-inline' fonts.googleapis.com www.enterice.com maxcdn.bootstrapcdn.com ajax.aspnetcdn.com *.asapp.com;           font-src 'self' fonts.gstatic.com *.trustarc.com;           frame-src 'self' *.optimizely.com www.google.com www.surveymonkey.com *.asapp.com *.trustarc.com;                    worker-src blob:;                        report-uri /umbraco/Surface/CSPReport/SaveCSPReport; 3
font-src https://www.gstatic.com https://fonts.gstatic.com *.fontawesome.com *.freshchat.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com *.sharethis.com *.instagram.com https://www.google.com *.multisafepay.com https://pay.google.com https://cyp.collectyourparcel.eu *.freshchat.com *.tangiblee.com td.doubleclick.net *.criteo.net *.criteo.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.sharethis.com *.cdninstagram.com https://static.buckaroo.nl *.multisafepay.com www.magmodules.eu *.squeezely.tech *.freshchat.com *.tangiblee.com *.thelittlegreenbag.nl *.thelittlegreenbag.com www.google.nl bat.bing.com *.criteo.net *.criteo.com *.adnxs.com *.doubleclick.net contextual.media.net pixel.rubiconproject.com rtb-csync.smartadserver.com sync-t1.taboola.com criteo-sync.teads.tv eb2.3lift.com s.thebrighttag.com ups.analytics.yahoo.com visitor.omnitagjs.com ad.360yield.com match.sharethrough.com criteo-partners.tremorhub.com ad.yieldlab.net beacon.krxd.net *.gstatic.com *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com *.sharethis.com *.instagram.com https://static.buckaroo.nl https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://buckaroo.nl https://www.google.com https://www.gstatic.com *.multisafepay.com https://pay.google.com squeezely.tech www.squeezely.tech *.squeezely.tech https://cyp.collectyourparcel.eu *.freshchat.com *.tangiblee.com *.analytics.google.com *.criteo.net *.criteo.com www.dwin1.com bat.bing.com *.trustedshops.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.sharethis.com https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl *.fontawesome.com *.multisafepay.com *.freshchat.com fonts.googleapis.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.sharethis.com https://static.buckaroo.nl wss://websockets.buckaroo.io/ https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://ipinfo.io *.multisafepay.com squeezely.tech *.squeezely.tech *.tangiblee.com *.analytics.google.com stats.g.doubleclick.net pagead2.googlesyndication.com *.criteo.net *.criteo.com *.trustedshops.com *.google-analytics.com *.facebook.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
upgrade-insecure-requests; default-src 'self' https: data: wss: 'unsafe-inline' 'unsafe-eval'; 3
report-uri https://o818257.ingest.sentry.io/api/5807773/security/?sentry_key=ed7ad4e8f86243c78f3011320dce22fe 3
base-uri 'self'; default-src 'self' https://*.google-analytics.com http://*.google-analytics.com *.google-analytics.com https://*.analytics.google.com http://*.analytics.google.com *.analytics.google.com https://stats.g.doubleclick.com http://stats.g.doubleclick.com stats.g.doubleclick.com https://*.searchiq.co http://*.searchiq.co *.searchiq.co https://*.gstatic.com http://*.gstatic.com *.gstatic.com https://*.googleapis.com http://*.googleapis.com *.googleapis.com https://*.cookielaw.com http://*.cookielaw.com *.cookielaw.com https://*.cookielaw.org http://*.cookielaw.org *.cookielaw.org https://*.cloudapi.de http://*.cloudapi.de *.cloudapi.de https://*.onetrust.com http://*.onetrust.com *.onetrust.com 'unsafe-inline' 'unsafe-eval'; child-src; connect-src 'self' https://cdn.cookielaw.org http://cdn.cookielaw.org cdn.cookielaw.org https://privacyportal-eu.onetrust.com http://privacyportal-eu.onetrust.com privacyportal-eu.onetrust.com; font-src 'self' https://privacyportal-eu-cdn.onetrust.com http://privacyportal-eu-cdn.onetrust.com privacyportal-eu-cdn.onetrust.com data:; form-action 'self'; frame-ancestors 'none'; frame-src 'self' https://tools.eurolandir.com http://tools.eurolandir.com tools.eurolandir.com https://*.instagram.com http://*.instagram.com *.instagram.com https://*.searchiq.co http://*.searchiq.co *.searchiq.co https://*.youtube.com http://*.youtube.com *.youtube.com https://*.hypemarks.com http://*.hypemarks.com *.hypemarks.com; img-src 'self' https://*.searchiq.co http://*.searchiq.co *.searchiq.co https://*.google-analytics.com http://*.google-analytics.com *.google-analytics.com https://*.analytics.google.com http://*.analytics.google.com *.analytics.google.com https://stats.g.doubleclick.com http://stats.g.doubleclick.com stats.g.doubleclick.com https://stats.g.doubleclick.net http://stats.g.doubleclick.net stats.g.doubleclick.net https://*.google.com http://*.google.com *.google.com https://*.google.co.uk http://*.google.co.uk *.google.co.uk https://*.cookielaw.org http://*.cookielaw.org *.cookielaw.org https://px.ads.linkedin.com http://px.ads.linkedin.com px.ads.linkedin.com https://*.linkedin.com http://*.linkedin.com *.linkedin.com https://*.facebook.com http://*.facebook.com *.facebook.com blob: data:; media-src https://youtube.com http://youtube.com youtube.com; object-src 'none'; manifest-src 'self'; script-src 'self' https://*.instagram.com http://*.instagram.com *.instagram.com https://*.licdn.com http://*.licdn.com *.licdn.com https://*.googleapis.com http://*.googleapis.com *.googleapis.com https://*.searchiq.co http://*.searchiq.co *.searchiq.co https://*.youtube.com http://*.youtube.com *.youtube.com https://*.googletagmanager.com http://*.googletagmanager.com *.googletagmanager.com https://*.google-analytics.com http://*.google-analytics.com *.google-analytics.com https://*.analytics.google.com http://*.analytics.google.com *.analytics.google.com https://*.cookielaw.com http://*.cookielaw.com *.cookielaw.com https://*.cookielaw.org http://*.cookielaw.org *.cookielaw.org https://*.hypemarks.com http://*.hypemarks.com *.hypemarks.com https://*.moatads.com http://*.moatads.com *.moatads.com https://*.cloudapi.de http://*.cloudapi.de *.cloudapi.de https://*.onetrust.com http://*.onetrust.com *.onetrust.com https://connect.facebook.net http://connect.facebook.net connect.facebook.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' 3
default-src 'self' data: https://fonts.gstatic.com https://api.faqbot.co https://dstnyfrance.piwik.pro https://dstnyfrance.containers.piwik.pro https://*.hcaptcha.com ; script-src 'self' https://www.gstatic.com https://cdn.jsdelivr.net https://code.jquery.com https://dstnyfrance.containers.piwik.pro https://browser-update.org https://faqbot.co https://js.hcaptcha.com 'unsafe-inline' 'unsafe-eval' *.google-analytics.com https://ajax.googleapis.com ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com ; font-src 'self' data: https://fonts.gstatic.com ; img-src 'self' data: https://api.faqbot.co https://browser-update.org https://dstnyfrance.piwik.pro https://www.gstatic.com https://secure.gravatar.com ; connect-src 'self' https://newassets.hcaptcha.com https://api.faqbot.co https://dstnyfrance.piwik.pro https://dstnyfrance.containers.piwik.pro ; frame-ancestors 'self' ; child-src 'self' https://forms.zohopublic.com https://newassets.hcaptcha.com ; report-uri https://csp-report.jetpulp.hosting/ 3
font-src fonts.gstatic.com use.typekit.net maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com * *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com s3-eu-west-1.amazonaws.com *.back.ecard.pledg.co *.front.ecard.pledg.co front.ecard.pledg.co hooks.stripe.com *.salecycle.com *.criteo.com *.hotjar.com *.facebook.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com https://images.unsplash.com *.retif.eu * *.googleapis.com *.ggpht.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com jquery.sellxed.com https://cdnjs.cloudflare.com s3-eu-west-1.amazonaws.com *.back.ecard.pledg.co *.front.ecard.pledg.co *.nr-data.net *.newrelic.com *.iadvize.com *.cookielaw.org *.bing.com *.pinimg.com *.hotjar.com *.salecycle.com *.googleapis.com *.google.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://cdnjs.cloudflare.com * *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com s3-eu-west-1.amazonaws.com *.back.ecard.pledg.co *.front.ecard.pledg.co *.nr-data.net t.elasticsuite.io * *.google.com *.gstatic.com *.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
default-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://*.akamaihd.net https://*.akstat.io https://*.analytics.google.com https://*.demdex.net https://*.go-mpulse.net https://*.google-analytics.com https://*.googletagmanager.com https://*.siteintercept.qualtrics.com https://siteintercept.qualtrics.com https://cdn.linkedin.oribi.io https://s.yimg.com https://*.report.gbss.io  https://cdn.gbqofs.com  https://api.fundpress.io  https://api-uk.kurtosys.app https://assets.adobedtm.com https://cdn.cookielaw.org https://cm.everesttech.net https://geolocation.onetrust.com https://mandg.scene7.com https://privacyportal-de.onetrust.com  https://search-api.swiftype.com https://smetrics.mandg.com https://stats.g.doubleclick.net https://prudentialdistributi.tt.omtrdc.net https://policylookup.mandg.com https://pdx-col.eum-appdynamics.com  https://api.pru.co.uk https://www.google.ae https://www.google.at https://www.google.be https://www.google.ca https://www.google.ch https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.kr https://www.google.co.nz https://www.google.co.th https://www.google.co.ug https://www.google.co.uk https://www.google.co.za https://www.google.com.ar https://www.google.com.au https://www.google.com.bn https://www.google.com.br https://www.google.com.hk https://www.google.com.jm https://www.google.com.mt https://www.google.com.mx https://www.google.com.my https://www.google.com.ph https://www.google.com.pk https://www.google.com.qa https://www.google.com.sg https://www.google.com.tr https://www.google.com.tw https://www.google.com.ua https://www.google.cz https://www.google.de https://www.google.dk https://www.google.es https://www.google.fi https://www.google.fm https://www.google.fr https://www.google.gg https://www.google.gr https://www.google.hr https://www.google.ie https://www.google.im https://www.google.it https://www.google.je https://www.google.li https://www.google.lu https://www.google.mn https://www.google.mu https://www.google.nl https://www.google.pt https://www.google.ro https://www.google.ru https://www.google.se https://analytics.google.com https://adservice.google.com https://prudential.distribution.team.prudential.co.uk https://cas.zma.gs https://c.zmags.com; font-src 'self' data: https://api.fundpress.io https://fonts.gstatic.com https://use.typekit.net https://at.alicdn.com; form-action 'self' https://wwwx.pruadviser.co.uk; frame-ancestors 'self' https://www.mymandg.co.uk  https://*.fundslibrary.co.uk https://www.platformservices.co.uk https://www.mandg.com; frame-src 'self' https://*.demdex.net  https://*.pruadviser.co.uk https://www.brighttalk.com https://digitalsecure.mandg.com https://forms.mymandg.co.uk https://securedigital.wealth.mandg.com https://securedigital.pru.mandg.com https://securedigital.prudential.co.uk https://secure.digital.mandg.com https://www.google.com https://irpages2.equitystory.com https://insight.adsrvr.org https://infogram.com https://e.infogram.com https://match.adsrvr.org https://mandg.fidainformatica.it https://mandg.videomarketingplatform.co https://mandg-podcast.videomarketingplatform.co https://prudential.videomarketingplatform.co https://recaptcha.google.com https://view.ceros.com https://www.youtube-nocookie.com https://staging-igccharges.mandg.com https://igccharges.mandg.com https://*.doubleclick.net https://adclick.g.doubleclick.net https://sustainabilityprofiletool.mandg.com https://api.pru.co.uk https://digital-api.dg.pru.co.uk https://open.spotify.com https://wwwx.pruadviser.co.uk https://flo.uri.sh; img-src 'self' data: https://prudential.videomarketingplatform.co https://mandg-podcast.videomarketingplatform.co https://fonts.googleapis.com https://*.akstat.io https://*.demdex.net https://*.google-analytics.com https://*.googletagmanager.com https://ad.doubleclick.net https://api.fundpress.io  https://api-uk.kurtosys.app https://adservice.google.com https://assets.adobedtm.com https://cdn.cookielaw.org https://cm.everesttech.net https://www.google.com https://www.google.co.uk https://i.ytimg.com https://mandg.scene7.com https://smetrics.mandg.com https://ttcontacts.com https://797110.global.siteimproveanalytics.io https://insight.adsrvr.org https://lantern7.wealth.mandg.com https://lantern8.wealth.mandg.com https://lantern9.wealth.mandg.com https://lantern9.mandg.com https://sp.analytics.yahoo.com https://www.facebook.com https://px.ads.linkedin.com https://www.google.co.in https://www.linkedin.com https://privacy-digital.mandg.com https://www.facebook.com https://www.google.ae https://www.google.at https://www.google.be https://www.google.ca https://www.google.ch https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.kr https://www.google.co.nz https://www.google.co.th https://www.google.co.ug https://www.google.co.uk https://www.google.co.za https://www.google.com.ar https://www.google.com.au https://www.google.com.bn https://www.google.com.br https://www.google.com.hk https://www.google.com.jm https://www.google.com.mt https://www.google.com.mx https://www.google.com.my https://www.google.com.ph https://www.google.com.pk https://www.google.com.qa https://www.google.com.sg https://www.google.com.tr https://www.google.com.tw https://www.google.com.ua https://www.google.cz https://www.google.de https://www.google.dk https://www.google.es https://www.google.fi https://www.google.fm https://www.google.fr https://www.google.gg https://www.google.gr https://www.google.hr https://www.google.ie https://www.google.im https://www.google.it https://www.google.je https://www.google.li https://www.google.lu https://www.google.mn https://www.google.mu https://www.google.nl https://www.google.pt https://www.google.ro https://www.google.ru https://www.google.se https://wwwx.pruadviser.co.uk https://public.flourish.studio https://img.creator-prod.zmags.com https://mypru.pru.co.uk https://analytics.twitter.com https://fonts.gstatic.com https://sp.analytics.yahoo.com https://mandg.videomarketingplatform.co https://report.23video.com https://delivery.twentythree.com; media-src data: blob: https://mandg.scene7.com https://mandg.videomarketingplatform.co https://mandg-podcast.videomarketingplatform.co https://prudential.videomarketingplatform.co; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.demdex.net https://*.go-mpulse.net https://*.google-analytics.com https://*.googletagmanager.com  https://*.report.gbss.io  https://assets.adobedtm.com https://api.fundpress.io  https://api-uk.kurtosys.app https://cdn.cookielaw.org https://cdn.gbqofs.com https://www.brighttalk.com https://cm.everesttech.net https://e.infogram.com https://geolocation.onetrust.com https://www.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.gstatic.com https://js.adsrvr.org https://mandg.scene7.com  https://report.23video.com https://siteimproveanalytics.com https://connect.facebook.net https://img.en25.com https://snap.licdn.com; script-src-elem 'self' 'unsafe-inline' https://prudential.videomarketingplatform.co https://mandg-podcast.videomarketingplatform.co https://*.demdex.net https://*.go-mpulse.net https://*.google-analytics.com https://*.googletagmanager.com  https://*.report.gbss.io https://assets.adobedtm.com https://api.fundpress.io  https://api-uk.kurtosys.app https://cdn.cookielaw.org https://cdn.gbqofs.com https://www.brighttalk.com https://cm.everesttech.net https://e.infogram.com https://geolocation.onetrust.com https://www.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.gstatic.com https://js.adsrvr.org https://mandg.scene7.com  https://report.23video.com https://siteimproveanalytics.com https://*.siteintercept.qualtrics.com https://siteintercept.qualtrics.com https://img.en25.com https://connect.facebook.net https://snap.licdn.com https://s.yimg.com https://view.ceros.com https://privacy-digital.mandg.com https://infogram.com https://prudential.distribution.team.prudential.co.uk https://public.flourish.studio https://cas.zma.gs https://view.ceros.com https://tr.outbrain.com https://amplify.outbrain.com https://static.ads-twitter.com https://mandg.videomarketingplatform.co; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://mandg.scene7.com; style-src-elem 'self' 'unsafe-inline' https://prudential.videomarketingplatform.co https://mandg-podcast.videomarketingplatform.co https://fonts.googleapis.com https://mandg.scene7.com https://use.typekit.net https://p.typekit.net https://prudential.distribution.team.prudential.co.uk https://cas.zma.gs https://mandg.videomarketingplatform.co; worker-src 'self' blob:; base-uri 'self'; report-uri /csp/log 3
default-src 'self' artists.ultramusicfestival.com assets.ultramusicfestival.com ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net resistancemusic.com *.resistancemusic.com roadtoultra.com *.roadtoultra.com; font-src 'self' artists.ultramusicfestival.com assets.ultramusicfestival.com ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net resistancemusic.com *.resistancemusic.com roadtoultra.com *.roadtoultra.com data: *.olark.com fonts.gstatic.com; script-src 'self' artists.ultramusicfestival.com assets.ultramusicfestival.com ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net resistancemusic.com *.resistancemusic.com roadtoultra.com *.roadtoultra.com 'unsafe-inline' 'unsafe-eval' static.cloudflareinsights.com ajax.cloudflare.com *.youtube.com *.ytimg.com *.datadoghq-browser-agent.com *.getclicky.com clicky.com *.twitter.com *.ads-twitter.com *.facebook.net analytics.tiktok.com www.recaptcha.net recaptcha.net www.gstatic.com www.gstatic.cn www.google.com *.olark.com *.adroll.com *.googletagmanager.com tagmanager.google.com analytics.google.com google-analytics.com *.google-analytics.com *.g.doubleclick.net *.doubleclick.net *.googleadservices.com *.google.com *.googlesyndication.com *.googletagservices.com; style-src 'self' artists.ultramusicfestival.com assets.ultramusicfestival.com ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net resistancemusic.com *.resistancemusic.com roadtoultra.com *.roadtoultra.com 'unsafe-inline' *.getclicky.com clicky.com *.olark.com *.googletagmanager.com tagmanager.google.com *.google.com fonts.googleapis.com; img-src 'self' artists.ultramusicfestival.com assets.ultramusicfestival.com ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net resistancemusic.com *.resistancemusic.com roadtoultra.com *.roadtoultra.com 'unsafe-inline' data: secure.gravatar.com *.ytimg.com *.youtube.com *.getclicky.com *.twitter.com t.co *.facebook.com www.gstatic.com/recaptcha *.olark.com *.adroll.com d.adroll.com *.googletagmanager.com analytics.google.com *.analytics.google.com google-analytics.com *.google-analytics.com *.gstatic.com *.google.com *.doubleclick.net *.g.doubleclick.net *.googlesyndication.com www.googleadservices.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat; media-src 'self' artists.ultramusicfestival.com assets.ultramusicfestival.com ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net resistancemusic.com *.resistancemusic.com roadtoultra.com *.roadtoultra.com *.olark.com; connect-src 'self' artists.ultramusicfestival.com assets.ultramusicfestival.com ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net resistancemusic.com *.resistancemusic.com roadtoultra.com *.roadtoultra.com cloudflareinsights.com *.datadoghq.com *.getclicky.com *.facebook.com analytics.tiktok.com *.olark.com *.googletagmanager.com *.google-analytics.com analytics.google.com *.analytics.google.com *.g.doubleclick.net *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com; frame-src 'self' artists.ultramusicfestival.com assets.ultramusicfestival.com ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net resistancemusic.com *.resistancemusic.com roadtoultra.com *.roadtoultra.com *.apple.com open.spotify.com *.soundcloud.com *.youtube.com *.youtube-nocookie.com www.facebook.com *.recaptcha.net recaptcha.net www.google.com recaptcha.google.com *.olark.com *.googletagmanager.com bid.g.doubleclick.net *.google.com *.doubleclick.net *.googlesyndication.com; child-src *.youtube.com *.youtube-nocookie.com *.googletagmanager.com; worker-src www.recaptcha.net; object-src *.googlesyndication.com; 3
font-src fonts.gstatic.com *.fontawesome.com *.fonts.googleapis.com *.gstatic.com data: *.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.google.com *.addthis.com *.pinterest.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://www.magezon.com *.cloudflare.com https://cdn.klarna.com https://s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.gstatic.com *.addthis.com *.pinterest.com *.cdninstagram.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.ampproject.org raw.githubusercontent.com chimpstatic.com downloads.mailchimp.com *.list-manage.com s7.addthis.com *.avada.io *.google.com/ *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.pinterest.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com downloads.mailchimp.com *.fontawesome.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com cdn.ampproject.org ekr.zdassets.com/ https://get.geojs.io *.avada.io *.cloudflare.com *.paypal.com *.googleapis.com *.addthis.com *.cardinalcommerce.com https://graph.instagram.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
child-src 'self' blob:; connect-src 'self' script.crazyegg.com tracking.crazyegg.com www.google-analytics.com maps.googleapis.com stats.addtoany.com pagestates-tracking.crazyegg.com/healthcheck assets-tracking.crazyegg.com/healthcheck va.msg.liveperson.net analytics.google.com stats.g.doubleclick.net cadcdnprod01v2-daffhpb7b8cdfkhx.z01.azurefd.net; default-src 'self'; font-src 'self' data: fonts.gstatic.com cadcdnprod01v2-daffhpb7b8cdfkhx.z01.azurefd.net; frame-ancestors 'self'; frame-src 'self' lpcdn.lpsnmedia.net va.idp.liveperson.net static.addtoany.com share.transistor.fm www.onlinebanktours.com player.vimeo.com fintactix.com bancorpsouth.custhelp.com cadcdnprod01v2-daffhpb7b8cdfkhx.z01.azurefd.net insight.adsrvr.org match.adsrvr.org va.msg.liveperson.net 9936641.fls.doubleclick.net td.doubleclick.net www.fintactix.com; img-src 'self' data: d21y75miwcfqoq.cloudfront.net cadcdnuat01.azureedge.net cadcdnuat01v2-chechzengkggh4gt.z01.azurefd.net maps.gstatic.com maps.googleapis.com i.vimeocdn.com cadcdnprod01v2-daffhpb7b8cdfkhx.z01.azurefd.net https://www.facebook.com/tr/ lpcdn.lpsnmedia.net googleads.g.doubleclick.net www.google.com ad.doubleclick.net ib.adnxs.com/pixie; media-src 'self' cadcdnuat01v2-chechzengkggh4gt.z01.azurefd.net cadcdnprod01v2-daffhpb7b8cdfkhx.z01.azurefd.net lpcdn.lpsnmedia.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com script.crazyegg.com lptag.liveperson.net accdn.lpsnmedia.net lpcdn.lpsnmedia.net va.v.liveperson.net cadcdnuat01.azureedge.net cadcdnuat01v2-chechzengkggh4gt.z01.azurefd.net static.cloudflareinsights.com maps.googleapis.com static.addtoany.com cadcdnprod01v2-daffhpb7b8cdfkhx.z01.azurefd.net js.adsrvr.org/up_loader.1.1.0.js connect.facebook.net www.googleadservices.com acdn.adnxs.com/dmp/up/pixie.js; style-src 'self' 'unsafe-inline' fonts.googleapis.com cadcdnprod01v2-daffhpb7b8cdfkhx.z01.azurefd.net; 3
report-uri                   https://gfcorporate.report-uri.com/r/d/csp/wizard ;               default-src                   'self'                   www.gfms.com                   gfms.com                   gfcorporate.report-uri.com                   *.google.at *.google.be *.google.cz *.google.dk *.google.fi *.google.fr *.google.de *.google.it *.google.nl *.google.no *.google.pl *.google.ro *.google.ru *.google.es *.google.se *.google.ch *.google.com.tr *.google.co.uk *.google.com.ar *.google.ca *.google.com *.google.com.br *.google.com.mx *.google.com.au *.google.cn *.google.co.in *.google.co.id *.google.co.jp *.google.com.my *.google.co.nz *.google.com.sg *.google.co.kr *.google.com.tw *.google.com.vn *.google.bg *.google.hr *.google.ee *.google.gr *.google.hu *.google.lv *.google.lu *.google.mk *.google.pt *.google.rs *.google.si *.google.com.ph *.google.co.th *.google.com.eg *.google.co.il *.google.co.za *.google.ae ;               connect-src                   'self'                   *.google-analytics.com                   apikeys.civiccomputing.com                   *.googleapis.com                   center.lon5.atomz.com                   clapi.civiccomputing.com                   sp1004e61f.guided.lon5.atomz.com                   sp1004e61a.guided.lon5.atomz.com                   sp1004e5dd.guided.lon5.atomz.com                   stats.g.doubleclick.net                   www.facebook.com                   uberall.com                   locator.uberall.com                   api.moin.ai                   www.gfpstools.com                   cdn.linkedin.oribi.io                   assets.georgfischer.com                   *.analytics.google.com                   *.googletagmanager.com                   *.g.doubleclick.net                   *.google.com                   *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat                   cdn.cookielaw.org                   *.onetrust.com ;               font-src                   'self'                   fonts.gstatic.com                   widget.moin.ai                   static-prod.uberall.com                   static.prod.uberall.com ;               script-src                   'self'                   'unsafe-inline'                   'unsafe-eval'                   *.google-analytics.com                   *.googletagmanager.com                   ajax.googleapis.com                   cc.cdn.civiccomputing.com                   connect.facebook.net                   cdnjs.cloudflare.com                   gstatic.com                   maps.googleapis.com                   siteimproveanalytics.com                   snap.licdn.com                   static-prod.uberall.com                   uberall.com                   locator.uberall.com                   www.youtube.com                   www.pagespeed-mod.com                   www.googleoptimize.com                   mktdplp102cdn.azureedge.net                   www.pagespeed-mod.com                   widget.moin.ai                   platform.contentfry.com                   cdn.cookielaw.org                   cookie-cdn.cookiepro.com                   privacyportal.onetrust.com                   geolocation.onetrust.com                   r1.dotdigital-pages.com                   r1-t.trackedlink.net                   r1.ddlnk.net ;               style-src                   'self'                   'unsafe-inline'                   'unsafe-eval'                   fonts.googleapis.com                   widget.moin.ai ;               img-src                   'self'                   'unsafe-inline'                   'unsafe-eval'                   data:                   assets.georgfischer.com                   www.linkedin.com                   *.global.siteimproveanalytics.io                   nswow-imageresizer.azurewebsites.net                   px.ads.linkedin.com                   www.facebook.com                   *.google.com                   gfms.com                   www.gfms.com                   static-prod.uberall.com                   static.prod.uberall.com                   www.linkedin.com                   s7e5a.scene7.com                   *.g.doubleclick.net                   *.svc.dynamics.com                   i.ytimg.com                   maps.gstatic.com                   www.gfpstools.com                   locator.uberall.com                   *.amazonaws.com                   *.googletagmanager.com                   *.googleapis.com                   *.google-analytics.com                   *.analytics.google.com                   *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat                   cdn.cookielaw.org                   *.onetrust.com ;               child-src                   'self'                   analytics-eu.clickdimensions.com                   live.solique.ch                   www.youtube.com ;               form-action                   'self' ;               frame-ancestors                   'self' ;               frame-src                   'self'                   'unsafe-inline'                   'unsafe-eval'                   data:                   analytics-eu.clickdimensions.com                   google.com                   ir.tools.investis.com                   irs.tools.investis.com                   live.solique.ch                   recruitingapp-5505.de.umantis.com                   registration.gesevent.com                   six-swiss-exchange.com                   tools.google.com                   uberall.com                   widget.moin.ai                   *.svc.dynamics.com                   www.gfps.com                   ir2.flife.de                   www.youtube.com                   r1.dotdigital-pages.com                   display.contentfry.com                   googletagmanager.com                   youtube.com ; 3
img-src https: data:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'; 3
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com https://use.typekit.net https://www.gstatic.com https://fonts.gstatic.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com https://*.google.com *.doubleclick.net *.facebook.com *.dotdigital-pages.com *.dotdigital.com https://www.facebook.com https://tpc.googlesyndication.com https://consentcdn.cookiebot.com https://assets.braintreegateway.com https://*.paypal.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io 'self' data: https://*.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.trackedlink.net https://www.google.fi https://maps.gstatic.com https://maps.googleapis.com https://log.pinterest.com https://eckerolinechatbottest.blob.core.windows.net https://fonts.gstatic.com https://assets.braintreegateway.com https://*.paypal.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://*.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal https://ajax.cloudflare.com https://js-agent.newrelic.com https://bam-cell.nr-data.net https://bam.eu01.nr-data.net https://bam.nr-data.net https://assets.pinterest.com https://maps.googleapis.com https://eckerolinechatbottest.blob.core.windows.net https://api.videoly.co https://www.google.fi https://www.googleadservices.com https://tpc.googlesyndication.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://js.braintreegateway.com https://assets.braintreegateway.com https://www.paypalobjects.com https://*.paypal.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com https://fast.fonts.net https://eckerolinechatbottest.blob.core.windows.net https://use.typekit.net https://p.typekit.net https://assets.braintreegateway.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com *.google-analytics.com *.facebook.com *.facebook.net https://*.google.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com https://bam-cell.nr-data.net https://bam.eu01.nr-data.net https://bam.nr-data.net https://stats.g.doubleclick.net https://maps.googleapis.com https://fonts.gstatic.com https://vimeo.com https://consentcdn.cookiebot.com https://api.sandbox.braintreegateway.com https://client-analytics.sandbox.braintreegateway.com https://*.braintree-api.com https://api.braintreegateway.com https://client-analytics.braintreegateway.com https://*.paypal.com https://ipinfo.io https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com 'self' 'unsafe-inline'; child-src https://assets.braintreegateway.com https://*.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
font-src *.olark.com *.klevu.com *.ksearchnet.com *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.zopim.com *.zopim.io *.widen.net *.widencdn.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.twitter.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com destinilocators.com *.duosecurity.com *.olark.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com https://www.youtube.com http://www.sandbox.paypal.com *.twitter.com *.zendesk.com *.widen.net *.widencdn.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io store.paradoxlabs.com frontiercoop.widen.net *.olark.com *.listrakbi.com *.klevu.com *.ksearchnet.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.bing.com *.zopim.com *.zopim.io *.doubleclick.net *.google.com *.google.co.in *.mastercard.com *.widen.net *.widencdn.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.gstatic.com *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.authorize.net js-agent.newrelic.com bam.nr-data.net destinilocators.com *.olark.com *.listrakbi.com js.klevu.com *.ksearchnet.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.bing.com *.zopim.com *.zdassets.com *.google.com *.zendesk.com *.widen.net *.widencdn.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.olark.com *.listrakbi.com *.klevu.com *.ksearchnet.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.fontawesome.com *.bing.com *.widen.net *.widencdn.net unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.olark.com *.zopim.com *.zopim.io *.widen.net *.widencdn.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.authorize.net bam.nr-data.net *.listrakbi.com *.olark.com *.klevu.com *.ksearchnet.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.zdassets.com *.zopim.com *.zopim.io wss://widget-mediator.zopim.com *.google-analytics.com https://stats.g.doubleclick.net *.zendesk.com *.widen.net *.widencdn.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com *.facebook.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.olark.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
frame-ancestors 'self' https://*.solidpixels.net https://*.solidpixels.com https://*.solidpixels.cz; form-action 'self'; report-uri https://o428203.ingest.sentry.io/api/4505516549210112/security/?sentry_key=6eb445158e4a410c830e7e424f2d7b56 3
font-src *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com 'unsafe-inline' data: *.channelsight.com *.bazaarvoice.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com api.bazaarvoice.com stg.api.bazaarvoice.com *.twitter.com *.facebook.com *.snapchat.com *.tiktok.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.twitter.com s.amazon-adsystem.com *.facebook.com *.doubleclick.net insight.adsrvr.org *.filestackapi.com *.addthis.com flexfaceoffsweeps.azurewebsites.net match.adsrvr.org viewinyourspace.com *.viewinyourspace.com *.myepigraph.com playcanv.as *.snapchat.com *.clinch.co *.pinterest.com *.dotdigital-pages.com *.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com *.bird.eu *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.bazaarvoice.com *.google.com *.taboola.com *.facebook.com *.facebook.net *.hubspot.com *.hsforms.com r.turn.com *.adnxs.com pixel.mediaiqdigital.com *.gravatar.com *.channelsight.com cscoreproweustor.blob.core.windows.net *.skil.com *.gstatic.com *.googleapis.com *.doubleclick.net *.seeitinyourspace.com *.pinterest.com *.nextdoor.com *.reddit.com insight.adsrvr.org *.ispot.tv egopowerplus.com *.egopowerplus.com egopowerplus.com.au *.flexpowertools.com pixel.roymorgan.com *.myepigraph.com *.intentiq.com edge.curalate.com *.linkedin.com *.trackedlink.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com *.cloudflare.com *.twitter.com *.google-analytics.com *.google.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.bazaarvoice.com *.filestackapi.com *.facebook.net *.crazyegg.com js.hs-scripts.com *.taboola.com js.adsrvr.org js.hs-analytics.net js.hs-banner.com js.hscollectedforms.net *.googleapis.com geoip-js.com secure-ds.serving-sys.com *.adnxs.com bs.serving-sys.com *.addthis.com *.addthisedge.com z.moatads.com cscoreproweustor.blob.core.windows.net flexsweepstakes2022.azurewebsites.net js.monitor.azure.com edge.curalate.com ipinfo.io *.tiktok.com sc-static.net *.channelsight.com unpkg.com *.jsdelivr.net viewinyourspace.com *.viewinyourspace.com *.cookielaw.org *.addevent.com *.pinimg.com *.nextdoor.com *.crwdcntrl.com *.crwdcntrl.net mjca-yijws.global.ssl.fastly.net cdn.480app.com cdn.nmgassets.com *.clinch.co *.vimeo.com *.redditstatic.com *.snapchat.com adriano-au.avanser.com *.amazon-adsystem.com *.licdn.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com display.ugc.bazaarvoice.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.bazaarvoice.com cscoreproweustor.blob.core.windows.net *.channelsight.com cdn.jsdelivr.net unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com api.bazaarvoice.com *.vimeo.com vod-progressive.akamaized.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.bazaarvoice.com *.crazyegg.com forms.hubspot.com *.channelsight.com *.google-analytics.com *.doubleclick.net *.taboola.com secure-ds.serving-sys.com viewinyourspace.com *.viewinyourspace.com chervon-website-api.herokuapp.com chervon-website-api-dev.herokuapp.com *.jotform.com dc.services.visualstudio.com *.addthis.com edge.curalate.com geoip-js.com *.hsforms.com *.facebook.com *.tiktok.com *.snapchat.com *.cookielaw.org *.rain-staging.com *.seeitinyourspace.com *.gstatic.com blob: *.googleapis.com *.pinterest.com cdn.nmgassets.com jdl.nmgplatform.com colrep.sitelabweb.com *.google.com lm.serving-sys.com us-central1-epigraph-product-configurator.cloudfunctions.net *.intentiq.com *.flexpowertools.com *.skil.com *.egopowerplus.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
font-src *.abtasty.com *.zipmoney.com.au *.klarnacdn.net *.stockinstore.net *.akamaihd.net olapic-data.s3.amazonaws.com calvinklein.com.au data: *.gstatic.com 'self' data: 'unsafe-inline' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com api.bazaarvoice.com stg.api.bazaarvoice.com *.cardinalcommerce.com *.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.googletagmanager.com *.google.com *.doubleclick.net *.hotjar.com *.pmnts.io *.pmnts-sandbox.io 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk *.abtasty.com www.facebook.com *.pmnts.io *.pmnts-sandbox.io *.klarna.com *.force.com *.pinterest.com *.clearpay.co.uk *.afterpay.com tr.snapchat.com/ display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.google.com/ https://www.youtube.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.doubleclick.net *.vimeo.com *.hotjar.com *.clickmeter.com wss://*.hotjar.com zip.co sandbox.zip.co zipmoney.com.au sandbox.zipmoney.com.au checkout.gb.zip.co checkout.quadpay.com checkout-sandbox.quadpay.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com https://static.afterpay.com https://site-assets.afterpay.com/ *.abtasty.com *.turn.com *.bazaarvoice.com *.amgdgt.com *.photorank.me z2photorankmedia-a.akamaihd.net *.presage.io *.teads.tv *.adsrvr.org *.adnxs.com *.tommy.com *.klarna.com *.klarnaevt.com *.klarnacdn.net display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com *.klarnaservices.com https://www.magezon.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.pinterest.com *.facebook.com/tr *.google.com *.google.com.au www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.roymorgan.com *.doubleclick.net *.facebook.net *.googleapis.com *.gstatic.com *.zipmoney.com.au *.googletagmanager.com *.imgix.net t.zip.co static.zipmoney.com.au data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com https://js.sandbox.afterpay.com https://js.afterpay.com *.abtasty.com *.cloudfront.net *.cloudflare.com www.facebook.com *.tiktok.com *.zdassets.com *.tommy.com *.calvinklein.com.au *.luckyorange.net *.particularaudience.com *.stockinstore.net *.akamaihd.net *.teads.tv *.force.com sc-static.net *.salesforceliveagent.com *.adnxs.com *.trurating.com *.vanheusen.com.au *.pmnts.io *.klarna.com *.klarnacdn.net apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com *.klarnaservices.com s7.addthis.com *.google.com connect.facebook.net graph.facebook.com business.facebook.com *.googletagmanager.com *.google.com.au *.pmnts-sandbox.io assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.afterpay.com *.doubleclick.net *.pinimg.com *.cfjump.com *.roymorgan.com *.forter.com *.usabilla.com wss://widget-mediator.zopim.com *.hotjar.com *.attraqt.io *.newrelic.com *.js-agent.newrelic.com *.nr-data.net *.braintreegateway.com *.cardinalcommerce.com *.ccdc02.com *.ytimg.com *.googleadservices.com *.google-analytics.com *.zipmoney.com.au *.gstatic.com *.googleapis.com *.paypalobjects.com static.zipmoney.com.au zip.co 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com static.afterpay.com/ js.sandbox.afterpay.com js.afterpay.com *.abtasty.com *.bazaarvoice.com *.stockinstore.net *.klarnacdn.net *.akamaihd.net *.force.com display.ugc.bazaarvoice.com unsafe-inline *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com static.afterpay.com static.sandbox.afterpay.com js.sandbox.afterpay.com js.afterpay.com *.abtasty.com *.luckyorange.net *.zendesk.com *.particularaudience.com *.tiktok.com stockinstore.net *.stockinstore.net *.cloudfront.net *.klarnaevt.com *.klarnacdn.net *.akamaihd.net zendesk-eu.my.sentry.io *.teads.tv *.snapchat.com *.amplitude.com *.clearpay.co.uk *.afterpay.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.klarna.com *.klarnaservices.com ekr.zdassets.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.pinterest.com *.google.com *.google.com.au api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google-analytics.com *.forter.com wss://*.zopim.com *.doubleclick.net *.attraqt.io *.zipmoney.com.au *.hotjar.io wss://*.hotjar.com *.zip.co *.nr-data.net *.hotjar.com *.trurating.com *.analytics.tiktok.com wss://*.forter.com *.googleapis.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com blob: http: https: blob: 'self' 'unsafe-inline'; default-src *.abtasty.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: discoverflow.co kip.katalon.com bat.bing.com static.katalon.com www2.discoverflow.co lla-cms-prod.directus.app www.google.gy webchannel-content.eservice.emarsys.net vc.hotjar.io *.doubleclick.net www.google.ca www.youtube.com storerocket.io *.clarity.ms dev.discoverflow.co cdn.jsdelivr.net www.google.co.uk *.googleapis.com cdn.storerocket.io store-stats.cwpweb.cc *.gstatic.com www.google.tt static.scarabresearch.com *.facebook.com www.google.com recommender.scarabresearch.com analytics.discoverflow.co *.ads-twitter.com region1.analytics.google.com www.google.com.jm *.googleadservices.com *.hotjar.com cro.movil.pa api.mapbox.com analytics.google.com c9rr8q7a5h.kameleoon.eu *.quantummetric.com data.kameleoon.io openspeedtest.com ogudghp8be.kameleoon.eu www.google.nl t.co cdn.scarabresearch.com content.hotjar.io www.google.com.vc gwmtracking.com www.google.dm udc-neb.kampyle.com adservice.google.com nebula-cdn.kampyle.com metrics.hotjar.io pvev5nmsdp.kameleoon.eu www.google.co.in *.twitter.com ssl.google-analytics.com www.google-analytics.com www.google.com.ag storage.kameleoon.com www.googleoptimize.com statin.lat events.mapbox.com *.facebook.net www.google.com.br www.googletagmanager.com cdnjs.cloudflare.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 3
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com *.typekit.net data: 'self' 'unsafe-inline'; form-action *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com test.saferpay.com www.saferpay.com saferpay.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com *.google.com/ *.doubleclick.net https://consentcdn.cookiebot.com *.cookiebot.com www.paypal.com www.sandbox.paypal.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com test.saferpay.com www.saferpay.com saferpay.com www.facebook.com www.google.com/recaptcha www.youtube.com *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' data: *.google.com *.google.bg *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com maps.gstatic.com https://www.magezon.com www.paypal.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com test.saferpay.com www.saferpay.com saferpay.com *.google.hu *.optimonk.com *.luigisbox.com *.diego.itg.cloud www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com player.vimeo.com *.cookiebot.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com test.saferpay.com www.saferpay.com saferpay.com connect.facebook.net/en_US/fbevents.js *.adobedtm.com *.optimonk.com *.luigisbox.com https://www.googletagmanager.com tagmanager.google.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.fontawesome.com unsafe-inline *.typekit.net tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.google-analytics.com *.facebook.net *.google.com maps.googleapis.com *.cookiebot.com www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com test.saferpay.com www.saferpay.com saferpay.com t.elasticsuite.io https://stats.g.doubleclick.net/j/collect *.optimonk.com *.luigisbox.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src test.saferpay.com www.saferpay.com saferpay.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
font-src *.cloudflare.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.bootstrapcdn.com fonts.gstatic.com fonts.googleapis.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.twitter.com *.facebook.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com player.vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.twitter.com https://www.google.com https://www.google.co.in https://www.facebook.com *.dotdigital-pages.com *.dotdigital.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es cdn.dnky.co webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.mercadolibre.com https://mobbex.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.cloudflare.com *.gstatic.com *.google.com *.google.co.in https://www.facebook.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com 'self' data: *.lightemporium.com *.usercentrics.eu *.connect.facebook.net https://stats.g.doubleclick.net *.youtube.com https://d.adroll.com https://pixel.advertising.com https://pixel.rubiconproject.com https://simage2.pubmatic.com https://dsum-sec.casalemedia.com https://ads.yahoo.com https://eb2.3lift.com https://sync.outbrain.com https://trc.taboola.com https://x.bidswitch.net/sync https://ib.adnxs.com https://idsync.rlcdn.com https://us-u.openx.net https://ups.analytics.yahoo.com https://segments.company-target.com https://sync.tidaltv.com maps.googleapis.com maps.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com www.googletagmanager.com *.cloudflare.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.googleadservices.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com https://connect.facebook.net *.paypalobjects.com *.paypal.com https://chimpstatic.com *.googletagmanager.com *.youtube.com https://s.adroll.com https://d.adroll.com https://d.adroll.mgr.consensu.org *.bootstrapcdn.com *.newrelic.com cdn.ampproject.org raw.githubusercontent.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es cdn.dnky.co api.comapi.com webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.mlstatic.com *.mobbex.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.cloudflare.com *.googleapis.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.youtube.com *.bootstrapcdn.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.google.com *.google.co.in *.facebook.com *.nr-data.net *.hotjar.io *.retailrocket.net cdn.ampproject.org *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es api.comapi.com webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.mercadopago.com *.mobbex.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.amphora-store.com/; report-to report-endpoint; 3
script-src 'self' 3
default-src 'unsafe-inline'  'unsafe-eval' 'self'  *.sessioncam.com *.cloudfront.net *.snapchat.com *.cookielaw.org *.tintup.com *.snapchat.com *.amazon-adsystem.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bing.com *.googleapis.com *.sessioncam.com *.cloudfront.net *.google-analytics.com *.betrad.com *.youtube.com *.evidon.com *.jquery.com *.cloudfront.net *.serving-sys.com *.facebook.net *.doubleclick.net *.hypemarks.com *.gstatic.com *.krxd.net *.adimo.co *.bazaarvoice.com *.iesnare.com  *.googleadservices.com *.hotjar.com *.pricespider.com *.yahoo.com *.doubleclick.net *.hotjar.com *.nestle.co.uk *.google.com *.googleoptimize.com *.adsrvr.org *.gbqofs.com *.usabilla.com:* *.fusepump.com:* bam.nr-data.net:* *.locate.com:* *.mapbox.com:* *.pricespider.com:* *.sc-static.net *.snapchat.com *.tintup.com *.sc-static.net tintup.com:* sc-static.net:* *.cookielaw.org *.googletagmanager.com:* *.amazon-adsystem.com *.salesforce.com *.salesforceliveagent.com *.newrelic.com; object-src 'none'; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.cloudflare.com *.fusepump.com *.youtube.com *.typography.com *.google.com *.fontawesome.com *.nestle.co.uk *.pricespider.com:* *.mapbox.com:* *.cloudfront.net *.salesforce.com *.bazaarvoice.com *.adimo.co; img-src  'self' data: *.googleapis.com *.gstatic.com *.cloudflare.com *.semasio.net *.sessioncam.com *.cloudfront.net *.google-analytics.com *.google.com *.google.co.uk *.doubleclick.net *.betrad.com *.amazonaws.com px.pump.to *.fusepump.com *.evidon.com *.igodigital.com *.facebook.com *.krxd.net *.starbucksathome.com *.adimo.co *.iriworldwide.com *.bazaarvoice.com display.ugc.bazaarvoice.com bat.bing.com *.google.co.in google-analytics.com *.google.com *.pantheonsite.io *.cookielaw.org *.pricespider.com:* *.adsrvr.org:* *.google.com *.google-analytics.com *.usabilla.com *.demdex.net *.yahoo.com *.bluekai.com *.imrworldwide.com *.sharethrough.com *.truoptik.com *.dotomi.com *.insightexpressai.com *.ml314.com *.amazon-adsystem.com *.googletagmanager.com; media-src 'self'; frame-src *.addtoany.com *.youtube.com *.evidon.com *.fls.doubleclick.net *.youtube-nocookie.com *.hypemarks.com *.fusepump.com *.google.com *.krxd.net l3.evidon.com *.adimo.co *.bazaarvoice.com *.netsuite.com *.hotjar.com *.doubleclick.net *.netsuite.com *.flashtalking.com *.google.com *.tintup.com *.amazon-adsystem.com *.facebook.com *.adsrvr.org *.salesforce.com *.snapchat.com; frame-ancestors *.hypemarks.com; child-src 'self' static.addtoany.com *.youtube.com *.youtu.be youtu.be info.evidon.com https://2275258.fls.doubleclick.net http://2275258.fls.doubleclick.net http://www.youtube-nocookie.com https://www.youtube-nocookie.com https://cdn.hypemarks.com http://cdn.hypemarks.com https://forms.na2.netsuite.com https://live-74944-beverages-starbuckstwo-unitedstates.pantheonsite.io https.live-74944-beverages-starbuckstwo-unitedstates.pantheonsite.io blob:;; font-src  'self' data: *.gstatic.com *.fontawesome.com *.cloudflare.com; connect-src 'self' *.fusepump.com *.sessioncam.com *.cloudfront.net *.google-analytics.com *.analyze.ly *.serving-sys.com *.doubleclick.net *.iriworldwide.com *.bazaarvoice.com *.hotjar.io *.nr-data.net *.bing.com *.nestle.gbqofs.io *.pricespider.com:* *.mapbox.com:* *.usabilla.com *.google-analytics.com *.clarity.ms *.tintup.com *.amazonaws.com *.snapchat.com *.cookielaw.org *.onetrust.com *.bam.nr-data.net bam.nr-data.net:* 3
default-src https://d3tw2v68rmxuj7.cloudfront.net; connect-src 'self' https: wss://*.zopim.com; font-src data: https:; frame-src https://js.stripe.com https://m.stripe.network https://www.google.com https://www.youtube.com https://googleads.g.doubleclick.net https://bid.g.doubleclick.net https://platform.twitter.com; img-src https:; media-src https://static.zdassets.com/web_widget/classic/latest/fda6cd35495c75f83508d9d2e77ee33d.mp3 https://d3tw2v68rmxuj7.cloudfront.net;script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https://d3tw2v68rmxuj7.cloudfront.net https://fonts.googleapis.com https://unpkg.com/ionicons@4.5.5/dist/css/ionicons.min.css; report-uri /csp 3
default-src https: data: 'unsafe-inline' 'unsafe-eval' wss://*.hotjar.com blob: wss://*.hotjar.io blob:; report-uri https://fantastic.report-uri.com/r/d/csp/reportOnly 3
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.benjaminairguns.com *.centerpointarchery.com *.cloudflare.com *.cloudmaestro.com *.crosman.com *.facebook.net *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.sezzle.com *.youtube.com acsbapp.com cdn.cookielaw.org cdn.jsdelivr.net cdn.sitesearch360.com cloudflare.com code.jquery.com fontawesome.com forms.hsforms.com googleapis.com jquery.com js.hsforms.net jsdelivr.net jstest.authorize.net kit.fontawesome.com mczbf.com unpkg.com www.googlecommerce.com www.gstatic.com www.mczbf.com js.sitesearch360.com js.hs-scripts.com js.hsleadflows.net js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net googleads.g.doubleclick.net js.hsadspixel.net static.hotjar.com c1.rfihub.net script.hotjar.com *.clarity.ms bat.bing.com *.ravincrossbows.com js.usemessages.com js.authorize.net plugins.experticity.com *.googlesyndication.com *.vimeo.com stockist.co ravincrossbows.com www.ravincrossbows.com *.elfsight.com widget.tagembed.com *.helloextend.com *.sharethis.com js.smct.io smct.co cdn.ckeditor.com *.envolvetech.com *.googlecommerce.com *.tiktok.com *.iubenda.com *.stamped.io *.tailwindcss.com *.mountain.com vimeo.com *.klaviyo.com *.incontact.com home-c9.incontact.com *.redditstatic.com js.smct.co delivery.gettopple.com static.klaviyo.com static-tracking.klaviyo.com facebook.com; style-src 'self' 'unsafe-inline' *.benjaminairguns.com *.centerpointarchery.com *.crosman.com *.googleapis.com *.sezzle.com acsbapp.com cdn.cookielaw.org cdn.jsdelivr.net forms.hsforms.com js.hsforms.net jstest.authorize.net mczbf.com unpkg.com www.mczbf.com cdn.sitesearch360.com *.typekit.net js.sitesearch360.com js.hs-scripts.com js.hsleadflows.net js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net googleads.g.doubleclick.net js.hsadspixel.net static.hotjar.com c1.rfihub.net script.hotjar.com *.clarity.ms bat.bing.com *.ravincrossbows.com ravincrossbows.com www.ravincrossbows.com *.bootstrapcdn.com *.stamped.io *.smct.io *.tailwindcss.com vimeo.com *.klaviyo.com cdn.ckeditor.com; report-uri /.webscale/csp-report 3
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: https:; report-uri /_csp 3
worker-src blob: wss:; font-src 'self' data: wss: fonts.gstatic.com *.leadoo.com *.amazonaws.com/res.leadoo.com/; style-src 'self' 'unsafe-inline' data: wss: fonts.googleapis.com *.leadoo.com *.amazonaws.com/res.leadoo.com/; default-src 'self' 'unsafe-eval' 'unsafe-inline' data: wss: www.youtube.com youtu.be *.leadoo.com *.amazonaws.com/res.leadoo.com/ biblioresources.hachette.co.uk www.hachette.co.uk hodder.education.co.uk hoddereducation.co.uk *.hoddereducation.co.uk risingstars-uk.com *.risingstars-uk.com galorepark.co.uk *.galorepark.co.uk hoddergibson.co.uk *.hoddergibson.co.uk hoddereducation.sg *.hoddereducation.sg *.demo-hodder.education *.stage-hodder.education *.hodder.education use.fontawesome.com *.facebook.com facebook.com cdn.linkedin.oribi.io *.ads.linkedin.com www.linkedin.com linkedin.com vimeo.com player.vimeo.com *.hotjar.com analytics.twitter.com static.ads-twitter.com addthis.com ajax.googleapis.com connect.facebook.net t.co *.hotjar.io *.hotjar.com *.osano.com *.analytics.google.com www.google.com www.google.co.uk *.g.doubleclick.net *.doubleclick.net snap.licdn.com *.google-analytics.com *.googletagmanager.com googleadservices.com adservice.google.com themes.googleusercontent.com *.googlesyndication.com *.trustpilot.com *.flippingbook.com; report-uri /api/csp/log-csp-violation 3
default-src https: wss: data: blob:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data: blob:; font-src https: data:; worker-src blob:; report-uri /csp-report 3
worker-src 'none'; 3
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com https://fonts.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com *.facebook.com *.sandbox.paypal.com *.paypalobjects.com *.timpson-group.co.uk paypal.com *.twitter.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.dotdigital-pages.com *.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.google.com *.doubleclick.net *.facebook.com account.fetchify.com g3d-app.com google.com *.googleapis.com *.static.com *.googleadservices.com *.googletagmanager.com *.googleusercontent.com *.google-analytics.com *.cloudflare.com *.gstatic.com *.sandbox.paypal.com *.paypalobjects.com *.newrelic.com *.nr-data.net *.csp-reporting-service.com *.trustist.com trustist.blob.core.windows.net vimeo.com *.ggpht.com *.xtento.com *.timpson-group.co.uk paypal.com *.bing.com *.termly.io *.hotjar.com *.hotjar.io *.dwin1.com *.popupsmart.com *.twitter.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com g3d-app.com https://*.googleapis.com https://*.googleusercontent.com google.com *.googleapis.com *.static.com *.googleadservices.com *.googleusercontent.com *.google-analytics.com *.cloudflare.com *.sandbox.paypal.com *.paypalobjects.com *.newrelic.com *.nr-data.net *.csp-reporting-service.com *.trustist.com trustist.blob.core.windows.net vimeo.com *.ggpht.com www.xtento.com *.timpson-group.co.uk paypal.com *.bing.com *.termly.io *.hotjar.com *.hotjar.io *.dwin1.com *.popupsmart.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt  *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.klarna.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.cloudfront.net cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com s7.addthis.com https://cdnjs.cloudflare.com google.com *.googleapis.com *.static.com *.googleadservices.com *.googleusercontent.com *.cloudflare.com *.sandbox.paypal.com *.paypalobjects.com *.newrelic.com *.nr-data.net *.csp-reporting-service.com *.trustist.com trustist.blob.core.windows.net *.ggpht.com *.xtento.com g3d-app.com *.timpson-group.co.uk paypal.com *.bing.com *.termly.io *.hotjar.com *.hotjar.io *.dwin1.com *.popupsmart.com *.twitter.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com cc-cdn.com *.google.com *.fontawesome.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://cdnjs.cloudflare.com google.com *.static.com *.googleadservices.com *.googleusercontent.com *.google-analytics.com *.cloudflare.com *.sandbox.paypal.com *.paypalobjects.com *.newrelic.com *.nr-data.net *.csp-reporting-service.com *.trustist.com trustist.blob.core.windows.net vimeo.com *.ggpht.com *.xtento.com g3d-app.com *.timpson-group.co.uk *.paypal.com paypal.com *.bing.com *.termly.io *.hotjar.com *.hotjar.io *.dwin1.com *.popupsmart.com *.twitter.com *.twimg.com *.typekit.net *.trustedshops.com *.usercentrics.eu 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk https://ipinfo.io *.gstatic.com https://*.googleapis.com ekr.zdassets.com/ google.com *.googleapis.com *.static.com *.googleadservices.com *.googletagmanager.com *.googleusercontent.com *.cloudflare.com *.sandbox.paypal.com *.paypalobjects.com *.newrelic.com *.nr-data.net *.csp-reporting-service.com *.trustist.com trustist.blob.core.windows.net *.ggpht.com *.xtento.com g3d-app.com *.timpson-group.co.uk paypal.com *.bing.com *.termly.io *.hotjar.com *.hotjar.io *.dwin1.com *.popupsmart.com *.doubleclick.net *.twitter.com *.twimg.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
; frame-ancestors 'self' 3
font-src use.fontawesome.com https://static.lyra.com/static/ payment.payline.com payment-2.payline.com homologation-payment.payline.com homologation-payment-2.payline.com https://cdnjs.cloudflare.com https://cdn.segment.com https://api.segment.io https://*.hokodo.co www.googleservices.com *.google.com *.gstatic.com *.googleapis.com *.fontawesome.com fonts.googleapis.com fonts.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://connect-v2.fintecture.com https://connect-v2-sbx.fintecture.com *.facebook.com https://secure.lyra.com/vads-payment/ https://api.lyra.com/api-payment/ https://static.lyra.com/static/ 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.youtube.com vars.hotjar.com cdn.krxd.net *.criteo.com *.criteo.net *.googlesyndication.com *.google.com *.avis-verifies.com *.force.com *.facebook.com *.facebook.net secure-gateway.hipay-tpp.com *.hipay.com https://secure.lyra.com/vads-payment/ https://static.lyra.com/static/ payment.payline.com payment-2.payline.com homologation-payment.payline.com homologation-payment-2.payline.com https://*.hokodo.co *.addthis.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.swagger.io https://assets.fintecture.com *.bing.com www.google.fr beacon.krxd.net maps.gstatic.com *.yahoo.com *.advertising.com *.liadm.com *.yieldmo.com *.smaato.net *.rubiconproject.com *.ad-stir.com *.addthis.com *.doubleclick.net *.outbrain.com *.smartadserver.com *.adnxs.com *.casalemedia.com *.360yield.com *.pubmatic.com *.adform.net *.demdex.net *.openx.net *.yieldlab.net *.omnitagjs.com *.taboola.com *.adscale.de *.teads.tv *.media.net *.3lift.com *.bidswitch.net *.criteo.com *.sharethrough.com *.ivitrack.com *.rlcdn.com *.stickyadstv.com *.fwmrm.net *.tribalfusion.com *.e-planning.net ea.coffrefortplus.com *.facebook.com *.postrelease.com *.thebrighttag.com *.bluekai.com *.tapad.com *.mgid.com *.tremorhub.com *.kargo.com *.adsrvr.org *.clmbtech.com *.smartclip.net maps.google.com *.googletagmanager.com openstreetmap.org maps.googleapis.com *.clarity.ms easyshare.group-label.com *.quanta.io *.d-bi.fr *.privacy-center.org https://secure.lyra.com/static/latest/images/type-carte/ https://static.lyra.com/static/ https://secure.lyra.com/vads-payment/ payment.payline.com payment-2.payline.com homologation-payment.payline.com homologation-payment-2.payline.com https://img.youtube.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ bat.bing.com static.zdassets.com ea.coffrefortplus.com t.contentsquare.net *.krxd.net *.hotjar.com az693360.vo.msecnd.net front.activation.beyable.com api.ipify.org secure-gateway.hipay-tpp.com mpsnare.iesnare.com *.hipay.com polyfill.io *.googleapis.com *.cartsguru.io *.criteo.net *.criteo.com *.googlesyndication.com *.addthis.com *.radiateurplus.com *.snapcall.io *.privacy-center.org *.clarity.ms *.quanta.io *.d-bi.fr *.salesforceliveagent.com service.force.com group-label.my.salesforce.com *.googleoptimize.com *.facebook.com *.facebook.net https://api.lyra.com/api-payment/ https://static.lyra.com/static/ payment.payline.com payment-2.payline.com homologation-payment.payline.com homologation-payment-2.payline.com https://cdnjs.cloudflare.com https://cdn.segment.com https://*.hokodo.co s7.addthis.com *.moatads.com *.addthisedge.com *.pinterest.com *.avada.io maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.google.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com use.fontawesome.com *.force.com *.hipay.com https://static.lyra.com/static/ payment.payline.com payment-2.payline.com homologation-payment.payline.com homologation-payment-2.payline.com https://fonts.googleapis.com https://cdnjs.cloudflare.com *.googleapis.com *.fontawesome.com fonts.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com static.zdassets.com data: mpsnare.iesnare.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com bat.bing.com in.hotjar.com ekr.zdassets.com coffrefortplus.zendesk.com wss://widget-mediator.zopim.com geoip.animabri.com *.carts.guru *.hotjar.io *.googlesyndication.com *.doubleclick.net *.zendesk.com *.snapcall.io *.googleadservices.com *.google.fr maps.googleapis.com *.clarity.ms *.axept.io *.force.com *.muscula.com *.caast.tv *.privacy-center.org *.hipay.com wss://mpsnare.iesnare.com https://secure.lyra.com/vads-payment/ https://api.lyra.com/api-payment/ payment.payline.com payment-2.payline.com homologation-payment.payline.com homologation-payment-2.payline.com https://cdn.segment.com https://api.segment.io https://*.hokodo.co ekr.zdassets.com/ *.addthis.com https://get.geojs.io *.avada.io t.elasticsuite.io *.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src https://secure.lyra.com/vads-payment/ https://api.lyra.com/api-payment/ https://static.lyra.com/static/ *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
report-uri /es/Error/ReportCPS; 3
font-src ctiapi.com s3.amazonaws.com *.fontawesome.com fonts.gstatic.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com ctiapi.com *.hestage.com *.ecklers.com *.ecklerscorvette.com *.macsautoparts.com *.rickscamaros.com *.classicchevy.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.sharethis.com *.doubleclick.net *.clarity.ms *.vantivprelive.com *.google.com *.listrak.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.sharethis.com ctiapi.com s3.amazonaws.com youtube.com *.ecklers.com *.gfycat.com *.imgeng.in *.cloudfront.net *.userid.io *.bing.com *.google.com *.clarity.ms *.listrakbi.com *.riskified.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.sharethis.com us-autocomplete-pro.api.smartystreets.com ctiapi.com *.cloudfront.net *.cloudflare.com *.bc0a.com *.online-metrix.net *.vantivprelive.com *.listrak.com *.listrakbi.com *.listrakbi.net *.userid.io *.bing.com *.datasteam.io *.doubleclick.net *.upsellit.com *.clarity.ms *.murdoog.com *.dwin1.com *.needle.com *.cardinalcommerce.com *.ccdc02.com *.braintreegateway.com *.ytimg.com *.gstatic.com *.ctiapi.com *.riskified.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.sharethis.com ctiapi.com *.fontawesome.com *.cloudfront.net *.listrakbi.net *.listrakbi.com *.googleapis.com unsafe-inline *.gstatic.com 'self' 'unsafe-inline'; object-src ctiapi.com s3.amazonaws.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net *.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.sharethis.com us-autocomplete-pro.api.smartystreets.com ctiapi.com *.bc0a.com *.brontops.com *.ecklers.com *.doubleclick.net *.cloudfront.net *.listrak.com *.clarity.ms *.ecklerscorvette.com *.macsautoparts.com *.rickscamaros.com *.classicchevy.com *.demdex.net *.cardinalcommerce.com *.google.com *.google-analytics.com *.paypalobjects.com *.ctiapi.com *.riskified.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com t.elasticsuite.io 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://humanelement.report-uri.com/r/d/csp/enforce; report-to report-endpoint; 3
upgrade-insecure-requests; media-src https: blob:; child-src https: blob:; default-src https: wss: 'unsafe-inline' 'unsafe-eval' data:; font-src https: data:; img-src https: data:; 3
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: https: 3
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.stripe.com *.google.com *.sagepay.com *.klevu.com *.ksearchnet.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.stripe.com *.google.com *.sagepay.com *.nosto.com *.nos.to 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.google.com *.doubleclick.net *.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.stripe.com *.sagepay.com *.nosto.com *.nos.to *.trustpilot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io https://images.unsplash.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.stripe.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.sagepay.com *.nosto.com *.nos.to *.klevu.com *.ksearchnet.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.stripe.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.sagepay.com *.nosto.com *.nos.to www.googletagmanager.com js.klevu.com *.ksearchnet.com s7.addthis.com *.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com unsafe-inline assets.braintreegateway.com *.stripe.com *.google.com downloads.mailchimp.com *.sagepay.com *.nosto.com *.nos.to *.klevu.com *.ksearchnet.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com *.stripe.com *.sagepay.com *.nosto.com *.nos.to *.klevu.com *.ksearchnet.com ekr.zdassets.com/ t.elasticsuite.io 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
font-src *.gstatic.com data: 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com *.klarnacdn.net *.kalogirou.com *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com *.facebook.com www.facebook.com www.youtube.com *.twitter.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com www.google.com *.google.com *.doubleclick.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cookiebot.com www.youtube.com *.klarna.com *.contactpigeon.com *.googlesyndication.com *.skroutz.gr *.twitter.com www.xtento.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com 'self' data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.gstatic.com *.googleapis.com *.google.com *.google.bg www.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com connect.facebook.net graph.facebook.com business.facebook.com www.google.gr *.cookiebot.com *.google-analytics.com maps.gstatic.com *.kalogirou.com *.contactpigeon.com www.youtube.com *.sharethis.com *.klarnacdn.net *.googlesyndication.com *.cloudflare.com *.klarna.com *.googleadservices.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.skroutz.gr www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com www.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com connect.facebook.net graph.facebook.com business.facebook.com *.avada.io 'self' data: *.cookiebot.com *.googleadservices.com stats.g.doubleclick.net googleads.g.doubleclick.net *.contactpigeon.com *.kalogirou.com www.youtube.com *.go-mpulse.net *.sharethis.com *.klarnacdn.net *.klarnaservices.com *.google.gr *.taboola.com *.skroutz.gr *.googlesyndication.com *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.fontawesome.com *.contactpigeon.com *.kalogirou.com www.youtube.com *.klarnacdn.net *.googlesyndication.com *.cloudflare.com *.twitter.com *.twimg.com *.typekit.net *.trustedshops.com *.usercentrics.eu 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.google-analytics.com www.facebook.com *.facebook.net *.google.com connect.facebook.net graph.facebook.com business.facebook.com https://get.geojs.io *.avada.io maps.googleapis.com stats.g.doubleclick.net googleads.g.doubleclick.net *.cookiebot.com *.contactpigeon.com *.kalogirou.com www.youtube.com *.go-mpulse.net *.sharethis.com eu.klarnaevt.com *.klarnacdn.net *.klarnaservices.com *.taboola.com *.akstat.io *.googlesyndication.com *.skroutz.gr *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri *.contactpigeon.com *.googlesyndication.com 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 3
font-src *.googleapis.com *.gstatic.com data: *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://static.addtoany.com/ *.doubleclick.net/ *.addthis.com *.doubleclick.com *.mercadolibre.com *.mercadolivre.com *.mlstatic.com *.mercadopago.com *.mercadopago.com.ar *.mercadopago.cl *.mercadopago.com.co *.mercadopago.com.br *.mercadopago.com.mx *.mercadopago.com.uy *.mercadopago.com.ve *.mercadopago.com.pe 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io camo.githubusercontent.com *.gstatic.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.kosiuko.com/ https://kosiuko.com/ *.afip.gob.ar *.cloudfront.net *.facebook.com *.metricool.com *.google.com.ar *.google.com *.mercadolibre.com *.mercadolivre.com *.mlstatic.com *.mercadopago.com *.mercadopago.com.ar *.mercadopago.cl *.mercadopago.com.co *.mercadopago.com.br *.mercadopago.com.mx *.mercadopago.com.uy *.mercadopago.com.ve *.mercadopago.com.pe data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.addtoany.com *.cloudfront.net *.doubleclick.net *.vimeo.com https://f.vimeocdn.com *.aptrinsic.com *.facebook.net *.facebook.com *.googletagmanager.com track-icommkt.com *.icommarketing.com *.mercadolibre.com *.mercadolivre.com *.mlstatic.com *.mercadopago.com *.mercadopago.com.ar *.mercadopago.cl *.mercadopago.com.co *.mercadopago.com.br *.mercadopago.com.mx *.mercadopago.com.uy *.mercadopago.com.ve *.mercadopago.com.pe 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.doubleclick.net *.vimeo.com https://vimeo.com *.vimeocdn.com https://f.vimeocdn.com *.facebook.net *.facebook.com *.googletagmanager.com track-icommkt.com *.notifications-icommkt.com https://notifications-icommkt.com *.mercadolibre.com *.mercadolivre.com *.mlstatic.com *.mercadopago.com *.mercadopago.com.ar *.mercadopago.cl *.mercadopago.com.co *.mercadopago.com.br *.mercadopago.com.mx *.mercadopago.com.uy *.mercadopago.com.ve *.mercadopago.com.pe 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.aptrinsic.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: cdn.cookielaw.org js-agent.newrelic.com *.onetrust.com impressions.onelink.me netdna.bootstrapcdn.com cdnjs.cloudflare.com *.facebook.com static.addtoany.com media.dtc-icp.io get.geojs.io www.google-analytics.com bam.nr-data.net cdn.jsdelivr.net static.zdassets.com cdn.appsflyer.com creatives-cdn.appsflyer.com *.facebook.net www.googletagmanager.com ekr.zdassets.com banner.appsflyer.com *.zendesk.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 3
font-src *.googleapis.com *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com maxcdn.bootstrapcdn.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.google.com *.google.com/ *.doubleclick.net *.facebook.com *.multisafepay.com https://pay.google.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com https://www.magezon.com *.multisafepay.com maps.googleapis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com/ *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.multisafepay.com https://pay.google.com ajax.googleapis.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.fontawesome.com maxcdn.bootstrapcdn.com *.multisafepay.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com *.google-analytics.com *.facebook.com *.facebook.net *.multisafepay.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
default-src https: data: blob: ; object-src https: data: 'unsafe-inline'; style-src https: data: 'unsafe-inline' ; script-src https: data: 'unsafe-inline' 'unsafe-eval' 3
default-src  'self' data: *.pinimg.com *.postaffiliatepro.com partneri.affilmax.cz *.doubleclick.net *.facebook.net *.google-analytics.com *.biano.cz *.dognet.sk *.googlesyndication.com *.imedia.cz *.googletagmanager.com *.googleadservices.com ;font-src  'self' data: fonts.gstatic.com *.zbozi.cz *.biano.cz *.biano.sk *.biano.hu ;connect-src  'self' *.google.com *.google.hu *.google.ae *.google.co.uk *.google.cz *.google.sk *.google.de *.google.at *.google.fr *.google.it *.google.sk *.google.pl *.google.nl *.google.ie *.google.com.ua *.googleapis.com *.google-analytics.com *.googletagmanager.com *.zbozi.cz *.exchangeratesapi.io *.pingdom.net *.biano.cz *.biano.sk *.biano.hu *.bianopixel.com *.dognet.sk *.foxentry.cz *.seznam.cz *.facebook.com *.pinterest.com *.doubleclick.net https://*.clarity.ms partner-events.favi.cz partner-events.favi.sk partner-events.favi.hu t.targito.signal-nabytek.cz t.targito.sg-nabytek.cz t.targito.signal-nabytok.sk t.targito.sg-nabytok.sk t.targito.butor-signal.hu t.targito.sg-butor.hu *.clickcease.com *.targito.com *.googlesyndication.com https://saas.bianoapi.com bat.bing.com live.luigisbox.com api.luigisbox.com  https://*.api.rvndev.com https://*.api.raventic.ai https://*.api.raventic.dev https://api.raventic.dev ;script-src  'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.google.cz *.seznam.cz *.googleapis.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.imedia.cz *.facebook.net *.doubleclick.net *.rival.cz *.fg.cz *.3dliving.cz *.imedia.cz *.zbozi.cz *.exchangeratesapi.io *.facebook.com *.pingdom.net *.biano.cz *.biano.sk *.biano.hu *.bianopixel.com *.dognet.sk *.foxentry.cz *.googlesyndication.com *.pinimg.com *.pinterest.com partneri.affilmax.cz *.postaffiliatepro.com www.heureka.cz im9.cz cz.img9.cz *.glami.cz *.licdn.com *.linkedin.com tracking.srovname.cz https://*.clarity.ms partner-events.favicdn.net cdn.targito.signal-nabytek.cz cdn.targito.sg-nabytek.cz cdn.targito.signal-nabytok.sk cdn.targito.sg-nabytok.sk cdn.targito.butor-signal.hu cdn.targito.sg-butor.hu *.clickcease.com cdn.targito.com https://saas.bianoapi.com bat.bing.com scripts.luigisbox.com cdn.luigisbox.com https://sdk.cdn.rvndev.com https://sdk.rvndn.com ;form-action  'self' *.facebook.com *.facebook.net *.pinterest.com ;frame-src  'self' *.youtube.com *.iplatba.cz *.facebook.com *.imedia.cz *.zbozi.cz *.essox.cz *.foxentry.cz *.doubleclick.net *.googletagmanager.com *.google.com *.heureka.cz *.pinterest.com *.googlesyndication.com login.szn.cz ;worker-src  'self' *.youtube.com *.iplatba.cz *.facebook.com *.imedia.cz *.zbozi.cz *.essox.cz *.foxentry.cz *.doubleclick.net *.googletagmanager.com *.google.com *.heureka.cz *.pinterest.com *.googlesyndication.com login.szn.cz ;frame-ancestors  'self' ;img-src  'self' data: blob: *.gstatic.com *.googleapis.com *.googlecode.com *.googletagmanager.com *.google-analytics.com *.seznam.cz *.doubleclick.net *.google.com *.google.hu *.google.ae *.google.co.uk *.google.cz *.google.sk *.google.de *.google.at *.google.fr *.google.it *.google.sk *.google.pl *.google.nl *.google.ie *.google.com.ua *.imedia.cz *.facebook.com *.facebook.net *.fg.cz *.3dliving.cz *.signal-nabytek.cz *.sg-nabytek.cz *.signal-nabytok.sk *.sg-nabytok.sk *.rival.cz *.vykupto.cz *.signal.pl *.zbozi.cz *.exchangeratesapi.io *.dognet.sk *.foxentry.cz *.pinimg.com *.pinterest.com *.biano.cz *.biano.sk *.biano.hu *.heureka.cz *.heureka.sk im9.cz *.glami.cz *.googleadservices.com https://*.clarity.ms bat.bing.com *.favionline.com *.bing.com cdn.targito.com https://i.cdn.rvndev.com https://i.rvndn.com ;style-src  'self' 'unsafe-inline' fonts.googleapis.com *.seznam.cz *.google.com *.gstatic.com *.fg.cz *.3dliving.cz *.signal-nabytek.cz *.sg-nabytek.cz *.signal-nabytok.sk *.sg-nabytok.sk *.sg-butor.hu *.zbozi.cz *.exchangeratesapi.io *.foxentry.cz cdn.targito.com https://saas.bianoapi.com cdn.luigisbox.com https://sdk.cdn.rvndev.com https://sdk.rvndn.com ;object-src  'self' ; report-uri /frontendreport/report/ 3
font-src fonts.gstatic.com use.typekit.net *.gstatic.com *.typekit.net *.cloudflare.com *.twitter.com *.googleapis.com *.fontawesome.com *.bootstrapcdn.com *.aaw.com *.upgrade.dev.aaw.com *.aawweb.com *.upgrade.stg.aaw.com data: checkout.tabby.ai widgets.tabby.ai cdn.tabby.ai fonts.googleapis.com storage.googleapis.com maxcdn.bootstrapcdn.com *.tamara.co 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com *.twitter.com *.snapchat.com *.aaw.com *.upgrade.dev.aaw.com *.aawweb.com *.upgrade.stg.aaw.com *.facebook.com https://plumrocket.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; frame-ancestors ; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.twitter.com *.google.com *.addthis.com *.snapchat.com *.aaw.com *.upgrade.dev.aaw.com *.aawweb.com *.upgrade.stg.aaw.com https://vars.hotjar.com https://bid.g.doubleclick.net https://10424566.fls.doubleclick.net *.weltpixel.com checkout.tabby.ai https://plumrocket.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.tamara.co 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com p.typekit.net *.vimeocdn.com s.ytimg.com *.cloudflare.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.myfatoorah.com *.aaw.com *.upgrade.dev.aaw.com *.aawweb.com *.adobedtm.com *.sc.omtrdc.net *.demdex.net *.everesttech.net *.magentocommerce.com *.typekit.net *.googleapis.com *.gstatic.com *.facebook.net *.facebook.com *.s3.amazonaws.com *.mailchimp.com *.braintreegateway.com *.cdninstagram.com *.fbcdn.net https://tr.snapchat.com/ https://www.google.com https://www.google.com.kw https://t.co checkout.tabby.ai widgets.tabby.ai cdn.tabby.ai fonts.googleapis.com storage.googleapis.com maps.googleapis.com maps.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.tamara.co 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net unpkg.com commerce.adobedtm.com www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net magento-recs-sdk.adobe.net s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com *.sprinklr.com *.cloudflare.com *.twitter.com getfirebug.com *.google-analytics.com googletagmanager.com www.google.com *.gstatic.com *.trustedshops.com *.fontawesome.com *.addthis.com s7.addthis.com m.addthis.com z.moatads.com *.addthisedge.com apis.google.com graph.facebook.com widgets.pinterest.com sc-static.net *.aaw.com *.upgrade.dev.aaw.com *.aawweb.com *.upgrade.stg.aaw.com *.adobedtm.com *.authorize.net *.braintreegateway.com *.paypal.com *.sc.omtrdc.net *.adobe.net *.typekit.net *.ytimg.com *.google.com *.facebook.com *.pinterest.com *.googleapis.com facebook.com *.facebook.net chimpstatic.com *.mailchimp.com *.list-manage.com *.avada.io *.sandbox.braintreegateway.com *.instagram.com *.tiktok.com https://static.hotjar.com https://aawintersport.api.useinsider.com https://cdn.scarabresearch.com https://script.hotjar.com https://googleads.g.doubleclick.net https://static.ads-twitter.com checkout.tabby.ai widgets.tabby.ai cdn.segment.com connect.facebook.net cdn.sift.com score.jcsc.online seondf.com deviceinf.com getdeviceinf.com https://www.googletagmanager.com tagmanager.google.com analytics.google.com ajax.googleapis.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com www.apptrian.com www.facebook.com downloads.mailchimp.com *.tamara.co https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com getfirebug.com *.cloudflare.com *.googleapis.com *.google.com *.bootstrapcdn.com *.twitter.com *.gstatic.com *.typekit.net *.fontawesome.com *.aawweb.com *.mailchimp.com *.aaw.com *.upgrade.dev.aaw.com *.upgrade.stg.aaw.com https://cdn.jsdelivr.net tagmanager.google.com downloads.mailchimp.com maxcdn.bootstrapcdn.com *.tamara.co 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src https://media.crocs.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.tamara.co 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net api.magento.com commerce.adobe.io commerce.adobedtm.com commerce.adobedc.net www.sandbox.paypal.com *.adobe.io performance.typekit.net commerce.adobe.net qa-api.magedevteam.com *.cloudflare.com *.twitter.com *.paypal.com *.snapchat.com *.aaw.com *.demdex.net *.sc.omtrdc.net *.magento.com *.adobedtm.com *.adobedc.net *.typekit.net *.adobe.net *.magedevteam.com *.upgrade.dev.aaw.com *.aawweb.com *.upgrade.stg.aaw.com facebook.com *.facebook.net *.facebook.com *.braintreegateway.com *.sandbox.braintreegateway.com *.braintree-api.com *.instagram.com *.googleusercontent.com *.tiktok.com *.googleapis.com https://api.exchangeratesapi.io https://stats.g.doubleclick.net https://recommender.scarabresearch.com https://in.hotjar.com https://vc.hotjar.io checkout.tabby.ai widgets.tabby.ai cdn.segment.com api.segment.com api.segment.io api.amplitude.com *.seondfresolver.com *.deviceinfresolver.com *.getdeviceinfresolver.com *.google-analytics.com analytics.google.com www.apptrian.com www.facebook.com connect.facebook.net graph.facebook.com https://get.geojs.io *.avada.io *.tamara.co https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.paypal.com *.aaw.com *.upgrade.dev.aaw.com *.aawweb.com *.upgrade.stg.aaw.com *.seondnsresolve.com *.tamara.co 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.sharethis.com *.rawgit.com *.jquery.com *.facebook.net *.cookiebot.com *.g.doubleclick.net *.fontawesome.com *.googleapis.com *.linkedin.com *.hotjar.com wasm-eval *.google-analytics.com *.googleoptimize.com *.googletagmanager.com *.gstatic.com; script-src-elem 'self' 'unsafe-inline' *.googleapis.com *.google.com *.sharethis.com *.rawgit.com *.cloudflare.com *.jquery.com *.facebook.net *.cookiebot.com *.g.doubleclick.net *.fontawesome.com *.bootstrapcdn.com *.wisoyekivo.com *.linkedin.com *.vimeo.com *.skedify.io *.plugin.skedify.io *.hotjar.com *.google-analytics.com *.googleoptimize.com *.googletagmanager.com *.gstatic.com *.pagespeed-mod.com; script-src-attr 'unsafe-inline'; style-src 'self' 'unsafe-inline' *.googleapis.com *.fontawesome.com *.sharethis.com *.gstatic.com *.pvgroup.be; style-src-elem 'self' 'unsafe-inline' *.jquery.com *.googleapis.com *.bootstrapcdn.com *.skedify.io pv.skedify.show *.fontawesome.com *.sharethis.com *.gstatic.com *.pvgroup.be; style-src-attr 'unsafe-inline'; img-src 'self' data: *.google.com *.skedify.io *.vimeocdn.com *.ytimg.com *.sharethis.com *.googleapis.com *.gstatic.com *.sharethis.com *.google-analytics.com *.hotjar.com *.gstatic.com *.sharethis.com *.google.com *.sharethis.com *.facebook.com *.google-analytics.com *.google.at *.google.be *.google.ch *.google.co.uk *.google.co.za *.google.com *.google.com.ng *.google.de *.google.es *.google.fi *.google.fr *.google.ie *.google.it *.google.lu *.google.nl *.google.pt *.google.se *.googletagmanager.com *.gstatic.com *.ondernemersbelang.nl *.pv.be *.pvgroep.coop *.pvgroup.be *.reprintsdesk.com *.researchsolutions.com *.verfvanniveau.nl *.google.co.in; font-src 'self' data: *.alicdn.com *.gstatic.com github.com *.fontawesome.com *.bootstrapcdn.com *.hotjar.com; connect-src 'self' *.doubleclick.net *.google.com *.eu1.kaskocloud.com *.skedify.io *.crwdcntrl.net *.cookiebot.com *.withgoogle.com *.stbuttons.click data: *.hotjar.com *.fontawesome.com *.sharethis.com *.google.com *.googleapis.com *.ingest.sentry.io *.googlesyndication.com properties *.google-analytics.com *.g.doubleclick.net *.hotjar.io *.facebook.com; media-src 'self'; child-src *.fls.doubleclick.net *.google.com *.esignlive.eu *.cookiebot.com *.sharethis.com *.facebook.com *.linkedin.com *.youtube-nocookie.com *.youtube.com; frame-src 'self' *.fls.doubleclick.net *.google.com *.esignlive.eu blob: *.cookiebot.com *.ebconnect.be *.zscaler.net *.zscalertwo.net *.vimeo.com *.plugin.skedify.io *.sharethis.com properties *.facebook.com *.sharethis.com *.facebook.com *.google.com *.linkedin.com *.sofiskonline.be *.youtube-nocookie.com *.youtube.com; frame-ancestors 'self'; form-action 'self' *.sips-services.com *.salesforce.com *.facebook.com; manifest-src 'self'; object-src 'none'; report-uri https://pvgroup.report-uri.com/r/d/csp/wizard 3
frame-src www.cyclescheme.co.uk *.greencommuteinitiative.uk *.trustpilot.com *.instagram.com *.facebook.com *.google.co.uk *.google.com *.youtube-nocookie.com *.strava.com *.paymentsense.cloud *.dojo.tech *.googletagmanager.com; connect-src 'self'  *.fontawesome.com  *.google.com *.trustpilot.com *.visitors.live *.nr-data.net *.appspot-preview.com *.luckyorange.net *.luckyorange.com maps.googleapis.com api.getaddress.io stats.g.doubleclick.net www.google-analytics.com l.sharethis.com *.paymentsense.cloud *.dojo.tech *.google.com *.googleapis.com *.googletagmanager.com *.google-analytics.com www.cyclescheme.co.uk *.greencommuteinitiative.uk www.google.com; default-src 'self' *.googleapis.com *.trustpilot.com; script-src 'self' 'unsafe-inline' *.typekit.net kit.fontawesome.com cdn.jsdelivr.net *.trustpilot.com *.cloudflare.com *.addthis.com *.instagram.com *.facebook.net *.cloudfront.net *.luckyorange.com *.googleadservices.com *.doubleclick.net *.newrelic.com *.nr-data.net  maps.googleapis.com cdnjs.cloudflare.com *.getaddress.io getaddress.io *.sharethis.com www.gstatic.com www.google.com *.paymentsense.cloud *.dojo.tech *.google.com *.googletagmanager.com *.online-metrix.net code.jquery.com *.google-analytics.com;  img-src 'self' 'unsafe-inline' data: https: 0.gravatar.com l.sharethis.com www.googletagmanager.com www.google-analytics.com; font-src 'self' *.typekit.net *.fontawesome.com *.cloudflare.com fonts.gstatic.com; style-src 'self' 'unsafe-inline' *.typekit.net cdnjs.cloudflare.com fonts.googleapis.com; frame-ancestors 'self'; form-action 'self' *.facebook.com www.paypal.com mdepayments.epdq.co.uk gateway.cardstream.com test.sagepay.com live.sagepay.com secure.worldpay.com eu-library.klarnaservices.com; 3
font-src *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.retailrocket.net landofcoder.com *.mercadolibre.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com www.apptrian.com www.facebook.com *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.mercadolivre.com *.facebook.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com www.googletagmanager.com www.apptrian.com www.facebook.com connect.facebook.net graph.facebook.com *.retailrocket.net landofcoder.com *.googleapis.com *.google.com *.gstatic.com *.avada.io *.mlstatic.com *.mercadopago.com *.googletagmanager.com *.googleadservices.com *.google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.retailrocket.net *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src *.retailrocket.net landofcoder.com 'self' 'unsafe-inline'; media-src www.apptrian.com www.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.apptrian.com connect.facebook.net graph.facebook.com *.retailrocket.net landofcoder.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io *.mercadopago.com *.mercadolibre.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/android 2
default-src 'self' https://*.mixpanel.com https://cdn.mxpnl.com https://cdn-dev.mxpnl.com https://mixpanel.com https://*.mixpanel.com; script-src 'self' 'unsafe-inline' https://*.trychameleon.com https://*.hotjar.com https://cdn.mxpnl.com https://cdn-dev.mxpnl.com https://cdn.rollbar.com https://js.stripe.com https://www.youtube.com/embed/ https://connect.facebook.net https://apis.google.com https://accounts.google.com 'unsafe-eval' https://*.6sc.co https://static.addtoany.com https://*.adroll.com https://*.bing.com https://cdn.bizible.com https://*.clarity.ms https://cdnjs.cloudflare.com d2wy8f7a9ursnm.cloudfront.net https://*.doubleclick.net https://www.dwin1.com https://*.google.com https://*.google-analytics.com https://*.googlesyndication.com https://www.googletagmanager.com https://*.gstatic.com https://*.g2crowd.com https://snap.licdn.com https://*.marketo.com https://*.marketo.net https://mixpanel.com https://*.mixpanel.com https://*.recaptcha.net https://www.redditstatic.com/ads/ https://*.singular.net https://*.ads-twitter.com https://*.youtube.com https://*.zoominfo.com; connect-src 'self' https://*.trychameleon.com https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://*.mixpanel.com https://cdn.mxpnl.com https://cdn-dev.mxpnl.com https://api.rollbar.com https://api.sprig.com https://storage.googleapis.com https://*.facebook.com https://*.6sc.co https://*.adnxs.com https://*.bing.com https://*.bugsnag.com https://*.clarity.ms https://*.doubleclick.net https://*.google.com https://*.google-analytics.com https://*.googlesyndication.com https://*.linkedin.com https://mixpanel.com https://*.mixpanel.com https://*.mktoresp.com https://cdn.linkedin.oribi.io https://*.singular.net https://*.zoominfo.com; img-src 'self' data: https://*.chmln-cdn.com https://cdn.mxpnl.com https://cdn-dev.mxpnl.com https://*.facebook.com https://*.gravatar.com https://*.wp.com https://*.3lift.com https://*.33across.com https://*.6sc.co https://*.adnxs.com https://*.adroll.com https://*.bidswitch.net https://*.bing.com https://cdn.bizible.com https://cdn.bizibly.com https://*.casalemedia.com https://*.clarity.ms https://*.crwdcntrl.net https://*.doubleclick.net https://*.exelator.com https://*.google.com https://*.google-analytics.com https://*.googlesyndication.com https://www.googletagmanager.com https://*.imrworldwide.com https://*.linkedin.com https://mixpanel.com https://*.mixpanel.com https://*.openx.net https://sync.outbrain.com https://*.pubmatic.com https://*.reddit.com https://idsync.rlcdn.com https://pixel.rubiconproject.com https://pixel.sitescout.com/ https://sync.taboola.com https://*.turn.com/ https://t.co/ https://analytics.twitter.com https://beacon.walmart.com https://*.wpengine.com https://*.analytics.yahoo.com; style-src 'self' 'unsafe-inline' https://cdn.mxpnl.com https://cdn-dev.mxpnl.com https://*.google.com https://*.marketo.com https://mixpanel.com https://*.mixpanel.com https://hello.myfonts.net; font-src 'self' data: https://cdn.mxpnl.com https://cdn-dev.mxpnl.com https://mixpanel.com https://*.mixpanel.com; frame-src 'self' https://js.stripe.com https://www.loom.com/embed/ https://player.vimeo.com/video/ https://www.youtube.com/embed/ https://*.facebook.com https://accounts.google.com https://static.addtoany.com https://*.bing.com https://*.doubleclick.net https://*.google.com https://*.marketo.com https://mixpanel.com https://*.mixpanel.com https://*.recaptcha.net; 2
default-src https: wss: chrome-extension: 'unsafe-inline' 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net *.messenger.com 'unsafe-eval';style-src data: blob: 'unsafe-inline' *.facebook.com *.fbcdn.net *.messenger.com;connect-src http://localhost:3103 *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' *.messenger.com wss://*.messenger.com www.messenger.com www.google-analytics.com wss://*.messenger.com:*;font-src *.messenger.com *.facebook.com https://*.fbcdn.net data: *.gstatic.com;img-src *.fbcdn.net https://*.facebook.com cdninstagram.com *.cdninstagram.com *.tenor.co *.tenor.com *.giphy.com data: *.fbsbx.com *.messenger.com messenger.com blob: android-webview-video-poster: *.xx.fbcdn.net https://messenger.com *.oculuscdn.com;media-src *.messenger.com *.facebook.com https://*.fbcdn.net data: *.fbsbx.com *.fbcdn.net *.cdninstagram.com https://*.giphy.com blob:;frame-src *.messenger.com *.facebook.com https://*.fbcdn.net data: *.fbsbx.com *.fbcdn.net *.cdninstagram.com blob: *.doubleclick.net;worker-src *.messenger.com/static_resources/webworker_v1/init_script/ *.messenger.com/static_resources/webworker/init_script/ *.messenger.com/static_resources/sharedworker/init_script/ *.messenger.com/static_resources/webworker/map_libre/ *.messenger.com/static_resources/webworker/map_libre_rtl/ *.messenger.com/sw/ *.messenger.com/sw;block-all-mixed-content;report-uri https://www.facebook.com/csp/reporting/?minimize=0; 2
block-all-mixed-content; report-uri https://events.ocdn.eu/v2/csp-report?_ac=events&_fv=www.onet.pl::APROD_3_7_0 2
default-src data: 'self' blob: 'unsafe-inline' 'unsafe-eval' *.nesine.com wss://*.nesine.com *.google.com *.google.com.tr *.googletagmanager.com *.google-analytics.com *.support.google.com *.doubleclick.net *.googleadservices.com *.microsoft.com *.apple.com *.facebook.com *.facebook.net *.betsolutions.com *.ertgaming.com *.yahoo.com *.criteo.net *.criteo-sync.teads.tv *.criteo.com *.ligatus.com *.newrelic.com *.twitter.com *.instagram.com *.youtube.com *.ytimg.com *.aboutcookies.org *.mobilproses.com *.omnitagjs.com *.outbrain.com *.nr-data.net *.bidswitch.net *.sportradar.com *.akamaized.net *.performfeeds.com *.betradar.com *.dge.imggaming.com tjktv.ercdn.net *.tjk.org *.broadage.com *.pubmatic.com *.mediavine.com *.demdex.net *.krxd.net *.thebrighttag.com *.tremorhub.com *.adnxs.com *.casalemedia.com *.360yield.com *.media.net *.rubiconproject.com *.sharethrough.com *.smartadserver.com *.taboola.com *.teads.tv *.3lift.com *.emxdgt.com *.adform.net *.sync.com *.ivitrack.com *.yieldmo.com *.criteo.com *.yieldlab.net *.imgarena.com *.liderform.com.tr *.googleapis.com *.googlevideo.com *.gstatic.com *.azureedge.net *.semasio.net *.7platform.net *.7platform.com *.7platform.live *.nsoft-cdn.com *.1rx.io *.adsrvr.org aa.agkn.com *.postrelease.com *.revcontent.com *.rqtrk.eu *.bing.com *.smaato.net *.narrative.io *.socdm.com *.mediawallahscript.com *.liadm.com *.stickyadstv.com *.linkedin.com *.rlcdn.com *.dable.io *.adingo.jp *.twiago.com *.bluekai.com *.crwdcntrl.net *.hs.llnwd.net *.ucweb.com; img-src * data:; report-uri /csp/cspreport/ 2
default-src https: 'unsafe-inline' 'unsafe-eval' 'self' data:; img-src 'self' *.eff.org data:; connect-src https: 'unsafe-inline' 'unsafe-eval' 'self' data: https://sentry.eff.org/api/2/store/; report-uri https://sentry.eff.org/api/2/security/?sentry_key=f1118ad37b5e4afbabe3487ca42fe73e 2
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/waze-wfe; 2
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.rollingstone.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 2
default-src 'none'; script-src icq.com c.icq.com cicq.org 1l-hit.mail.ru www.google-analytics.com buddyicon.foto.mail.ru www.googletagmanager.com top-fwz1.mail.ru 'sha256-DKOsdd00IXAHc7qK64HiC18YrB2K4SfiH8Sl6A9aFyg=' 'sha256-u4WiMVZhYDdCrFwB8Zn3gLba1EI3pqIlFYWFZfXJl2I=' 'sha256-ynzJCJTMBeZF6kbmzoI2rC+vDRozRAHxsPfAruxve88=' 'sha256-j51JRkq0bwz97Hd/1wJQsIy6/aX9cz16Xyp+M8FshTA=' 'self'; style-src c.icq.com icq.com cicq.org 'self' 'unsafe-inline'; img-src data: icq.com c.icq.com cicq.org api.icq.net www.google-analytics.com buddyicon.foto.mail.ru files.icq.com files.imgsmail.ru u.icq.net u.myteam.vmailru.net ub.icq.net ub.myteam.vmailru.net swa.icq.com stats.g.doubleclick.net 'self'; media-src data: icq.com c.icq.com cicq.org api.icq.net www.google-analytics.com files.icq.com api.icq.net files.imgsmail.ru u.icq.net u.myteam.vmailru.net ub.icq.net ub.myteam.vmailru.net 'self'; font-src icq.com c.icq.com cicq.org 'self'; connect-src privacy.icq.com icq.com top-fwz1.mail.ru 'self'; report-uri /system/error 2
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://rbmeuulvihtwm2eltjhwimi2.httpschecker.net/report 2
frame-ancestors 'none'; report-uri https://dnsimple.report-uri.com/r/d/csp/wizard 2
default-src 'self' *.wp.com;	img-src data: https:;	script-src 'unsafe-inline' 'unsafe-eval' blob: https:;	style-src 'unsafe-inline' https:;	font-src data: https:;	media-src blob: https:;	frame-src https:;	object-src 'none';	connect-src https:; 2
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.billboard.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 2
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://deadline.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 2
frame-ancestors https://poshmark.com https://external.poshmark.com https://poshmark.lightning.force.com; report-uri https://poshmark.report-uri.com/r/t/csp/reportOnly 2
default-src 'self' data: blob: https://067-umd-991.mktoresp.com https://analytics.twitter.com https://bam.nr-data.net https://bi-beta.pst.tech https://bi.pst.tech https://blog.postman.com https://cdn.cookielaw.org https://cdn.jsdelivr.net https://cdn.polyfill.io https://dl.pstmn.io https://fast.wistia.net https://fonts.googleapis.com https://fonts.gstatic.com https://geolocation.onetrust.com https://in.hotjar.com https://www.google.com https://www.google-analytics.com https://www.googvaragmanager.com https://js-agent.newrelic.com https://ms1frkqnsp7r.statuspage.io https://munchkin.marketo.net https://pages.getpostman.com https://privacyportal.onetrust.com https://public.slidesharecdn.com https://px.ads.linkedin.com https://script.hotjar.com https://skills-assets.pstmn.io https://www.slideshare.net https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://stats.g.doubleclick.net https://t.co https://vars.hotjar.com https://www.youtube.com https://p.adsymptotic.com https://assets.getpostman.com https://www.linkedin.com https://pixel.mathtag.com https://js.driftt.com https://www.googleleadservices.com https://google.g.doubleclick.net https://web.postman.com https://manifest.webmanifest https://www.googleadservices.com https://googleads.g.doubleclick.net https://px4.ads.linkedin.com https://i.ytimg.com https://api.mapbox.com https://events.mapbox.com https://identity.getpostman-beta.com https://identity.getpostman.com https://www.youtube-nocookie.com https://run.pstmn.io https://t7vhfmsv15.execute-api.us-east-1.amazonaws.com https://player.twitch.tv https://conversation.api.drift.com https://st-ar.cdn.postman.com https://vc.hotjar.io https://ws9.hotjar.com wss://ws9.hotjar.com https://821881030.privacysandbox.googleadservices.com/ https://bifrost-https-v4.gw.postman.com https://voyager.postman.com https://res.cloudinary.com https://app.launchdarkly.com https://events.launchdarkly.com https://api.amplitude.com https://clientstream.launchdarkly.com wss://ws1.hotjar.com https://worldtimeapi.org https://www.postman.com https://static.cloudflareinsights.com https://api.channel99.com https://events.gw.postman.com https://lp.postman.com https://067-umd-991.mktoutil.com https://api.c99.ai/api/v1/fire https://www.googletagmanager.com https://api.teknkl.com https://youtube.googleapis.com https://www.gstatic.com https://pixel.mathtag.com https://accounts.google.com https://api.prod.zuddl.com https://static.zuddl.com https://api.prod.zuddlevents.com https://static.zuddlevents.com https://api.zuddlevents.com https://app.zuddlevents.com https://c9u7a2tij9.execute-api.us-east-1.amazonaws.com https://analytics.google.com/ 'unsafe-inline' 'unsafe-eval'; form-action 'self'; base-uri 'self'; 2
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: cdn.honey.io p.typekit.net www.google.com 77497.global.siteimproveanalytics.io static.dialogflow.com public.govdelivery.com img.youtube.com fonts.google.com nj.gov *.arcgis.com www.njsp.org www.googletagmanager.com *.state.nj.us docs.google.com *.googleadservices.com *.doubleclick.net www.rnengage.com oss.maxcdn.com cdnjs.cloudflare.com placeimg.com imgssl.constantcontact.com siteimproveanalytics.com use.fontawesome.com content.govdelivery.com *.youtube-nocookie.com *.facebook.net server.arcgisonline.com cse.google.com *.googleapis.com *.nj.gov *.googlesyndication.com dialogflow.cloud.google.com adservice.google.com 1468.global.siteimproveanalytics.io use.typekit.net sp.analytics.yahoo.com analytics.google.com static.zip.co stackpath.bootstrapcdn.com region1.analytics.google.com cognito-identity.us-east-1.amazonaws.com cdn.jsdelivr.net *.adsrvr.org sc-static.net *.addthis.com *.facebook.com www.youtube.com *.cloudfront.net kit.fontawesome.com unpkg.com *.custhelp.com *.gstatic.com bcp.crwdcntrl.net region1.google-analytics.com www.google-analytics.com maxcdn.bootstrapcdn.com code.jquery.com public.tableau.com *.twitter.com *.ads-twitter.com sdk.amazonaws.com s.yimg.com www.njdcj.org www.njlottery.com t.co i.ytimg.com 77604.global.siteimproveanalytics.io bcvippi02.rightnowtech.com data.stbuttons.click translate.google.com 6291948.global.r2.siteimproveanalytics.io *.adsensecustomsearchads.com njdoc.gov clients1.google.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 2
media-src blob: https:; worker-src blob: https:; font-src chrome-extension: data: https:; img-src data: blob: about: https: http://track.adform.net; default-src https: blob: data: ms-appx-web: wss: 'unsafe-inline' 'unsafe-eval'; report-uri https://handelsblatt.report-uri.com/r/d/csp/reportOnly 2
connect-src *; frame-src *; img-src https: data: blob: about: safari-extension: safari-resource: chrome-extension:; worker-src blob: https: 'unsafe-eval' 'unsafe-inline'; script-src https: 'unsafe-eval' 'unsafe-inline'; report-uri https://portfolio.adobe.com/api/v1/errors/csp 2
default-src 'unsafe-eval' 'unsafe-inline' 'self' http: https: data: wss: blob: chrome-extension ; report-uri /cgi-bin/csp-reports.cgi 2
default-src 'self' https://api.mixpanel.com; script-src 'self' 'unsafe-eval' 'nonce-vw/M1EJtfJm4SIes+W5PaCZGFTwAGtQUq/fcbk8QS9ZWpPve9CW6MVbxhTZeopQWzWf9HgCW2H9DE5IQs2sQjQ==' https://*.facebook.net https://www.facebook.com https://snap.licdn.com https://connect.liblynx.com https://sandbox.liblynx.com https://www.google-analytics.com https://optimize.google.com https://ssl.google-analytics.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com https://cdn.mxpnl.com https://cdn4.mxpnl.com https://api.mixpanel.com https://www.googletagmanager.com https://kit.fontawesome.com https://use.fontawesome.com https://pro.fontawesome.com https://scholar.google.com https://api.altmetric.com https://d1bxh8uas1mnw7.cloudfront.net https://js.trendmd.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; img-src 'self' https://ssl.google-analytics.com https://www.google-analytics.com https://optimize.google.com https://www.googletagmanager.com https://connect.liblynx.com https://sandbox.liblynx.com https://stats.g.doubleclick.net https://cdn.mxpnl.com https://images.mxpnl.com https://badges.altmetric.com https://d1uo4w7k31k5mn.cloudfront.net https://www.facebook.com https://px.ads.linkedin.com https://www.linkedin.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io data:; connect-src 'self' https://shop.emerald.com/ https://www.facebook.com https://www.google-analytics.com https://api.mixpanel.com/ https://scholar.google.com https://*.trendmd.com https://cc.trendmd.co https://ka-p.fontawesome.com https://kit.fontawesome.com https://stats.g.doubleclick.net http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; style-src 'self' 'nonce-vw/M1EJtfJm4SIes+W5PaCZGFTwAGtQUq/fcbk8QS9ZWpPve9CW6MVbxhTZeopQWzWf9HgCW2H9DE5IQs2sQjQ==' https://optimize.google.com https://fonts.googleapis.com https://use.fontawesome.com https://pro.fontawesome.com https://ka-p.fontawesome.com https://d1bxh8uas1mnw7.cloudfront.net https://trendmd.s3.amazonaws.com https://css.trendmd.com; font-src 'self' https://themes.googleusercontent.com https://fonts.gstatic.com https://use.fontawesome.com https://pro.fontawesome.com https://ka-p.fontawesome.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; frame-src 'self' https://www.googletagmanager.com https://optimize.google.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; object-src 'self' 2
frame-ancestors 'self'; report-uri https://www.theaustralian.com.au/csp-reports 2
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/about_google 2
script-src 'self' cdn.jsdelivr.net; script-src-attr 'self'; style-src 'self' cdn.jsdelivr.net fonts.googleapis.com; style-src-attr 'self'; frame-ancestors 'self'; report-uri https://nrdc.report-uri.com/r/d/csp/wizard 2
block-all-mixed-content; frame-ancestors 'none'; report-uri /global-cgi-bin/csp-report 2
default-src *; connect-src 'self' *.google.com www.google-analytics.com stats.g.doubleclick.net *.gigabyte.com.tw; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: www.googletagmanager.com www.googleadservices.com www.google-analytics.com *.google.com *.googleapis.com *.youtube.com *.facebook.com connect.facebook.net api.map.baidu.com cdn.jsdelivr.net cdnjs.cloudflare.com kxlogo.knet.cn *.doubleclick.net snap.licdn.com d.line-scdn.net *.hotjar.com *.go-mpulse.net *.gigabyte.com *.gigabyte.com.tw; style-src 'self' 'unsafe-inline' *.googleapis.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com code.jquery.com *.fontawesome.com *.gigabyte.com *.gigabyte.com.tw; img-src 'self' data: https: blob: http://faq.gigabyte.com; font-src 'self' fonts.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com *.gigabyte.com *.gigabyte.com.tw data:; frame-src 'self' 'unsafe-eval' 'unsafe-inline' *.youtube.com http://www.youtube.com *.facebook.com *.doubleclick.net *.hotjar.com *.gigabyte.com *.gigabyte.com.tw;  2
default-src 'self' 'unsafe-eval' 'unsafe-inline' https: blob:;style-src https: 'unsafe-inline';connect-src https: wss:;frame-src https:;script-src 'unsafe-eval' 'unsafe-inline' https: blob: data:;font-src https: data:;img-src https: data:;media-src https: blob:; report-uri /csp_rep 2
script-src 'unsafe-eval' blob: 'self' https: 'self' data: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline' internal-soap.wikia.com internal-soap.fandom.com internal-soap.wikia.org internal-soap.gamepedia.com www.fandom.com www.wikia.com www.wikia.org www.gamepedia.com; default-src 'self' data: blob: https: 'self' data: blob: internal-soap.wikia.com internal-soap.fandom.com internal-soap.wikia.org internal-soap.gamepedia.com www.fandom.com www.wikia.com www.wikia.org www.gamepedia.com; style-src 'self' data: blob: https: 'self' data: blob: internal-soap.wikia.com internal-soap.fandom.com internal-soap.wikia.org internal-soap.gamepedia.com www.fandom.com www.wikia.com www.wikia.org www.gamepedia.com 'unsafe-inline'; img-src * data: blob:; object-src 'none'; report-uri https://services.fandom.com/csp-logger/csp/ucp; worker-src 'self' blob: 2
default-src 'self' *.wargaming.net https://*.wgcdn.co https://*.gcdn.co https://www.youtube.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.tvsquared.com *.wargaming.net *.cookielaw.org *.onetrust.com *.outbrain.com *.snapchat.com *.redditstatic.com https://sc-static.net https://ob.cheqzone.com https://analytics.google.com https://www.google.com https://www.google.com.cy https://*.teads.tv https://*.taboola.com https://*.adform.net https://partner.worldoftanks.com https://*.wgcdn.co https://*.gcdn.co https://www.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://www.googleadservices.com https://www.googleoptimize.com https://u360.d-bi.fr https://bat.bing.com https://connect.facebook.net https://googleads.g.doubleclick.net https://*.adroll.com https://*.addthis.com https://*.addthisedge.com https://tag.marinsm.com https://pixel-geo.prfct.co https://static.criteo.net https://*.creative-serving.com https://*.criteo.com https://*.cloudfront.net https://js.gleam.io https://a1.adform.net https://ajax.googleapis.com https://www.youtube.com https://animate.adobe.com https://*.stackadapt.com https://pagead2.googlesyndication.com https://secure.quantserve.com https://rules.quantcount.com https://*.clarity.ms ; style-src 'self' 'unsafe-inline' *.wargaming.net https://fonts.googleapis.com https://*.wgcdn.co https://*.gcdn.co ; img-src 'self' data: android-webview-video-poster: * ; connect-src 'self' *.wargaming.net *.tvsquared.com *.taboola.com *.cookielaw.org *.onetrust.com *.outbrain.com *.snapchat.com *.yimg.com https://sc-static.net https://ob.cheqzone.com https://analytics.google.com https://www.google.com wss://worldoftanks.ru wss://worldoftanks.eu wss://worldoftanks.asia wss://worldoftanks.com https://*.facebook.com https://www.googleoptimize.com https://*.addthis.com https://*.google-analytics.com https://*.analytics.google.com https://ymetrica1.com https://*.cloudfront.net https://google.com https://google.ru https://google.com.ua https://google.by https://google.pl https://www.google.com.cy https://*.googleapis.com https://stackadapt.com https://*.doubleclick.net https://pagead2.googlesyndication.com https://*.clarity.ms ; font-src 'self' *.wargaming.net https://fonts.gstatic.com https://*.wgcdn.co https://*.gcdn.co ; media-src 'self' *.wargaming.net https://*.wgcdn.co https://*.gcdn.co ; frame-src 'self' *.wargaming.net https://tr.snapchat.com https://creativecdn.com https://*.adform.net https://*.facebook.com https://ad3.adfarm1.adition.com https://connect.facebook.net https://www.youtube.com https://bid.g.doubleclick.net https://*.criteo.com https://*.addthis.com https://gleam.io https://*.gcdn.co https://*.wgcdn.co https://aax-eu.amazon-adsystem.com ; object-src 'self' *.wargaming.net https://*.gcdn.co https://www.youtube.com ; report-uri https://cspreport.wargaming.net/cspreport 2
default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.adobedtm.com *.scene7.com *.amazon-adsystem.com *.appdemostore.com *.atdmt.com *.avocet.io *.blubrry.com *.clicktale.net *.craftyclicks.co.uk *.doubleclick.net *.everesttech.net *.facebook.com *.facebook.net *.fca.org.uk *.google.co.uk *.google.com *.googleadservices.com *.jwpcdn.com *.liveperson.net *.linkedin.com *.lpsnmedia.net *.natwest.com *.neolane.net *.nwolb.com *.omguk.com *.omtrdc.net *.pinimg.com *.pinterest.com *.raptmedia.com *.snapchat.com *.userzoom.com *.youtube.com *.ytimg.com analytics.twitter.com api.swiftype.com dcs.demdex.net dpm.demdex.net fast.demdex.net fast.rbs.demdex.net jwpltx.com rbs.demdex.net sc-static.net static.ads-twitter.com t.co www.brightedge.com *.google.ae *.google.al *.google.am *.google.at *.google.az *.google.ba *.google.be *.google.bg *.google.bs *.google.by *.google.ca *.google.cd *.google.ch *.google.cl *.google.cm *.google.co.ao *.google.co.bw *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ma *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uz *.google.co.ve *.google.co.za *.google.co.zm *.google.co.zw *.google.com.af *.google.com.ag *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.de *.google.dk *.google.dm *.google.dz *.google.es *.google.fi *.google.fr *.google.ge *.google.gg *.google.gm *.google.gp *.google.gr *.google.gy *.google.hr *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kz *.google.la *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.mv *.google.mw *.google.nl *.google.no *.google.pl *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.sc*.google.se *.google.sh *.google.si *.google.sk *.google.sn *.google.so *.google.tg *.google.tm *.google.tn *.google.tt adservice.google.ro *.googleapis.com *.live.hdexternal.co.uk *.hdddirectsolutions.co.uk fonts.gstatic.com *.everesttech.net *.everestjs.net cdn.cookielaw.org cdn-apple.com; upgrade-insecure-requests; report-uri https://natwestpersonal.report-uri.com/r/t/csp/reportOnly; 2
script-src 'unsafe-inline' https:; object-src 'none'; base-uri 'none'; 2
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://stylecaster.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.6sense.com *.addthisedge.com *.omtrdc.net *.everesttech.net *.demdex.net *.adobedtm.com *.scene7.com *.akamaihd.net *.adnxs.com *.baidu.com *.prod.bidr.io *.btttag.com *.brightcove.com *.brightcove.net *.zencdn.net *.cloudflare.com *.contentsquare.net *.company-target.com *.demandbase.com *.doubleclick.net *.adsymptotic.com *.d41.co *.dynatrace.com *.facebook.com *.facebook.net *.fontawesome.com *.fullstory.com *.google.co.in *.google.co.jp *.google.co.uk *.google.com *.google.com.hk *.google.fr *.google.kr *.google.es *.google.de *.google.ru *.google.ie *.google.am *.google.com.co *.google.com.ph *.google.com.au *.google.hu *.google-analytics.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.hs.llnwd.net *.linkedin.com *.licdn.com *.i.lithium.com *.microsoftazuread-sso.com *.ni.com *.agkn.com *.newrelic.com *.nr-data.net *.moatads.com *.polyfill.io *.qualtrics.com *.quantcount.com *.quantserve.com *.rlcdn.com *.force.com *.salesforce.com *.salesforceliveagent.com *.pardot.com *.krxd.net *.rfihub.com *.serving-sys.com *.addthis.com *.adsrvr.org *.truste.com *.twitter.com *.ads-twitter.com t.co *.6sc.co *.rezync.com *.analytics.yahoo.com *.yimg.com unpkg.com *.psiexams.com *.systemlinkcloud.com *.systemlinkcloud.io mythinkscape.com *.mythinkscape.com *.multisim.com *.boltdns.net *.3playmedia.com *.paymetric.com *.captchas.net *.bing.com *.pagespeed-mod.com *.lithcloud.com *.jsdelivr.net *.cloudfront.net *.amazonaws.com *.day.com *.mathjax.org *.zoominsoftware.io *.bootstrapcdn.com *.nicdn.net *.leadsrx.com *.quizscape.com *.thoughtindustries.com *.wistia.com *.credly.com *.kbmax.com *.certain.com *.fonts.net *.typekit.net *.khoros.app.box.com *.limuirs-asset.lithium.com *.cookielaw.org *.windows.net data: blob; object-src 'none'; worker-src * data: blob: 'unsafe-inline';  media-src * data: blob: 'unsafe-inline'; connect-src * data: blob: 'unsafe-inline'; 2
object-src 'none'; script-src 'self'  https://cdn.jsdelivr.net https://cdn.tagcommander.com https://cdnjs.cloudflare.com https://polyfill.io https://unpkg.com; script-src-attr 'self'; style-src 'self'  https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; style-src-attr 'self'; frame-ancestors 'self' 2
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://robbreport.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 2
default-src https: 'unsafe-inline' 'unsafe-eval'; report-uri https://b3ceba9babf02086c0dca962bbbd1cda.report-uri.io/r/default/csp/reportOnly 2
default-src 'self'; frame-ancestors 'self' https://teams.microsoft.com https://local.teams.office.com https://devspaces.skype.com https://ssauth.skype.com https://teams.microsoft.com.mcas.ms https://teams.microsoft.com.us3.cas.ms https://local.teams.office.com:8080 https://outlook-sdf.office.com https://outlook.office.com/ https://assignments.onenote.com https://browser-sandbox.meshxp.net/ https://spoolclientsdk.skype.com https://acsinternal-cte-beta.azurewebsites.net https://acssample-beta.azurewebsites.net https://acssample-stable.azurewebsites.net; base-uri 'none'; manifest-src 'self'; script-src 'self' 'wasm-unsafe-eval' 'report-sample' http://amcdn.msftauth.net https://amcdn.msftauth.net https://*.office365.com https://shell.cdn.office.net https://cdn.fluidpreview.office.net https://js.monitor.azure.com https://res.cdn.office.net https://ch5.fluidpreview.office.net https://cdn.dev.fluidpreview.office.net https://dev.loop.microsoft.com https://res-sdf.cdn.office.net; style-src 'self' 'unsafe-inline' 'report-sample' https://*.office.net https://res.cdn.office.net https://cdn.fluidpreview.office.net https://ch5.fluidpreview.office.net https://cdn.dev.fluidpreview.office.net https://dev.loop.microsoft.com https://res-sdf.cdn.office.net; font-src 'self' data: https://*.office.net https://spoprod-a.akamaihd.net https://static2.sharepointonline.com fs.microsoft.com; img-src 'self' blob: data: https://*.office.com https://*.office365.com https://outlook.live.com https://*.teams.microsoft.com https://*.officeapps.live.com https://web.vortex.data.microsoft.com https://shell.cdn.office.net https://urlp.asm.skype.com https://urlp.sfbassets.com https://login.live.com https://storage.live.com; connect-src 'self' blob: https://* wss://whiteboard.microsoft.com/sync wss://*.whiteboard.microsoft.com wss://whiteboard.microsoft.com wss://*.svc.ms wss://augloop-dogfood.officeppe.com wss://*.augloop-dogfood.officeppe.com wss://augloop.office.com wss://*.augloop.office.com wss://augloop-gcc.office.com wss://*.augloop-gcc.office.com; worker-src 'self'; frame-src 'self' https://* https://webshell.suite.office.com; media-src 'none'; object-src 'none'; form-action 'self' https://*; report-uri https://csp.microsoft.com/report/WhiteboardWebClient-WhiteboardApp-PROD; report-to csp-endpoint; 2
object-src 'none'; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline' 'unsafe-eval'; base-uri 'none'; frame-ancestors 'self' 2
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: data:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; frame-ancestors 'self'; report-uri https://leafgroup.report-uri.com/r/d/csp/wizard 2
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: a.omappapi.com *.hubspot.com services.postcodeanywhere.co.uk *.azure.com tracking.g2crowd.com a.opmnstr.com forms.hsforms.com *.wistia.com tag.demandbase.com scout.salesloft.com js.hs-scripts.com monitor.clickcease.com *.onetrust.com content.hotjar.io ipv6.6sc.co appapi.loqate.com b.6sc.co j.6sc.co *.doubleclick.net *.gbgplc.com www.google.co.uk www.google.com t.co *.licdn.com region1.google-analytics.com *.twitter.com *.ads-twitter.com adservice.google.com tiles.platform.loqate.com js.hs-banner.com *.facebook.net unpkg.com c.6sc.co scout-cdn.salesloft.com *.hotjar.com www.clickcease.com www.googletagmanager.com js.hsadspixel.net cdnjs.cloudflare.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 2
default-src https: 'self' 'unsafe-inline' *.azurewebsites.net members.cj.com int-ds-shared-1.monetate.org *.247-inc.net 247-inc.net *.acuityplatform.com ipredictive.com adform.net 112.2o7.net everesttech.net demdex.net adobedtm.com assets.adobetm.com *.scene7.com scene7.com tt.omtrdc.net *.typekit.net typekit.net advertising.com *.adyen.com adyen.com amazon-adsystem.com *.amazonaws.com amazonaws.com atdmt.com azureedge.net *.feedmagnet.com *.bazaarvoice.com bazaarvoice.com bidswitch.net bat.bing.com bing.com btttag.com *.btttag.com *.bluecore.app *.bluecore.com bluecore.app bluecore.com bluekai.com *.braintreegateway.com bugsnag.com cloudflare.com cloudfront.net d1af033869koo7.cloudfront.net *.columbiasportswear.co.uk columbia.com smetrics.columbia.com demandware.net *.emjcd.com emjcd.com cquotient.com *.cquotient.com criteo.com criteo.net us.criteo.com *.criteo.net *.curalate.com curalate.com dotomi.com connect.facebook.net facebook.com facebook.net *.sspinc.io columbia.sspinc.io fit-predictor.net sspinc.io fontawesome.com api2.fonts.com fullstory.com *.fullstory.com honey.io joinhoney.com *.hotjar.com hotjar.com hotjar.io static.hotjar.com *.inmoment.com inmoment.com intercept-client.inmoment.com instagram.com jquery.com *.klarnacdn.net *.klarnaservices.com locally.com *.microsoft.com microsoft.com *.monetate.net mountainhardwear.ca mountainhardwear.com cdn.cookielaw.org cookielaw.org agkn.com bam.nr-data.net js-agent.newrelic.com newrelic.com nr-data.net onetrust.com outbrain.com *.braintree-api.com *.paypal.com *.paypalobjects.com braintree-api.com paypal.com paypalobjects.com sandbox.paypal.com pinimg.com pinterest.com prana.com rlcdn.com *.krxd.net krxd.net *.scarabresearch.com cdn.scarabresearch.com sharethrough.com smartadserver.com *.sc-static.net *.snapchat.com sc-static.net tr.snapchat.com sorel.com taboola.com teads.tv *.tiktok.com adsrvr.org 3lift.com *.truefitcorp.com truefitcorp.com *.turn.com turn.com *.adstk.io *.onetrust.io *.px-client.net ad.smaato.net adstk.io collector-pxlkxie7oj.px-cloud.net fast.fonts.net onetrust.io px-client.net vimeo.com vimeocdn.com yahoo.com analytics.yahoo.com youtube.com ytimg.com *.zdassets.com *.zendesk.com zdassets.com zendesk.com *.zopim.com zopim.com *.perimeterx.net perimeterx.net data: blob:; 2
default-src 'self'; script-src 'self' 'sha256-6vmNTbfgubexXPiaZdcqfKCk+vKBe9cfsKsAciXQtMg=' 'sha256-r1aYSsDn5Btub+zo7XZr6P3ZhmNyYTvHf/yjmzIpxT8=' 'sha256-aqdvQaQU9tkorRhtgHldablGaB5SI/SwbLemAOKE7Yo=' 'sha256-Vxv+qm8gMYYzbp7hSMakF5Q81e7GDj/Z5HZYT4ekhho=' 'sha256-uBpmtDakUPHISUCFtaVC869LxTI53EPQREvqhqlxGVU=' 'sha256-h8bC9y2R69GO3nntfTAfOohrJdzeOS7slDdbOSULEJo=' 'sha256-isqZ0Q9pUWxBIyLN3u9Y3hy3MuWSJMoiNKT/nB5AbP8=' 'sha256-E+9KuTkZkFIuiN69g5Y/rS1KDaDR2Wsfoq7Eetly00k=' 'sha256-4A71+eBTUzk+eqeYnEVcDQgmfqADEcilqeQIAiwyPj8=' 'sha256-Ft85708B4GnIXzdTu8nxvQbyFHRn0yYy/8Sa3eDtv38=' 'sha256-IQuu99eybyUVQl8tdKPujuMVZMAtiHk2XPu15i9EH4A=' https://*.google-analytics.com/analytics.js https://cdncache-a.akamaihd.net/sub/b156ae9/98002/l.js https://www.youtube.com https://www.googletagmanager.com https://cdnjs.cloudflare.com/ajax/libs/picturefill/3.0.2/picturefill.min.js https://*.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js https://www.youtube.com/iframe_api https://www2.osfound.org/shorten https://connect.facebook.net https://public.flourish.studio/resources/embed.js; style-src 'unsafe-inline' 'self'; object-src 'self' https://video.ted.com; base-uri 'self' https://www.youtube.com; connect-src 'self' https://www.googletagmanager.com https://*.google-analytics.com https://*.ingest.sentry.io https://cdn.plyr.io https://translate.googleapis.com; font-src 'self' https: data:; frame-src 'self' https://www.youtube.com https://w.soundcloud.com https://www.facebook.com https://player.vimeo.com https://flo.uri.sh; img-src 'self' https://i.ytimg.com https://opensocietyfoundations.imgix.net https://*.google-analytics.com https: data:; manifest-src 'self'; media-src 'self'; report-uri https://opensociety.report-uri.com/r/d/csp/reportOnly; worker-src 'none'; 2
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.drip.com *.hsappstatic.net *.sleeknote.com *.zdassets.com *.zendesk.com *.hubspot.com *.hubspot.net *.hs-analytics.net *.hs-banner.com *.cloudflare.com *.zi-scripts.com *.g2crowd.com unpkg.com *.tiktok.com *.quora.com *.bing.com *.redditstatic.com *.ads-twitter.com *.licdn.com *.facebook.net *.snapchat.com sc-static.net *.clearbitscripts.com *.dreamdata.cloud 2
default-src 'self'; connect-src 'self' *.appmaster.io https://analytics.google.com https://*.analytics.google.com https://www.google-analytics.com https://api-iam.intercom.io https://forms.hsforms.com https://maps.googleapis.com wss://*.intercom.io https://stats.g.doubleclick.net www.google.com; font-src 'self' data: https: ; img-src 'self' data: blob: https: ; media-src 'self' data: blob: https: ; object-src 'none'; frame-src 'self' *.appmaster.io *.recaptcha.net *.youtube.com widget.canny.io; base-uri 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' 'report-sample' *.appmaster.io *.hsforms.net *.intercom.io *.intercomcdn.com https://maps.googleapis.com/maps/api/js https://www.googletagmanager.com/gtag/js https://www.gstatic.com/recaptcha/ *.recaptcha.net *.canny.io; manifest-src 'self'; style-src 'self' 'unsafe-inline' 'report-sample' *.appmaster.io https://fonts.googleapis.com; worker-src data: blob:; report-uri https://sentry.appmaster.io/api/3/security/?sentry_key=f3a1f5e566804120856802b6ba1adda8; report-to apms; 2
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.artnews.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 2
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.googleapis.com www.google.co.uk *.googleadservices.com utt.impactcdn.com www.google.ci asset.gomoxie.solutions www.google.ae sdk.onfido.com translate.google.com 3ds.redsys.es www.google.ie www.google.co.th *.moneygram.com www.google.com.bd t.contentsquare.net www.google-analytics.com *.salesforceliveagent.com dx.mountain.com www.google.gr c.az.contentsquare.net www.upsellit.com s.yimg.com six.cdn-net.com events.launchdarkly.com api.onfido.com s3.amazonaws.com moneygram.pxf.io www.ojrq.net *.snapchat.com includes.ccdc02.com px.mountain.com *.facebook.net moneygram-intl.ingeniuxondemand.com geo.cardinalcommerce.com *.doubleclick.net *.facebook.com www.google.com.mx drs2.veinteractive.com config1.veinteractive.com www.google.cl *.clarity.ms www.google.fr www.google.bj tags.rd.linksynergy.com *.linkedin.com websdk.appsflyer.com www.google.com l.contentsquare.net zensit.free.nf receiver.neuroid.cloud pix.pub location.gomoxie.solutions www.google.iq moxie-concierge.s3.amazonaws.com consent.trustarc.com impressions.onelink.me scripts.neuro-id.com adservice.google.com cdn.honey.io www.google.nl nkys7k94ig.execute-api.us-east-2.amazonaws.com *.wlp-acs.com d.turn.com kg668dbov0.execute-api.us-east-1.amazonaws.com flask.nextdoor.com www.google.be digitalfeedback.us.confirmit.com *.sitescout.com www.google.com.au app.launchdarkly.com wa.appsflyer.com sc-static.net www.google.at *.googlesyndication.com hosted.where2getit.com js1.wuaze.com www.google.it creatives-cdn.appsflyer.com www.google.ch r.turn.com www.google.co.ve www.googletagmanager.com *.licdn.com *.gstatic.com www.google.com.jm *.adsrvr.org www.tp88trk.com wa.onelink.me www.google.ca *.tiktok.com www.google.com.ph www.google.ro intljs.rmtag.com bat.bing.com *.dotomi.com rebrandly.com www.rsa3dsauth.co.uk consent-pref.trustarc.com smct.co c0.adalyser.com up.pixel.ad www.google.com.do cdn.appsflyer.com www.google.co.in www.google.co.jp www.google.de moneygram.vc.hr writer.cardinalcommerce.com banner.appsflyer.com songbird.cardinalcommerce.com www.google.tn secure5.arcot.com *.emjcd.com centinelapi.cardinalcommerce.com k-us1.az.contentsquare.net paywithmybank.com www.google.cm sp.analytics.yahoo.com www.google.com.sa www.google.com.ng tr.silverpush.co www.google.com.pk events-moneygram.gomoxie.solutions www.google.co.ma region1.google-analytics.com ads.nextdoor.com www.google.es srm.af.contentsquare.net logs-01.loggly.com cdnjs.cloudflare.com alb.reddit.com www.google.com.gh q-us1.az.contentsquare.net www.redditstatic.com gs.mountain.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 2
default-src https: 'unsafe-inline' 2
default-src 'self' *.fineco.it *.finecobank.com finecobank.com *.promotorifinecobank.it *.finecobank.co.uk www.youtube.com responder.wt-safetag.com www.google-analytics.com www.googletagmanager.com connect.facebook.net bat.bing.com track.adform.net js.omg.neodatagroup.com trz.neodatagroup.com pixeL.mathtag.com www.google.com g.microsoft.com s2.adform.net googLeads.g.doubLeclick.net static.opentok.com data: 'unsafe-eval' 'unsafe-inline'; frame-ancestors finecobank.com finecobank.co.uk *.fineco.it *.promotorifinecobank.it *.finecobank.co.uk; frame-src finecobank.com finecobank.co.uk *.fineco.it *.promotorifinecobank.it *.finecobank.co.uk www.youtube.com *.mateti.net vars.hotjar.com track.adform.net c1.adform.net widget.trustpilot.com cdn.krxd.net pixel.mathtag.com ; img-src 'self' data: https://images.fineco.it https://images.finecobank.com https://images-t.finecobank.com https://images-dev.finecobank.com https://finecobank.com http://localhost:9095 https://analytics.google.com https://t.mateti.net https://lt.morningstar.com https://www.morningstar.it https://t.co https://www.linkedin.com https://px.ads.linkedin.com https://d.omg.neodatagroup.com https://www.youronlinechoices.com https://uip.semasio.net https://server.seadform.net https://aax-eu.amazon-adsystem.com https://pixel.mathtag.com https://tracker.neodatagroup.com https://www.google-analytics.com https://*.twimg.com https://finecoitalia01.wt-eu02.net https://bat.bing.com https://www.facebook.com https://cm.g.doubLeclick.net https://match.adsrvr.org https://dmp.adform.net https://secure.adnxs.com https://b1sync.zemanta.com https://cms.anaLytics.yahoo.com https://trz.neodatagroup.com https://www.googLe.com https://www.googLe.it cdn.cookielaw.org https://beacon.krxd.net https://ups.analytics.yahoo.com; connect-src wss://tradepush.finecobank.com https://*.fineco.it https://*.finecobank.com https://finecobank.com https://analytics.google.com https://stats.g.doubleclick.net https://in.hotjar.com https://vc.hotjar.io https://script.crazyegg.com https://r.mateti.net wss://*.tokbox.com https://www.google-analytics.com https://www.google.com https://region1.google-analytics.com https://googleads.g.doubleclick.net https://*.tokbox.com https://config.opentok.com https://anvil.opentok.com https://cdn.cookielaw.org https://www.googletagmanager.com https://widget.trustpilot.com https://cdn.krxd.net https://privacyportal-de.onetrust.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline'; script-src-elem 'self' *.fineco.it *.finecobank.com finecobank.com responder.wt-safetag.com static.opentok.com www.google-analytics.com track.adform.net s2.adform.net trz.neodatagroup.com pixel.mathtag.com d.omg.neodatagroup.com js.omg.neodatagroup.com www.googleadservices.com www.googletagmanager.com bat.bing.com connect.facebook.net googleads.g.doubleclick.net cdn.mateti.net static.hotjar.com static.ads-twitter.com snap.licdn.com script.crazyegg.com ethn.io script.hotjar.com analytics.twitter.com www.youtube.com widget.trustpilot.com cdn.cookielaw.org cdn.krxd.net beacon.krxd.net consumer.krxd.net 'unsafe-eval' 'unsafe-inline'; report-uri https://www.fineco.it/_csp-report 2
block-all-mixed-content; report-uri https://67j9vz1kye.execute-api.ap-northeast-1.amazonaws.com/csp/csp 2
report-uri /cdn-cgi/script_monitor/report 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.etracker.com/ https://*.etracker.de/ https://*.signalize.com/; img-src 'self' data: s.w.org ps.w.org ts.w.org secure.gravatar.com www.gravatar.com i.ytimg.com; frame-src 'self' www.youtube.com; child-src 'self' www.youtube.com; 2
default-src https: ; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; report-uri /csp/ 2
frame-ancestors 'self'; report-uri https://www.adelaidenow.com.au/csp-reports 2
base-uri 'self'; connect-src 'self' https://*.google.com https://ada.matomo.cloud https://boards-api.greenhouse.io https://images.prismic.io https://o43253.ingest.sentry.io https://pagead2.googlesyndication.com https://www.gstatic.com https://bat.bing.com https://*.clarity.ms; default-src 'self'; font-src 'self'; form-action 'none'; frame-ancestors 'none'; frame-src https://*.enterprise.ada.com https://boards.greenhouse.io https://insight.adsrvr.org https://td.doubleclick.net https://tpc.googlesyndication.com https://www.youtube-nocookie.com; img-src 'self' data: https://ada.matomo.cloud https://adahealth.cdn.prismic.io https://assets.ada.com https://connect.facebook.net https://googleads.g.doubleclick.net https://images.prismic.io https://prismic-io.s3.amazonaws.com https://www.facebook.com https://pagead2.googlesyndication.com https://adservice.google.com https://www.google.com https://www.googletagmanager.com https://bat.bing.com https://*.clarity.ms; manifest-src 'self'; media-src 'self' https://adahealth.cdn.prismic.io; script-src 'self' 'unsafe-inline' https://*.matomo.cloud https://boards.greenhouse.io https://connect.facebook.net https://googleads.g.doubleclick.net https://js.adsrvr.org https://tpc.googlesyndication.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.youtube.com https://bat.bing.com https://www.clarity.ms; style-src 'self' 'unsafe-inline'; 2
default-src 'self'; connect-src 'self' https://*.google-analytics.com https://*.newrelic.com https://*.nr-data.net https://maps.googleapis.com; font-src 'self' https://themes.googleusercontent.com https://fonts.gstatic.com https://cdn.jsdelivr.net data:; frame-src 'self' https://www.youtube.com; img-src 'self' https://*.google.com https://*.googletagmanager.com https://*.google-analytics.com https://cdn.jsdelivr.net https://i.ytimg.com https://www.gstatic.com https://maps.gstatic.com https://maps.googleapis.com data:; script-src 'self' 'unsafe-inline' https://*.googletagmanager.com https://*.google-analytics.com https://*.newrelic.com https://*.nr-data.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://unpkg.com maps.google.com; script-src-attr 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; style-src-attr 'self' 'unsafe-inline'; block-all-mixed-content 2
default-src * 'unsafe-inline' 'unsafe-eval';font-src data: *; script-src * 'unsafe-inline' 'unsafe-eval'; child-src * 'unsafe-inline' blob:; worker-src * 'unsafe-inline' blob:; img-src * data: blob: 'unsafe-inline'; connect-src * 'unsafe-inline'; frame-src * blob:; 2
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https://* data: ; frame-src https://* about: javascript: 2
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: region1.analytics.google.com collector-pxdr7isq2u.px-cdn.net client.px-cloud.net api.7-eleven.com images.contentstack.io www.7-eleven.com *.gstatic.com www.youtube.com js-agent.newrelic.com nebula-cdn.kampyle.com www.google.co.uk collector-pxdr7isq2u.px-cloud.net www.google.com.au www.google.ca md-scp.kampyle.com www.googletagmanager.com bam.nr-data.net udc-neb.kampyle.com kit.fontawesome.com *.googleapis.com www.google.co.in cdn.contentstack.io www.google.com.ph analytics.google.com *.doubleclick.net *.facebook.net ka-p.fontawesome.com kit-uploads.fontawesome.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 2
script-src 'self' https://www.google-analytics.com https://www.buzzsprout.com https://connect.facebook.net https://static.ads-twitter.com; style-src 'self' 'unsafe-inline' https://use.typekit.net https://analytics.twitter.com; img-src 'self' data: https://craftassets.unraid.net https://t.co https://www.facebook.com https://www.google-analytics.com https://www.google.com; font-src 'self' data:; default-src 'self'; connect-src 'self' https://stats.g.doubleclick.net; frame-src 'self' https://www.youtube.com 2
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; 2
default-src 'self' www.slu.se student.slu.se internt.slu.se artdatabanken.se www.universitetsdjursjukhuset.se;          img-src 'self';                         script-src 'self' https: 'unsafe-inline' 'unsafe-eval' *.euro.confirmit.com *.getsitecontrol.com *.episerver.net *.siteimproveanalytics.com *.sitester.com www.universitetsdjursjukhuset.se *.slu.se sp.tinymce.com fonts.gstatic.com translate.google.com translate.googleapis.com;                          style-src 'self' https: 'unsafe-inline';                         font-src 'self' data:;                         object-src 'none';                         form-action 'self';                         base-uri 'self';                         frame-src *.kaltura.nordu.net *.slu.se *.emg-srs.com *.youtube.com;                         frame-ancestors 'self';                         connect-src 'self' *.vizzit.se digitalfeedback.euro.confirmit.com matomo.slu.se;       report-to cspViolations;       report-uri /api/CspViolationReport 2
default-src 'self';connect-src 'self' https://analytics.majestic.com https://analytics.majesticseo.com https://*.google-analytics.com https://*.g.doubleclick.net https://*.analytics.google.com https://*.googletagmanager.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.majesticseo.com https://analytics.majestic.com https://info.majestic.com https://*.googletagmanager.com www.google-analytics.com https://www.googleadservices.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://platform.twitter.com/;style-src 'self' 'unsafe-inline';img-src 'self' data: https:;font-src 'none';object-src 'none';media-src 'none';frame-src www.openstreetmap.org www.youtube.com https://www.youtube-nocookie.com/ https://player.vimeo.com/ https://www.google.com/recaptcha/ https://platform.twitter.com/ https://syndication.twitter.com/;child-src www.openstreetmap.org www.youtube.com https://www.google.com/recaptcha/ https://platform.twitter.com/ https://syndication.twitter.com/;frame-ancestors https://docs.google.com https://*.googleusercontent.com;report-uri /csp/report 2
default-src 'self'; script-src 'report-sample' 'self' https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtm.js https://www.recaptcha.net/recaptcha/api.js www.gstatic.com; style-src 'report-sample' 'self' 'unsafe-inline'; object-src 'none'; base-uri 'self'; connect-src 'self' careem.com https://www.google-analytics.com; font-src 'self'; frame-src 'self' https://www.googletagmanager.com https://www.recaptcha.net https://www.youtube.com; img-src 'self' https://upload-cdn.careem.com https://www.googletagmanager.com; manifest-src 'self'; media-src 'self' https://upload-cdn.careem.com; report-uri https://646c74d0974ac544f93aad6a.endpoint.csper.io/?v=3; worker-src 'none'; form-action 'self'; 2
: default-src 'self'; report-uri https://mtsrs.report-uri.com/r/d/csp/reportOnly; 2
default-src 'self' data: mediastream: blob: 'unsafe-inline' 'unsafe-eval' inline *.ibytedtos.com *.isnssdk.com *.resso.app resso.app *.resso.com resso.com *.resso.me *.snssdk.com *.byteoversea.net *.ibyteimg.com *.ipstatp.com *.tiktokv.com *.byteoversea.com music.tiktok.com tiktokmusic-test.bytedance.net;report-uri https://mon-va.byteoversea.com/log/sentry/v2/api/slardar/main/?ev_type=csp&bid=m_home 2
worker-src 'self' blob: *.crazyegg.com; child-src 'self' * blob: https: ; report-uri /CSP-report-only 2
connect-src 'self' https://www.google-analytics.com; default-src 'self' http://www.techadvisory.org https://maps.googleapis.com https://csi.gstatic.com https://maps.gstatic.com https://helpdesk.netservicesgroup.com:80; img-src 'self' http://www.internettrafficreport.com https://csi.gstatic.com https://maps.googleapis.com https://maps.gstatic.com http://www.techadvisory.org https://www.netservicesgroup.com http://graphs.ntppool.net http://www.pool.ntp.org https://www.google-analytics.com https://secure.trust-provider.com http://www.trustlogo.com/; child-src https://helpdesk.netservicesgroup.com http://openspeedtest.com https://urldefense.proofpoint.com https://quickclick.com; style-src 'self' https://www.netservicesgroup.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://secure.trust-provider.com 'sha256-ES2uzHuEQM4whrqb1S+eihZ+mxiQTgCzn2AsyOHbX88=' 'sha256-rvExcqXg6slhViMilpJKfslIcSuTwNcaJTyiU0PTfEc=' https://secure.comodo.com; script-src 'self' https://secure.trust-provider.com http://www.trustlogo.com https://cdnjs.cloudflare.com https://maps.googleapis.com https://www.netservicesgroup.com https://ajax.googleapis.com https://oss.maxcdn.com https://ssl.google-analytics.com https://www.google-analytics.com https://www.googletagmanager.com https://secure.comodo.com 'sha256-YG4fTNWYCHAm4AVC2mnK8Tj09alaJWJTk+LJy+5kHho=' 'sha256-ES2uzHuEQM4whrqb1S+eihZ+mxiQTgCzn2AsyOHbX88=' 'sha256-rvExcqXg6slhViMilpJKfslIcSuTwNcaJTyiU0PTfEc=' 'sha256-/LNrhX3k9yooaUcjJ9wGqDoSJEFQEozZc8jtdbq+lMg=' 'sha256-ahfvWH65y6WEYvXXrsReZDD9l5f9wMFjeLjl+8hkRIg=' 'sha256-rvExcqXg6slhViMilpJKfslIcSuTwNcaJTyiU0PTfEc='; font-src 'self' https://www.netservicesgroup.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; report-uri https://www.netservicesgroup.com/csp.php 2
default-src blob: data: 'self' 'unsafe-inline' 'unsafe-eval' https: wss: moz-extension: chrome-extension: http://fonts.googleapis.com/ http://whova.com http://*.twimg.com; report-uri https://whova.com/_csp 2
img-src https: data: blob:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'; 2
default-src 'self'; script-src 'report-sample' 'self' https://rum.layer0.co/latest.js https://cdn.optimizely.com/js/25353130117.js https://tags.srv.stackadapt.com/saq_pxl *.stackadapt.com https://cdn.cookielaw.org https://cdn.treasuredata.com/sdk/2.5/td.min.js https://cdn.treasuredata.com/sdk/3.1/td.min.js https://dynamic.criteo.com/js/ld/ld.js https://googleads.g.doubleclick.net/pagead/viewthroughconversion/994487809/ https://eu01.in.treasuredata.com/js/v3/event/src/js_pageview_mms_phoenix https://in.treasuredata.com/js/v3/event/src/js_pageview_mms_phoenix https://js-cdn.dynatrace.com https://marsconfigurator.ui.mms.com/main.js https://sslwidget.criteo.com/event *.klaviyo.com https://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js https://www.dwin1.com/3219.js https://www.googletagmanager.com 'unsafe-inline' 'unsafe-eval'; style-src 'report-sample' 'self' https://tags.srv.stackadapt.com/sa.css https://cdnjs.cloudflare.com 'unsafe-inline'; object-src 'none'; base-uri 'self'; connect-src 'self' data: https://eu01.in.treasuredata.com/js/v3/event/src/js_pageview_mms_phoenix https://eu01.in.treasuredata.com/js/v3/enable_global_id https://logx.optimizely.com/v1/events https://tags.srv.stackadapt.com/saq_pxl *.stackadapt.com https://bf98027gkr.bf.dynatrace.com https://cdn-marsconfigurator-service.mms.com https://cdn.cookielaw.org https://gtm.mms.com https://www.google-analytics.com https://www.google.com https://googleads.g.doubleclick.net; font-src 'self' https://cdnjs.cloudflare.com https://marsconfigurator.service.mms.com data:; frame-src 'self' https://td.doubleclick.net/ https://a25353130117.cdn.optimizely.com/ https://9452702.fls.doubleclick.net https://gum.criteo.com https://widget.trustpilot.com; img-src 'self' data: https://ad.360yield.com https://ad.doubleclick.net/ https://ade.clmbtech.com https://ads.stickyadstv.com https://c.bing.com https://cdn.cookielaw.org https://cdn.media.amplience.net https://cm.g.doubleclick.net https://contextual.media.net https://criteo-partners.tremorhub.com https://criteo-sync.teads.tv https://e1.emxdgt.com https://eb2.3lift.com https://exchange.mediavine.com https://gum.criteo.com https://https https://i.liadm.com https://ib.adnxs.com https://marsconfigurator.service.mms.com https://match.sharethrough.com https://matching.ivitrack.com https://partner.mediawallahscript.com https://pixel.rubiconproject.com https://r.casalemedia.com https://rtb-csync.smartadserver.com https://s.ad.smaato.net https://secure.adnxs.com https://simage2.pubmatic.com https://sync-criteo.ads.yieldmo.com https://sync-t1.taboola.com https://sync.outbrain.com https://tg.socdm.com https://trends.revcontent.com https://ups.analytics.yahoo.com https://visitor.omnitagjs.com https://www.google.ca https://www.google.com https://www.googletagmanager.com https://x.bidswitch.net *.stackadapt.com; manifest-src 'self'; media-src 'self'; worker-src 'self' blob:; 2
worker-src https: 'unsafe-inline'; report-uri https://api.mp.pl/csp-violation/ 2
default-src 'self' *.wistia.com *.wistia.net embedwistia-a.akamaihd.net/ https://fonts.googleapis.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://edge.fullstory.com https://rs.fullstory.com https://ajax.googleapis.com/ https://first.iovation.com/ https://mpsnare.iesnare.com/ https://128-koi-090.mktoresp.com/ *.gskydev.net *.gskydev.com https://auth.prod.greensky.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://code.jquery.com https://cdn.jsdelivr.net https://pages.greenskycredit.com https://www.google.com/ https://www.gstatic.com https://cdnjs.cloudflare.com https://app-ab27.marketo.com https://munchkin.marketo.net https://abrtp1-cdn.marketo.com blob: http://static.site24x7rum.com https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com *.wistia.com https://rtp-static.marketo.com https://abrtp1.marketo.com https://js.driftt.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com/ https://pages.greenskycredit.com/ https://cdn.jsdelivr.net/ https://www.greensky.com/ *.gskydev.com *.gskydev.net https://use.fontawesome.com/ https://pro.fontawesome.com/ https://rtp-static.marketo.com/ https://fonts.googleapis.com/ https://fonts.googleapis.com/css/ https://app-ab27.marketo.com/ https://munchkin.marketo.net; font-src 'self' https://cdnjs.cloudflare.com https://pro.fontawesome.com/ data: https://fonts.gstatic.com https://fast.wistia.com https://use.fontawesome.com; img-src 'self' https://www.googletagmanager.com https://rs.fullstory.com *.greensky.com/ *.gskydev.com/ *.gskydev.net/ https://embed-ssl.wistia.com data: https://www.google-analytics.com https://stats.g.doubleclick.net https://fast.wistia.com https://greensky.dotcmscloud.com https://*.greensky.dotcmscloud.com embedwistia-a.akamaihd.net/ https://embed-fastly.wistia.com http://embed.wistia.com/ https://www.google.com https://www.google.de https://app-ab27.marketo.com https://pages.greenskycredit.com; media-src 'self' blob: https://js.driftt.com; frame-src 'self' https://pages.greenskycredit.com/ https://app-ab27.marketo.com/ https://www.google.com/ https://js.driftt.com; connect-src 'self' https://analytics.google.com https://edge.fullstory.com https://rs.fullstory.com *.gskydev.com/ *.gskydev.net/ https://128-koi-090.mktoresp.com/ https://abrtp1.marketo.com https://*.google-analytics.com https://stats.g.doubleclick.net *.greensky.dotcmscloud.com https://greensky.dotcmscloud.com *.greensky.com *.litix.io embedwistia-a.akamaihd.net/ *.wistia.com https://128-koi-090.mktoresp.com; object-src 'self' https://app-ab27.marketo.com/ ; base-uri 'self';manifest-src 'self'; worker-src 'none'; report-to https://www.greensky.com 2
font-src *.yotpo.com *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.typekit.net *.klarnacdn.net *.klevu.com *.ksearchnet.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.yotpo.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com *.klarna.com *.mention-me.com *.yotpo.com *.bounceexchange.com *.ada.support *.google.com *.google.com.mt *.google.co.uk *.google.fr *.google.it *.trustpilot.com *.facebook.com *.bulk.com *.studentbeans.com *.doubleclick.net *.zenaps.com *.criteo.net *.criteo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com *.klarna.com *.klarnaevt.com *.klarnacdn.net *.yotpo.com bulk.com *.bulk.com *.google.com *.google.com.mt *.google.co.uk *.google.fr *.google.it *.google.co.in *.facebook.com *.facebook.net *.bouncex.net *.bounceexchange.com *.monetate.net bulkpowders.co.uk *.gstatic.com *.postcodeanywhere.co.uk *.zenaps.com *.awin1.com *.atdmt.com *.doubleclick.net *.cooladata.com *.bing.com *.quantserve.com t.co *.klevu.com *.ksearchnet.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com *.klarnacdn.net *.mention-me.com *.yotpo.com *.monetate.net *.dwin1.com *.facebook.net *.bounceexchange.com *.jetlore.com *.ada.support *.scarabsearch.com *.scarabresearch.com *.g.doubleclick.net *.trustpilot.com *.queue-it.net *.gstatic.com *.newrelic.com *.nr-data.net *.google.com *.pcapredict.com *.postcodeanywhere.co.uk *.co-buying.com *.studentbeans.com *.zenaps.com *.sciencebehindecommerce.com *.criteo.net *.criteo.com *.cooladata.com *.zendesk.com *.zdassets.com *.bing.com *.quantserve.com *.quantcount.com *.twitter.com *.klarnaservices.com js.klevu.com *.ksearchnet.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.yotpo.com *.googleapis.com *.typekit.net *.bounceexchange.com *.postcodeanywhere.co.uk *.klarnacdn.net *.klevu.com *.ksearchnet.com 'self' 'unsafe-inline'; object-src *.bulk.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.klarnaevt.com *.mention-me.com *.yotpo.com *.ada.support *.google-analytics.com *.g.doubleclick.net *.scarabresearch.com *.logs.datadoghq.com *.bouncex.net *.nr-data.net *.postcodeanywhere.co.uk *.bulk.com *.sciencebehindecommerce.com *.zdassets.com *.zendesk.com *.klarnacdn.net *.klarna.com *.klarnaservices.com *.klevu.com *.ksearchnet.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self'; script-src 'self' *.googleapis.com *.adobedtm.com *.googletagmanager.com *.doubleclick.net *.adsrvr.org *.teads.tv *.facebook.net *.hotjar.com *.tiqcdn.com *.pingdom.net *.google.ie 'unsafe-inline' 'unsafe-eval' wasm-eval; style-src 'self' 'unsafe-inline'; object-src 'none'; base-uri 'self'; connect-src 'self' https://agentaspaarbank.tt.omtrdc.net *.googleapis.com *.simargenta.be *.argenta.be *.teads.tv *.googlesyndication.com *.pingdom.net; font-src 'self'; frame-src 'self'  *.tst-argenta.be *.adsrvr.org *.teads.tv *.doubleclick.net; img-src 'self' *.argenta.be *.simargenta.be *.facebook.com *.google.be *.google.com *.teads.tv *.gstatic.com; manifest-src 'self'; media-src 'self'; worker-src 'none'; 2
default-src 'self' 'unsafe-inline'; img-src data: https:; script-src-elem 'self' https: 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src https:; frame-src https:; object-src 'self' 'unsafe-inline' https:; style-src-elem 'self' 'unsafe-inline' https:; report-uri /csp-violation-report-endpoint/ 2
font-src *.googleapis.com fonts.gstatic.com fonts.googleapis.com https://fonts.gstatic.com *.fontawesome.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: static.curations.bazaarvoice.com maxcdn.bootstrapcdn.com cdn.dynamicyield.com *.hotjar.com x.klarnacdn.net *.yotpo.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com api.bazaarvoice.com stg.api.bazaarvoice.com www.facebook.com *.wahooligan.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com js.stripe.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com https://www.googletagmanager.com/ *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com insight.adsrvr.org match.adsrvr.org www.affirm.com sandbox.affirm.com bugcrowd.com imgs.cdn-btsg.com *.cloudfront.net consentag.eu track.cordial.io gum.criteo.com bid.g.doubleclick.net *.fls.doubleclick.net td.doubleclick.net www.facebook.com script.google.com *.googleapis.com *.hotjar.com *.iterable.com *.klarnaservices.com *.online-metrix.net privacyportal-cdn.onetrust.com imgs.signifyd.com *.vimeo.com vimeo.com *.wahooligan.com record.webeyez.com d.emails.wahoofitness.com wahoofitness.yonyx.com *.yotpo.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.googleapis.com *.gstatic.com maps.googleapis.com maps.gstatic.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com https://helloextend-static-assets.s3.amazonaws.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.googletagmanager.com *.adnxs.com public.adobecc.com data.adxcel-ec2.com insight.adsrvr.org match.adsrvr.org *.affirm.com *.amazonaws.com *.atdmt.com *.bing.com *.bazaarvoice.com imgs.cdn-btsg.com *.clarity.ms cdn.cookielaw.org dis.criteo.com gum.criteo.com *.ctnsnet.com ad.doubleclick.net cm.g.doubleclick.net stats.g.doubleclick.net cdn.dynamicyield.com www.facebook.com *.google.com *.googletagmanager.com *.hotjar.com *.iterable.com kcc0.com *.klarnaevt.com *.klarnaservices.com *.klarnauserservices.com *.ktxlytics.io www.lightboxcdn.com simage2.pubmatic.com alb.reddit.com imgs.signifyd.com image.simplecastcdn.com t.co tk0x1.com *.wahoofitness.com *.xg4ken.com ads.yahoo.com *.analytics.yahoo.com *.yotpo.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com *.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com www.gstatic.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com js.stripe.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com https://*.helloextend.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.adnxs.com js.adsrvr.org cdn.jsdelivr.net lightboxapi.azurewebsites.net cdn.attn.tv bam-cell.nr-data.net *.bazaarvoice.com bat.bing.com bugcrowd.com assets.bugcrowdusercontent.com *.affirm.com imgs.cdn-btsg.com *.clarity.ms static.curations.bazaarvoice.com consentag.eu cdn.cookielaw.org track.cordial.io script.crazyegg.com static.criteo.net sslwidget.criteo.com *.ctnsnet.com cdn.dynamicyield.com st.dynamicyield.com connect.facebook.net *.fontawesome.com *.google.com googleads.g.doubleclick.net *.hotjar.com *.iterable.com *.ktxlytics.io www.lightboxcdn.com cdn.livesession.io i.loopme.me js-agent.newrelic.com bam.nr-data.net code.jquery.com eu-library.klarnaservices.com eu-library.playground.klarnaservices.com oc-library.klarnaservices.com oc-library.playground.klarnaservices.com x.klarnacdn.net geolocation.onetrust.com cdn.optimizely.com www.redditstatic.com www.refersion.com assets.reflow.tv cdn.segment.com imgs.signifyd.com static.ads-twitter.com analytics.twitter.com d.emails.wahoofitness.com record.webeyez.com sec.webeyez.com *.xg4ken.com *.yotpo.com www.youtube.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com display.ugc.bazaarvoice.com https://fonts.googleapis.com *.fontawesome.com static.curations.bazaarvoice.com maxcdn.bootstrapcdn.com cdn.cookielaw.org cdn.dynamicyield.com *.hotjar.com www.lightboxcdn.com x.klarnacdn.net *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ *.bazaarvoice.com data: mpsnare.iesnare.com www.wahoofitness.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.googleapis.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com https://*.helloextend.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.affirm.com *.attentivemobile.com *.attn.tv bam-cell.nr-data.net *.bing.com imgs.cdn-btsg.com *.clarity.ms cdn.cookielaw.org track.cordial.io script.crazyegg.com i.ctnsnet.com stats.g.doubleclick.net *.dynamicyield.com www.facebook.com analytics.google.com *.analytics.google.com *.hotjar.com *.hotjar.io mpsnare.iesnare.com *.iterable.com wss: gdpr.loopme.com i.loopme.me *.klarnaservices.com *.klarnauserservices.com *.ktxlytics.io rs.livesession.io bam.nr-data.net *.onetrust.com insight.reflow.tv api.segment.io cdn.segment.com imgs.signifyd.com bt.signifyd.com bt.signifyd.com:1103 bt.signifyd.com:11103 d.emails.wahoofitness.com vimeo.com record.webeyez.com send.webeyez.com *.yotpo.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://b73c76520e1c6fd88a089eacc1b590fe.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 2
default-src 'self'; script-src *; script-src-elem *; script-src-attr *; style-src 'self'; style-src-elem 'self'; style-src-attr 'self'; img-src *; font-src *; connect-src *; media-src *; object-src 'none'; prefetch-src *; child-src *; frame-src *; frame-ancestors 'self'; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri https://www.styria.com https://stage.styria.com; manifest-src 'self'; report-uri https://cspreport.smd-digital.at 2
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 2
object-src 'none'; 2
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.parentpay.com js.hs-analytics.net *.vimeo.com app.parentpay.com cdn.cookielaw.org *.hubspot.com region1.google-analytics.com translate.google.com analytics.google.com maxcdn.bootstrapcdn.com *.licdn.com js.hsleadflows.net js.hs-banner.com *.googleapis.com *.doubleclick.net *.gstatic.com js.hsadspixel.net www.googletagmanager.com js-na1.hs-scripts.com forms.hsforms.com api.hubapi.com adservice.google.com *.onetrust.com forms-na1.hsforms.com okt.to www.google.im js.hs-scripts.com region1.analytics.google.com www.google.co.uk static.oktopost.com www.google-analytics.com www.google.com *.linkedin.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 2
default-src 'self' image.spreadshirtmedia.net ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *.go-mpulse.net apis.google.com assets.adobedtm.com *.cloudfront.net nxtck.com ssl.gstatic.com ws.sessioncam.com *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com adtm.spreadshirts.net *.spreadshirt.net ; img-src 'self' data: https: image.spreadshirtmedia.net *.gstatic.com rtb-csync.smartadserver.com pixel.rubiconproject.com pixel.advertising.com dsum-sec.casalemedia.com cotads.adscale.de www.google-analytics.com eu-u.openx.net ih.adscale.de *.akstat.io www.facebook.com dsum-sec.casalemedia.com ad.yieldlab.net secure.adnxs.com mapping.nxtck.com stats.g.doubleclick.net www.google.com www.google.de cm.g.doubleclick.net ads.yahoo.com sync.ligadx.com eb2.3lift.com s.sspqns.com x.bidswitch.net image2.pubmatic.com sync.outbrain.com nxtck.com *.google-analytics.com *.analytics.google.com sanalytics.spreadshirt.net *.spreadshirt.net ; connect-src 'self' https: *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com *.go-mpulse.net *.akstat.io/ dpm.demdex.net *.google-analytics.com *.analytics.google.com *.spreadshirt.net ; font-src 'self' https: data: *.spreadshirt.net ; style-src 'self' data: 'unsafe-inline' https: *.spreadshirt.net ; object-src 'none' ; media-src image.spreadshirtmedia.net ; frame-src 'self' https: www.google.com accounts.google.com *.spreadshirt.net ; report-uri https://csp.spreadshirts.net/csp/reportOnly ; 2
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: appr.sunwingtravelgroup.com bat.bing.com bsb.widgets.sunwingtravelgroup.com *.mookie1.com pixel.byspotify.com www.google.co.in www.sunwing.ca cdn.segment.com cdn.bc0a.com www.googletagmanager.com *.doubleclick.net *.pinterest.com www.google.ca assets.sunwingtravelgroup.com services.sunwinggroup.ca www.youtube.com static.olark.com *.facebook.net *.googleapis.com fsa.widgets.sunwingtravelgroup.com fonts.cdnfonts.com sc-static.net adservice.google.com www.google.com necolas.github.io *.cloudinary.com knrpc.olark.com region1.analytics.google.com *.amazon-adsystem.com wss://input.noibu.com login.sunwing.ca www.google.co.uk api.olark.com ib.adnxs.com input.noibu.com assets.olark.com www.google-analytics.com *.snapchat.com *.facebook.com weblogging.sunwingtravelgroup.com wss://am.freshrelevance.com hotelinfoservice.sunwingtravelgroup.com acdn.adnxs.com *.clarity.ms www.google.com.jm book.sunwing.ca www.google.com.cu am.freshrelevance.com www.google.com.do *.tiktok.com *.gstatic.com sunwing.tfaforms.net www.google.com.mx cdn.noibu.com *.cloudfront.net api.sunwingapi.com c.bing.com apps.joinsherpa.io i.ytimg.com api.segment.io infoservice.sunwingtravelgroup.com *.pinimg.com analytics.google.com sdk.joinsherpa.io sunwing.jebbit.com svhandlerapi.sunwingtravelgroup.com global.oktacdn.com www.google.fr ixfd1-api.bc0a.com evnt.byspotify.com cares.widgets.sunwingtravelgroup.com log.olark.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 2
font-src 'self'; frame-src 'self'; img-src 'self' data: https://img.airtel.tv https://moe-email-campaigns.s3.amazonaws.com https://image.moengage.com; style-src report-sample 'self' 'unsafe-inline'; script-src report-sample 'self' 'unsafe-inline' https://app.link/_r https://cdn.branch.io/branch-latest.min.js https://www.googletagmanager.com/gtag/js https://cdn.moengage.com/webpush/moe_webSdk.min.latest.js https://cdn.moengage.com/webpush/modules/inapp.js https://cdn.moengage.com/webpush/beta/sdk.inapp.cdnHelper.js https://cdn.moengage.com/webpush/releases/serviceworker_cdn.min.latest.js https://cdn.moengage.com/webpush/moe_webSdk_cards.min.latest.js https://cdn.moengage.com/webpush/moe_webSdk_webp.min.latest.js; 2
default-src 'self' *.fontawesome.com *.visualstudio.com cdn.cookielaw.org *.azure.com *.krxd.net *.facebook.com *.googletagmanager.com *.linkedin.oribi.io *.google.com *.doubleclick.net *.liveperson.net *.google-analytics.com fintactix.com *.adsrvr.org *.lpsnmedia.net *.elfsight.com;script-src 'self' 'unsafe-inline' unpkg.com code.jquery.com stackpath.bootstrapcdn.com customer.cludo.com cdnjs.cloudflare.com *.fontawesome.com *.googletagmanager.com *.licdn.com *.convergetrack.com js.monitor.azure.com *.adroll.com *.facebook.net *.google-analytics.com *.doubleclick.net *.lpsnmedia.net *.liveperson.net *.adsrvr.org *.google.com *.elfsight.com cdn.cookielaw.org maxcdn.bootstrapcdn.com cdn.jsdelivr.net;style-src 'self' 'unsafe-inline' customer.cludo.com fonts.googleapis.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net;img-src 'self' data: *.adsrvr.org *.convergetrack.com *.demdex.net *.google.com *.lpsnmedia.net *.linkedin.com *.facebook.com *.krxd.com *.krxd.net *.adroll.com *.google-analytics.com *.doubleclick.net *.googletagmanager.com *.elfsight.com;font-src 'self' fonts.gstatic.com *.fontawesome.com 2
default-src * 'unsafe-eval' 'unsafe-inline' data: blob:; plugin-types application/x-shockwave-flash; script-src * 'unsafe-inline' blob:; report-uri https://content-security-policy.jobteaser.com/report 2
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/chromeenterprise_google 2
default-src https: data: wss: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval';report-uri https://www.facebook.com/csp/reporting/?minimize=0;require-trusted-types-for 'script'; 2
default-src 'self'; frame-src *.recaptcha.net platform.twitter.com *.youtube.com youtube.com; script-src 'sha256-ydKxz4O4+xrDTLpi4zPcDUOeKM1IqTRK7GdPTJ7n5Nw=' 'self' 'self' *.procreate.art *.procreate.com *.sentry.io *.gstatic.com *.recaptcha.net *.youtube.com/embed platform.twitter.com https://www.gstatic.cn/recaptcha cdn.usefathom.com *.mux.com; worker-src 'self' blob:; img-src 'self' 'unsafe-inline' blob: data: *.procreate.art *.procreate.com *.savage.si *.ytimg.com cdn.usefathom.com *.mux.com; connect-src 'self' blob: *.procreate.art *.procreate.com *.sentry.io *.savage.si savage-support-request-files.s3-accelerate.amazonaws.com *.mux.com https://inferred.litix.io/; media-src 'self' blob: *.procreate.art *.procreate.com *.savage.si *.mux.com; style-src 'unsafe-inline' *.procreate.art *.procreate.com https://fonts.googleapis.com; form-action 'self'; base-uri 'self'; frame-ancestors 'none'; object-src 'none'; font-src 'self' https://fonts.gstatic.com 2
default-src 'self';img-src * blob: data:;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bootstrapcdn.com *.typekit.net cdn.jsdelivr.net cdn.rlets.com cdnjs.cloudflare.com code.jquery.com js.hsforms.net www.googletagmanager.com *.wp.com *.mysanfordchart.org *.addthis.com *.adroll.com *.adsrvr.org *.ads-twitter.com *.clarity.ms *.cloudfront.net *.doubleclick.net *.fls.doubleclick.net *.formstack.com *.g.doubleclick.net *.google.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.gstatic.com *.invocacdn.com *.liveperson.net *.lpsnmedia.net *.mpio.io *.onesignal.com *.qualtrics.com *.quantcount.com *.quantserve.com *.serving-sys.com *.simpli.fi *.siteintercept.qualtrics.com *.talentegy.com *.tvsquared.com *.twitter.com *.v.liveperson.net *.vimeo.com *.vimeocdn.com aa.agkn.com ajax.aspnetcdn.com analytics.talentegy.com assets.sitescdn.net az416426.vo.msecnd.net bat.bing.com cdn.mouseflow.com cdn.popt.in chimpstatic.com data.adxcel-ec2.com embed.typeform.com forms.hsforms.com js.hsadspixel.net js.hs-analytics.net js.hs-banner.com js.hscollectedforms.net js.hsleadflows.net js.hs-scripts.com my.hellobar.com onesignal.com pixel.mathtag.com pixel.videohub.tv pnapi.invoca.net px.ads.linkedin.com rules.quantcount.com s.amazon-adsystem.com s.pinimg.com s3.amazonaws.com/checkout.squadup.com/default/css/bootstrap-namespace.min.css sanfordhealth.mdmatchup.com script.crazyegg.com sc-static.net sfapi.formstack.io siteimproveanalytics.com snap.licdn.com static.addtoany.com static.cloud.coveo.com tags.srv.stackadapt.com tracking.logpostback.com transparency.nrchealth.com trkn.us v1.addthisedge.com www.buzzsprout.com www.groupexpro.com www.youtube.com www.ypo.education/js/jsembedcode.js z.moatads.com;style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.fontawesome.com *.googleapis.com *.typekit.net cdn.jsdelivr.net cdnjs.cloudflare.com cloud.typography.com code.jquery.com www.googletagmanager.com *.mysanfordchart.org *.wp.com *.formstack.com *.gstatic.com *.vimeocdn.com cdn.thinglink.me checkout.stripe.com formsprod.azureedge.net onesignal.com static.cloud.coveo.com tags.srv.stackadapt.com www.groupexpro.com www.youtube.com;font-src 'self' data: *.fontawesome.com *.typekit.net cdn.jsdelivr.net cdnjs.cloudflare.com *.wp.com *.formstack.com *.gstatic.com *.googleusercontent.com static.cloud.coveo.com staticdev.cloud.coveo.com;frame-src 'self' cdn.jsdelivr.net cdn.rlets.com cdnjs.cloudflare.com www.googletagmanager.com *.wp.com tools.sanfordhealthplan.com *.mysanfordchart.org *.addthis.com *.adsrvr.org *.c.liveperson.net *.doubleclick.net *.fls.doubleclick.net *.formstack.com *.g.doubleclick.net *.google.com *.ipcamlive.com *.lpsnmedia.net *.snapchat.com *.soundcloud.com *.stripe.com *.twitter.com *.v.liveperson.net *.vimeo.com *.youtube.com cdn.onesignal.com e.issuu.com fast.wistia.net forms.hsforms.com host.visualcalc.com js.hsadspixel.net js.hsforms.net pixel.mathtag.com players.brightcove.net sanfordhealth.mdmatchup.com static.addtoany.com vimeo.com www.buzzsprout.com www.pinterest.ca www.pinterest.co.uk www.pinterest.com www.pinterest.fr www.pinterest.it www.pinterest.ph ct.pinterest.com www.thinglink.com;frame-ancestors 'self' *.mysanfordchart.org;connect-src 'self' cdn.jsdelivr.net cdn.rlets.com cdnjs.cloudflare.com cloud.typography.com code.jquery.com www.googletagmanager.com my.wpengine.com public-api.wordpress.com yoast.com *.addthis.com *.adroll.com *.clarity.ms *.doubleclick.net *.g.doubleclick.net *.gannettdigital.com *.google.com *.google-analytics.com *.googleapis.com *.gstatic.com *.linkedin.oribi.io *.onesignal.com *.pinterest.com *.quantcount.com *.reachlocalservices.com *.serving-sys.com *.snapchat.com *.squadup.com *.twitter.com *.vimeocdn.com *.z1.dca0.com api.hubapi.com az416426.vo.msecnd.net bat.bing.com dc.services.visualstudio.com forms.hsforms.com forms.hubspot.com hubspot-forms-static-embed.s3.amazonaws.com js.hsadspixel.net js.hscollectedforms.net n2.mouseflow.com onesignal.com pnapi.invoca.net sanfordhealth.formstack.com sfapi.formstack.io usageanalytics.coveo.com analytics.cloud.coveo.com;form-action 'self' *.fontawesome.com cdnjs.cloudflare.com *.sanfordhealthfoundation.org my.wpengine.com yoast.com *.adroll.com *.doubleclick.net *.google.com *.google-analytics.com *.googleapis.com *.gstatic.com *.pinterest.com *.serving-sys.com *.snapchat.com *.vimeocdn.com api.hubapi.com forms.hsforms.com forms.hubspot.com hubspot-forms-static-embed.s3.amazonaws.com;media-src * data:;object-src 'none';report-uri https://csp-reporting.sanfordhealth.org/; 2
object-src players.brightcove.net www.realpage.com s.realpage.com vjs.zencdn.net;img-src * blob: data: ; font-src acsbapp.com www.realpage.com s.realpage.com use.typekit.net fonts.gstatic.com vjs.zencdn.net maxcdn.bootstrapcdn.com www.slant.co data:; style-src *.typekit.net *.realpage.com fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' *.realpage.com *.seismic.com www.realpagelearning.com *.yieldstar.com *.mpfyieldstar.com www.on-site.com; report-uri https://cspreports.realpage.com/api/reports/save/report-only; 2
font-src *.klevu.com *.ksearchnet.com https://fonts.gstatic.com/ *.typekit.net *.nosto.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.nosto.com *.nos.to *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.awin1.com *.zenaps.com *.fls.doubleclick.net account.fetchify.com *.klarna.com https://www.googletagmanager.com/ *.nosto.com *.nos.to c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * widget.trustpilot.com simplicity.trustpilot.com *.googlesyndication.com *.stripe.com klarna.com *.klarnacdn.net *.klarnaevt.com *.trustpilot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.awin1.com *.zenaps.com *.klarna.com *.klarnaevt.com *.klevu.com *.ksearchnet.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.nosto.com *.nos.to www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.poundshop.com *.poundland.com *.onetrust.com s.kelkoogroup.net c.bing.com c.clarity.ms bat.bing.com *.ometria.com *.google.ac *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.ua *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.com.kh *.google.cc *.google.cd *.google.cf *.google.cat *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gf *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gp *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.iq *.google.ie *.google.co.il *.google.im *.google.co.in *.google.io *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.com.lc *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.ne *.google.com.nf *.google.com.ng *.google.com.ni *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pk *.google.com.pa *.google.com.pe *.google.com.ph *.google.pl *.google.com.pg *.google.pn *.google.co.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.rs *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.sm *.google.so *.google.st *.google.sr *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tk *.google.tl *.google.tm *.google.to *.google.tn *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.co.ug *.google.co.uk *.google.com *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.co.za *.google.co.zm *.google.co.zw data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.awin1.com www.dwin1.com *.zenaps.com https://the.sciencebehindecommerce.com *.klarna.com js.klevu.com *.ksearchnet.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.nosto.com *.nos.to js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com s.kelkoogroup.net widget.trustpilot.com invitejs.trustpilot.com sdk.loyaltylion.net foursixty.com sdk-static.loyaltylion.net bat.bing.com *.zendesk.com static.zdassets.com *.ometria.com analytics.tiktok.com www.clarity.ms s.kk-resources.com *.googlesyndication.com *.onetrust.com *.newrelic.com *.soreto.com *.stripe.com klarna.com *.klarnacdn.net *.klarnaevt.com *.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cc-cdn.com *.klevu.com *.ksearchnet.com *.nosto.com *.nos.to unsafe-inline assets.braintreegateway.com sdk.loyaltylion.net foursixty.com fonts.googleapis.com *.onetrust.com *.typekit.net *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://the.sciencebehindecommerce.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk *.klarnaevt.com *.klevu.com *.ksearchnet.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.nosto.com *.nos.to api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com sdk.loyaltylion.net foursixty.com platform.loyaltylion.com *.zendesk.com widget-mediator.zopim.com wss://widget-mediator.zopim.com analytics.tiktok.com *.clarity.ms s.kelkoogroup.net invitejs.trustpilot.com zendesk-eu.my.sentry.io *.ometria.com *.google-analytics.com *.onetrust.com *.newrelic.com *.nr-data.net *.googlesyndication.com *.soreto.com googleads.g.doubleclick.net *.stripe.com klarna.com *.klarna.com *.klarnacdn.net 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://gtm.moneybird.nl https://gtm.moneybird.de https://gtm.moneybird.com https://www.google-analytics.com https://www.youtube.com https://maps.googleapis.com https://bat.bing.com https://*.demio.com https://d3s4clg74dg0wr.cloudfront.net https://zapier.com https://www.clarity.ms https://static.homerun.co https://unpkg.com/@googlemaps/ https://euc-widget.freshworks.com https://moneybird.freshdesk.com; style-src 'self' 'unsafe-inline' https://moneybird.nl https://www.moneybird.nl https://www.googletagmanager.com https://gtm.moneybird.nl https://gtm.moneybird.de https://gtm.moneybird.com https://www.gstatic.com https://d3s4clg74dg0wr.cloudfront.net https://fonts.googleapis.com https://*.demio.com https://static.homerun.co https://fonts.bunny.net https://euc-widget.freshworks.com https://moneybird.freshdesk.com; img-src 'self' https://moneybird.nl https://www.moneybird.nl https://prismic-io.s3.amazonaws.com https://images.prismic.io https://dl6oytjgv033w.cloudfront.net https://www.gstatic.com https://www.google-analytics.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://www.googletagmanager.com https://gtm.moneybird.nl https://gtm.moneybird.de https://gtm.moneybird.com https://www.google.nl https://www.google.com https://i.ytimg.com https://maps.gstatic.com https://csi.gstatic.com https://maps.googleapis.com https://bat.bing.com https://zapier.com https://cdn.zapier.com https://euc-widget.freshworks.com https://moneybird.freshdesk.com data:; object-src 'self' https://www.youtube-nocookie.com https://www.youtube.com; connect-src 'self' https://moneybird.nl https://www.moneybird.nl https://help.moneybird.nl https://bat.bing.com https://gtm.moneybird.nl https://gtm.moneybird.com https://gtm.moneybird.de https://pagead2.googlesyndication.com https://*.google-analytics.com https://www.gstatic.com https://moneybird.com https://www.moneybird.com https://homerun.co https://stats.g.doubleclick.net https://*.demio.com https://j.clarity.ms https://embed.homerun.co https://maps.googleapis.com https://euc-widget.freshworks.com https://moneybird.freshdesk.com; frame-src 'self' https://www.googletagmanager.com https://gtm.moneybird.nl https://gtm.moneybird.de https://gtm.moneybird.com https://www.google.com https://www.youtube.com https://www.youtube-nocookie.com https://moneybird.clickwebinar.com https://w.soundcloud.com https://euc-widget.freshworks.com https://moneybird.freshdesk.com; font-src 'self' https://moneybird.nl https://www.moneybird.nl https://fonts.googleapis.com https://fonts.gstatic.com https://fonts.bunny.net; report-uri https://moneybird.com/csp_report; 2
script-src 'self' https://ajax.googleapis.com https://f1000research.s3-eu-west-1.amazonaws.com https://cdnjs.cloudflare.com https://cdnjs.cloudflare.com https://js.hs-scripts.com 2
default-src https: 'self' 'unsafe-inline' members.cj.com int-ds-shared-1.monetate.org *.247-inc.net 247-inc.net *.acuityplatform.com adform.net 112.2o7.net everesttech.net demdex.net adobedtm.com assets.adobetm.com *.scene7.com scene7.com tt.omtrdc.net *.typekit.net typekit.net advertising.com *.adyen.com adyen.com amazon-adsystem.com *.amazonaws.com amazonaws.com atdmt.com azureedge.net *.feedmagnet.com *.bazaarvoice.com bazaarvoice.com bidswitch.net bat.bing.com bing.com btttag.com *.btttag.com *.bluecore.app *.bluecore.com bluecore.app bluecore.com bluekai.com *.braintreegateway.com bugsnag.com cloudflare.com cloudfront.net d1af033869koo7.cloudfront.net *.columbiasportswear.co.uk columbia.com smetrics.columbia.com demandware.net *.emjcd.com emjcd.com cquotient.com *.cquotient.com criteo.com criteo.net us.criteo.com *.criteo.net dotomi.com connect.facebook.net facebook.com facebook.net *.sspinc.io columbia.sspinc.io fit-predictor.net sspinc.io fontawesome.com api2.fonts.com fullstory.com *.fullstory.com honey.io joinhoney.com *.hotjar.com hotjar.com hotjar.io static.hotjar.com *.inmoment.com inmoment.com intercept-client.inmoment.com instagram.com jquery.com *.klarnacdn.net *.klarnaservices.com locally.com *.microsoft.com microsoft.com *.monetate.net mountainhardwear.ca mountainhardwear.com cdn.cookielaw.org cookielaw.org agkn.com bam.nr-data.net js-agent.newrelic.com newrelic.com nr-data.net onetrust.com outbrain.com *.braintree-api.com *.paypal.com *.paypalobjects.com braintree-api.com paypal.com paypalobjects.com sandbox.paypal.com pinimg.com pinterest.com prana.com rlcdn.com *.krxd.net krxd.net *.scarabresearch.com cdn.scarabresearch.com sharethrough.com smartadserver.com sorel.com taboola.com *.tiktok.com adsrvr.org 3lift.com *.truefitcorp.com truefitcorp.com *.turn.com turn.com *.adstk.io *.onetrust.io *.px-client.net ad.smaato.net adstk.io collector-pxlkxie7oj.px-cloud.net fast.fonts.net onetrust.io px-client.net vimeo.com vimeocdn.com yahoo.com analytics.yahoo.com youtube.com ytimg.com *.zdassets.com *.zendesk.com zdassets.com zendesk.com *.zopim.com zopim.com *.perimeterx.net perimeterx.net data: blob:; 2
base-uri 'self'; default-src 'none'; child-src; connect-src 'self' https://rec.smartlook.com http://rec.smartlook.com rec.smartlook.com https://www.google-analytics.com http://www.google-analytics.com www.google-analytics.com https://*.doubleclick.net http://*.doubleclick.net *.doubleclick.net; font-src 'self' https://fonts.gstatic.com http://fonts.gstatic.com fonts.gstatic.com https://use.typekit.net http://use.typekit.net use.typekit.net data:; form-action 'self' https://*.twitter.com http://*.twitter.com *.twitter.com; frame-ancestors 'none'; frame-src https://youtube.com http://youtube.com youtube.com https://*.twitter.com http://*.twitter.com *.twitter.com; img-src 'self' https://www.google-analytics.com http://www.google-analytics.com www.google-analytics.com https://*.doubleclick.net http://*.doubleclick.net *.doubleclick.net https://*.twitter.com http://*.twitter.com *.twitter.com https://*.twimg.com http://*.twimg.com *.twimg.com https://*.wp.com http://*.wp.com *.wp.com blob: data:; media-src https://youtube.com http://youtube.com youtube.com; object-src 'none'; script-src 'self' https://www.googletagmanager.com http://www.googletagmanager.com www.googletagmanager.com https://www.google-analytics.com http://www.google-analytics.com www.google-analytics.com https://platform.twitter.com http://platform.twitter.com platform.twitter.com https://rec.smartlook.com http://rec.smartlook.com rec.smartlook.com https://*.twimg.com http://*.twimg.com *.twimg.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://*.typekit.net http://*.typekit.net *.typekit.net https://*.googleapis.com http://*.googleapis.com *.googleapis.com https://*.twitter.com http://*.twitter.com *.twitter.com https://*.twimg.com http://*.twimg.com *.twimg.com 'unsafe-inline' 2
default-src 'self' 'unsafe-inline' hcfmhvpbqfb6.statuspage.io iwantmyname.com www.gstatic.com *.iwantmyname.com *.centralnicgroup.com ; connect-src 'self' data: adblockers.opera-mini.net api.adblocknext.com api.awesomeblocker.com api.iwantmyname.com assets.evrpg.com cdn.honey.io cdn.rawgit.com cdn.siftscience.com fonts.googleapis.com hcfmhvpbqfb6.statuspage.io iwantmyname.com mozbar.moz.com perf-eu1.hsforms.com region1.analytics.google.com rum.optimizely.com stats.g.doubleclick.net translate.googleapis.com view.light-speed.com wss://api.iwantmyname.com *.hubspot.com *.analytics.google.com *.google-analytics.com *.statuspage.io *.centralnicgroup.com * ; img-src 'self' data: about: cdn.honey.io fonts.googleapis.com fonts.gstatic.com hexagon-analytics.com images.iwantmyname.com perf-eu1.hsforms.com region1.analytics.google.com shareasale.com syndication.twitter.com translate.google.com use.fontawesome.com www.googletagmanager.com *.hubspot.com *.analytics.google.com *.google-analytics.com *.typekit.net * ; font-src 'self' data: assets.evrpg.com cdn.honey.io fonts.googleapis.com fonts.gstatic.com ncspublicasset.s3.eu-west-3.amazonaws.com pro.fontawesome.com ray.st region1.analytics.google.com use.fontawesome.com use.typekit.net *.analytics.google.com *.google-analytics.com * ; media-src 'self' data: ; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net pro.fontawesome.com * ; style-src-elem 'self' 'unsafe-inline' adblockers.opera-mini.net cdn.honey.io cdn.jsdelivr.net cdn.rawgit.com fonts.googleapis.com fonts.gstatic.com gc.kis.v2.scr.kaspersky-labs.com iwantmyname.com js-eu1.hs-analytics.net js-eu1.hs-banner.com js-eu1.hsleadflows.net js-eu1.usemessages.com js.hs-scripts.com pro.fontawesome.com s7.addthis.com translate.google.com use.fontawesome.com www.google-analytics.com *.hubspot.com *.centralnicgroup.com * ; frame-src 'self' *.google.com hcfmhvpbqfb6.statuspage.io mozbar.moz.com platform.twitter.com region1.analytics.google.com webmarshal.home www.googletagmanager.com *.analytics.google.com *.google-analytics.com * ; worker-src 'self' blob: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com api.getvero.com cdn.honey.io cdn.optimizely.com cdn.rawgit.com cdn.siftscience.com cdn.statuspage.io cdnjs.cloudflare.com hcfmhvpbqfb6.statuspage.io iwantmyname.com js-eu1.hs-analytics.net js-eu1.hs-banner.com js-eu1.hs-scripts.com js-eu1.hsleadflows.net js-eu1.usemessages.com js.hs-analytics.net js.hs-banner.com js.hs-scripts.com js.hsleadflows.net platform.twitter.com s7.addthis.com statuspage-production.s3.amazonaws.com translate.googleapis.com use.typekit.net view.light-speed.com www.google.com www.gstatic.com *.cloudfront.net *.hubspot.com *.googletagmanager.com *.analytics.google.com *.google-analytics.com *.centralnicgroup.com * ; report-uri https://iwantmyname.com/CSP_report; 2
default-src data: blob: 'self' https://*.ugc.gov.in 'unsafe-inline' *.ugc.gov.in 'unsafe-eval' https://fonts.googleapis.com/ https://fonts.gstatic.com/; script-src *.ugc.gov.in *.google-analytics.com 'unsafe-inline' 'unsafe-eval' blob: data: 'self' ugc.gov.in https://www.gstatic.com/ https://www.ugc.gov.in/js/owl.carousel.min.js https://platform.twitter.com/widgets.js ; connect-src * 'unsafe-inline' googleads.g.doubleclick.net www.googleadservices.com; img-src * data: blob: 'unsafe-inline'; frame-src *; manifest-src 'self'; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.ugc.gov.in/ *.node.js *.page-style.js https://fonts.googleapis.com/; object-src 'none'; base-uri 'none'; 2
font-src *.fontawesome.com https://*.tassimo.com https://*.lorespresso.com https://fonts.gstatic.com https://use.fontawesome.com https://d6tizftlrpuof.cloudfront.net https://staticw2.yotpo.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://*.adyen.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com https://*.tassimo.com https://*.lorespresso.com https://*.fls.doubleclick.net https://vars.hotjar.com https://*.pinterest.com https://*.criteo.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.adyen.com https://*.tassimo.com https://*.lorespresso.com https://www.google.com https://www.google.com.ua https://adservice.google.com https://ade.googlesyndication.com https://www.googletagmanager.com https://*.doubleclick.net https://eu-west-1-wtb-tag-api.swaven.com https://*.usabilla.com https://d6tizftlrpuof.cloudfront.net https://*.bing.com https://*.pinterest.com https://*.yotpo.com https://*.clarity.ms https://*.cookielaw.org https://jde.blueconic.net https://*.contentsquare.net https://*.bidswitch.net https://*.adnxs.com https://*.casalemedia.com https://*.360yield.com https://*.media.net https://*.mediavine.com https://*.outbrain.com https://*.pubmatic.com https://*.rubiconproject.com https://*.sharethrough.com https://*.smartadserver.com https://*.taboola.com https://*.teads.tv https://*.3lift.com https://*.yahoo.com https://*.adform.net https://*.omnitagjs.com https://*.criteo.com https://id5-sync.com https://*.ivitrack.com https://*.tremorhub.com https://*.yieldlab.net https://*.yieldmo.com https://*.openx.net https://*.krxd.net https://*.1rx.io https://*.thebrighttag.com https://*.eyeota.net https://*.tapad.com https://*.postcodeanywhere.co.uk *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com https://unpkg.com *.avada.io https://*.tassimo.com https://*.lorespresso.com https://www.google.com https://www.gstatic.com https://*.googleapis.com https://www.googleoptimize.com https://www.googletagmanager.com https://*.blueconic.net https://jdeco11112.pcapredict.com https://*.swaven.com https://*.usabilla.com https://cdn.cookielaw.org https://connect.facebook.net https://*.hotjar.com https://p.teads.tv https://www.dwin1.com https://bat.bing.com https://s.pinimg.com https://swrap.tradedoubler.com https://ad.avtm.fr https://*.clarity.ms https://staticw2.yotpo.com https://mpsnare.iesnare.com https://*.contentsquare.net https://*.criteo.com https://*.cloudfront.net https://*.postcodeanywhere.co.uk https://*.boost.ai *.yotpo.com https://js-agent.newrelic.com/ https://bam.eu01.nr-data.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com https://*.tassimo.com https://*.lorespresso.com https://fonts.googleapis.com https://use.fontawesome.com https://*.blueconic.net https://d6tizftlrpuof.cloudfront.net https://staticw2.yotpo.com https://*.postcodeanywhere.co.uk *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://mpsnare.iesnare.com data: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.adyen.com https://get.geojs.io *.avada.io https://*.tassimo.com https://*.lorespresso.com https://*.blueconic.net https://*.swaven.com https://www.google.com https://www.google-analytics.com https://*.googleapis.com https://*.g.doubleclick.net https://pagead2.googlesyndication.com https://cdn.cookielaw.org https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.clarity.ms https://*.onetrust.com https://ct.pinterest.com https://mpsnare.iesnare.com wss://mpsnare.iesnare.com https://*.contentsquare.net https://*.boost.ai *.yotpo.com https://bam.eu01.nr-data.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri https://d6tizftlrpuof.cloudfront.net https://*.boost.ai 'self' 'unsafe-inline'; 2
default-src 'self' https://exercism.org https://api.exercism.org https://assets.exercism.org; connect-src 'self' ws://exercism.org https://cdn.jsdelivr.net https://sessions.bugsnag.com/; img-src 'self' data: https://*; media-src *; script-src 'self' https://exercism.org https://api.exercism.org https://assets.exercism.org https://js.stripe.com https://cdn.jsdelivr.net https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; frame-src https://js.stripe.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; font-src 'self' https://exercism.org https://api.exercism.org https://assets.exercism.org https://maxcdn.bootstrapcdn.com; style-src 'self' https://exercism.org https://api.exercism.org https://assets.exercism.org 'unsafe-inline' https://maxcdn.bootstrapcdn.com; child-src 'none' 2
default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; 2
img-src https: blob:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'; 2
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: consentcdn.cookiebot.com stats.epayworldwide.com imgsct.cookiebot.com *.gstatic.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 2
font-src fonts.gstatic.com use.fontawesome.com *.fontawesome.com audioeye.com *.audioeye.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com api.bazaarvoice.com stg.api.bazaarvoice.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com www.youtube.com youtu.be www.youtube-nocookie.com audioeye.com *.audioeye.com checkout.sezzle.com sandbox.checkout.sezzle.com https://www.googletagmanager.com/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com fortnine.ca *.fortnine.ca defender.com *.defender.com https://c683207.ssl.cf2.rackcdn.com www.youtube.com *.youtube.com youtu.be www.google.ca www.googletagmanager.com www.facebook.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com polyfill.io apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com fortnine.ca *.fortnine.ca defender.com *.defender.com *.newrelic.com bam.nr-data.net *.nr-data.net fullstory.com www.youtube.com *.youtube.com youtu.be googleads.g.doubleclick.net connect.facebook.net static.cloudflareinsights.com *.cloudflareinsights.com js.authorize.net audioeye.com *.audioeye.com checkout-sdk.sezzle.com sandbox.checkout-sdk.sezzle.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com display.ugc.bazaarvoice.com fortnine.ca *.fortnine.ca defender.com *.defender.com fonts.googleapis.com use.fontawesome.com *.fontawesome.com audioeye.com *.audioeye.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.algolia.net *.algolia.com *.algolianet.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com fortnine.ca *.fortnine.ca defender.com *.defender.com algolianet.com *.algolianet.com bam.nr-data.net *.nr-data.net analytics.google.com www.facebook.com js.authorize.net jstest.authorize.net ws1.postescanada-canadapost.ca *.postescanada-canadapost.ca audioeye.com *.audioeye.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src fortnine.ca *.fortnine.ca defender.com *.defender.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src *.fontawesome.com *.liqui-moly.com *.twofour.dev liquimoly.cloudimg.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.cookiebot.com *.amazon-adsystem.com insight.adsrvr.org *.facebook.com https://www.youtube.com https://www.googletagmanager.com/ *.google.com/ js.mollie.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com walls.io *.walls.io 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io liquimoly.cloudimg.io *.google.de *.google.com *.facebook.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://www.magezon.com https://www.mollie.com *.cloudimg.io data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://cdn.polyfill.io https://browser.sentry-cdn.com *.liqui-moly.com *.twofour.dev *.cookiebot.com *.google-analytics.com *.googleadservices.com maps.googleapis.com googleapis.com connect.facebook.net service.liqui-moly.de http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.google.com/ js.mollie.com *.cloudimg.io *.scaleflex.it *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com walls.io *.walls.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.fontawesome.com *.liqui-moly.com *.twofour.dev liquimoly.cloudimg.io walls.io *.walls.io 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.friendlycaptcha.com eu-api.friendlycaptcha.eu https://*.ingest.sentry.io *.liqui-moly.com *.twofour.dev *.cookiebot.com *.analytics.google.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com walls.io *.walls.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.liqui-moly.com *.twofour.dev 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self' http: https: data: blob: 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self'; 2
default-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: https://assets.ctfassets.net https://images.ctfassets.net https://videos.ctfassets.net https://cdn.trustcommander.net https://d3ayv6nsn4rwn3.cloudfront.net https://js-api.dial-once.com https://solutions.dial-once.com https://cdn.dial-once.com https://preview.contentful.com https://cdn.contentful.com https://www.youtube.com https://hacl.iadvize.com https://www.googleoptimize.com https://privacy.commander1.com https://*.contentsquare.net https://www.googletagmanager.com https://halc.iadvize.com https://sc-static.net https://www.google-analytics.com https://static.iadvize.com https://c.contentsquare.net https://tr.snapchat.com https://privacy.trustcommander.net https://api.iadvize.com https://stats.g.doubleclick.net https://www.google.com https://www.google.fr https://ajax.googleapis.com  https://cdnjs.cloudflare.com https://banque.meilleurtaux.com https://player.vimeo.com https://vimeo.com https://embed.twitch.tv https://www.dailymotion.com https://js-agent.newrelic.com https://bam.eu01.nr-data.net https://www.googleadservices.com https://www.facebook.com https://secure.quantserve.com https://u.logbor.com https://rules.quantcount.com https://googleads.g.doubleclick.net https://*.quantserve.com https://bid.g.doubleclick.net  https://*.fls.doubleclick.net  https://snap.licdn.com  https://platform.commandersact.com https://manager.tagcommander.com https://cdn.tagcommander.com https://images.ctfassets.net https://adservice.google.com https://px.ads.linkedin.com https://js-agent.newrelic.com https://fonts.googleapis.com https://api.inbenta.io https://sdk.inbenta.io https://api-gce1.inbenta.io https://deploy.mopinion.com https://cl.avis-verifies.com ; report-to csp-listener 2
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.doubleclick.net cdn.attraqt.io www-commerce.countryroad.com.au query.published.live1.suggest.ap2.fredhopperservices.com *.bazaarvoice.com cdn.truefitcorp.com dressipi-production.countryroad.com *.igodigital.com i.vimeocdn.com adapter.www.countryroad.com websdk.appsflyer.com www.google.com.sg au3-live.inside-graph.com www.google.co.nz tags.tiqcdn.com analytics.google.com bam.nr-data.net cdn.giftflick.com.au dressipi-production.countryroad.com.au *.hotjar.com *.googleapis.com metrics.hotjar.io www.googletagmanager.com dressipi-production.countryroad.co.nz www.google.co.uk *.gstatic.com *.useinsider.com www.countryroad.com.au www-commerce.countryroad.com *.optimizely.com www.countryroad.com adapter.www.countryroad.com.au au3-cdn.inside-graph.com www.google.com bat.bing.com wa.appsflyer.com au3-track.inside-graph.com logs-01.loggly.com adapter.www.countryroad.co.nz x.klarnacdn.net cdn.honey.io utt.impactcdn.com t.contentsquare.net gcr-albatros-eu-prod-europe-west1-mtg-j7ib225lma-ew.a.run.app vc.hotjar.io b.sli-spark.com *.paypal.com *.pinterest.com *.tiktok.com international.countryroad.com wa.onelink.me evt-oc.klarnaservices.com *.facebook.com a.countryroad.com.au www.google.com.hk q-aeu1.contentsquare.net oc-library.klarnaservices.com *.vimeo.com adservice.google.com collect-ap2.attraqt.io www-commerce.countryroad.co.nz region1.analytics.google.com k-aeu1.contentsquare.net api.giftflick.com.au www.giftflick.com.au content.hotjar.io sp.analytics.yahoo.com *.facebook.net *.dynatrace.com *.pinimg.com vitals.vercel-insights.com cdn.jsdelivr.net country-road-group-country-road-au.pxf.io unpkg.com www.google-analytics.com wh1aev3s.micpn.com *.tealiumiq.com c.contentsquare.net sdk.giftflick.com.au www.google.co.za *.sjv.io js.maxmind.com www.ojrq.net giftcreation.giftflick.com.au srm.ba.contentsquare.net code.jquery.com cor-cdn.truefitcorp.com www.google.com.au *.cloudfront.net l.contentsquare.net js.klarna.com www.paypalobjects.com js-agent.newrelic.com wss://au3-live.inside-graph.com s.yimg.com *.googleadservices.com collect.auspost.com.au ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 2
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.uxfeedback.ru https://chat.finuslugi.ru https://connect.facebook.net https://www.facebook.com https://vk.com https://top-fwz1.mail.ru https://px.adhigh.net https://finuslugi.inguru.ru https://iframe.inguru.ru https://cdn.amplitude.com https://www.google-analytics.com https://optimize.google.com https://mc.yandex.ru https://mc.yandex.com https://mc.yandex.az https://mc.yandex.by https://mc.yandex.co.il https://mc.yandex.com.am https://mc.yandex.com.ge https://mc.yandex.com.tr https://mc.yandex.ee https://mc.yandex.fr https://mc.yandex.kg https://mc.yandex.kz https://mc.yandex.lt https://mc.yandex.lv https://mc.yandex.md https://mc.yandex.tj https://mc.yandex.tm https://mc.yandex.ua https://mc.yandex.uz https://yastatic.net https://mc.webvisor.com https://mc.webvisor.org https://www.gstatic.com https://www.googletagmanager.com https://tagmanager.google.com;connect-src 'self' https://iss.moex.com *.uxfeedback.ru https://chat.finuslugi.ru wss://chat.finuslugi.ru https://top-fwz1.mail.ru https://px.adhigh.net https://rexc.moex.com https://api.finuslugi.ru https://lk.finuslugi.ru https://assets.finuslugi.ru https://www.moex.com api.amplitude.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://mc.yandex.ru https://mc.yandex.com;img-src 'self' data: *.uxfeedback.ru https://vk.com https://www.facebook.com https://11143639.fls.doubleclick.net https://assets.finuslugi.ru https://liknot.ru https://www.workle.ru https://www.google.ru https://www.google.com https://www.google-analytics.com www.google-analytics.com https://optimize.google.com https://stats.g.doubleclick.net https://mc.yandex.ru https://mc.yandex.com https://www.googletagmanager.com www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com;style-src 'self' 'unsafe-inline' *.uxfeedback.ru https://chat.finuslugi.ru https://tagmanager.google.com https://optimize.google.com https://fonts.googleapis.com;font-src 'self' data: *.uxfeedback.ru https://fonts.gstatic.com;media-src 'self';child-src 'self' blob: https://mc.yandex.ru https://mc.yandex.com https://mc.yandex.az https://mc.yandex.by https://mc.yandex.co.il https://mc.yandex.com.am https://mc.yandex.com.ge https://mc.yandex.com.tr https://mc.yandex.ee https://mc.yandex.fr https://mc.yandex.kg https://mc.yandex.kz https://mc.yandex.lt https://mc.yandex.lv https://mc.yandex.md https://mc.yandex.tj https://mc.yandex.tm https://mc.yandex.ua https://mc.yandex.uz;frame-src blob: *.uxfeedback.ru https://11143639.fls.doubleclick.net https://finuslugi.inguru.ru https://iframe.inguru.ru https://optimize.google.com https://www.youtube.com https://mc.yandex.ru https://mc.yandex.com https://mc.yandex.az https://mc.yandex.by https://mc.yandex.co.il https://mc.yandex.com.am https://mc.yandex.com.ge https://mc.yandex.com.tr https://mc.yandex.ee https://mc.yandex.fr https://mc.yandex.kg https://mc.yandex.kz https://mc.yandex.lt https://mc.yandex.lv https://mc.yandex.md https://mc.yandex.tj https://mc.yandex.tm https://mc.yandex.ua https://mc.yandex.uz;base-uri 'self';form-action 'self';manifest-src 'self';worker-src 'self';report-uri https://rexc.moex.com; 2
default-src https: 'self' 'unsafe-inline' members.cj.com int-ds-shared-1.monetate.org *.247-inc.net 247-inc.net *.acuityplatform.com adform.net 112.2o7.net everesttech.net demdex.net adobedtm.com assets.adobetm.com *.scene7.com scene7.com tt.omtrdc.net *.typekit.net typekit.net advertising.com *.adyen.com adyen.com amazon-adsystem.com *.amazonaws.com amazonaws.com atdmt.com azureedge.net *.feedmagnet.com *.bazaarvoice.com bazaarvoice.com bidswitch.net bat.bing.com bing.com btttag.com *.btttag.com *.bluecore.app *.bluecore.com bluecore.app bluecore.com bluekai.com *.braintreegateway.com bugsnag.com cloudflare.com cloudfront.net d1af033869koo7.cloudfront.net *.columbiasportswear.co.uk columbia.com smetrics.columbia.com demandware.net *.emjcd.com emjcd.com cquotient.com *.cquotient.com criteo.com criteo.net us.criteo.com *.criteo.net dotomi.com *.doubleclick.net doubleclick.net dstillery.com media6degrees.com connect.facebook.net facebook.com facebook.net *.sspinc.io columbia.sspinc.io fit-predictor.net sspinc.io fontawesome.com api2.fonts.com fullstory.com *.fullstory.com honey.io joinhoney.com *.hotjar.com hotjar.com hotjar.io static.hotjar.com *.inmoment.com inmoment.com intercept-client.inmoment.com instagram.com jquery.com *.klarnacdn.net *.klarnaservices.com locally.com *.microsoft.com microsoft.com *.monetate.net mountainhardwear.ca mountainhardwear.com cdn.cookielaw.org cookielaw.org agkn.com bam.nr-data.net js-agent.newrelic.com newrelic.com nr-data.net onetrust.com outbrain.com *.braintree-api.com *.paypal.com *.paypalobjects.com braintree-api.com paypal.com paypalobjects.com sandbox.paypal.com pinimg.com pinterest.com prana.com rlcdn.com *.krxd.net krxd.net *.scarabresearch.com cdn.scarabresearch.com sharethrough.com smartadserver.com *.sc-static.net *.snapchat.com sc-static.net tr.snapchat.com sorel.com taboola.com adsrvr.org 3lift.com *.truefitcorp.com truefitcorp.com *.turn.com turn.com *.adstk.io *.onetrust.io *.px-client.net ad.smaato.net adstk.io collector-pxlkxie7oj.px-cloud.net fast.fonts.net onetrust.io px-client.net vimeo.com vimeocdn.com yahoo.com analytics.yahoo.com youtube.com ytimg.com *.zdassets.com *.zendesk.com zdassets.com zendesk.com *.zopim.com zopim.com *.perimeterx.net perimeterx.net data: blob:; 2
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; connect-src  https: wss:; report-uri /csp-report 2
font-src 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.dotdigital-pages.com *.dotdigital.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es cdn.dnky.co webchat.dotdigital.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com www.googletagmanager.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es cdn.dnky.co api.comapi.com webchat.dotdigital.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es api.comapi.com webchat.dotdigital.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src https://*.gstatic.com fonts.gstatic.com https://cdn.segment.com https://api.segment.io https://*.hokodo.co www.googleservices.com *.google.com *.gstatic.com https://*.klarnacdn.net *.klevu.com *.ksearchnet.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.adyen.com www.xtento.com https://*.hokodo.co https://photos.pixlee.co https://photos.pixlee.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com https://*.gstatic.com *.afd.co.uk www.xtento.com cdn.xtento.com https://site-assets.afterpay.com https://www.google.com https://www.google.co.uk https://www.gstatic.com https://d1fd8aj8bhyfe9.cloudfront.net https://cdn-ukwest.onetrust.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com flagpedia.net https://register.feefo.com https://api.feefo.com https://s3-eu-west-1.amazonaws.com pixlee.com *.pixlee.com *.pixlee.co data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com polyfill.io www.google.com *.afd.co.uk *.plugins.emarsys.net *.scarabresearch.com www.xtento.com cdn.xtento.com https://js.afterpay.com https://cdn.segment.com https://*.hokodo.co https://*.klarnaservices.com https://party11141.pcapredict.com https://suite56.emarsys.net https://assets.pxlecdn.com https://region1.analytics.google.com https://register.feefo.com https://js-agent.newrelic.com https://bam.nr-data.net https://services.postcodeanywhere.co.uk https://d3dh5c7rwzliwm.cloudfront.net https://d32106rlhdcogo.cloudfront.net https://dgf0rw7orw6vf.cloudfront.net https://cdn-ukwest.onetrust.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com *.gstatic.com maps.googleapis.com https://*.feefo.com/ https://euwa.puzzel.com pixlee.com *.pixlee.com *.pixlee.co 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://fonts.googleapis.com/ fonts.googleapis.com https://*.klarnacdn.net https://register.feefo.com https://services.postcodeanywhere.co.uk https://static.klaviyo.com *.klevu.com *.ksearchnet.com maxcdn.bootstrapcdn.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.scarabresearch.com *.eservice.emarsys.net https://cdn.segment.com https://api.segment.io https://*.hokodo.co https://*.klarnaservices.com https://party11141.pcapredict.com https://suite56.emarsys.net https://assets.pxlecdn.com https://region1.analytics.google.com https://stats.g.doubleclick.net https://register.feefo.com https://inbound-analytics.pixlee.com https://pce.afd.co.uk https://bam.nr-data.net https://cdn-ukwest.onetrust.com https://geolocation.onetrust.com https://region1.google-analytics.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com www.gstatic.com maps.googleapis.com https://api.feefo.com https://collect.feefo.com https://api.puzzel.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
base-uri 'self'; frame-src 'self' cookiejar.mondly.com www.facebook.com optimize.google.com bid.g.doubleclick.net secure.livechatinc.com www.googletagmanager.com 7f075c3104c14b369e4245a534bf1142.pages.ubembed.com secure.2checkout.com 2pay-js.2checkout.com; frame-ancestors 'self' *.mondly.com; font-src 'self' data: d37sy4vufic209.cloudfront.net fonts.gstatic.com; img-src 'self' data: https://*; media-src 'self' d37sy4vufic209.cloudfront.net mondly-languages-audio.azureedge.net; style-src 'self' 'unsafe-inline' d37sy4vufic209.cloudfront.net optimize.google.com fonts.googleapis.com tagmanager.google.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' d37sy4vufic209.cloudfront.net www.google.com connect.facebook.net cdn.livechatinc.com api.livechatinc.com optimize.google.com tagmanager.google.com secure.livechatinc.com www.googletagmanager.com www.googleadservices.com www.google-analytics.com ssl.google-analytics.com googleads.g.doubleclick.net 7f075c3104c14b369e4245a534bf1142.js.ubembed.com analytics.tiktok.com assets.ubembed.com cdn.cookielaw.org www.googleoptimize.com static.ads-twitter.com www.clarity.ms secure.2checkout.com 2pay-js.2checkout.com 2
object-src 'none'; script-src 'self'  https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://static.addtoany.com https://storage.googleapis.com https://unpkg.com maps.googleapis.com; script-src-attr 'self'; style-src 'self'  https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://www.atd.com; style-src-attr 'self'; frame-ancestors 'self' 2
font-src fonts.gstatic.com use.typekit.net data: *.hotjar.com *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.embluemail.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com cdn.dnky.co amc.demdex.net www.google.com www.facebook.com youtube.com *.pmbox.cloud *.inconcertcc.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net maps.gstatic.com maps.googleapis.com accounts.google.com www.facebook.com *.efe.com.pe *.flixcar.com *.flix360.com https://*.hotjar.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net unpkg.com commerce.adobedtm.com commerce.adobe.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.dnky.co r1-t.trackedlink.net www.gstatic.com js-agent.newrelic.com bam.nr-data.net maps.googleapis.com connect.facebook.net player.vimeo.com *.embluemail.com *.hotjar.com storage.googleapis.com *.flixfacts.com *.flixcar.com *.onesignal.com onesignal.com *.inconcertcc.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com https://www.google.com https://maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cdn.dnky.co *.hotjar.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.adobe.io performance.typekit.net commerce.adobedtm.com commerce.adobedc.net vimeo.com api.magento.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com api.comapi.com bam.nr-data.net *.culqi.com *.alquimio.cloud  *.hotjar.com *.hotjar.io wss://*.hotjar.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
frame-ancestors 'self'; report-uri https://www.goldcoastbulletin.com.au/csp-reports 2
base-uri 'self'; default-src 'none'; child-src; connect-src 'self' https://rec.smartlook.com http://rec.smartlook.com rec.smartlook.com https://*.cookiebot.com http://*.cookiebot.com *.cookiebot.com https://*.sharethis.com http://*.sharethis.com *.sharethis.com https://bam.nr-data.net http://bam.nr-data.net bam.nr-data.net https://api.brightfunnel.com http://api.brightfunnel.com api.brightfunnel.com https://*.qualtrics.com http://*.qualtrics.com *.qualtrics.com https://www.google-analytics.com http://www.google-analytics.com www.google-analytics.com https://api.company-target.com http://api.company-target.com api.company-target.com https://ws.zoominfo.com http://ws.zoominfo.com ws.zoominfo.com https://segments.company-target.com http://segments.company-target.com segments.company-target.com; font-src 'self' https://fonts.gstatic.com http://fonts.gstatic.com fonts.gstatic.com https://use.typekit.net http://use.typekit.net use.typekit.net data:; form-action 'self' https://*.twitter.com http://*.twitter.com *.twitter.com; frame-ancestors 'none'; frame-src https://youtube.com http://youtube.com youtube.com https://*.twitter.com http://*.twitter.com *.twitter.com https://*.doubleclick.net http://*.doubleclick.net *.doubleclick.net https://*.cookiebot.com http://*.cookiebot.com *.cookiebot.com https://pixel.sitescout.com http://pixel.sitescout.com pixel.sitescout.com; img-src 'self' https://www.google-analytics.com http://www.google-analytics.com www.google-analytics.com https://www.google.com http://www.google.com www.google.com https://www.google.co.uk http://www.google.co.uk www.google.co.uk https://*.sharethis.com http://*.sharethis.com *.sharethis.com https://*.terminus.services http://*.terminus.services *.terminus.services https://*.linkedin.com http://*.linkedin.com *.linkedin.com https://pixel.sitescout.com http://pixel.sitescout.com pixel.sitescout.com https://*.qualtrics.com http://*.qualtrics.com *.qualtrics.com https://match.prod.bidr.io http://match.prod.bidr.io match.prod.bidr.io https://segments.company-target.com http://segments.company-target.com segments.company-target.com blob: data:; media-src https://youtube.com http://youtube.com youtube.com; object-src 'none'; manifest-src 'self'; script-src 'self' https://www.googletagmanager.com http://www.googletagmanager.com www.googletagmanager.com https://www.google-analytics.com http://www.google-analytics.com www.google-analytics.com https://www.googleadservices.com http://www.googleadservices.com www.googleadservices.com https://*.googleapis.com http://*.googleapis.com *.googleapis.com https://*.doubleclick.net http://*.doubleclick.net *.doubleclick.net https://*.cookiebot.com http://*.cookiebot.com *.cookiebot.com https://*.sharethis.com http://*.sharethis.com *.sharethis.com https://*.brightfunnel.com http://*.brightfunnel.com *.brightfunnel.com https://*.newrelic.com http://*.newrelic.com *.newrelic.com https://*.terminus.com http://*.terminus.com *.terminus.com https://*.terminus.services http://*.terminus.services *.terminus.services https://*.getsmartcontent.com http://*.getsmartcontent.com *.getsmartcontent.com https://img.en25.com http://img.en25.com img.en25.com https://*.qualtrics.com http://*.qualtrics.com *.qualtrics.com https://bam.nr-data.net http://bam.nr-data.net bam.nr-data.net https://snap.licdn.com http://snap.licdn.com snap.licdn.com https://up.pixel.ad http://up.pixel.ad up.pixel.ad https://ws-assets.zoominfo.com http://ws-assets.zoominfo.com ws-assets.zoominfo.com https://tag.demandbase.com http://tag.demandbase.com tag.demandbase.com https://*.convertcalculator.co http://*.convertcalculator.co *.convertcalculator.co 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://*.typekit.net http://*.typekit.net *.typekit.net https://*.googleapis.com http://*.googleapis.com *.googleapis.com 'unsafe-inline' 2
font-src cdnjs.cloudflare.com fonts.gstatic.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com magento.buildify.shop *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.sharethis.com platform.twitter.com magento.buildify.shop c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.sharethis.com s3.amazonaws.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.sharethis.com platform.twitter.com platform.instagram.com apis.google.com magento.buildify.shop https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.sharethis.com cdnjs.cloudflare.com fonts.googleapis.com magento.buildify.shop https://static.klaviyo.com *.fontawesome.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.sharethis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self' https: data: blob: 'unsafe-inline' 'unsafe-eval' 2
default-src *; script-src data: http: https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' data: 'unsafe-inline' https: *.bootstrapcdn.com; img-src * 'self' data: blob:; font-src *; connect-src https:; media-src *; object-src 'none'; frame-src *; report-uri https://www.hsag.com/_csp; 2
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com dhv2ziothpgrr.cloudfront.net *.klarnacdn.net *.klevu.com *.ksearchnet.com *.yotpo.com x.klarnacdn.net *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.google.com *.doubleclick.net *.facebook.com *.flashtalking.com *.dotdigital-pages.com *.dotdigital.com *.klarna.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.trustpilot.com *.paypalobjects.com *.usehero.com *.braintreegateway.com *.cookiebot.com *.hotjar.com *.kaptcha.com https://plumrocket.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.pmtonline.co.uk *.clarity.ms *.cloudfront.net dhv2ziothpgrr.cloudfront.net *.klarna.com *.klarnaevt.com *.klarnacdn.net *.klevu.com *.ksearchnet.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.trustpilot.com *.nosto.com *.amazonaws.com *.finance-calculator.co.uk *.google.co.uk *.usehero.com *.bing.com *.postcodeanywhere.co.uk *.yotpo.com blob: x.klarnacdn.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.cloudfront.net *.tradedoubler.com *.email.pmtonline.co.uk *.mateti.net *.newrelic.com *.nr-data.net *.zdassets.com widget.freshworks.com m2epro.freshdesk.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com https://angus.finance-calculator.co.uk *.klarna.com *.klarnaservices.com js.klevu.com *.ksearchnet.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.trustpilot.com *.nosto.com *.klevu.com polyfill.io *.finance-calculator.co.uk *.usehero.com *.postcodeanywhere.co.uk *.pcapredict.com *.cardinalcommerce.com *.hotjar.com *.cookiebot.com *.bing.com https://analytics.tiktok.com *.zuko.io *.yotpo.com *.clarity.ms x.klarnacdn.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com widget.freshworks.com m2epro.freshdesk.com dhv2ziothpgrr.cloudfront.net *.klarnacdn.net *.klevu.com *.ksearchnet.com unsafe-inline assets.braintreegateway.com *.trustpilot.com *.nosto.com *.finance-calculator.co.uk *.usehero.com *.postcodeanywhere.co.uk *.yotpo.com x.klarnacdn.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.usehero.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.cloudfront.net *.dycdn.net *.freshrelevance.com wss://*.freshrelevance.com *.mateti.net *.pmtonline.co.uk *.zdassets.com *.zendesk.com *.nr-data.net *.bing.com tbs.pvnsolutions.com widget.freshworks.com m2epro.freshdesk.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com https://angus.finance-calculator.co.uk *.klarnaevt.com *.klarnaservices.com *.klevu.com *.ksearchnet.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com *.trustpilot.com *.finance-calculator.co.uk *.nosto.com *.braintreegateway.com *.usehero.com *.postcodeanywhere.co.uk *.doubleclick.net *.zuko.io https://analytics.tiktok.com *.hotjar.io *.hotjar.com *.yotpo.com *.cookiebot.com *.clarity.ms *.sentry.io x.klarnacdn.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
frame-ancestors 'self'; report-uri https://api.mobilepay.dk/cspreporting/mobilepay-dk 2
default-src 'self' https:; font-src 'self' data: https://production-assets.soverin.net; img-src 'self' data: https://production-assets.soverin.net; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://production-assets.soverin.net; script-src-elem 'self' https://production-assets.soverin.net; style-src 'self' 'unsafe-inline' https://production-assets.soverin.net; connect-src 'self' https://soverin.net wss://soverin.net https://mijn.freedom.nl wss://mijn.freedom.nl https://email.mijndomein.nl wss://email.mijndomein.nl; report-uri /csp_violation_reports 2
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: api.userway.org cdn.userway.org *.demdex.net siteimproveanalytics.com www.googletagmanager.com *.facebook.com *.doubleclick.net assets.adobedtm.com www.google.com.pr www.google.co.vi *.gstatic.com *.1firstbank.com cdn77.api.userway.org 6253864.global.siteimproveanalytics.io static.mobilemonkey.com adservice.google.com *.googleapis.com *.omtrdc.net www.recaptcha.net *.everesttech.net *.facebook.net www.google.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 2
default-src *; img-src * 'self' data: https: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://checkoutshopper-test.adyen.com/ https://checkoutshopper-live.adyen.com/checkoutshopper/sdk/4.7.2/adyen.js https://checkoutshopper-test.adyen.com/checkoutshopper/v1/analytics/log https://checkoutshopper-live.adyen.com/  https://www.paypal.com/ https://www.espares.co.uk/ https://www.espares.ie/ https://dev.visualwebsiteoptimizer.com/ https://www.googletagmanager.com/ https://www.googletagmanager.com/gtm.js https://bat.bing.com/ https://ajax.aspnetcdn.com/ https://assets.empathybroker.com/ https://widget.trustpilot.com/bootstrap/ https://www.dwin1.com/ https://script.hotjar.com/ https://static.hotjar.com/ https://www.googlecommerce.com/trustedstores/api/js https://*.cloudfront.net/ https://cdnjs.cloudflare.com/ajax/libs/ouibounce/ https://www.google.com https://apis.google.com/ https://spareparts.whoson.com https://www.googleadservices.com/pagead/ https://app.yieldify.com/yieldify/ https://td.yieldify.com/yieldify/ https://googleads.g.doubleclick.net https://platform.twitter.com/ https://connect.facebook.net/ https://www.google-analytics.com/ https://connectdistribution.whoson.com/ https://tag.perfectaudience.com/serve/ https://www.zenaps.com/ https://tracker.marinsm.com/ https://www.awin1.com/ https://tpc.googlesyndication.com/ wss://am.freshrelevance.com/ https://tracker.departapp.com/ https://cdn-ads.google-analytics.com/ https://www.gstatic.com/recaptcha/ https://imasdk.googleapis.com/ https://adservice.google.com/ https://api.microsofttranslator.com/ https://www.microsofttranslator.com/ https://translate.googleapis.com/ https://tagmanager.google.com/ https://tagmanager.google.com/debug https://tagmanager.google.com/debug/api/vtinfo https://tagmanager.google.com/debug/debuguiApp-bundle.js https://orbitvu.co/ https://cdn.orbitvu.co https://ui.powerreviews.com/ https://display.powerreviews.com/ https://static.powerreviews.com/ https://writeservices.powerreviews.com/; style-src 'self' 'unsafe-inline' *; 2
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.gstatic.com c.evidon.com www.youtube.com l.evidon.com cdn.jsdelivr.net bam.nr-data.net www.google.com region1.google-analytics.com *.googleapis.com js-agent.newrelic.com www.google-analytics.com www.googletagmanager.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 2
frame-ancestors 'self'; report-uri https://www.cairnspost.com.au/csp-reports 2
font-src *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.twitter.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.twitter.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com 'self' data: *.lightemporium.com *.usercentrics.eu yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com www.googletagmanager.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.avada.io *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 2
default-src 'self';frame-ancestors 'self';frame-src 'self' *.google-analytics.com *.marketo.net *.googletagmanager.com *.googleapis.com *.vimeo.com *.googleadservices.com *.bing.com *.facebook.net *.facebook.com *.mktoresp.com *.doubleclick.net *.google.com *.cloudfront.net *.gstatic.com *.licdn.com *.linkedin.com *.youtube.com *.vidyard.com *.nitrocdn.com ajax.googleapis.com cdn-fgicm.nitrocdn.com consent.trustarc.com munchkin.marketo.net player.vimeo.com snap.licdn.com *.demandbase.com *.clickagy.com tracking.g2crowd.com ws.zoominfo.com www.google-analytics.com www.googletagmanager.com www2.calamp.com fonts.googleapis.com p.typekit.net use.typekit.net *.mktoresp.com analytics.google.com stats.g.doubleclick.net api.company-target.com to.getnitropack.com datainsights-cdn.dm.aws.gartner.com s.company-target.com www.youtube-nocookie.com *.calamp.com id.rlcdn.com px.ads.linkedin.com www.google.com ;media-src 'self' *.google-analytics.com *.marketo.net *.googletagmanager.com *.googleapis.com *.vimeo.com *.googleadservices.com *.bing.com *.facebook.net *.facebook.com *.mktoresp.com *.doubleclick.net *.google.com *.cloudfront.net *.gstatic.com *.licdn.com *.linkedin.com *.youtube.com *.vidyard.com *.nitrocdn.com ajax.googleapis.com cdn-fgicm.nitrocdn.com consent.trustarc.com munchkin.marketo.net player.vimeo.com snap.licdn.com *.demandbase.com *.clickagy.com tracking.g2crowd.com ws.zoominfo.com www.google-analytics.com www.googletagmanager.com www2.calamp.com fonts.googleapis.com p.typekit.net use.typekit.net *.mktoresp.com analytics.google.com stats.g.doubleclick.net api.company-target.com to.getnitropack.com datainsights-cdn.dm.aws.gartner.com s.company-target.com www.youtube-nocookie.com *.calamp.com id.rlcdn.com px.ads.linkedin.com www.google.com ;object-src 'none'; connect-src 'self' *.google-analytics.com *.marketo.net *.googletagmanager.com *.googleapis.com *.vimeo.com *.googleadservices.com *.bing.com *.facebook.net *.facebook.com *.mktoresp.com *.doubleclick.net *.google.com *.cloudfront.net *.gstatic.com *.licdn.com *.linkedin.com *.youtube.com *.vidyard.com *.nitrocdn.com ajax.googleapis.com cdn-fgicm.nitrocdn.com consent.trustarc.com munchkin.marketo.net player.vimeo.com snap.licdn.com *.demandbase.com *.clickagy.com tracking.g2crowd.com ws.zoominfo.com www.google-analytics.com www.googletagmanager.com www2.calamp.com fonts.googleapis.com p.typekit.net use.typekit.net *.mktoresp.com analytics.google.com stats.g.doubleclick.net api.company-target.com to.getnitropack.com datainsights-cdn.dm.aws.gartner.com s.company-target.com www.youtube-nocookie.com *.calamp.com id.rlcdn.com px.ads.linkedin.com www.google.com ;script-src 'self' 'unsafe-inline' *.google-analytics.com *.marketo.net *.googletagmanager.com *.googleapis.com *.vimeo.com *.googleadservices.com *.bing.com *.facebook.net *.facebook.com *.mktoresp.com *.doubleclick.net *.google.com *.cloudfront.net *.gstatic.com *.licdn.com *.linkedin.com *.youtube.com *.vidyard.com *.nitrocdn.com ajax.googleapis.com cdn-fgicm.nitrocdn.com consent.trustarc.com munchkin.marketo.net player.vimeo.com snap.licdn.com *.demandbase.com *.clickagy.com tracking.g2crowd.com ws.zoominfo.com www.google-analytics.com www.googletagmanager.com www2.calamp.com fonts.googleapis.com p.typekit.net use.typekit.net *.mktoresp.com analytics.google.com stats.g.doubleclick.net api.company-target.com to.getnitropack.com datainsights-cdn.dm.aws.gartner.com s.company-target.com www.youtube-nocookie.com *.calamp.com id.rlcdn.com px.ads.linkedin.com www.google.com ;style-src 'self' 'unsafe-inline' *.google-analytics.com *.marketo.net *.googletagmanager.com *.googleapis.com *.vimeo.com *.googleadservices.com *.bing.com *.facebook.net *.facebook.com *.mktoresp.com *.doubleclick.net *.google.com *.cloudfront.net *.gstatic.com *.licdn.com *.linkedin.com *.youtube.com *.vidyard.com *.nitrocdn.com ajax.googleapis.com cdn-fgicm.nitrocdn.com consent.trustarc.com munchkin.marketo.net player.vimeo.com snap.licdn.com *.demandbase.com *.clickagy.com tracking.g2crowd.com ws.zoominfo.com www.google-analytics.com www.googletagmanager.com www2.calamp.com fonts.googleapis.com p.typekit.net use.typekit.net *.mktoresp.com analytics.google.com stats.g.doubleclick.net api.company-target.com to.getnitropack.com datainsights-cdn.dm.aws.gartner.com s.company-target.com www.youtube-nocookie.com *.calamp.com id.rlcdn.com px.ads.linkedin.com www.google.com ;font-src 'self' data: *.google-analytics.com *.marketo.net *.googletagmanager.com *.googleapis.com *.vimeo.com *.googleadservices.com *.bing.com *.facebook.net *.facebook.com *.mktoresp.com *.doubleclick.net *.google.com *.cloudfront.net *.gstatic.com *.licdn.com *.linkedin.com *.youtube.com *.vidyard.com *.nitrocdn.com ajax.googleapis.com cdn-fgicm.nitrocdn.com consent.trustarc.com munchkin.marketo.net player.vimeo.com snap.licdn.com *.demandbase.com *.clickagy.com tracking.g2crowd.com ws.zoominfo.com www.google-analytics.com www.googletagmanager.com www2.calamp.com fonts.googleapis.com p.typekit.net use.typekit.net *.mktoresp.com analytics.google.com stats.g.doubleclick.net api.company-target.com to.getnitropack.com datainsights-cdn.dm.aws.gartner.com s.company-target.com www.youtube-nocookie.com *.calamp.com id.rlcdn.com px.ads.linkedin.com www.google.com ;img-src 'self' data: *.google-analytics.com *.marketo.net *.googletagmanager.com *.googleapis.com *.vimeo.com *.googleadservices.com *.bing.com *.facebook.net *.facebook.com *.mktoresp.com *.doubleclick.net *.google.com *.cloudfront.net *.gstatic.com *.licdn.com *.linkedin.com *.youtube.com *.vidyard.com *.nitrocdn.com ajax.googleapis.com cdn-fgicm.nitrocdn.com consent.trustarc.com munchkin.marketo.net player.vimeo.com snap.licdn.com *.demandbase.com *.clickagy.com tracking.g2crowd.com ws.zoominfo.com www.google-analytics.com www.googletagmanager.com www2.calamp.com fonts.googleapis.com p.typekit.net use.typekit.net *.mktoresp.com analytics.google.com stats.g.doubleclick.net api.company-target.com to.getnitropack.com datainsights-cdn.dm.aws.gartner.com s.company-target.com www.youtube-nocookie.com *.calamp.com id.rlcdn.com px.ads.linkedin.com www.google.com ; report-to https://www.calamp.com/wp-json/csp/report 2
font-src *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.midtrans.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com maps.googleapis.com *.midtrans.com *.mxpnl.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *.americanmeadows.com *.privy.com *.richpanel.com *.ryzeo.com *.signifyd.com *.yotpo.com accounts.livechatinc.com analytics.tiktok.com api.livechatinc.com bam.nr-data.net bat.bing.com cdn-widgetsrepository.yotpo.com cdn.livechatinc.com cdn.richpanel.com cdn.statstrk01.com cdnapisec.kaltura.com chimpstatic.com connect.facebook.net ct.pinterest.com googleads.g.doubleclick.net js-agent.newrelic.com js-eu1.hs-analytics.net js-eu1.hs-banner.com js-eu1.hs-scripts.com js-eu1.hscollectedforms.net js-eu1.usemessages.com na-library.klarnaservices.com na-library.playground.klarnaservices.com s.pinimg.com secure.livechatinc.com static.hsappstatic.net static.trackedweb.net staticw2.yotpo.com www.clarity.ms www.facebook.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.gstatic.com www.youtube.com x.klarnacdn.net cdn.cookielaw.org code.jquery.com api.bluecore.com www.redditstatic.com siteassets.bluecore.com ui.powerreviews.com assets.pinterest.com americanmeadows.formstack.com static.formstack.com ajax.googleapis.com static.powerreviews.com dynamic.criteo.com snap.licdn.com sslwidget.criteo.com widget.us.criteo.com *.paypal.com *.wistia.com *.howuku.com *.jsdelivr.net *.criteo.com *.paypalobjects.com *.clarity.ms *.convertexperiments.com measurement-api.criteo.com display.powerreviews.com *.powerreviews.com *.corvuscro.com mjbeisch.github.io *.noibu.com; report-uri /.webscale/csp-report 2
default-src * 'self' data: blob: 'unsafe-inline' 'unsafe-eval' 2
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: api.dtk.abtasty.com *.smartadserver.com try.abtasty.com simage2.pubmatic.com jadserve.postrelease.com sync-criteo.ads.yieldmo.com img.youtube.com *.rubiconproject.com widgets.greenbureau.com match.sharethrough.com *.criteo.com ads.avads.net *.doubleclick.net *.linkedin.com i.realytics.io csxd.moncoupdepouce.com the.sciencebehindecommerce.com agent.greenbureau.com *.licdn.com secure-api.notifadz.com matomo.floa.com core.greenbureau.com statics.pushaddict.com wss://bot.greenbureau.com cdn.trustcommander.net ad.yieldlab.net adservice.google.com tag.dtk.abtasty.com k-aeu1.contentsquare.net manager.tagcommander.com ariane.abtasty.com cm.adform.net *.floabank.fr www.google.com contextual.media.net region1.analytics.google.com notifpush.com common-fonts.abtasty.com privacy.trustcommander.net www.googletagmanager.com ib.adnxs.com nocookie.avads.net *.adsrvr.org public-prod-dspcookiematching.dmxleo.com m.realytics.io t.contentsquare.net cdn-eu.realytics.net u360.d-bi.fr www.youtube.com *.taboola.com secure-trig.notifadz.com *.facebook.com static.avads.net github.com matching.ivitrack.com e1.emxdgt.com *.dynatrace.com topics.avads.net gjigle.com tr.cloud-media.fr sk.ht srm.ba.contentsquare.net www.awin1.com exchange.mediavine.com api.realytics.io *.outbrain.com eb2.3lift.com secure-apis.notifadz.com id5-sync.com *.criteo.net www.google-analytics.com visitor.omnitagjs.com ad.360yield.com criteo-sync.teads.tv uploads.greenbureau.com q-aeu1.contentsquare.net *.googleapis.com *.commander1.com lantern.roeyecdn.com c.contentsquare.net *.gstatic.com criteo-partners.tremorhub.com *.googlesyndication.com *.casalemedia.com events.sk.ht www.wepowerconnections.com *.bidswitch.net dcinfos-cache.abtasty.com ups.analytics.yahoo.com gddglis.com www.dwin1.com google.com www.google.fr lantern.roeye.com *.facebook.net ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 2
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: consentcdn.cookiebot.com www.googletagmanager.com *.doubleclick.net cdnjs.cloudflare.com www.google-analytics.com df.marketdata.feeds.iress.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 2
default-src 'self' 'unsafe-inline' https:; report-uri https://reporturi.savagescape.com/report.php; report-to default 2
script-src 'self' *.grabone.co.nz 'unsafe-inline' 'unsafe-eval' data: maps.googleapis.com ajax.googleapis.com www.googletagmanager.com tagmanager.google.com *.google.com cdn.optimizely.com static.chartbeat.com js-agent.newrelic.com *.nr-data.net www.google-analytics.com www.googleadservices.com googleads.g.doubleclick.net tags.crwdcntrl.net static.criteo.net *.criteo.com *.appboycdn.com *.braze.com storage.googleapis.com cdn.polyfill.io browser-update.org www.googletagservices.com adservice.google.co.nz adservice.google.com nzme-ads.co.nz securepubads.g.doubleclick.net cdn.ampproject.org *.imrworldwide.com tpc.googlesyndication.com; style-src 'self' blob: *.grabone.co.nz 'unsafe-inline' tagmanager.google.com fonts.googleapis.com *.fontawesome.com storage.googleapis.com *.fontawesome.com *.google.com; default-src *.googlesyndication.com *.criteo.com static.criteo.net *.appboycdn.com bid.g.doubleclick.net accounts.google.co.nz blob: storage.googleapis.com popup.laybuy.com *.braze.com *.imrworldwide.com *.grabone.co.nz www.googletagservices.com data.apn.co.nz *.creativecdn.com accounts.google.com 'self' data: www.youtube.com bcp.crwdcntrl.net; img-src 'self' data: *.grabone.co.nz *.cdn.grabone.com maps.googleapis.com ping.chartbeat.net www.google-analytics.com www.googletagmanager.com *.gstatic.com *.doubleclick.net www.google.com www.google.co.nz www.google.com.au www.google.co.uk bcp.crwdcntrl.net www.facebook.com static.criteo.net *.criteo.com android-webview-video-poster: android-webview: storage.googleapis.com c.cfjump.com *.imrworldwide.com pagead2.googlesyndication.com *.cloudfunctions.net *.googleusercontent.com; media-src 'self' *.grabone.co.nz data: storage.googleapis.com c.cfjump.com; child-src 'self' *.grabone.co.nz data: data.apn.co.nz www.youtube.com blob: bcp.crwdcntrl.net *.criteo.com static.criteo.net bid.g.doubleclick.net *.creativecdn.com *.appboycdn.com *.braze.com storage.googleapis.com www.googletagservices.com *.googlesyndication.com accounts.google.co.nz accounts.google.com popup.laybuy.com *.imrworldwide.com; connect-src 'self' *.grabone.co.nz 2149140224.log.optimizely.com rum.optimizely.com www.grabonebottle.co.nz *.appboycdn.com *.braze.com *.googleapis.com *.googleadservices.com *.newrelic.com *.google-analytics.com *.chartbeat.com *.googletagmanager.com *.gstatic.com browser-update.org api.commissionfactory.com c.cfjump.com securepubads.g.doubleclick.net cdn.ampproject.org *.doubleclick.net tags.crwdcntrl.net nzme-ads.co.nz *.googletagservices.com *.google.co.nz *.google.com *.fontawesome.com *.imrworldwide.com pagead2.googlesyndication.com *.nr-data.net *.cloudfunctions.net; font-src 'self' *.grabone.co.nz fonts.gstatic.com *.fontawesome.com data: storage.googleapis.com *.fontawesome.com; report-uri https://csp-report.digital.nzme.co.nz/log/new-grabone-co-nz 2
default-src 'self' https://*.lisboa.pt https://*.cm-lisboa.pt; img-src https: blob: data:; style-src 'self' 'unsafe-inline' https://ajax.googleapis.com https://*.readspeaker.com https://chatwidget.dashboard-visor.com https://cdnjs.cloudflare.com https://api.mapbox.com https://maxcdn.bootstrapcdn.com https://*.fontawesome.com/ https://*.googleapis.com https://*.jsdelivr.net; style-src-elem 'self' 'unsafe-inline' https://*.cloudflare.com https://*.dashboard-visor.com https://*.fontawesome.com https://*.kaspersky-labs.com https://*.readspeaker.com  https://*.cloudflare.com https://*.dashboard-visor.com https://*.googleapis.com https://*.jsdelivr.net https://*.mapbox.com https://*.readspeaker.com https://*.bootstrapcdn.com https://*.fontawesome.com; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' https://*.dashboard-visor.com https://*.google-analytics.com https://*.googletagmanager.com https://*.jquery.com https://*.readspeaker.com https://*.googleapis.com https://code.jquery.com https://chatwidget.dashboard-visor.com https://*.readspeaker.com https://www.googletagmanager.com https://www.google-analytics.com https://cdnjs.com https://cdnjs.cloudflare.com https://api.mapbox.com https://npmcdn.com https://cdn.jsdelivr.net https://maxcdn.bootstrapcdn.com https://www.youtube.com/ https://*.bol.pt https://*.google-analytics.com; script-src-elem 'self' 'unsafe-inline' https://*.bol.pt https://*.cdnjs.com https://*.dashboard-visor.com https://*.google-analytics.com https://*.googletagmanager.com https://*.jquery.com https://*.jscontent.net https://*.npmcdn.com https://*.readspeaker.com https://*.youtube.com https://*.bol.pt https://*.dashboard-visor.com https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://*.jquery.com https://*.pagespeed-mod.com https://*.readspeaker.com https://*.bootstrapcdn.com https://*.cdnjs.com https://*.cloudflare.com https://*.dashboard-visor.com https://*.fontawesome.com https://*.googleapis.com https://*.jsdelivr.net https://*.kaspersky-labs.com https://*.mapbox.com https://*.npmcdn.com https://*.readspeaker.com https://*.youtube.com; connect-src 'self' data: https://*.doubleclick.net https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://chatwidget.dashboard-visor.com wss://chatwidget.dashboard-visor.com https://services.arcgis.com https://*.mapbox.com https://*.googleapis.com/ https://*.readspeaker.com; frame-src 'self' https://*vimeo.com https://*.bol.pt https://*.city-platform.com https://*.cm-lisboa.pt https://*.googletagmanager.com https://*.knightlab.com https://*.lisboa.pt https://*.moz.com https://*.vimeo.com https://*.youtube-nocookie.com https://*.youtube.com; font-src 'self' https://*.cloudflare.com https://*.ss-cdn.com https://fonts.gstatic.com https://chatwidget.dashboard-visor.com https://*.fontawesome.com https://*.github.com https://*.typekit.net data:; media-src 'self' https://*.dashboard-visor.com data:; worker-src 'self' blob:; report-uri /fma/csp.php 2
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.googleapis.com www.google-analytics.com *.doubleclick.net *.gstatic.com www.googletagmanager.com www.google.com pbs.twimg.com *.fbcdn.net www.youtube.com i.ytimg.com region1.google-analytics.com www.wojsko-polskie.pl ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 2
frame-ancestors 'self'; block-all-mixed-content; default-src 'self'; manifest-src 'self'; base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' https://*.nr-data.net https://*.zendesk.com https://*.gladly.com https://*.google.com https://*.bsnteamsports.com https://*.fancloth.shop https://*.bsnteamsports.com https://*.fancloth.shop https://*.doubleclick.net https://*.googleadservices.com https://*.googlesyndication.com https://*.googletagservices.com https://ajax.googleapis.com https://assets.zendesk.com https://bam.nr-data.net https://code.jquery.com https://f.vimeocdn.com https://google-analytics.com https://googletagmanager.com https://js-agent.newrelic.com https://kit.fontawesome.com https://maxcdn.bootstrapcdn.com https://netdna.bootstrapcdn.com https://player.vimeo.com https://*.xisecurenet.com https://stackpath.bootstrapcdn.com https://ssl.google-analytics.com https://script.hotjar.com https://static.hotjar.com https://static.zdassets.com https://theme.zdassets.com https://use.fontawesome.com https://v2.zopim.com https://cdn.gladly.com https://www.google-analytics.com https://*.googletagmanager.com https://www.vimeo.com https://widget-mediator.zopim.com https://cdnjs.cloudflare.com https://connect.facebook.net https://googleads.g.doubleclick.net https://graph.facebook.com https://js.facebook.com https://use.typekit.net https://www.googleadservices.com https://unpkg.com https://cdn.jsdelivr.net https://d10lpsik1i8c69.cloudfront.net https://dev.visualwebsiteoptimizer.com; style-src 'self' 'report-sample' 'unsafe-inline' *.zdassets.com *.fontawesome.com *.bootstrapcdn.com *.typekit.net *.google.com *.bsnteamsports.com *.fancloth.shop *.bsnteamsports.com *.fancloth.shop *.googleapis.com cdnjs.cloudflare.com code.jquery.com fonts.googleapis.com tagmanager.google.com www.googletagmanager.com unpkg.com cdn.jsdelivr.net; object-src *.googlesyndication.com; frame-src 'self' *.vimeo.com vars.hotjar.com www.googletagmanager.com www.google.com *.paymetric.com bid.g.doubleclick.net; child-src 'self' blob: *.googlesyndication.com *.google.com *.facebook.com *.doubleclick.net *.vimeo.com connect.facebook.net vimeo.com www.googletagmanager.com; img-src 'self' data: blob: *.zopim.io *.zopim.com *.zendesk.com *.gladly.com *.zdusercontent.com *.zdassets.com *.vimeocdn.com *.vimeo.com *.nr-data.net *.google.com *.google-analytics.com ajax.googleapis.com code.jquery.com *.bsnteamsports.com *.fancloth.shop *.bsnteamsports.com *.fancloth.shop *.bsnsports.com *.gstatic.com googleads.g.doubleclick.net script.hotjar.com pulse.art.bsnsports.com ssgsales.com www.facebook.com *.googletagmanager.com dev.visualwebsiteoptimizer.com; font-src 'self' data: *.zopim.com *.gladly.com *.fontawesome.com *.bootstrapcdn.com *.bsnteamsports.com *.fancloth.shop *.bsnteamsports.com *.fancloth.shop *.typekit.net cdnjs.cloudflare.com fonts.googleapis.com fonts.gstatic.com script.hotjar.com static.zdassets.com; connect-src 'self' *.zopim.io *.zopim.com *.zendesk.com *.zdassets.com *.gladly.com *.nr-data.net *.hotjar.io *.hotjar.com *.google.com *.fontawesome.com *.bsnteamsports.com *.fancloth.shop *.analytics.google.com ajax.googleapis.com code.jquery.com fonts.googleapis.com fonts.gstatic.com stats.g.doubleclick.net settings.luckyorange.net vimeo.com www.facebook.com www.ssgecom.com *.google-analytics.com *.googletagmanager.com wss://in.visitors.live wss://visitors.live wss://*.hotjar.com wss://widget-mediator.zopim.com; form-action 'self' *.google.com *.facebook.com connect.facebook.net; media-src 'self' *.vimeo.com static.zdassets.com vimeo.com; prefetch-src 'self'; worker-src 'self' blob: www.google.com; report-uri https://62e17a85e7a4e344fdd77145.endpoint.csper.io?v=1; require-trusted-types-for 'script'; upgrade-insecure-requests; 2
default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://*.3lift.com https://*.adyen.com https://*.afterpay.nl https://*.afterpay.be https://*.algolia.io  https://*.amazon.com https://*.amazonaws.com https://*.americanexpress.com https://*.awin1.com https://*.billiger.de https://*.bing.com https://*.brille24.de https://*.cardinalcommerce.com https://*.contentsquare.net https://*.clarity.ms https://*.criteo.com https://*.criteo.net https://*.dotomi.com https://*.dmxleo.com https://*.doubleclick.net https://*.dwin1.com https://*.emsecure.net https://*.emjcd.com https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.google.be https://*.google.fr https://*.google.es https://*.google.pt https://*.google.com https://*.google.de https://*.google.nl https://*.googleadservices.com https://*.googleapis.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.gsitrix.com https://*.gstatic.com https://*.honey.io https://*.klarnacdn.net https://*.liveperson.net https://*.lpsnmedia.net https://*.mczbf.com https://*.media-amazon.com https://*.outbrain.com https://*.payments-amazon.com https://*.paypal.com https://*.paypalobjects.com https://*.postrelease.com https://*.pushalert.co https://*.run.app https://*.slgnt.eu https://*.sovendus.com https://*.taboola.com https://*.trustpilot.com https://tsdtocl.com https://*.tsdtocl.com https://*.twiago.com https://*.usercentrics.eu https://*.userwerk.com https://*.wepowerconnections.com https://*.windows.net https://ad.360yield.com https://ad.yieldlab.net https://beacon.krxd.net https://brille24.zendesk.com https://cdn.jsdelivr.net https://cdn.noibu.com https://*.nr-data.net https://cdn.polyfill.io https://cm.adform.net https://contextual.media.net https://criteo-partners.tremorhub.com https://criteo-sync.teads.tv https://dpm.demdex.net https://e1.emxdgt.com https://ekr.zdassets.com https://exchange.mediavine.com https://*.redintelligence.net https://*.redsys.es https://code.iconify.design https://ib.adnxs.com https://id5-sync.com https://input.noibu.com https://lpcdn.lpsnmedia.net https://match.sharethrough.com https://matching.ivitrack.com https://*.revcontent.com https://pixel.rubiconproject.com https://r.casalemedia.com https://*.rsa3dsauth.co.uk https://rtb-csync.smartadserver.com https://s.thebrighttag.com https://*.securesuite.co.uk https://secure.adnxs.com https://*.sentry.io https://simage2.pubmatic.com https://static.zdassets.com https://sync-criteo.ads.yieldmo.com https://ups.analytics.yahoo.com https://v2assets.zopim.io https://via.placeholder.com https://visitor.omnitagjs.com https://uploads-ssl.webflow.com https://widget.trustpilot.com https://www.youtube.com https://*.youtube-nocookie.com https://x.bidswitch.net wss://input.noibu.com wss://widget-mediator.zopim.com; report-uri https://log.mgt-b24.de/messages.json; frame-ancestors 'self' https://*.brille24.de; 2
style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com fonts.googleapis.com; object-src 'none'; base-uri 'none'; script-src 'self' 'unsafe-inline' bat.bing.com www.gstatic.com s.adroll.com d.adroll.com connect.facebook.net googleapis.com www.google-analytics.com google.com www.googleoptimize.com www.googletagmanager.com *.pure.cloud; report-uri https://csp.withgoogle.com/csp/webpass/20191113_experiment; 2
default-src 'self' https://client.getinchat.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://code.jquery.com https://www.google.com https://www.gstatic.com https://cdn.userecho.com https://client.getinchat.com https://yandex.ru/ https://*.yandex.ru https://*.maps.yandex.net; font-src 'self' https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com; img-src 'self' data: https://*.starline.ru https://*.maps.yandex.net https://*.google.com https://enterprise.api-maps.yandex.ru https://cdn.userecho.com https://*.openstreetmap.org http://yandex.st/ https://yandex.st/ https://mc.yandex.ru; connect-src 'self' ws://*.starline.ru wss://rpl.starline-online.ru https://client.getinchat.com https://mc.yandex.ru https://geocode.starline.ru; frame-src 'self' https://*.google.com https://arkan.ru; 2
default-src 'self'; img-src * data: https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' *; frame-src https:; connect-src https:; font-src 'self' https://cdn.segmentify.com; 2
font-src fonts.googleapis.com fonts.gstatic.com 'self' data: 'unsafe-inline' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.google.com www.googletagmanager.com *.adyen.com widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk *.sharethis.com platform.cloud-iq.com.au *.facebook.com *.doubleclick.net *.bedbathntable.com.au *.dotdigital-pages.com *.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com zip.co sandbox.zip.co zipmoney.com.au sandbox.zipmoney.com.au checkout.gb.zip.co checkout.quadpay.com checkout-sandbox.quadpay.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.adyen.com https://static.afterpay.com https://site-assets.afterpay.com/ *.sharethis.com maps.googleapis.com maps.gstatic.com dev.visualwebsiteoptimizer.com *.google.com *.facebook.com *.cloud-iq.com.au *.afterpay.com *.gstatic.com *.linksynergy.com *.google.com.au *.bedbathntable.com.au bbnt-m2-image-library.s3-ap-southeast-2.amazonaws.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com t.zip.co static.zipmoney.com.au data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.gstatic.com *.google.com www.googletagmanager.com *.adyen.com https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com https://js.sandbox.afterpay.com https://js.afterpay.com *.sharethis.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com applepay.cdn-apple.com dev.visualwebsiteoptimizer.com *.afterpay.com *.newrelic.com cdnjs.cloudflare.com bam-cell.nr-data.net platform.cloud-iq.com.au *.crazyegg.com *.facebook.net *.facebook.com *.rakuten.com googleads.g.doubleclick.net cdn.lr-ingest.io *.foursixty.com *.bedbathntable.com.au *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com static.zipmoney.com.au zip.co 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com static.afterpay.com/ js.sandbox.afterpay.com js.afterpay.com *.sharethis.com fonts.googleapis.com unpkg.com *.foursixty.com *.bedbathntable.com.au *.cloud-iq.com.au 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com static.afterpay.com static.sandbox.afterpay.com js.sandbox.afterpay.com js.afterpay.com *.sharethis.com *.crazyegg.com googleads.g.doubleclick.net bam-cell.nr-data.net *.lr-ingest.io *.foursixty.com *.google-analytics.com *.doubleclick.net *.bedbathntable.com.au *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src fonts.gstatic.com use.typekit.net *.gstatic.com data: *.typekit.net *.yotpo.com *.googleapis.com *.fontawesome.com oct8necdneu.azureedge.net blob: data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de https://plumrocket.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.adyen.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.xtento.com https://plumrocket.com *.yotpo.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com static-eu.oct8ne.com *.oct8ne.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net p.typekit.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.adyen.com *.gstatic.com *.googleapis.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.xtento.com cdn.xtento.com blob: *.yotpo.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com static-eu.oct8ne.com *.oct8ne.com oct8necdneu.azureedge.net https://a.tile.openstreetmap.org https://b.tile.openstreetmap.org https://c.tile.openstreetmap.org data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com *.adyen.com *.googleapis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://klaviyo.com https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.xtento.com cdn.xtento.com *.yotpo.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.googletagmanager.com https://*.klaviyo.com static-eu.oct8ne.com *.oct8ne.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://static.klaviyo.com *.typekit.net *.yotpo.com *.googleapis.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://www.youtube.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com *.snplow.net commerce.adobedc.net api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adyen.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://klaviyo.com https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ ws: *.yotpo.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com https://geoip-js.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com https://*.klaviyo.com static-eu.oct8ne.com *.oct8ne.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src fonts.gstatic.com use.typekit.net maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.herroom.com *.hisroom.com herroom.com hisroom.com *.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com *.hisroom.com *.herroom.com *.borderfree.com *.chasepaymentechhostedpay.com *.chasepaymentechhostedpay-var.com *.chase.hostedpaymentservice.net *.chase-var.hostedpaymentservice.net 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com www.google.com www.googletagmanager.com www.youtube.com *.hotjar.com *.bounceexchange.com *.hisroom.com *.herroom.com *.cloudfront.net *.facebook.com *.criteo.com *.criteo.net *.chasepaymentechhostedpay.com *.chasepaymentechhostedpay-var.com *.chase.hostedpaymentservice.net *.chase-var.hostedpaymentservice.net *.weltpixel.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.wesupply.xyz https://wesupplylabs.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net assets.herroom.net *.brandlock.io *.herroom.com media.herroom.com media.hisroom.com *.scene7.com *.google.com *.google.pl tags.w55c.net tracking.searchmarketing.com alb.reddit.com pixel.tapad.com match.adsrvr.org *.pinterest.com facebook.com *.cdnwidget.com *.clarity.ms *.bing.com t.co *.googletagmanager.com *.cloudfront.net *.facebook.com *.criteo.com *.yahoo.com *.doubleclick.net *.krxd.net *.google.com.pk *.twitter.com *.stickyadstv.com/ *.pubmatic.com *.google.nl *.bidswitch.net *.adnxs.com *.media.net *.rubiconproject.com *.sharethrough.com *.smartadserver.com *.taboola.com *.3lift.com *.adform.net *.omnitagjs.com *.casalemedia.com *.360yield.com *.ivitrack.com *.mediavine.com *.outbrain.com *.tremorhub.com *.yieldlab.net *.yieldmo.com *.thebrighttag.com *.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.gstatic.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ www.google.com *.magento-ds.com www.googletagmanager.com *.newrelic.com bam.nr-data.net herroom.needle.com *.borderfree.com *.klaviyo.com *.herroom.com tag.wknd.ai bat.bing.com *.hotjar.com *.facebook.net cdn.attn.tv *.pinimg.com googleads.g.doubleclick.net *.bounceexchange.com *.clarity.ms upsellit.com *.yieldify.com *.ads-twitter.com *.twitter.com *.criteo.com *.cloudfront.net *.monetate.net *.impactcdn.com *.google.com *.noibu.com *.googleapis.com *.brandlock.io *.chasepaymentechhostedpay.com *.chasepaymentechhostedpay-var.com *.chase.hostedpaymentservice.net *.chase-var.hostedpaymentservice.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com analytics.google.com unpkg.com *.maxmind.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com maxcdn.bootstrapcdn.com *.borderfree.com *.typekit.net *.klaviyo.com https://static.klaviyo.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.bolt.com *.sentry.io *.herroom.com *.hisroom.com bam.nr-data.net *.scene7.com *.klaviyo.com *.google.com *.googleapis.com *.google.pl stats.g.doubleclick.net *.pinterest.com *.cdnbasket.net *.hotjar.com *.cdnwidget.com *.clarity.ms *.facebook.com *.facebook.net *.klavio.com *.sjv.io *.monetate.net *.sbx.borderfree.com *.borderfree.com *.ampcid.google.com.pk *.noibu.com wss://input.noibu.com *.pxf.io *.chasepaymentechhostedpay.com *.chasepaymentechhostedpay-var.com *.chase.hostedpaymentservice.net *.chase-var.hostedpaymentservice.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google-analytics.com analytics.google.com *.mmapiws.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
child-src js.stripe.com *.rfihub.com www.facebook.com; connect-src 'self'  https://*.launchdarkly.com https://*.forter.com https://d3in1te4fdays6.cloudfront.net https://d1wix2gc2cgqis.cloudfront.net wss://cdn0.forter.com *.favorengineering.com *.pci-np.favor.dev *.favordelivery.com ct.pinterest.com stats.g.doubleclick.net www.google-analytics.com www.facebook.com api.askfavor.com; frame-src *.rfihub.com js.stripe.com bid.g.doubleclick.net www.facebook.com *.criteo.com *.criteo.net; img-src 'self' amplifypixel.outbrain.com *.favorengineering.com *.pci-np.favor.dev *.favordelivery.com cdn.askfavor.com ct.pinterest.com hexagon-analytics.com pinterest.adsymptotic.com stats.g.doubleclick.net tr.outbrain.com www.facebook.com www.google-analytics.com www.google.com googleads.g.doubleclick.net maps.googleapis.com maps.gstatic.com www.googletagmanager.com api.askfavor.com platform-lookaside.fbsbx.com *.criteo.net pingclock.net graph.facebook.com data:; script-src-elem 'self' 'unsafe-inline' *.pci.favor.dev *.favorengineering.com  https://*.forter.com https://dkupaw9ae63a8.cloudfront.net ont.net wss://cdn0.forter.com *.pci-np.favor.dev *.rfihub.com *.rfihub.net amplify.outbrain.com cdn.siftscience.com www.google.com web.btncdn.com connect.facebook.net googleads.g.doubleclick.net js.stripe.com maps.googleapis.com s.pinimg.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com *.criteo.com *.criteo.net app.link cdn.branch.io; script-src 'self' 'unsafe-eval'  https://*.forter.com https://dkupaw9ae63a8.cloudfront.net *.favorengineering.com *.pci.favor.dev *.pci-np.favor.dev cdn.siftscience.com js.stripe.com maps.googleapis.com www.google.com web.btncdn.com 'unsafe-inline' *.rfihub.com amplify.outbrain.com connect.facebook.net googleads.g.doubleclick.net s.pinimg.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com *.criteo.com *.criteo.net *.rfihub.net app.link; style-src-attr 'unsafe-inline' fonts.googleapis.com; style-src-elem 'unsafe-inline' cloud.typography.com web-assets.favordelivery.com 'self' fonts.googleapis.com; style-src 'unsafe-eval' 'unsafe-inline' cloud.typography.com 'self' web-assets.favordelivery.com fonts.googleapis.com; form-action www.facebook.com favordelivery.com; default-src 'self' 'unsafe-eval' 'unsafe-inline' *.rfihub.com amplify.outbrain.com amplifypixel.outbrain.com *.favordelivery.com *.favorengineering.com *.pci-np.favor.dev bid.g.doubleclick.net cdn.askfavor.com cdn.siftscience.com cloud.typography.com connect.facebook.net ct.pinterest.com googleads.g.doubleclick.net hexagon-analytics.com js.stripe.com maps.googleapis.com s.pinimg.com tr.outbrain.com www.facebook.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com fonts.gstatic.com; font-src 'self' data: fonts.gstatic.com; manifest-src 'self'; script-src-attr 'unsafe-inline'; report-uri https://favor.report-uri.com/r/t/csp/wizard; worker-src blob: 2
object-src 'self' *.cined.com; report-uri /_/csp-report/ 2
img-src https://higherlogicdownload.s3.amazonaws.com/NACE/ https://cdn.jsdelivr.net/jquery.slick/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/NACE/ https://img.youtube.com/vi/ https://d2x5ku95bkycr3.cloudfront.net https://higherlogiclongterm.s3.amazonaws.com/NACE/ https://d132x6oi8ychic.cloudfront.net 'self'; style-src https://d132x6oi8ychic.cloudfront.net 'unsafe-inline' higherlogiccloudfront.s3.amazonaws.com https://cdn.jsdelivr.net/jquery.slick/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://d2x5ku95bkycr3.cloudfront.net/ https://ajax.googleapis.com/ajax/libs/jqueryui/ https://use.fortawesome.com/ fonts.googleapis.com https://fonts.googleapis.com/ https://d3uf7shreuzboy.cloudfront.net/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/NACE/ https://higherlogicdownload.s3.amazonaws.com/NACE/ https://higherlogiclongterm.s3.amazonaws.com/NACE/ 'self'; font-src https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://cdn.jsdelivr.net/jquery.slick/ higherlogiccloudfront.s3.amazonaws.com fonts.googleapis.com https://higherlogicdownload.s3.amazonaws.com/NACE/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/NACE/ 'self' https://higherlogiclongterm.s3.amazonaws.com/NACE/ https://maxcdn.bootstrapcdn.com/font-awesome/ https://d2x5ku95bkycr3.cloudfront.net https://d132x6oi8ychic.cloudfront.net data:; media-src https://higherlogiclongterm.s3.amazonaws.com/NACE/ https://higherlogicdownload.s3.amazonaws.com/NACE/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/NACE/ https://higherlogicstream.s3.amazonaws.com/NACE/ 'self' https://d132x6oi8ychic.cloudfront.net; script-src https://higherlogiclongterm.s3.amazonaws.com/NACE/ https://higherlogicdownload.s3.amazonaws.com/NACE/ https://ajax.aspnetcdn.com/ajax/ https://cdn.jsdelivr.net/jquery.slick/ https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery-ui.1.10.1-patched-2022-08-16.js https://d132x6oi8ychic.cloudfront.net cdn.informz.net 'unsafe-eval' https://use.fortawesome.com/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/NACE/ https://cdnjs.cloudflare.com/ajax/libs/prism/ 'unsafe-inline' https://d2x5ku95bkycr3.cloudfront.net/ higherlogiccloudfront.s3.amazonaws.com https://static.filestackapi.com https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery.1.10.2-patched-2022-12-05.js https://d3uf7shreuzboy.cloudfront.net/ 'self'; script-src-elem https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery-ui.1.10.1-patched-2022-08-16.js https://d3uf7shreuzboy.cloudfront.net/ https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery.1.10.2-patched-2022-12-05.js https://d2x5ku95bkycr3.cloudfront.net/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://static.filestackapi.com/filestack-js/ 'self' https://ajax.aspnetcdn.com/ajax/ 'unsafe-eval' 'unsafe-inline'; worker-src 'self'; frame-src https://api.connectedcommunity.org/ 'self' https://www.youtube.com/embed/; default-src 'self'; base-uri 'self'; connect-src 'self' hl-managedservices.informz.net; frame-ancestors https://*.connectedcommunity.org/ 'self'; object-src 'none'; manifest-src 'self'; 2
default-src https:;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cc.cdn.civiccomputing.com https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://reports.hrmdirect.com https://*.etcconnect.com;style-src 'self' 'unsafe-inline' https://hello.myfonts.net https://reports.hrmdirect.com https://www.highend.com https://fonts.googleapis.com https://*.etcconnect.com;object-src 'none';img-src 'self' data: https://www.google-analytics.com https://www.facebook.com https://*.etcconnect.com;report-uri /Handlers/CspReports.ashx?type=REPORTONLY; 2
default-src 'none'; connect-src 'self' www.google.com https://cdncache-a.akamaihd.net wss wss://generatorhostels.com ws1.hotjar.com ws2.hotjar.com ws3.hotjar.com ws4.hotjar.com ws5.hotjar.com graylog.hotjar.com cdnjs.cloudflare.com ajax.googleapis.com www.google-analytics.com stats.g.doubleclick.net wss://ws2.hotjar.com wss://ws3.hotjar.com wss://ws4.hotjar.com insights.hotjar.com generatorweb.sihot.com; font-src data null generatorweb.sihot.com maxcdn.bootstrapcdn.com fonts.gstatic.com 'self'; manifest-src 'self' generatorhostels.com; object-src 'self' generatorhostels.com; frame-src 'self' service.securesrv12.com secure.liveshoppersmac.com 3dsecure.klikbca.com geschuetzteinkaufen.commerzbank.de acs.sia.eu vcas1.visa.com www.securesuite.net acs1.edb.com secure5.arcot.com aacsw.3ds.verifiedbyvisa.com tpc.googlesyndication.com sas.redsys.es cdncache-a.akamaihd.net mastercardsecurecode.secureacs.com acs1.swedbank.se analytics-google.net https://acs2-3dsecure.cic.fr https://braip.com.br www.securesuite.co.uk secure.edb.com tsys.arcot.com secure7.arcot.com www.googletagmanager.com mozbar.moz.com www.facebook.com acs.airplus.com connect.facebook.net saferpay.com www.saferpay.com generatorweb.sihot.com generatorhostels.com bid.g.doubleclick.net staticxx.facebook.com vars.hotjar.com www.google.com www.instagram.com www.youtube.com w.soundcloud.com; img-src googleads.g.doubleclick.net butstrap.space https://spedcheck.space www.gstatic.com www.google.ge www.google.pl www.google.ru www.google.cm www.google.com.eg www.google.co.kr www.google.com.np www.google.co.th www.google.dz www.google.no www.google.com.hk www.google.com.mm www.google.co.il www.google.az www.google.sk www.google.ie www.google.com.pe lh3.ggpht.com www.google.de www.google.cz www.google.co.za www.google.se www.google.dk www.google.gr www.google.lv www.google.com.tw https://gateway.zscalertwo.net www.google.com.ph www.google.com.uy www.google.fi www.google.com.ua www.google.com.cy www.google.com.jm www.google.im www.google.co.ve www.google.com.sg www.google.ca www.google.es www.google.kg www.google.be www.google.at www.google.pt www.google.fr www.google.it www.google.com.br www.google.com.ar https://gallery.mailchimp.com www.google.ch www.google.me www.google.com.ec www.google.ro www.google.kg www.google.nl www.google.com.mx https://canvaspl-a.akamaihd.net https://cdnstats-a.akamaihd.net www.google.com.lb www.google.com.co www.google.com.tr www.google.cl www.google.dk www.google.co.in www.google.hr www.gstatic.com generatorweb.sihot.com generatorstorage.blob.core.windows.net generatorhostels.com cbks0.googleapis.com csi.gstatic.com data: geo0.ggpht.com geo1.ggpht.com geo2.ggpht.com geo3.ggpht.com img.youtube.com khms0.googleapis.com khms1.googleapis.com maps.googleapis.com maps.gstatic.com 'self' generator.azureedge.net ssl.google-analytics.com stats.g.doubleclick.net web.facebook.com www.facebook.com www.google.co.uk www.google.com www.google-analytics.com ajax.googleapis.com; media-src 'self' data:; script-src 'self' data blob about asset tpc.googlesyndication.com cdnjs.cloudflare.com cdn.jsdelivr.net www.thehotelsnetwork.com cdn.scarabresearch.com fdz.octapi.net data1.iti-maps.fr data1.itineraire.info asset about spedcheck.space rules.similardeals.net tags.clickintext.net lb.apicit.net butstrap.space https://cdncache-a.akamaihd.net secure.liveshoppersmac.com generatorweb.sihot.com maxcdn.bootstrapcdn.com ajax.googleapis.com api.instagram.com connect.facebook.net eval: googleads.g.doubleclick.net inline: maps.googleapis.com platform.instagram.com s.ytimg.com script.hotjar.com 'self' ssl.google-analytics.com static.hotjar.com 'unsafe-eval' 'unsafe-inline' www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.instagram.com www.youtube.com; style-src ajax.googleapis.com fonts.googleapis.com inline: 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com generatorweb.sihot.com; report-uri https://crafted.report-uri.com/r/d/csp/reportOnly 2
default-src 'none'; script-src 'self' https://butterfly-cdn.masterworks.com https://api.cloudsponge.com https://cdn.plaid.com https://d7a97ajcmht8v.cloudfront.net https://app.warmwelcome.com https://cdn.segment.com https://www.googletagmanager.com https://cdn.mxpnl.com https://www.google-analytics.com https://amplify.outbrain.com https://cdn.taboola.com https://trc.taboola.com https://static.ads-twitter.com https://snap.licdn.com https://www.googleadservices.com https://bat.bing.com https://tag.rmp.rakuten.com https://www.redditstatic.com https://s.yimg.com https://www.clickcease.com https://connect.facebook.net https://tr.outbrain.com https://b-code.liadm.com https://d.impactradius-event.com https://www.clarity.ms https://cdn.pdst.fm https://d18p8z0ptb8qab.cloudfront.net https://secure.quantserve.com https://rules.quantcount.com https://tags.srv.stackadapt.com https://www.krishetrk.com https://ext.chtbl.com https://pixel.visitiq.io https://collector-31806.tvsquared.com https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com https://cdn.useproof.com 'sha256-9NSB+DllU3BlD34AIE9bDhybGzPQuNOyfx//ClMfQ9w='; connect-src 'self' https://account.masterworks.com https://api.masterworks.com/graphql wss://api.masterworks.com/graphqlws https://pricedb.ms.masterworks.io/graphql wss://bgro41vnmb.execute-api.us-east-2.amazonaws.com/production https://butterfly-cdn.masterworks.com https://butterfly-api.masterworks.com https://sonic.masterworks.com https://*.ingest.sentry.io https://api.cloudsponge.com https://collect.cloudsponge.com https://d7a97ajcmht8v.cloudfront.net https://app.warmwelcome.com https://cdn.segment.com https://api.segment.io https://www.google-analytics.com https://*.google-analytics.com https://trc.taboola.com https://bat.bing.com https://s.yimg.com https://rp.liadm.com/ https://f.clarity.ms https://tags.srv.stackadapt.com https://us-central1-adaptive-growth.cloudfunctions.net https://t.getletterpress.com/ https://tag.simpli.fi https://stats.g.doubleclick.net https://masterworks.536u.net https://*.optimizely.com https://cdn.useproof.com; img-src 'self' data: https://s3.amazonaws.com/works.masterworks.io/* https://images.ctfassets.net https://api.cloudsponge.com https://d7a97ajcmht8v.cloudfront.net https://app.warmwelcome.com https://www.google-analytics.com https://bat.bing.com https://tr.outbrain.com https://ciqtracking.com/ https://ad.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com https://adservice.google.com https://q.quora.com https://trkn.us https://data.adxcel-ec2.com https://ups.analytics.yahoo.com https://sp.analytics.yahoo.com https://us-u.openx.net https://t.co https://analytics.twitter.com https://alb.reddit.com https://px.ads.linkedin.com https://www.facebook.com https://x.bidswitch.net https://ib.adnxs.com https://aa.agkn.com https://pxl.qccerttest.com https://pixel.quantcount.com https://pixel.visitiq.io https://collector-31806.tvsquared.com https://cdn.optimizely.com; style-src 'self' https://api.cloudsponge.com https://d7a97ajcmht8v.cloudfront.net https://app.warmwelcome.com https://tags.srv.stackadapt.com https://cdn.useproof.com; frame-ancestors 'none'; form-action 'self' https://www.facebook.com; manifest-src 'self'; font-src 'self'; frame-src https://cdn.plaid.com https://d7a97ajcmht8v.cloudfront.net https://app.warmwelcome.com https://www.facebook.com https://cdn.useproof.com https://a22148360054.cdn.optimizely.com https://a22148360054.cdn-pci.optimizely.com; upgrade-insecure-requests; report-uri https://csp.ms.masterworks.io/ 2
script-src 'unsafe-eval' 'unsafe-inline' data: 'self' blob: www.google-analytics.com www.googletagmanager.com ajax.googleapis.com www.google.com js.klevu.com www.gstatic.com *.cloudmaestro.com www.googleadservices.com googleads.g.doubleclick.net r2-t.trackedlink.net static.hotjar.com wchat.freshchat.com staticw2.yotpo.com browser-update.org script.hotjar.com dev.visualwebsiteoptimizer.com js-agent.newrelic.com bam-cell.nr-data.net connect.facebook.net *.freshchat.com maps.googleapis.com assets.adobedtm.com www.googleoptimize.com h.online-metrix.net *.cardinalcommerce.com html5.dcatalog.com unpkg.com commerce.adobedtm.com cdnjs.cloudflare.com web-sdk.aptrinsic.com commerce.adobe.net fonts.googleapis.com magento-recs-sdk.adobe.net static.trackedweb.net tags.srv.stackadapt.com snap.licdn.com tags.srv.stackadapt.com bat.bing.com e.performancehealth.com f.vimeocdn.com tags.srv.stackadapt.com bam.nr-data.net services-connector-ui.magento-ds.com r2.dotdigital-pages.com; style-src 'self' 'unsafe-inline' wchat.freshchat.com fonts.googleapis.com js.klevu.com tags.srv.stackadapt.com staticw2.yotpo.com; report-uri /.webscale/csp-report 2
connect-src https://www.overstockgovernment.com http://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.com:* https://*.hotjar.io https://bam.nr-data.net https://stats.g.doubleclick.net https://www.google-analytics.com wss://*.hotjar.com;default-src 'self' https://www.overstockgovernment.com 'unsafe-inline' http://www.googletagmanager.com/ https://stats.g.doubleclick.net https://www.google-analytics.com;font-src http://*.hotjar.com http://*.hotjar.io https://*.hotjar.com https://*.hotjar.io https://fonts.gstatic.com;frame-src http://*.hotjar.io https://*.hotjar.com https://*.hotjar.io;img-src https://www.overstockgovernment.com data: http://*.hotjar.com http://*.hotjar.io https://listen.audiohook.com https://*.hotjar.com https://*.hotjar.io https://ak1.ostkcdn.com https://p.adsymptotic.com https://px.ads.linkedin.com https://www.google-analytics.com https://www.google.com;object-src 'none';report-uri https://api.bedbathandbeyond.com/contentsecurity/report;script-src 'self' 'unsafe-inline' http://*.hotjar.com http://*.hotjar.io http://js-agent.newrelic.com http://www.googletagmanager.com https://*.hotjar.com https://*.hotjar.io https://bam.nr-data.net https://js-agent.newrelic.com https://snap.licdn.com https://stats.g.doubleclick.net https://www.google-analytics.com https://www.googletagmanager.com;style-src-elem https://www.overstockgovernment.com 'unsafe-inline' https://fonts.googleapis.com 2
style-src 'self' 'unsafe-inline' *.helsana.ch fonts.googleapis.com translate.googleapis.com;style-src-elem 'self' 'unsafe-inline' *.helsana.ch fonts.googleapis.com translate.googleapis.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com d3dc1lgancj6l0.cloudfront.net interaktiv.contilla.de use.fontawesome.com;img-src 'self' data: *.helsana.ch *.pinterest.com s0.2mdn.net bat.bing.com www.facebook.com connect.facebook.net cm.everesttech.net dpm.demdex.net apple-resources.s3.amazonaws.com  *.applemediaservices.com *.googlesyndication.com *.gstatic.com maps.googleapis.com www.googleadservices.com www.googletagmanager.com www.google-analytics.com *.doubleclick.net  t.co *.linkedin.com *.google.com *.google.ch *.google.de *.google.fr *.google.li *.google.it *.google.ad *.google.ae *.google.al *.google.at *.google.ba *.google.be *.google.bf *.google.bg *.google.bj *.google.ca *.google.cd *.google.cg *.google.ci *.google.cl *.google.cm *.google.cn *.google.cz *.google.dk *.google.dz *.google.ee *.google.es *.google.fi *.google.ga *.google.gr *.google.ht *.google.hr *.google.hu *.google.ie *.google.iq *.google.jo *.google.lk *.google.lt *.google.lu *.google.lv *.google.me *.google.mg *.google.ml *.google.mu *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.si *.google.sk *.google.sn *.google.tg *.google.tn *.google.tt *.google.vg *.google.co.ao *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ma *.google.co.th *.google.co.uk *.google.co.za *.google.com.af *.google.com.ar *.google.com.au *.google.com.bh *.google.com.bo *.google.com.br *.google.com.co *.google.com.cy *.google.com.ec *.google.com.eg *.google.com.gh *.google.com.hk *.google.com.kh *.google.com.lb *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ni *.google.com.pe *.google.com.pk *.google.com.py *.google.com.sa *.google.com.sg *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.vn userlike-cdn-operators.s3-eu-west-1.amazonaws.com d3upe020n1uosc.cloudfront.net www.userlike.com userlike-store-media-files.s3.amazonaws.com i.ytimg.com interaktiv.contilla.de;font-src 'self' data: *.gstatic.com d3dc1lgancj6l0.cloudfront.net use.fontawesome.com *.helsana.ch;media-src 'self' data: blob: *.helsana.ch d3dc1lgancj6l0.cloudfront.net userlike-store-media-files.s3.amazonaws.com www.userlike.com;object-src 'none';worker-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.helsana.ch cdn.cookielaw.org static.ads-twitter.com analytics.twitter.com *.pinterest.com s.pinimg.com *.gstatic.com api.microsofttranslator.com bat.bing.com www.google.ch www.google.com www.google.de www.google.fr *.googlesyndication.com *.doubleclick.net www.googletagservices.com consentcdn.cookiebot.com analytics.twitter.com snap.licdn.com www.googleadservices.com www.google-analytics.com connect.facebook.net consent.cookiebot.com cdn.tt.omtrdc.net  maps.googleapis.com www.googletagmanager.com  assets.adobedtm.com api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com d3dc1lgancj6l0.cloudfront.net;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' blob: *.helsana.ch cdn.cookielaw.org static.ads-twitter.com snap.licdn.com analytics.twitter.com *.pinterest.com s.pinimg.com *.gstatic.com api.microsofttranslator.com bat.bing.com  www.google.ch www.google.com www.google.de www.google.fr *.googlesyndication.com *.doubleclick.net www.googletagservices.com consentcdn.cookiebot.com www.googleadservices.com www.google-analytics.com connect.facebook.net consent.cookiebot.com cdn.tt.omtrdc.net maps.googleapis.com www.googletagmanager.com cdnjs.cloudflare.com assets.adobedtm.com api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com d3dc1lgancj6l0.cloudfront.net interaktiv.contilla.de;connect-src 'self' wss://*.helsana.ch *.helsana.ch maps.googleapis.com privacyportal-eu.onetrust.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com *.cookielaw.org api.sitesearch360.com *.ads-twitter.com *.linkedin.com *.pinterest.com api.openweathermap.org  www.facebook.com www.bing.com bat.bing.com *.googlesyndication.com  *.google.com *.doubleclick.net www.google-analytics.com  tt.omtrdc.net dpm.demdex.net wss://umd.userlike.com umd.userlike.com api.userlike.com d3upe020n1uosc.cloudfront.net www.userlike.com api.friendlycaptcha.com eu-api.friendlycaptcha.eu interaktiv.contilla.de;frame-src 'self' *.helsana.ch *.pinterest.ch *.pinterest.com *.google.com *.googlesyndication.com bid.g.doubleclick.net  consentcdn.cookiebot.com www.youtube.com fls.doubleclick.net assets.adobedtm.com  www.facebook.com api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com d3dc1lgancj6l0.cloudfront.net www.youtube.com player.vimeo.com *.undpartner.digital;frame-ancestors 'self' *.helsana.ch;report-uri https://helsana.report-uri.com/r/d/csp/wizard;report-to wizard; 2
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/youtube-marketing/artists_youtube 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https://static.cloudflareinsights.com https://maxcdn.bootstrapcdn.com https://stage-unifiedsearch.geapps.io https://unifiedsearch.geapps.io https://blog.geaerospace.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://reactjs.org https://www.google.com https://www.gstatic.com https://www.youtube.com https://www.ge.com https://www.gepowerconversion.com https://view.ceros.com https://pdfjs-express.s3-us-west-2.amazonaws.com https://c.evidon.com https://www.googletagmanager.com https://ge.com https://connect.facebook.net https://snap.licdn.com https://static.ads-twitter.com https://analytics.twitter.com https://stats.g.doubleclick.net https://optoutapi.evidon.com https://l3.evidon.com https://graph.instagram.com https://js-agent.newrelic.com *.nr-data.net https://fssfedpitc.ge.com https://cdn.taboola.com https://secure.adnxs.com https://pubads.g.doubleclick.net https://ad.doubleclick.net https://trc.taboola.com https://trc-events.taboola.com https://ajax.cloudflare.com https://cds.taboola.com https://pips.taboola.com https://tags.crwdcntrl.net https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://bcp.crwdcntrl.net/6/map *.google-analytics.com *.analytics.google.com https://cdn.nmgassets.com https://tsdtocl.com https://www.googleadservices.com https://acsbapp.com https://cdn.acsbapp.com https://l.evidon.com https://bid.g.doubleclick.net https://fonts.googleapis.com https://captcha.gecirtnotification.com *.licdn.com https://px.ads.linkedin.com https://cdn.linkedin.oribi.io https://analytics.google.com; img-src * data: blob:; object-src 'self'; form-action *; frame-ancestors 'self' 2
default-src 'self'; connect-src 'self' https://*.intentmedia.net https://*.etraveligroup.net https://*.doubleclick.net https://*.adform.net https://www.google-analytics.com https://widgets.hotels.com https://bat.bing.com https://etgrs2.com https://*.akstat.io https://*.go-mpulse.net https://*.siteblindado.com https://*.qualtrics.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.etraveli.com https://*.etraveligroup.com https://*.cdn-net.com https://bat.bing.com https://www.googletagmanager.com https://connect.facebook.net https://pay.google.com https://adtr.io https://*.bidr.io https://tag.yieldoptimizer.com https://*.visualwebsiteoptimizer.com https://*.google-analytics.com https://*.intentmedia.net https://*.adform.net https://*.mouseflow.com https://*.nrich.ai https://*.doubleclick.net https://*.eancdn.com https://*.bidswitch.net https://green.erne.co https://*.rentalcars.com https://widget.trustpilot.com https://www.googleadservices.com https://cdn.klarna.com https://maps.googleapis.com https://widget.getyourguide.com https://widgets.hotels.com https://*.klarnacdn.net https://*.go-mpulse.net https://*.siteblindado.com https://*.qualtrics.com; style-src 'self' 'unsafe-inline' data: blob: https://widgets.hotels.com https://fonts.googleapis.com; img-src 'self' data: https://*.etraveli.com https://*.visualwebsiteoptimizer.com https://*.bidswitch.net https://*.doubleclick.net https://*.nrich.ai https://*.hybrid.ai https://*.w55c.net https://*.adsrvr.org https://*.rlcdn.com https://*.bidr.io https://*.seadform.net https://green.erne.co https://tag.yieldoptimizer.com https://dpm.demdex.net https://*.adform.net https://*.zemanta.com https://beacon.krxd.net https://sd.turn.com https://*.google-analytics.com https://maps.googleapis.com https://tag.adaraanalytics.com https://www.facebook.com https://widgets.hotels.com https://bat.bing.com https://www.google.com https://www.google.se https://maps.gstatic.com https://www.googletagmanager.com https://*.akstat.io https://*.qualtrics.com; font-src 'self' https://fonts.gstatic.com https://widgets.hotels.com; frame-ancestors 'self'; frame-src 'self' https://pay.google.com https://*.cdn-net.com https://*.cdn.intentmedia.net https://www.facebook.com https://widget.getyourguide.com https://system.etrack1.com https://widgets.hotels.com https://secure.rentalcars.com https://widget.trustpilot.com https://*.qualtrics.com; object-src 'self' https://*.cdn-net.com 2
font-src 'self' data:; 2
font-src fonts.googleapis.com fonts.gstatic.com *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com *.cardinalcommerce.com *.paypal.com https://*.salesforce.com/ 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com *.doubleclick.net *.facebook.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com pay.google.com sandbox.secure.checkout.visa.com secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com *.paypal.com https://fecdn.user1st.info/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io maps.googleapis.com maps.gstatic.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.bird.eu www.gstatic.com sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://fecdn.user1st.info/ https://*.online-metrix.net/ https://*.giuseppezanotti.com/ https://*.web.loc/ data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com pay.google.com sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com songbirdstag.cardinalcommerce.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com https://developer.adobe.com https://magento.com https://fecdn.user1st.info/ https://*.online-metrix.net/ https://*.giuseppezanotti.com/ https://*.web.loc/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.fontawesome.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://*.giuseppezanotti.com/ https://*.web.loc/ https://s3-us-west-2.amazonaws.com/ blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com *.facebook.com *.facebook.net https://*.googleapis.com thm.visa.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com https://developer.adobe.com https://fecdn.user1st.info/ https://*.online-metrix.net/ https://maps.google.com https://maps.gstatic.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src fonts.gstatic.com data: *.hotjar.com *.hotjar.io *.cloudfront.net data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.punchout2go.com www.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.google.com esqa.moneris.com www3.moneris.com *.dotdigital-pages.com *.dotdigital.com *.punchout2go.com data: e.bmr.co *.fls.doubleclick.net *.cloudfront.net *.hotjar.com *.hotjar.io insight.adsrvr.org www.facebook.net www.facebook.com *.google.ca *.moneris.com *.issuu.com notifications.wisepops.com wisepops.net https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.googleapis.com *.gstatic.com *.google.com *.googleusercontent.com *.trackedlink.net 'self' blob: data: www.gstatic.com *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net  *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.fls.doubleclick.net ad.doubleclick.net ade.googlesyndication.com maps.gstatic.com maps.googleapis.com www.bmr.ca *.hotjar.com *.hotjar.io *.cloudfront.net insight.adsrvr.org www.facebook.net www.facebook.com *.paypalobjects.com adserve.atedra.com cdn.wisepops.com tracking.wisepops.com dx4nr741tfc02.cloudfront.net wisp-production-storage.s3.amazonaws.com cdn.wisepops.net *.flippenterprise.net *.wishabi.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com *.google.com *.ggpht.com *.googleusercontent.com esqa.moneris.com www3.moneris.com polyfill.io *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal *.punchout2go.com data: e.bmr.co js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net *.g.doubleclick.net *.googletagmanager.com ssl.google-analytics.com www.google.com maps.googleapis.com s.yimg.com *.hotjar.com *.hotjar.io *.cloudfront.net r2-t.trackedlink.net connect.facebook.net connect.facebook.com www.gstatic.com z.moatads.com cdn.wisepops.com loader.wisepops.com app.getwisp.co wisepops.net cdn.wisepops.net plausible.io *.wishabi.com *.flippenterprise.net *.flipp.com *.flippback.com 'self' blob: https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.punchout2go.com www.gstatic.com *.hotjar.com *.hotjar.io *.cloudfront.net *.flippenterprise.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.googleapis.com *.gstatic.com *.google.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com bam.nr-data.net bam-cell.nr-data.net *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.hotjar.com *.hotjar.io s.yimg.com insights.algolia.io maps.googleapis.com www.facebook.com ct.pinterest.com activity.wisepops.com popup.wisepops.com tracking.wisepops.com app.getwisp.co wisepops.net plausible.io *.flippenterprise.net *.flippback.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri /csp-report.php; report-to report-endpoint; 2
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://js.monitor.azure.com/ https://pfw-prod-ukwest-safespaceonline.azurewebsites.net/ https://translate.google.com/  https://translate.googleapis.com/ https://translate-pa.googleapis.com/ https://qvdt3feo.com/ https://track.zpbt.uk/ https://acdn.adnxs.com/  https://tags.srv.stackadapt.com/ https://track.zpbt.uk/ https://bat.bing.com/ https://googleads.g.doubleclick.net/ https://static.hotjar.com/ https://script.hotjar.com/ https://code.jquery.com/ https://challenges.cloudflare.com/ https://www.youtube.com/ https://performance.radar.cloudflare.com/ https://api.reciteme.com/asset/js https://connect.facebook.net/ https://consent.cookiebot.com/ https://consentcdn.cookiebot.com/ https://js-agent.newrelic.com https://www.google-analytics.com/ https://www.googleoptimize.com/ https://www.googletagmanager.com/; style-src 'report-sample' 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://pfw-prod-ukwest-safespaceonline.azurewebsites.net/ https://tags.srv.stackadapt.com/ https://track.zpbt.uk/ https://www.gstatic.com/ https://api.reciteme.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://analytics.zpbt.uk/ https://vc.hotjar.io/ https://adservice.google.com/ https://www.google.co.uk/ https://translate.googleapis.com/ https://ukwest-0.in.applicationinsights.azure.com/ https://apps.parcelforce.com/ https://event.zpbt.uk/ https://bat.bing.com/ https://googleads.g.doubleclick.net/ https://web.facebook.com/ https://stats.reciteme.com/ https://pagead2.googlesyndication.com/ https://www.facebook.com/ https://api.reciteme.com https://bam.nr-data.net https://consentcdn.cookiebot.com https://analytics.google.com/ https://region1.analytics.google.com/ https://region1.google-analytics.com/ https://stats.g.doubleclick.net https://tags.srv.stackadapt.com https://www.google-analytics.com https://www.google.com; font-src 'self' data: https://pfw-prod-ukwest-safespaceonline.azurewebsites.net/ https://fonts.gstatic.com/ https://api.reciteme.com; frame-src 'self' https://googleads.g.doubleclick.net/ https://www.google.com/ https://tpc.googlesyndication.com/ https://td.doubleclick.net/ https://servedby.flashtalking.com/ https://web.facebook.com/ https://in-app.eastmidlandsrailway.co.uk/ https://www.youtube.com/ https://challenges.cloudflare.com/ https://www.facebook.com/ https://consentcdn.cookiebot.com/; img-src 'self' data: https://www.google.bg/pagead/ https://pagead2.googlesyndication.com/ https://images.journeys.zip/ https://www.gstatic.com/  https://pfw-prod-ukwest-safespaceonline.azurewebsites.net/ https://bat.bing.com/  https://ib.adnxs.com/ https://reporting.eastmidlandsrailway.co.uk/ https://connect.facebook.net/ https://fonts.gstatic.com/ https://a.tile.openstreetmap.org https://b.tile.openstreetmap.org https://api.reciteme.com https://c.tile.openstreetmap.org https://www.facebook.com https://www.google-analytics.com https://www.googletagmanager.com/ https://www.google.co.uk https://www.google.com; manifest-src 'self'; media-src 'self' https://api.reciteme.com/; worker-src blob:; report-uri https://altcom.report-uri.com/r/d/csp/reportOnly; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.tawk.to cdnjs.cloudflare.com cdn.jsdelivr.net voidlabs.containers.piwik.pro dl.frontapp.com hcaptcha.com; connect-src 'self' wss://*.tawk.to *.tawk.to newassets.hcaptcha.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com embed.tawk.to; frame-src 'self' demo.voxmail.it www.youtube-nocookie.com newassets.hcaptcha.com; font-src 'self' cdnjs.cloudflare.com fonts.gstatic.com embed.tawk.to; media-src 'self' embed.tawk.to; report-uri https://catbzhkx.uriports.com/reports/report 2
default-src https: data: wss: blob: 'unsafe-inline' 'unsafe-eval'; report-uri /csp-violation-report.php 2
report-uri https://r4com.report-uri.io/r/default/csp/reportOnly 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.ridestore.org *.ingest.sentry.io android-webview-video-poster: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.facebook.net *.facebook.com *.sentry.io *.getsentry.com *.ingest.sentry.io *.klarnacdn.net *.klarnaevt.com *.klarna.com *.klarnaservices.com *.online-metrix.net *.googleapis.com *.google.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.adyen.com *.paypal.com *.paypalobjects.com *.cloudflareinsights.com *.fitanalytics.com *.livechatinc.com *.knocdn.com *.try-snowplow.com *.trustedshops.com *.getmdl.io *.tiktok.com; object-src 'none'; media-src 'self' data: *.ctfassets.com *.ctfassets.net *.livechatinc.com; frame-src 'self' *.sentry.io *.getsentry.com *.facebook.com *.klarnacdn.net *.klarnaevt.com *.klarna.com *.klarnaservices.com *.paypalobjects.com *.paypal.com *.googleapis.com *.gstatic.com *.google.com *.googletagmanager.com *.adyen.com *.fitanalytics.com *.livechatinc.com *.youtube.com *.videodelivery.net; report-uri https://o45992.ingest.sentry.io/api/5893254/security/?sentry_key=8a3336bf0af649cc8131a1785e058755&sentry_environment=production 2
font-src *.fontawesome.com fonts.gstatic.com data: use.typekit.net static.nacongaming.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com api.bazaarvoice.com stg.api.bazaarvoice.com www.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.adyen.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com www.google.com www.youtube.com amc.demdex.net vars.hotjar.com www.facebook.com static.nacongaming.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com network-eu-stg.bazaarvoice.com network-eu.bazaarvoice.com network-eu-a.bazaarvoice.com media.nacongaming.com scaleflex.ultrafast.io axeptio.imgix.net www.google.fr www.facebook.com static.nacongaming.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com network-eu.bazaarvoice.com network-eu-stg.bazaarvoice.com www.google.com www.gstatic.com script.hotjar.com static.hotjar.com connect.facebook.net anltc.bigben.fr analytics.tiktok.com www.googleoptimize.com static.nacongaming.com static.axept.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com display.ugc.bazaarvoice.com *.fontawesome.com fonts.googleapis.com use.typekit.net p.typekit.net static.nacongaming.com 'self' 'unsafe-inline'; object-src static.nacongaming.com 'self' 'unsafe-inline'; media-src *.adobe.com static.nacongaming.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com www.facebook.com in.hotjar.com stats.g.doubleclick.net anltc.bigben.fr axeptio.imgix.net static.nacongaming.com client.axept.io api.axept.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.klarnacdn.net *.cloudflare.com *.typekit.net *.trustedshops.com *.googleapis.com cdn1.stamped.io stamped.io *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.twitter.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.google.com/ *.doubleclick.net *.facebook.com *.klarna.com *.freshchat.com *.twitter.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com 'self' data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.klarna.com *.klarnaevt.com *.cloudfront.net/ *.criteo.net *.stamped.io *.freshchat.com/ *.cloudflare.com *.ytimg.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://www.magezon.com cdn1.stamped.io stamped.io flagpedia.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: *.paypal.com data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.klarna.com *.kk-resources.com/ *.shopalike.fi/ *.chatbotize.com/ qanuk-stage.vercel.app *.tradedoubler.com *.criteo.com *.cookiefirst.com *.omappapi.com *.googleoptimize.com *.klaviyo.com reviewsonmywebsite.com 'self' data: *.fontawesome.com *.videoly.co/ *.freshchat.com cdnjs.cloudflare.com/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ cdn1.stamped.io stamped.io s7.addthis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.cookiefirst.com *.klarnacdn.net *.omappapi.com reviewsonmywebsite.com *.typekit.net *.freshchat.com/ *.cloudflare.com/ https://static.klaviyo.com cdn1.stamped.io stamped.io *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src cdn1.stamped.io stamped.io 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.algolia.net *.algolia.com *.algolianet.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.klarnaevt.com *.criteo.com *.kelkoogroup.net/ *.chatbotize.com *.klarnaservices.com *.doubleclick.net *.qanuk.app *.cookiefirst.com *.omappapi.com *.googlesyndication.com reviewsonmywebsite.com *.cloudflare.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ cdn1.stamped.io stamped.io ekr.zdassets.com/ www.gstatic.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src fonts.googleapis.com fonts.gstatic.com *.fontawesome.com *.abtasty.com *.googleapis.com *.gstatic.com oct8necdneu.azureedge.net/ *.peppermoneytest.es *.peppermoney.es 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com www.google.com *.cookiebot.com *.pinterest.com *.hotjar.com *.hotjar.io *.facebook.com *.facebook.net *.bing.com *.oct8ne.com *.peppermoneytest.es *.peppermoney.es *.pepperfinance.es fledge-eu.creativecdn.com ams.creativecdn.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.adyen.com maps.googleapis.com maps.gstatic.com https://img.youtube.com www.google.com www.google.es www.googletagmanager.com stats.g.doubleclick.net googleads.g.doubleclick.net *.pinterest.com *.facebook.com *.facebook.net *.bing.com *.clarity.ms tracker.metricool.com *.abtasty.com *.amazonaws.com *.oct8ne.com oct8necdneu.azureedge.net/ gstatic.com *.peppermoneytest.es oct8necdneu.azureedge.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com s7.addthis.com *.cookiebot.com *.google.com www.google.es www.gstatic.com sl.google-analytics.com googleads.g.doubleclick.net *.googleapis.com s.pinimg.com *.pinterest.com *.hotjar.com *.hotjar.io *.facebook.com *.facebook.net *.bing.com *.fittingbox.com js-agent.newrelic.com bam.nr-data.net *.clarity.ms tracker.metricool.com *.abtasty.com *.oct8ne.com *.peppermoneytest.es *.peppermoney.es assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com *.abtasty.com *.googleapis.com *.gstatic.com *.peppermoneytest.es *.peppermoney.es *.pepperfinance.es *.oct8ne.com oct8necdneu.azureedge.net tags.creativecdn.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com ekr.zdassets.com/ *.cookiebot.com www.google.com *.google.com www.google.es *.googleapis.com www.gstatic.com www.googletagmanager.com sl.google-analytics.com *.g.doubleclick.net s.pinimg.com *.pinterest.com *.hotjar.com *.hotjar.io *.facebook.com *.facebook.net *.bing.com *.fittingbox.com js-agent.newrelic.com bam.nr-data.net *.clarity.ms *.abtasty.com *.oct8ne.com *.peppermoneytest.es *.peppermoney.es ams.creativecdn.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com t.elasticsuite.io *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src https:; connect-src https: wss:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' *.google.com fonts.googleapis.com static.pazaruvaj.com unpkg.com api.mapbox.com cdn.jsdelivr.net geowidget.easypack24.net maxcdn.bootstrapcdn.com ssl.ceneo.pl s.kk-resources.com elnino.daktela.com www.wiarygodneopinie.pl ts.tradetracker.net cdn.foxentry.cz www.parfemy-elnino.cz geowidget.inpost.pl www.googletagmanager.com smartsuppcdn.com static.compari.ro; object-src 'self'; img-src 'self' https: data:; font-src https: data:; frame-ancestors 'self' *.creativecdn.com *.hotjar.com *.googletagmanager.com; report-uri https://elnino.report-uri.com/r/d/csp/enforce 2
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: static.oktopost.com *.vimeo.com *.wistia.com lp.educationsoftwaresolutions.co.uk bat.bing.com lp.ess-librarymanagementcloud.co.uk *.mktoresp.com *.googleapis.com okt.to *.onetrust.com use.typekit.net adservice.google.com *.gstatic.com munchkin.marketo.net region1.analytics.google.com cdn.cookielaw.org cdn.jsdelivr.net www.google-analytics.com t.trackedlink.net *.mktoutil.com www.google.co.uk *.twitter.com *.linkedin.com t.co p.typekit.net *.doubleclick.net www.googletagmanager.com www.google.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 2
font-src https://*.gstatic.com *.googleapis.com *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.narvar.com *.narvar.qa script.hotjar.com fonts.googleapis.com fonts.gstatic.com au-tracker.inside-graph.com au-cdn.inside-graph.com integration-sandbox-cdn.toshi.co integration-cdn.toshi.co acsbapp.com shopping.qantas.com appdown.pstatic.net data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.facebook.com 0merchantacsstag.cardinalcommerce.com geostag.cardinalcommerce.com www.facebook.com tst.kaptcha.com bid.g.doubleclick.net 'self' 'unsafe-inline'; frame-ancestors au-tracker.inside-graph.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com *.google.com *.doubleclick.net *.facebook.com vars.hotjar.co vimeo.com acsbapp.com ssl.kaptcha.com player.smartzer.com www.google.com t.sharethis.com tst.kaptcha.com www.facebook.com accounts.accessibe.com dashboard.accessibe.com www.paypalobjects.com acestream.me 3ds.sia.eu www.houzz.com acs2.3dsecure.no *.hotjar.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.adyen.com https://*.gstatic.com *.googleapis.com *.gstatic.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.narvar.com *.narvar.qa adservice.google.com script.hotjar.com www.google.sa www.google.ca *.bing.com *.clarity.ms data:* web1.acsbapp.com integration-sandbox-cdn.toshi.co www.google.bg www.google.be www.google.co.uk www.google.nl www.gstatic.com translate.google.com idsync.rlcdn.com consent.linksynergy.com au-live.inside-graph.com bam-cell.nr-data.net integration-cdn.toshi.co bat.bing.com www.google.com.au google.com.au qhn06m.a.searchspring.io 6umcpw.a.searchspring.io q4p7ce.a.searchspring.io you9wl.a.searchspring.io slc.stats.paypal.com 64.media.tumblr.com www.zimmermannwear.com www.zimmermann.com staging3.zimmermannwear.com staging3.zimmermann.com c.paypal.com s.ytimg.com maps.googleapis.com maps.gstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com checkout.paypal.com au-cdn.inside-graph.com platform-cdn.sharethis.com hnd.stats.paypal.com d3cgm8py10hi0z.cloudfront.net track.linksynergy.com l.sharethis.com www.facebook.com www.google.co.in log-papago.naver.com www.google.com.mx www.google.com.br web.facebook.com m.facebook.com www.google.co.ma www.google.ru www.google.at www.google.it www.google.co.nz www.google.se www.google.no www.google.de www.google.fr www.google.hr www.google.pl www.google.lt www.google.ae www.google.ch www.google.pt www.google.co.vi www.google.com.bh www.google.dk www.google.es www.google.cl www.google.com.do www.google.ro www.google.co.za www.google.co.ao www.google.lu www.google.com.sa www.google.com.kw www.google.com.qa www.google.hu www.google.com.ua www.google.com.tr www.google.gr www.google.ie www.google.hn www.google.com.ar www.google.am www.google.com.jm www.google.com.co log.pinterest.com tags.rd.linksynergy.com ct.pinterest.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com *.googleapis.com *.gstatic.com *.google.com *.google.bg googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net google-analytics.com https://cdn.searchspring.net/intellisuggest/is.min.js script.crazyegg.com www.googleoptimize.com www.clarity.ms *.clarity.ms ut.rd.linksynergy.com songbird.cardinalcommerce.com tag.lexer.io bat.bing.com tag.rmp.rakuten.com www.fullstory.com songbirdstag.cardinalcommerce.com www.gstatic.com www.google.com au-cdn.inside-graph.com cdn.searchspring.net acsbapp.com secure.authorize.net test.authorize.net googleadservices.com paypalobjects.com js.braintreegateway.com paypal.com sandbox.paypal.com video.google.com vimeocdn.com maps.googleapis.com trackedlink.net trackedweb.net dotdigital-pages.com api.comapi.com webchat.dotdigital.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analyticsbraintreegateway.com client-analytics.sandbox.braintreegateway.com au-tracker.inside-graph.com intljs.rmtag.com cdn.scarabresearch.com au-live.inside-graph.com platform-api.sharethis.com platform-cdn.sharethis.com buttons-config.sharethis.com l.sharethis.com t.sharethis.com fullstory.com integration-sandbox-cdn.toshi.co integration-cdn.toshi.co bam-cell.nr-data.net js-agent.newrelic.com connect.facebook.net assets.giocdn.com mayg6.svn0czn.com www.shopstylecollective.com ln-rules.rewardstyle.com fq1frg.a6rm7n.com web1.acsbapp.com *.hotjar.com auctioneer.50million.club bam.nr-data.net s.pinimg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://fonts.googleapis.com/ fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com cdn.honey.io cdn.searchspring.net au-cdn.inside-graph.com getfirebug.com cdn.dnky.co webchat.dotdigital.com *.aptrinsic.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.narvar.com *.narvar.qa 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.googleapis.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com https://beacon.searchspring.io/beacon script.crazyegg.com *.hotjar.io wss://*.hotjar.com *.hotjar.com *.clarity.ms www.clarity.ms staging3.zimmermannwear.com staging3.zimmermann.com www.google.com track.lexer.io maps.googleapis.com centinelapi.cardinalcommerce.com adservice.google.com bat.bing.com stats.g.doubleclick.net www.tryzens-analytics.com www.tryzens-analytics.com:12280 kg668dbov0.execute-api.us-east-1.amazonaws.com au-cdn.inside-graph.com notify.bugsnag.com qhn06m.a.searchspring.io 6umcpw.a.searchspring.io q4p7ce.a.searchspring.io you9wl.a.searchspring.io writer.cardinalcommerce.com centinelapistag.cardinalcommerce.com 7dgmrv.a.searchspring.io services.postcodeanywhere.co.uk uat.tryzens-analytics.com:12280 amcglobal.sc.omtrdc.net  *.trackedlink.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com api.braintreegateway.com api.sandbox.braintreegateway.com au-live.inside-graph.com *.braintree-api.com cdn.acsbapp.com recommender.scarabresearch.com *.trackedweb.net wss://au-live.inside-graph.com l.sharethis.com sessions.bugsnag.com bam-cell.nr-data.net www.facebook.com api.toshi.co staging.api.toshi.co ad.doubleclick.net web1.acsbapp.com rs.fullstory.com bam.nr-data.net ct.pinterest.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://289r1hnfc9.execute-api.eu-west-1.amazonaws.com/prod/zmn-cspdata; report-to report-endpoint; 2
frame-ancestors 'self' account.elama.global new.elama.ru elama.global *.elama.global *.elama.zone elama.ru *.elama.ru elama.com.br *.elama.com.br elama.kz *.elama.kz mc.yandex.ru mc.webvisor.com mc.webvisor.org yastatic.net webvisor.com http://webvisor.com metrika.yandex.ru yandex.com yandex.ru *.yandex.com *.yandex.net *.yandex.ru *.dev-morda.svc.elama-team.ru; report-uri https://sn.elama.global/api/26/security/?sentry_key=cf985e6d1e254161bef105622a6e28a4; 2
font-src fonts.gstatic.com use.typekit.net *.fontawesome.com data: fonts.googleapis.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * www.facebook.com static.zdassets.com www.gstatic.com script.hotjar.com static.hotjar.com googleadservices.com maps.googleapis.com/ 'self' 'unsafe-inline'; frame-ancestors static.zdassets.com www.gstatic.com static.hotjar.com script.hotjar.com googleadservices.com maps.googleapis.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.mercadolibre.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * cdn.dnky.co amc.demdex.net www.google.com youtube.com vars.hotjar.com *.doubleclick.net *.pinterest.com *.tryadviser.com *.webviewer.appar.io *.paperless.com.pe *.extranetrosen.cl mldp.mercadopago.com www.mercadolibre.com 'self' 'unsafe-inline'; img-src *.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net imgmp.mlstatic.com *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.gstatic.com maps.googleapis.com accounts.google.com www.extranetrosen.cl *.hsforms.com track.hubspot.com mercadopago.cl www.mercadopago.cl *.google.com.cl static.zdassets.com www.gstatic.com static.hotjar.com script.hotjar.com *.pinterest.com *.sendtric.com *.tryadviser.com *.adnxs.com *.linkedin.com *.doubleclick.net *.rosen.cl *.rosen.com.pe *.sonataplatform.com 'self' data: www.mercadolibre.com www.mercadolibre.com.mx www.mercadolibre.com.ar www.mercadolibre.com.br a248.e.akamai.net mercadolivre.com.br www.mercadolivre.com.br www.mercadolivre.com.mx www.mercadolivre.com.ar www.mercadopago.com secure.mlstatic.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.dpm.demdex.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com assets.adobedtm.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.mlstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com cdn.dnky.co r1-t.trackedlink.net www.gstatic.com js-agent.newrelic.com bam.nr-data.net maps.googleapis.com player.vimeo.com www.extranetrosen.cl static.zdassets.com js.hs-scripts.com js.hs-analytics.net js.hscollectedforms.net js.hs-banner.com www.googleoptimize.com static.hotjar.com *.google.com *.google.cl script.hotjar.com js.hsleadflows.net *.pinimg.com www.youtube.com *.tryadviser.com *.adnxs.com *.hsadspixel.net *.verificado.ai snap.licdn.com *.google-analytics.com *.commerce.adobe.net *.magento.com *.mercadopago.com *.hscollectedforms.net *.doubleclick.net *.omtrdc.net *.googletagmanager.com *.rosen.cl *.rosen.com.pe *.sonataplatform.com *.mouseflow.com *.hubspot.com *.vnforapps.com https://www.google.com *.gstatic.com https://maps.googleapis.com http2.mlstatic.com secure.mlstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com unsafe-inline assets.braintreegateway.com cdn.dnky.co *.rosen.cl *.rosen.com.pe www.extranetrosen.cl *.tryadviser.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com static.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io *.mercadopago.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com api.comapi.com bam.nr-data.net static.zdassets.com v2.zopim.com ekr.zdassets.com rollbar-eu.zendesk.com wa.me *.hubspot.com stats.g.doubleclick.net rosen.zendesk.com wss://widget-mediator.zopim.com *.hotjar.com vc.hotjar.io www.facebook.com public.delivery.janisqa.in public.delivery.janis.in maps.googleapis.com *.google.cl *.pinterest.com wss://*.hotjar.com *.hscollectedforms.net *.hubapi.com *.amazonaws.com *.amazon.com *.zendesk.com *.linkedin.com *.google-analytics.com api.mercadopago.com events.mercadopago.com www.mercadolibre.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self' https: 'unsafe-inline' 'unsafe-eval'; report-uri content.php?action=150&module=core&handler=ContentSecurityPolicyHandler&mode=reportCspViolation; 2
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.cloudmaestro.com acuityplatform.com ajax.googleapis.com cdn.onesignal.com dynamic.cannedbanners.com js-agent.newrelic.com nsg.symantec.com onesignal.com seal.godaddy.com *.freedommunitions.com www.google-analytics.com www.google.com www.googletagmanager.com www.gstatic.com acuityplatform.com bam.nr-data.net maps.google.com pixel.mathtag.com a2.adform.net 279-ct.c3tag.com maps.googleapis.com; report-uri /.webscale/csp-report 2
font-src fonts.gstatic.com use.typekit.net *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.infonet.com.py *.infonet.com.py:8888/ https://vpos.infonet.com.py:8888/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net integration-5ojmyuq-qoiivjresdo6e.us-5.magentosite.cloud cdn.leadster.com.br www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.gstatic.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net * plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com unpkg.com commerce.adobedtm.com assets.adobedtm.com commerce.adobe.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.infonet.com.py:8888/ *.newrelic.com *.nr-data.net *.avada.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.fontawesome.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io p13n.adobe.io p13n-mr.adobe.io * plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com commerce.adobedtm.com commerce.adobedc.net *.snplow.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io *.nr-data.net https://viacep.com.br https://www.viacep.com.br https://get.geojs.io *.avada.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.adyen.com *.lamaisonduchocolat.com *.avis-verifies.com/ *.vimeocdn.com *.vimeo.com reetags.com *.weltpixel.com 'self' 'unsafe-inline'; img-src *.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.adyen.com maps.googleapis.com maps.gstatic.com *.lamaisonduchocolat.com *.vimeo.com *.paypal.com *.gstatic.com *.analytics.google.com reetags.com https://images.unsplash.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com polyfill.io maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.lamaisonduchocolat.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.googleapis.com *.gstatic.com *.google.com *.paypal.com *.braintreegateway.com *.cardinalcommerce.com reetags.com sdk.privacy-center.org js.aploze.com *.jsdelivr.net https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.lamaisonduchocolat.com reetags.com maxcdn.bootstrapcdn.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.algolia.net *.algolia.com *.algolianet.com *.lamaisonduchocolat.com *.googleapis.com *.analytics.google.com reetags.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self' https://jobs.b-ite.com https://bwp-online.gelsenkirchen.de https://ads.gelsen.net https://ads2.gelsen.net https://twebshop.tomas-travel.com  https://player.podigee-cdn.net https://www.xn--fundbrodeutschland-q6b.de; style-src 'self' 'unsafe-inline' https://bwp-online.gelsenkirchen.de https://twebshop.tomas-travel.com  https://player.podigee-cdn.net https://cdn.podigee.com; img-src 'self' https://ads.gelsen.net https://ads.gelsen.net https://webstatistik.gelsenkirchen.de https://server.arcgisonline.com https://*.tile.openstreetmap.org https://geodaten.metropoleruhr.de https://gdi.gelsenkirchen.de https://twebshop.tomas-travel.com https://cdn.podigee.com https://images.podigee-cdn.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.youtube.com https://pansite6.gelsenkirchen.de https://ads.gelsen.net https://ads.gelsen.net https://webstatistik.gelsenkirchen.de https://static.b-ite.com https://cs-assets.b-ite.com https://bwp-online.gelsenkirchen.de/ https://twebshop.tomas-travel.com  https://player.podigee-cdn.net https://cdn.podigee.com https://www.xn--fundbrodeutschland-q6b.de; child-src 'self' https://www.youtube.com https://player.vimeo.com https://www.youtube-nocookie.com https://whitelabel.hotel.de https://tempus-termine.com https://*.gelsenkirchen.de https://player.podigee-cdn.net https://www.xn--fundbrodeutschland-q6b.de 2
default-src 'self' cdn.synthetix.com ssc.synthetix.com;                     img-src 'self' syn-document-manager.s3.amazonaws.com cdn.synthetix.com ssc.synthetix.com data: *.google-analytics.com *.google.co.uk *.google.com *.facebook.com *.googletagmanager.com *.hotjar.com *.hotjar.io;                     font-src *.gstatic.com *.hotjar.com *.hotjar.io;                     frame-src *.facebook.com *.twitter.com *.hotjar.com *.hotjar.io *.google.com *.youtube.com https://wjecwebsitelive.blob.core.windows.net https://securelinks1.cmadvantage.co.uk/ https://wjec-cbac.leadfamly.com/ *.issuu.com/;                     object-src https://wjecwebsitelive.blob.core.windows.net;                     connect-src 'self' syn-document-manager.s3.amazonaws.com cdn.synthetix.com ssc.synthetix.com *.synthetix.com *.hotjar.io *.google-analytics.com *.hotjar.com *.fullstory.com *.doubleclick.net wss://*.hotjar.com *.getaddress.io *.analytics.google.com;                     style-src 'self' 'unsafe-inline' cdn.synthetix.com ssc.synthetix.com *.synthetix.com *.googleapis.com *.cloudfront.net;                     script-src 'self' 'unsafe-inline' 'unsafe-eval' https://platform.twitter.com cdn.synthetix.com ssc.synthetix.com *.synthetix.com *.googletagmanager.com googleapis.com *.hotjar.com *.gstatic.com *.fullstory.com *.google-analytics.com *.aspnetcdn.com *.googleadservices.com *.facebook.net *.doubleclick.net 2
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: amadeus.com www.google.hu www.google.co.in www.google.lu www.google.co.jp www.google.co.kr js.maxmind.com *.eloqua.com www.google.com.sa www.google.fi *.ads-twitter.com www.google.co.cr www.google.de www.google.pl img.youtube.com img06.en25.com www.google.fr www.google.hn www.google.cl *.googleapis.com resources.digital-cloud.medallia.eu www.google.com.pe www.google.com.eg www.google.co.id *.wistia.com *.facebook.net *.omtrdc.net *.gstatic.com geoip-js.com www.google.co.il adservice.google.com www.google.dk www.google.ci www.google.com.sg *.onetrust.com www.google.bg www.google.jo www.google.ae *.everesttech.net www.google.com.lb *.twitter.com www.google.com.vn www.google.com.gh www.google.co.uk www.google.com.tr www.google.kz www.google.gr cdn.decibelinsight.net t.co www.google.com.au www.google.com.bo www.google.pt www.google.lk www.google.com.ng www.google.ca www.google.no www.google.com.pk www.google.com www.google.ro www.google.ie www.google.cz www.google.co.th www.google.si www.google.com.hk cdn.cookielaw.org www.google.es www.google.com.ua www.google.co.uz www.google.com.ar www.google.be www.google.ru www.google.com.qa www.google.nl www.google.sn www.google.com.ph www.google.co.ma www.google.com.bd maxcdn.bootstrapcdn.com www.youtube.com cdnjs.cloudflare.com www.google.co.ke cdn.openshareweb.com www.google.com.co www.google.com.kw *.licdn.com www.google.it tags.tiqcdn.com analytics.shareaholic.com www.google.ch collection.decibelinsight.net *.facebook.com *.googleadservices.com www.google.dz www.googletagmanager.com www.google.com.ec www.google.at *.demdex.net *.doubleclick.net www.shareaholic.net apps.shareaholic.com www.google.co.za www.google.iq www.google.com.br www.google.co.nz www.google.tn www.google.co.ug www.google.com.my *.linkedin.com www.google.rs www.google.az www.google.com.tw www.google.se www.google-analytics.com udc-neb.kampyle.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 2
font-src fonts.gstatic.com use.typekit.net *.gstatic.com *.googleapis.com *.yotpo.com 'self' data: *.typekit.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.google.com *.hotjar.com *.doubleclick.net *.mercadolibre.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com www.xtento.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.yotpo.com *.google.com *.google.com.ar *.facebook.com *.doubleclick.net *.sparta.cl newbalance.cl 'self' data: *.gstatic.com *.googleapis.com *.yandex.ru *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.mercadolivre.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com commerce.adobedtm.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.google.com *.googleoptimize.com *.gstatic.com *.googletagmanager.com *.googleapis.com *.fanplayr.com *.facebook.net *.yotpo.com *.newrelic.com *.nr-data.net *.doubleclick.net *.magentosite.cloud *.freshworks.com *.hotjar.com *.retailrocket.net *.yandex.ru *.api.useinsider.com *.mlstatic.com *.mercadopago.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.sparta.cl *.newbalance.cl *.yotpo.com *.fonts.net *.magentosite.cloud *.freshworks.com unsafe-inline tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com commerce.adobedtm.com commerce.adobedc.net *.snplow.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.google-analytics.com *.yotpo.com *.nr-data.net *.freshworks.com *.googleapis.com stats.g.doubleclick.net *.yandex.ru *.mercadopago.com *.mercadolibre.com *.retailrocket.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.facebook.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://spartacl.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 2
default-src 'none'; form-action 'none'; frame-ancestors 'none'; report-uri https://osweb25b8034a79abb3.report-uri.com/r/t/csp/wizard 2
default-src 'none'; script-src 'unsafe-eval' 'unsafe-inline' 'self' *.fontawesome.com *.jquery.com *.twitter.com cdn.syndication.twimg.com *.google-analytics.com *.google.com *.gstatic.com *.googleapis.com *.jsdelivr.net *.cqg.com *.amazonaws.com *.zdassets.com *.zopim.com *.ckeditor.com *.wistia.com api.smooch.io *.googletagmanager.com; object-src 'self'; style-src 'unsafe-inline' 'self' *.twitter.com *.jsdelivr.net *.mailchimp.com *.twimg.com *.googleapis.com *.ckeditor.com *.gstatic.com; img-src 'unsafe-inline' 'self' *.google.com *.google-analytics.com *.googletagmanager.com *.twitter.com *.twimg.com data: *.zopim.io *.gstatic.com *.googleapis.com *.ckeditor.com *.wistia.com embedwistia-a.akamaihd.net api.smooch.io accounts.zendesk.com; media-src 'self' *.zdassets.com blob:; frame-src 'self' *.twitter.com *.youtube.com *.google.com *.cqg.com; frame-ancestors 'self'; child-src 'self' blob:; font-src 'self' embedwistia-a.akamaihd.net *.github.com *.gstatic.com data:; connect-src wss: 'self' www.google.co.in region1.analytics.google.com *.google.com *.google-analytics.com stats.g.doubleclick.net *.cqg.com *.zdassets.com *.zendesk.com widget-mediator.zopim.com  *.wistia.com *.litix.io embedwistia-a.akamaihd.net api.smooch.io; report-uri /report-csp-violation; upgrade-insecure-requests 2
object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://cdn.tagcommander.com https://cdnjs.cloudflare.com https://instant.page https://polyfill.io https://unpkg.com https://use.fontawesome.com https://www.google.com; script-src-attr 'self'; script-src-elem 'self' http://pero.securite-routiere.gouv.fr https://www.gstatic.com https://www.youtube.com https://s2.adform.net/banners/scripts/st/trackpoint-async.js https://server.adform.net/Serving/TrackPoint/ https://cdn.jsdelivr.net https://cdn.tagcommander.com https://cdnjs.cloudflare.com https://instant.page https://polyfill.io https://unpkg.com https://use.fontawesome.com https://www.google.com; style-src 'self' code.ionicframework.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com; style-src-attr 'self'; frame-ancestors 'self' 2
font-src fonts.gstatic.com use.typekit.net *.gstatic.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.chasepaymentechhostedpay.com *.chasepaymentechhostedpay-var.com *.chase.hostedpaymentservice.net *.chase-var.hostedpaymentservice.net 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com google.com https://www.google.com *.chasepaymentechhostedpay.com *.chasepaymentechhostedpay-var.com *.chase.hostedpaymentservice.net *.chase-var.hostedpaymentservice.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.weltpixel.com youtu.be *.google.com *.nr-data.net 'self' 'unsafe-inline'; img-src *.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.yahoo.com *.bing.com *.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com assets.adobedtm.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com widget.freshworks.com m2epro.freshdesk.com https://www.google.com https://www.gstatic.com *.hotjar.com *.facebook.net *.bing.com *.murdoog.com *.pcapredict.com *.chasepaymentechhostedpay.com *.chasepaymentechhostedpay-var.com *.chase.hostedpaymentservice.net *.chase-var.hostedpaymentservice.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.google.com *.gstatic.com *.newrelic.com *.nr-data.net dmp.info.mossmotors.com dmp.info.mossmiata.com *.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com widget.freshworks.com m2epro.freshdesk.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io widget.freshworks.com m2epro.freshdesk.com https://ipinfo.io *.yimg.com *.doubleclick.net *.adobedtm.com *.chasepaymentechhostedpay.com *.chasepaymentechhostedpay-var.com *.chase.hostedpaymentservice.net *.chase-var.hostedpaymentservice.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.nr-data.net dmp.info.mossmotors.com dmp.info.mossmiata.com *.cloudfront.net *.dycdn.net *.freshrelevance.com wss://am.freshrelevance.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
report-uri /ui/csp-violations/;default-src 'none';img-src 'self' data: https:;base-uri 'self';block-all-mixed-content;form-action 'self';font-src 'self' https://fonts.gstatic.com data:;object-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://polyfill.io https://cdn.walkme.com https://www.datadoghq-browser-agent.com 'report-sample';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests;media-src 'self';manifest-src 'self';connect-src 'self' 'report-sample' https://rum-http-intake.logs.datadoghq.com https://rum.browser-intake-datadoghq.com https://*.walkme.com;frame-src 'self' https://cdn.walkme.com https://*.vetconnectplus.com;frame-ancestors * 2
font-src *.bookshark.com *.sonlight.com *.authorize.net *.cardinalcommerce.com *.vimeo.com https://vimeo.com *.instagram.com *.zdassets.com *.cloudflare.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.bootstrapcdn.com *.zendesk.com *.chimpstatic.com chimpstatic.com *.addtoany.com *.pinterest.com https://cdn.datatables.net *.klaviyo.com *.sonlightconnections.com https://widget-mediator.zopim.com/ https://alb.reddit.com/ https://tr.snapchat.com/ fonts.gstatic.com *.fontawesome.com 'self' data: *.yotpo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.bookshark.com *.sonlight.com *.authorize.net *.cardinalcommerce.com *.vimeo.com https://vimeo.com *.instagram.com *.zdassets.com *.zendesk.com *.twitter.com *.facebook.com *.zopim.com *.chimpstatic.com chimpstatic.com *.addtoany.com *.pinterest.com https://app.viralsweep.com https://test-api.viedu.org https://api.viedu.org https://test-launchpad.viedu.org https://launchpad.viedu.org https://luau-api.dev.viedu.org https://cdn.datatables.net *.klaviyo.com *.sonlightconnections.com *.sharethis.com https://s.pinimg.com/ https://analytics.tiktok.com/ https://sc-static.net/ *.redditstatic.com https://googleads.g.doubleclick.net/ https://tr.snapchat.com/ https://widget-mediator.zopim.com/ https://alb.reddit.com/ *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.bookshark.com *.sonlight.com *.gstatic.com *.zdassets.com https://widget-mediator.zopim.com/ 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.sharethis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.weltpixel.com *.bookshark.com *.sonlight.com *.authorize.net *.cardinalcommerce.com *.vimeo.com https://vimeo.com *.instagram.com *.zdassets.com *.twitter.com https://www.google.com https://www.google.co.in https://www.facebook.com *.zendesk.com *.zopim.com *.chimpstatic.com chimpstatic.com *.braintree-api.com *.braintreegateway.com *.paypal.com *.kaptcha.com *.addtoany.com *.calendly.com https://calendly.com/ https://app.viralsweep.com https://edge.addthis.com https://cdn.datatables.net *.addthis.com *.klaviyo.com *.pinterest.com *.sonlightconnections.com https://c.sharethis.mgr.consensu.org/ https://anchor.fm https://s.pinimg.com/ https://analytics.tiktok.com/ https://sc-static.net/ *.redditstatic.com https://googleads.g.doubleclick.net/ https://tr.snapchat.com/ https://widget-mediator.zopim.com/ https://alb.reddit.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.wesupply.xyz https://wesupplylabs.com www.xtento.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.sharethis.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.bookshark.com *.sonlight.com *.authorize.net *.cardinalcommerce.com *.vimeo.com https://vimeo.com *.instagram.com *.cloudflare.com *.gstatic.com *.google.com *.google.co.in https://www.facebook.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.connect.facebook.net https://stats.g.doubleclick.net *.youtube.com https://d.adroll.com https://pixel.advertising.com https://pixel.rubiconproject.com https://simage2.pubmatic.com https://dsum-sec.casalemedia.com https://ads.yahoo.com https://eb2.3lift.com https://sync.outbrain.com https://trc.taboola.com https://x.bidswitch.net/sync https://ib.adnxs.com https://idsync.rlcdn.com https://us-u.openx.net https://ups.analytics.yahoo.com https://segments.company-target.com https://sync.tidaltv.com *.zdassets.com *.chimpstatic.com chimpstatic.com *.zendesk.com *.addtoany.com *.pinterest.com https://app.viralsweep.com https://cdn.datatables.net *.klaviyo.com *.cdninstagram.com *.sonlightconnections.com https://widget-mediator.zopim.com/ https://alb.reddit.com/ https://tr.snapchat.com/ https://a1.b0e8.com/ https://match.adsrvr.org/ https://insight.adsrvr.org/ https://px.steelhousemedia.com/ https://match.sharethrough.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com maps.gstatic.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ store.paradoxlabs.com *.fbcdn.net maps.googleapis.com www.xtento.com cdn.xtento.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.sharethis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com *.bookshark.com *.sonlight.com *.authorize.net *.cardinalcommerce.com https://vimeo.com *.instagram.com wss://*.zopim.com *.zdassets.com *.zendesk.com *.cloudflare.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.googleadservices.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com https://connect.facebook.net *.paypalobjects.com *.paypal.com *.googletagmanager.com *.youtube.com https://s.adroll.com https://d.adroll.com https://d.adroll.mgr.consensu.org *.bootstrapcdn.com *.chimpstatic.com chimpstatic.com *.addtoany.com *.api.sonlight.com *.braintree-api.com *.pinterest.com https://js-agent.newrelic.com/ *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.nr-data.net *.calendly.com https://calendly.com/ https://app.viralsweep.com https://cdn.datatables.net *.klaviyo.com *.sonlightconnections.com https://s.pinimg.com/ https://analytics.tiktok.com/ https://sc-static.net/ *.redditstatic.com https://googleads.g.doubleclick.net/ https://tr.snapchat.com/ https://widget-mediator.zopim.com/ https://alb.reddit.com/ https://cdn.bc0a.com/ https://cdn1.b0e8.com/ https://dx.mountain.com/ https://px.mountain.com/ assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com maps.googleapis.com ajax.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://www.googletagmanager.com tagmanager.google.com www.xtento.com cdn.xtento.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.sharethis.com cdn.dnky.co webchat.dotdigital.com api2-staging.inquisicorp.com api2.sonlight.com *.bookshark.com *.sonlight.com *.authorize.net *.cardinalcommerce.com *.vimeo.com https://vimeo.com *.instagram.com *.cloudflare.com *.googleapis.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.youtube.com *.bootstrapcdn.com *.zdassets.com *.zendesk.com *.chimpstatic.com chimpstatic.com *.addtoany.com *.pinterest.com https://app.viralsweep.com https://cdn.datatables.net *.klaviyo.com *.sonlightconnections.com https://widget-mediator.zopim.com/ https://alb.reddit.com/ https://tr.snapchat.com/ unsafe-inline fonts.googleapis.com https://static.klaviyo.com tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.bookshark.com *.sonlight.com *.zdassets.com *.zopim.com *.addtoany.com *.pinterest.com https://cdn.datatables.net *.klaviyo.com *.sonlightconnections.com *.vimeo.com https://vimeo.com *.libsyn.com *.blubrry.com https://widget-mediator.zopim.com/ https://alb.reddit.com/ *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.sharethis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com *.bookshark.com *.sonlight.com *.authorize.net *.cardinalcommerce.com *.vimeo.com https://vimeo.com *.instagram.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.google.com *.google.co.in *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.facebook.com *.zdassets.com *.zendesk.com wss://*.zopim.com *.chimpstatic.com chimpstatic.com *.braintree-api.com *.braintreegateway.com *.kaptcha.com *.addtoany.com *.pinterest.com *.bam.nr-data.net https://bam.nr-data.net https://app.viralsweep.com https://cdn.datatables.net *.klaviyo.com *.sonlightconnections.com *.addthis.com https://stats.g.doubleclick.net/ https://s.pinimg.com/ https://analytics.tiktok.com/ https://sc-static.net/ *.redditstatic.com https://googleads.g.doubleclick.net/ https://tr.snapchat.com/ https://widget-mediator.zopim.com/ https://alb.reddit.com/ https://maps.googleapis.com/ https://ixfd2-api.bc0a.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ t.elasticsuite.io https://www.google-analytics.com *.googleusercontent.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.klaviyo.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 2
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.klarnacdn.net *.fontawesome.com *.alothemes.com *.magepow.com 'unsafe-inline' data: *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com *.nosto.com *.nos.to *.facebook.com *.hsforms.net *.hsforms.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.fetchify.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.google.com *.doubleclick.net *.facebook.com account.fetchify.com *.klarna.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.nosto.com *.nos.to *.kaptcha.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.klarna.com *.klarnaevt.com *.klarnacdn.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.alothemes.com *.magepow.com *.nosto.com *.nos.to *.google.co.uk *.windows.net *.hsforms.net *.hsforms.com *.googleapis.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.klarna.com *.klarnacdn.net *.klarnaservices.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.alothemes.com *.magepow.com *.nosto.com *.nos.to *.cardinalcommerce.com *.braintreegateway.com *.klevu.com *.ksearchnet.com *.newrelic.com *.nr-data.net *.yotpo.com *.hsforms.net *.hsforms.com *.googleapis.com *.webgains.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com cc-cdn.com *.klarnacdn.net unsafe-inline *.fontawesome.com *.alothemes.com *.magepow.com *.nosto.com *.nos.to *.typekit.net *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.alothemes.com *.magepow.com *.nosto.com *.nos.to *.nr-data.net *.doubleclick.net *.hsforms.net *.hsforms.com *.webgains.io *.hub-box.com *.googleapis.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src *.amazonaws.com *.yotpo.com *.googleapis.com *.googletagmanager.com *.google.com *.gstatic.com data: *.truefitcorp.com *.espssl.com *.global-e.com *.monetate.net *.narvar.com *.narvar.qa data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com *.google.com *.googletagmanager.com *.googleapis.com *.gstatic.com *.amazonaws.com www.facebook.com *.global-e.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.sharethis.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.livechatinc.com www2.bglobale.com/ *.salesfloor.net *.criteo.com *.google.com *.googletagmanager.com *.paypal.com *.facebook.com *.truefitcorp.com *.g.doubleclick.net *.criteo.net players.brightcove.net *.global-e.com *.styledby.stjohnknits.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.sharethis.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.google.com *.doubleclick.net *.bglobale.com  *.google-analytics.com *.googletagmanager.com *.stickyadstv.com *.google.co.in *.salesfloor.net *.facebook.com *.bing.com *.listrakbi.com *.espssl.com *.global-e.com *.cloudfront.net *.casalemedia.com *.criteo.com *.mediawallahscript.com *.adnxs.com *.analytics.yahoo.com *.yahoo.com *.openx.net s.ad.smaato.net *.media.net *.3lift.com *.pubmatic.com *.tapad.com *.bidswitch.net *.advertising.com *.rubiconproject.com *.addthis.com *.outbrain.com *.ads.yieldmo.com cm.mgid.com *.truefitcorp.com *.linksynergy.com *.taboola.com *.omnitagjs.com *.teads.tv *.sharethrough.com *.smartadserver.com *.360yield.com *.adform.net *.yieldlab.net *.digitaleast.mobi *.privacysandbox.googleadservices.com *.adscale.de *.gstatic.com *.akamaized.net *.googleusercontent.com *.amazonaws.com *.googleapis.com *.clarity.ms *.dmxleo.com *.revcontent.com *.admanmedia.com *.liadm.com *.postrelease.com *.tremorhub.com *.kargo.com *.tpmn.co.kr *.clmbtech.com *.zemanta.com *.adsrvr.org *.bluekai.com *.contextweb.com *.deepintent.com ad.as.amanad.adtdp.com csm.da.us.criteo.net *.rlcdn.com *.ivitrack.com *.mediavine.com ad.sxp.smartclip.net au.ants.vn *.quantserve.com *.yieldmo.com *.twiago.com *.lemmatechnologies.com *.srv.stackadapt.com *.amazon-adsystem.com csm.va.us.criteo.net *.bnmla.com *.simpli.fi *.meba.kr *.mathtag.com *.sitescout.com *.crwdcntrl.net *.targeting.unrulymedia.com *.1rx.io *.adx.opera.com *.clientgear.com *.instantsearchplus.com *.dyntrk.com *.brightmountainmedia.com idsync.admixer.co.kr *.styledby.stjohnknits.com *.aralego.com *.toast.com *.dotomi.com *.aralego.net fksnk.com *.mfadsrvr.com *.onprospects.com *.onaudience.com ad.turn.com *.socdm.com *.adingo.jp *.ad-stir.com *.dable.io creativecdn.com a1.b0e8.com aa.agkn.com d.turn.com beacon.krxd.net *.monetate.net e1.emxdgt.com c.aaxads.com *.gssprt.jp *.pippio.com *.mmtro.com *.rfihub.com *.rezync.com *.narvar.com *.narvar.qa store.paradoxlabs.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com *.sharethis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.acp-magento.appspot.com *.akamaized.net *.instantsearchplus.com *.fastsimon.com fastsimon-grid.akamaized.net *.authorize.net *.braintreegateway.com *.paypal.com *.cardinalcommerce.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com *.yotpo.com *.truefitcorp.com *.bglobale.com cookiepro.blob.core.windows.net *.appspot.com cdn.livechatinc.com *.listrakbi.com api.livechatinc.com *.google-analytics.com *.jquery.com *.google.com *.googletagmanager.com *.bing.com *.upsellit.com *.salesfloor.net *.rmp.rakuten.com *.facebook.net *.g.doubleclick.net *.newrelic.com *.quantcount.com *.criteo.net *.criteo.com widget.us.criteo.com *.nr-data.net *.googleapis.com *.freegeoip.net *.clarity.ms *.loopme.me *.quantserve.com *.bnmla.com *.krxd.net console.brightmountainmedia.com ad.turn.com s-cs.send.microad.jp beacon.krxd.net *.thebrighttag.com *.mfadsrvr.com *.global-e.com *.styledby.stjohnknits.com *.bc0a.com *.b0e8.com *.monetate.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.sharethis.com cdn.dnky.co webchat.dotdigital.com *.yotpo.com *.googleapis.com *.googletagmanager.com *.google.com *.bglobale.com cookiepro.blob.core.windows.net cdn.listrakbi.com *.truefitcorp.com *.espssl.com *.global-e.com *.styledby.stjohnknits.com *.monetate.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com static.zdassets.com *.kxcdn.com *.listrakbi.com *.upsellit.com *.narvar.com *.narvar.qa 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.sharethis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de staticw2.yotpo.com *.cardinalcommerce.com *.payments-amazon.co.jp *.payments-amazon.co.uk *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.amazonaws.com *.bglobale.com *.stjohnknits.com *.truefitcorp.com  *.google-analytics.com *.google.com *.googletagmanager.com *.paypal.com *.nr-data.net *.g.doubleclick.net *.uc.r.appspot.com ultimate-dot-acp-magento.appspot.com *.livechatinc.com *.bing.com *.googleapis.com *.clarity.ms www.facebook.com *.listrakbi.com *.global-e.com *.styledby.stjohnknits.com *.bc0a.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com *.authorize.net *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
frame-ancestors 'self'; report-uri /csp/report 2
font-src fonts.gstatic.com use.typekit.net *.klarnacdn.net *.klevu.com *.ksearchnet.com *.stripe.com klarna.com *.klarna.com *.klarnaevt.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.instagram.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.klarna.com *.stripe.com klarna.com *.klarnacdn.net *.klarnaevt.com *.trustpilot.com *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net p.typekit.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.cdninstagram.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com *.klarna.com *.klarnaevt.com *.klarnacdn.net *.klevu.com *.ksearchnet.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com beacon-qa.magento-datasolutions.com beacon-stage.magento-ds.com beacon.magento-ds.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com www.googletagmanager.com *.instagram.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.klarna.com *.klarnacdn.net *.klarnaservices.com js.klevu.com *.ksearchnet.com *.stripe.com klarna.com *.klarnaevt.com *.trustpilot.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.klarnacdn.net *.klevu.com *.ksearchnet.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.snplow.net commerce.adobedc.net p13n-mr.adobe.io www.google-analytics.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.adobedc.net *.demdex.net *.sentry.io *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com *.klevu.com *.ksearchnet.com *.stripe.com klarna.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
report-uri https://www.tv5unis.ca/csp-report;default-src 'self' *.googlesyndication.com ;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.2mdn.net *.amazon-adsystem.com *.doubleclick.net *.facebook.com *.facebook.net *.google.ca *.google.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.scorecardresearch.com *.google-analytics.com *.gstatic.com *.hotjar.com *.m32.media *.pinimg.com *.tiktok.com *.tv5unis.ca cdn.ampproject.org snap.licdn.com tag.aticdn.net sc-static.net ;style-src 'self' 'unsafe-inline' *.tv5unis.ca fonts.googleapis.com ;img-src 'self' data: *.doubleclick.net *.facebook.com *.google.ca *.google.com *.googleusercontent.com *.google-analytics.com *.googlesyndication.com *.scorecardresearch.com *.linkedin.com *.tiktok.com *.tv5unis.ca p.adsymptotic.com bcp.crwdcntrl.net platform-lookaside.fbsbx.com ;media-src 'self' blob: *.2mdn.net *.llnw.net ;frame-src 'self' *.doubleclick.net *.facebook.com *.firebaseapp.com/ *.google.com *.googlesyndication.com ads.pubmatic.com imasdk.googleapis.com vars.hotjar.com tr.snapchat.com ;font-src 'self' data: fonts.gstatic.com ;connect-src 'self' *.2mdn.net *.adnxs.com *.amazon-adsystem.com *.amazon-adsystem.com *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.google.ca *.google.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.gstatic.com *.linkedin.com *.llnw.net *.m32.media *.scorecardresearch.com *.tiktok.com *.tv5unis.ca bcp.crwdcntrl.net cdn.ampproject.org cdn.jsdelivr.net licensing.bitmovin.com platform-lookaside.fbsbx.com sc-static.net sentry.io snap.licdn.com static.hotjar.com tag.aticdn.net us-central1-m32-infrastructure.cloudfunctions.net vendorlist.consensu.org https://api.tv5unis.ca ;worker-src 'self' blob: ;form-action 'self' www.facebook.com tr.snapchat.com ; 2
default-src 'self' *.a8b.co 2
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://*.mscanada.ca https://*.spcanada.ca https://apply.workable.com https://www.workable.com https://cdn.livechatinc.com https://api.livechatinc.com https://js-agent.newrelic.com https://www.googletagmanager.com https://bam.nr-data.net https://mssp.tfaforms.net; object-src 'none'; style-src 'report-sample' 'self' 'unsafe-inline' https://*.mscanada.ca https://ccf807.spcanada.ca https://cdn.jsdelivr.net https://fonts.googleapis.com https://cdnjs.cloudflare.com https://mssp.tfaforms.net; img-src 'self' data: https://*.mscanada.ca https://*.spcanada.ca https://bam.nr-data.net; media-src 'self' https://cdn.livechatinc.com; frame-src 'self' https://secure.livechatinc.com https://www.youtube.com https://mssp.tfaforms.net; frame-ancestors 'self'; child-src 'none'; font-src 'self' data: https://ccf807.mscanada.ca https://cdn.jsdelivr.net https://cdn.livechatinc.com https://cdnjs.cloudflare.com https://fonts.gstatic.com; connect-src 'self' https://*.mscanada.ca https://*.spcanada.ca https://api.livechatinc.com https://bam.nr-data.net https://mssp.tfaforms.net; report-uri /report-csp-violation 2
font-src fonts.gstatic.com use.typekit.net *.fontawesome.com connect.facebook.net static-tracking.klaviyo.com www.gravatar.com in.hotjar.com www.facebook.com *.cloudflare.com *.trackedlink.net *.cloudfront.net *.atatus.com imgs.signifyd.com cdn-scripts.signifyd.com s.pinimg.com dmc1acwvwny3.cloud static.hotjar.com cdn1.stamped.io script.hotjar.com bm-rx.atatus.com imgs.cdn-btsg.com js.braintreegateway.com analytics.google.com assets.adobedtm.com dpm.demdex.net fonts.googleapis.com amcglobal.sc.omtrdc.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com googleads.g.doubleclick.net bid.g.doubleclick.net *.ftcdn.net *.behance.net t.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com cloudinary.com *.cloudinary.com blob maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de cloudinary.com *.cloudinary.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.google.com js.stripe.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de cloudinary.com *.cloudinary.com cdnjs.cloudflare.com connect.facebook.net static-tracking.klaviyo.com www.gravatar.com in.hotjar.com www.facebook.com *.trackedlink.net *.cloudfront.net *.atatus.com imgs.signifyd.com cdn-scripts.signifyd.com s.pinimg.com dmc1acwvwny3.cloud static.hotjar.com cdn1.stamped.io script.hotjar.com bm-rx.atatus.com imgs.cdn-btsg.com js.braintreegateway.com analytics.google.com assets.adobedtm.com dpm.demdex.net diypestcontrol.ladesk.com 1-vbus-us-tx.ladesk.com ct.pinterest.com amcglobal.sc.omtrdc.net cm.everesttech.net widgets.magentocommerce.com googleads.g.doubleclick.net *.ftcdn.net *.behance.net t.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io b.stats.paypal.com dub.stats.paypal.com *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com blob *.weltpixel.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.ftcdn.net *.behance.net data: www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com cloudinary.com *.cloudinary.com connect.facebook.net static-tracking.klaviyo.com www.gravatar.com in.hotjar.com www.facebook.com *.cloudflare.com *.cloudfront.net diypestcontrol.com ct.pinterest.com *.trackedlink.net *.atatus.com imgs.signifyd.com cdn-scripts.signifyd.com s.pinimg.com dmc1acwvwny3.cloud static.hotjar.com cdn1.stamped.io script.hotjar.com bm-rx.atatus.com imgs.cdn-btsg.com js.braintreegateway.com blob https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ store.paradoxlabs.com *.gstatic.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ js.stripe.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de cloudinary.com *.cloudinary.com cdnjs.cloudflare.com connect.facebook.net static-tracking.klaviyo.com www.gravatar.com in.hotjar.com www.facebook.com *.cloudflare.com *.stamped.io *.googletagmanager.com *.signifyd.com https://imgs.cdn-btsg.com *.trackedlink.net *.cloudfront.net *.atatus.com imgs.signifyd.com s.pinimg.com dmc1acwvwny3.cloud static.hotjar.com script.hotjar.com bm-rx.atatus.com dpm.demdex.net www.dwin1.com diypestcontrol.ladesk.com cm.everesttech.net widgets.magentocommerce.com bid.g.doubleclick.net *.ftcdn.net *.behance.net fpdbs.paypal.com fpdbs.sandbox.paypal.com i.ytimg.com validator.swagger.io b.stats.paypal.com dub.stats.paypal.com checkout.paypal.com *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com cdn1.stamped.io blob 'self' data: https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io *.authorize.net cdn.ampproject.org www.gstatic.com https://www.googletagmanager.com tagmanager.google.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com unsafe-inline assets.braintreegateway.com cloudinary.com *.cloudinary.com *.fontawesome.com connect.facebook.net static-tracking.klaviyo.com www.gravatar.com in.hotjar.com www.facebook.com *.cloudflare.com *.trackedlink.net *.cloudfront.net *.atatus.com imgs.signifyd.com cdn-scripts.signifyd.com s.pinimg.com dmc1acwvwny3.cloud static.hotjar.com cdn1.stamped.io script.hotjar.com bm-rx.atatus.com imgs.cdn-btsg.com js.braintreegateway.com analytics.google.com dpm.demdex.net assets.adobedtm.com amcglobal.sc.omtrdc.net cm.everesttech.net widgets.magentocommerce.com googleads.g.doubleclick.net bid.g.doubleclick.net *.ftcdn.net *.behance.net t.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io b.stats.paypal.com dub.stats.paypal.com c.paypal.com checkout.paypal.com *.paypal.com *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com blob https://static.klaviyo.com www.gstatic.com maxcdn.bootstrapcdn.com tagmanager.google.com 'self' 'unsafe-inline'; object-src connect.facebook.net static-tracking.klaviyo.com www.gravatar.com in.hotjar.com www.facebook.com *.trackedlink.net *.cloudfront.net *.atatus.com imgs.signifyd.com cdn-scripts.signifyd.com s.pinimg.com dmc1acwvwny3.cloud static.hotjar.com cdn1.stamped.io script.hotjar.com bm-rx.atatus.com imgs.cdn-btsg.com js.braintreegateway.com analytics.google.com assets.adobedtm.com dpm.demdex.net amcglobal.sc.omtrdc.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com googleads.g.doubleclick.net bid.g.doubleclick.net *.ftcdn.net *.behance.net t.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com cloudinary.com *.cloudinary.com blob 'self' 'unsafe-inline'; media-src *.adobe.com cloudinary.com *.cloudinary.com connect.facebook.net static-tracking.klaviyo.com www.gravatar.com in.hotjar.com www.facebook.com *.trackedlink.net *.cloudfront.net *.atatus.com imgs.signifyd.com cdn-scripts.signifyd.com s.pinimg.com dmc1acwvwny3.cloud static.hotjar.com cdn1.stamped.io script.hotjar.com bm-rx.atatus.com js.braintreegateway.com analytics.google.com assets.adobedtm.com dpm.demdex.net amcglobal.sc.omtrdc.net cm.everesttech.net widgets.magentocommerce.com googleads.g.doubleclick.net bid.g.doubleclick.net *.ftcdn.net *.behance.net t.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com imgs.cdn-btsg.com blob 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de cloudinary.com *.cloudinary.com connect.facebook.net static-tracking.klaviyo.com www.gravatar.com in.hotjar.com www.facebook.com *.cloudflare.com assets.adobedtm.com a.klaviyo.com ct.pinterest.com stats.g.doubleclick.net maps.googleapis.com *.trackedlink.net *.cloudfront.net *.atatus.com imgs.signifyd.com cdn-scripts.signifyd.com s.pinimg.com dmc1acwvwny3.cloud static.hotjar.com cdn1.stamped.io script.hotjar.com bm-rx.atatus.com imgs.cdn-btsg.com js.braintreegateway.com cm.everesttech.net *.adobe.com widgets.magentocommerce.com googleads.g.doubleclick.net bid.g.doubleclick.net *.ftcdn.net *.behance.net t.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com blob https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io *.authorize.net cdn.ampproject.org www.googleapis.com https://www.google-analytics.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com connect.facebook.net static-tracking.klaviyo.com www.gravatar.com in.hotjar.com www.facebook.com *.trackedlink.net *.cloudfront.net *.atatus.com imgs.signifyd.com cdn-scripts.signifyd.com s.pinimg.com dmc1acwvwny3.cloud static.hotjar.com cdn1.stamped.io script.hotjar.com bm-rx.atatus.com js.braintreegateway.com analytics.google.com assets.adobedtm.com dpm.demdex.net amcglobal.sc.omtrdc.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com googleads.g.doubleclick.net bid.g.doubleclick.net *.ftcdn.net *.behance.net t.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io b.stats.paypal.com dub.stats.paypal.com checkout.paypal.com *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com cloudinary.com *.cloudinary.com imgs.cdn-btsg.com blob http: https: blob: 'self' 'unsafe-inline'; default-src assets.adobedtm.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
frame-ancestors 'none' 2
default-src https: 'self' data: blob:; script-src https: 'self' blob: 'unsafe-inline' 'unsafe-eval' https://googletagmanager.com/gtm.js https://www.googletagmanager.com/gtm.js https://pagead2.googlesyndication.com https://v.hvl.no; style-src https: 'self' data: 'unsafe-inline' https://v.hvl.no https://app.everviz.com https://fonts.googleapis.com; connect-src https: 'self' wss://ws.hotjar.com/api/v2/client/ws https://stats.g.doubleclick.net/g/collect https://pagead2.googlesyndication.com; frame-ancestors 'self' https://hvl.instructure.com; report-uri https://hogskulenpaavestlandet.report-uri.com/r/d/csp/reportOnly; 2
default-src 'none'; form-action 'none'; frame-ancestors 'none'; 2
font-src *.fontawesome.com maxcdn.bootstrapcdn.com 'unsafe-inline' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com www.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com https://fittinglabs-development.firebaseapp.com https://fittinglabs-staging.firebaseapp.com https://fittinglabs-production.firebaseapp.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com www.youtube.com www.facebook.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://shop-demo.fittinglabs.it https://shop-dev.fittinglabs.it https://magento.test www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com www.facebook.com bam.nr-data.net epictv.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com https://apis.google.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com connect.facebook.net api.videoly.co js-agent.newrelic.com bam.nr-data.net dapi.videoly.co 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com https://api.fittinglabs.it https://api-demo.fittinglabs.it https://api-dev.fittinglabs.it https://identitytoolkit.googleapis.com https://securetoken.googleapis.com http://127.0.0.1:5000 http://localhost:5000 *.lottiefiles.com *.eu-central-1.linodeobjects.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com https://www.google-analytics.com bam.nr-data.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.eu-central-1.linodeobjects.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self' data 'unsafe-inline' 'unsafe-eval' *.scoresense.com *.freescoreonline.com *.nationalcreditreport.com *.freescore360.com https://img1.cdn180.net ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://apigateway.scoresense.com/ https://img1.cdn180.net *.chasepayment.com https://safetechpageencryptionvar.chasepaymentech.com https://www.cardratings.com *.visualwebsiteoptimizer.com *.salesforceliveagent.com seal-dallas.bbb.org seal.digicert.com https://fqtag.com https://www.youtube.com https://www.googletagmanager.com https://cdn.cookielaw.org www.google-analytics.com bat.bing.com *.siteintercept.qualtrics.com https://secure.quantserve.com https://rules.quantcount.com  *.decibelinsight.net blob:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.facebook.net seal-dallas.bbb.org https://img1.cdn180.net https://seal-blue.bbb.org ; img-src * 'self' data: https:; connect-src 'self' ws: wss: *.decibelinsight.net *.facebook.com *.execute-api.us-east-1.amazonaws.com *.onetechnologies.net *.siteintercept.qualtrics.com https://fqtag.com https://apigateway.scoresense.com https://seal.digicert.com https://images.scanalert.com https://seal-dallas.bbb.org https://onetechnologies.secure.force.com https://www.gstatic.com *.salesforceliveagent.com https://www.googletagmanager.com https://consumerconnect.tui.transunion.com *.visualwebsiteoptimizer.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://onetechnologies-privacy.my.onetrust.com https://onetechnologies.secure.force.com https://service.force.com ; font-src 'self' https://fonts.gstatic.com https://img1.cdn180.net ; frame-src https://www.youtube.com *.google.com; frame-ancestors *.scoresense.com *.freescoreonline.com *.nationalcreditreport.com *.freescore360.com; report-to ot-reporter; report-uri https://xtvenwskmk.execute-api.us-east-1.amazonaws.com/infosec 2
default-src 'self' 'unsafe-inline' cdnjs.cloudflare.com cdn.jsdelivr.net *.googletagmanager.com *.zdassets.com cdn.brcdn.com *.googleapis.com *.google-analytics.com *.google.com *.trustpilot.com *.newrelic.com bam.nr-data.net *.amazonaws.com *.jquery.com fonts.fontawesome.com fonts.gstatic.com use.fontawesome.com sarnova-dev.s3.amazonaws.com *.akstat.io 2
font-src *.sagepay.com *.fontawesome.com *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.narvar.com *.narvar.qa *.tawk.to fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com *.sagepay.com https://logistics-stage.ecpay.com.tw/Express/map https://logistics.ecpay.com.tw/Express/map https://logistics-stage.ecpay.com.tw/helper/printTradeDocument https://logistics.ecpay.com.tw/helper/printTradeDocument *.twitter.com https://plumrocket.com *.cardinalcommerce.com *.paypal.com *.tawk.to 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.affirm.com *.affirm.ca *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com pay.google.com sandbox.secure.checkout.visa.com secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com *.sagepay.com maps.googleapis.com chart.googleapis.com *.twitter.com https://plumrocket.com https://accounts.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com *.paypal.com *.tawk.to 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com www.apptrian.com *.affirm.com *.affirm.ca www.gstatic.com sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com *.paypal.com *.sagepay.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.narvar.com *.narvar.qa store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.tawk.to cdn.jsdelivr.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com *.affirm.com *.affirm.ca *.online-metrix.net testflex.cybersource.com flex.cybersource.com pay.google.com x.klarnacdn.net sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com songbirdstag.cardinalcommerce.com *.sagepay.com maps.googleapis.com chart.googleapis.com *.paypal.com *.sandbox.paypal.com *.google.com *.googletagmanager.com *.plumrocket.com *.tawk.to *.bam-cell.nr-data.net *.gstatic.com https://accounts.google.com https://www.gstatic.com api.veritrans.co.jp *.authorize.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com cdn.jsdelivr.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.sagepay.com *.fontawesome.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu https://accounts.google.com https://www.gstatic.com unsafe-inline *.tawk.to fonts.googleapis.com cdn.jsdelivr.net 'self' 'unsafe-inline'; object-src maps.googleapis.com chart.googleapis.com 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com *.narvar.com *.narvar.qa 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.apptrian.com *.affirm.com *.affirm.ca thm.visa.com *.paypal.com *.sagepay.com maps.googleapis.com chart.googleapis.com *.cloudflare.com *.twitter.com *.twimg.com https://accounts.google.com api.veritrans.co.jp *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.tawk.to wss://*.tawk.to 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://mcstaging.mikimoto.com/; report-to report-endpoint; 2
font-src fonts.gstatic.com use.typekit.net *.google.com *.gstatic.com *.cloudfront.net *.amazonaws.com *.klevu.com *.fontawesome.com *.googleapis.com *.socialannex.com *.amplighting.com amplighting.com voltlighting.com *.voltlighting.com *.hotjar.com *.bazaarvoice.com *.ksearchnet.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de api.bazaarvoice.com stg.api.bazaarvoice.com *.google.com *.gstatic.com www.facebook.com *.amazonaws.com *.amplighting.com amplighting.com voltlighting.com *.voltlighting.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.dotdigital-pages.com *.dotdigital.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.affirm.com *.affirm.ca display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.google.com *.gstatic.com www.facebook.com *.googletagmanager.com *.googleapis.com *.amazonaws.com *.paypalobjects.com www.paypalobjects.com amc.demdex.net fast.amc.demdex.net bid.g.doubleclick.net nsg.symantec.com *.hotjar.com www.youtube.com www.pinterest.com *.twitter.com *.socialannex.net *.amplighting.com amplighting.com voltlighting.com *.voltlighting.com https://nytrng.com/ *.attn.tv *.guarantee-cdn.com ssl.kaptcha.com *.fls.doubleclick.net *.paypal.com *.googlesyndication.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.weltpixel.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com p.typekit.net *.vimeocdn.com i.ytimg.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com *.affirm.com *.affirm.ca display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com *.google.com *.klevu.com bat.bing.com *.gstatic.com www.facebook.com connect.facebook.net googleads.g.doubleclick.net www.google.co.in *.amazonaws.com dpm.demdex.net amc.demdex.net *.visualwebsiteoptimizer.com *.powerreviews.com *.cloudfront.net nsg.symantec.com *.wpengine.com www.googletagmanager.com cdn.socialannex.com *.cloudinary.com *.gravatar.com *.adobedtm.com *.amplighting.com amplighting.com voltlighting.com *.voltlighting.com *.trackedlink.net *.b0e8.com *.guarantee-cdn.com *.clarity.ms *.bing.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.lfeeder.com *.shop.pe wt.rqtrk.eu id5-sync.com *.payments-amazon.com guarantee-cdn.com 'self' blob: *.hotjar.com https://bttrack.com *.paypalobjects.com *.googlesyndication.com graph.facebook.com business.facebook.com *.ksearchnet.com store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://redchamps.com data: 'self' 'unsafe-inline'; script-src geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com www.sandbox.paypal.com t.paypal.com assets.adobedtm.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.affirm.com *.affirm.ca apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com *.google.com bat.bing.com *.gstatic.com *.klevu.com www.facebook.com *.cloudfront.net googleads.g.doubleclick.net *.powerreviews.com unpkg.com *.visualwebsiteoptimizer.com *.amazonaws.com *.googletagmanager.com *.googleapis.com js-agent.newrelic.com nsg.symantec.com a.opmnstr.com bam.nr-data.net bam-cell.nr-data.net cdn.socialannex.com *.hotjar.com *.instagram.net cdn.plyr.io stackpath.bootstrapcdn.com dn.jsdelivr.net code.jquery.com *.socialannex.com *.amplighting.com amplighting.com voltlighting.com *.voltlighting.com *.bc0a.com cdn.attn.tv guarantee-cdn.com cdn.b0e8.com *.clarity.ms https://www.google-analytics.com *.lfeeder.com https://shop.pe *.shop.pe wt.rqtrk.eu cdn.id5-sync.com *.blackcrow.ai *.bttrack.com https://bttrack.com *.google.co.in *.googleadservices.com *.authorize.net *.paypal.com www.youtube.com analytics.tiktok.com tpc.googlesyndication.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com connect.facebook.net graph.facebook.com business.facebook.com js.klevu.com *.ksearchnet.com *.kaptcha.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com display.ugc.bazaarvoice.com *.google.com *.klevu.com *.powerreviews.com *.gstatic.com *.cloudfront.net *.amazonaws.com stats.g.doubleclick.net www.google-analytics.com *.socialannex.com *.amplighting.com amplighting.com voltlighting.com *.voltlighting.com *.hotjar.com *.fontawesome.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.ksearchnet.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.snplow.net commerce.adobedc.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com *.adobe.io performance.typekit.net commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.affirm.com *.affirm.ca api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.google.com bat.bing.com *.gstatic.com *.amazonaws.com *.paypal.com *.googletagmanager.com *.googleapis.com *.dotdigital.com dpm.demdex.net amcglobal.sc.omtrdc.net *.cardinalcommerce.com stats.g.doubleclick.net get.geojs.io *.powerreviews.com api.omappapi.com *.wpengine.com bam.nr-data.net bam-cell.nr-data.net stats.ksearchnet.com *.ksearchnet.com *.demdex.net *.socialannex.com *.visualwebsiteoptimizer.com *.amplighting.com amplighting.com voltlighting.com *.voltlighting.com www.facebook.com *.bc0a.com *.clarity.ms *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.lfeeder.com https://shop.pe *.shop.pe *.attn.tv events.attentivemobile.com *.hotjar.com https://google.com lb.eu-1-id5-sync.com id5-sync.com *.hotjar.io wss://*.hotjar.com *.blackcrow.ai https://bttrack.com *.authorize.net analytics.tiktok.com webchat.dotdigital.com webchat.staging.dotdigital.com connect.facebook.net graph.facebook.com business.facebook.com *.klevu.com *.kaptcha.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com google.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.voltlighting.com/; report-to report-endpoint; 2
report-uri https://cspapi.dev.torrentflood.com/api/csp; default-src 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' blob: data: *.vimeo.com *.amazonaws.com *.fema.gov *.googleapis.com *.gstatic.com *.kaspersky-labs.com consent.api.osano.com tattle.api.osano.com cmp.osano.com disclosure.api.osano.com *.torrentflood.com *.trustarc.com accessdenied.pnc.com agents.floodsmart.gov analytics.google.com az416426.vo.msecnd.net cdn-forpci33.actonsoftware.com cdn.jsdelivr.net cdnjs.cloudflare.com ggpht.com google-analytics.com hartfordfloodonline.com home-c8.incontact.com marketing.torrentcorp.com maxcdn.bootstrapcdn.com mozbar.moz.com nfipdirect.com nfipdirect.fema.com nfipservices.floodsmart.gov player.vimeo.com pwm-image.trendmicro.com rum-collector-2.pingdom.net rum-static.pingdom.net selectiveflood.com ssl.google-analytics.com static3.avast.com stats.g.doubleclick.net tagmanager.google.com torrentcorp.com torrentflood.com use.fontawesome.com vortex.data.microsoft.com www.google-analytics.com www.google.com www.googletagmanager.com www.youtube.com; frame-ancestors 'self' *.torrentflood.com https://vmp.boldchat.com https://vms.boldchat.com https://*.boldchat.com https://*.torrentflood.com https://thehartford.getflood.com https://torrentflood.com https://www.hartfordfloodonline.com; 2
script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' mackenzieltd.com *.mackenzieltd.com impromptugourmet.com *.impromptugourmet.com cbcrabcakes.com *.cbcrabcakes.com *.cloudmaestro.com cdn.attn.tv tags.wdsvc.net www.lightboxcdn.com static.criteo.net *.adroll.com track.securedvisit.com dev.visualwebsiteoptimizer.com staticw2.yotpo.com *.adroll.mgr.consensu.org js.klevu.com connect.facebook.net lightboxapi.azurewebsites.net sslwidget.criteo.com www.google.com www.gstatic.com www.googletagmanager.com *.cloudfront.net bat.bing.com www.googleadservices.com www.google-analytics.com *.yimg.com js.b1js.com js.alocdn.com tag.rmp.rakuten.com jscdn.appier.net script.crazyegg.com googleads.g.doubleclick.net tags.b1js.com cdn.id5-sync.com tags.crwdcntrl.net *.zenclerk.com ut.ra.linksynergy.com b1img.com widget.us.criteo.com js-agent.newrelic.com bam.nr-data.net *.online-metrix.net cdn.inspectlet.com t.p.mybuys.com cdn.evgnet.com magnetic.t.domdex.com ajax.cloudflare.com static.cloudflareinsights.com macke11122.pcapredict.com waves.retentionscience.com *.bluecore.app *.bluecore.com view.publitas.com; worker-src blob:; report-uri /.webscale/csp-report 2
font-src *.googleapis.com *.gstatic.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://fonts.intercomcdn.com/ *.sagepay.com use.fontawesome.com/releases/v5.6.0/webfonts *.fontawesome.com maxcdn.bootstrapcdn.com 'self' data: data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com https://www.facebook.com/ https://*.realexpayments.com/ *.sagepay.com *.nosto.com *.nos.to *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com https://www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ bid.g.doubleclick.net *.adyen.com https://lgpc.prismic.io *.weltpixel.com https://vars.hotjar.com/ https://www.facebook.com/ https://*.realexpayments.com/ https://player.vimeo.com/ https://www.google.com/ *.trustpilot.com https://newassets.hcaptcha.com/ https://static.cdn.prismic.io/ https://example-repository.prismic.io/ https://ct.pinterest.com/ https://r3.girogate.de/ *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.sagepay.com account.fetchify.com *.nosto.com *.nos.to c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.adyen.com *.googleapis.com *.gstatic.com https://images.prismic.io/lgpc/ https://bat.bing.com/ https://www.facebook.com https://*.pinterest.com/ https://www.google-analytics.com https://www.google.com https://www.google.co.uk https://snapppt.com/ https://*.snapppt.com/ https://maps.googleapis.com/ https://images.prismic.io/ https://prismic-io.s3.amazonaws.com/ https://cookie-cdn.cookiepro.com https://www.magecomp.com/ https://streetviewpixels-pa.googleapis.com/ https://js.intercomcdn.com/ https://www.google.com.ua/ *.paypal.com *.sagepay.com ebizmarts-website.s3.amazonaws.com www.feedoptimise.com cdn.feedoptimise.com *.nosto.com *.nos.to www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com https://player.vimeo.com/ www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.adyen.com *.googleapis.com *.gstatic.com https://static.cdn.prismic.io https://prismic.io https://cdnjs.cloudflare.com https://use.fontawesome.com https://*.hotjar.com/ https://connect.facebook.net/ https://s.pinimg.com/ https://bat.bing.com/ https://snapppt.com/ https://*.snapppt.com/ https://maps.googleapis.com/ https://js.intercomcdn.com/ *.trustpilot.com https://*.azureedge.net/ https://cookie-cdn.cookiepro.com/ https://widget.intercom.io https://widgets.pinterest.com https://assets.pinterest.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.gstatic.com https://hcaptcha.com https://cookie-cdn.cookiepro.com https://www.googleoptimize.com/ https://oc-cdn-public-gbr.azureedge.net/ https://emarketing.littlegreene.com/ https://www.googletagmanager.com tagmanager.google.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.sagepay.com www.feedoptimise.com cdn.feedoptimise.com player.vimeo.com *.nosto.com *.nos.to js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com *.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com/ https://cdnjs.cloudflare.com https://*.azureedge.net/ https://hello.myfonts.net/ tagmanager.google.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.sagepay.com cc-cdn.com use.fontawesome.com/releases/v5.6.0/css *.fontawesome.com maxcdn.bootstrapcdn.com *.nosto.com *.nos.to unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.adyen.com *.googleapis.com https://*.hotjar.com/ https://*.pinterest.com/ https://www.google-analytics.com https://stats.g.doubleclick.net https://lg-gb.lgpcm2.ctidev https://snapppt.com/ https://*.snapppt.com/ https://maps.googleapis.com/ https://api-iam.intercom.io/ https://api.craftyclicks.co.uk/ https://www.facebook.com/ wss://nexus-websocket-a.intercom.io https://bat.bing.com/ https://bam.nr-data.net/ https://cookie-cdn.cookiepro.com/ https://privacyportal.cookiepro.com/ https://geolocation.onetrust.com/ https://invitejs.trustpilot.com/ *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.paypal.com *.sagepay.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk *.nosto.com *.nos.to api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com t.elasticsuite.io *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src *.klevu.com *.ksearchnet.com *.fontawesome.com *.typekit.net *.gstatic.com 'self' data: https://widgets.trustedshops.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://seo.mageplaza.com www.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com player.vimeo.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com https://*.dpdconnect.nl *.dpdconnect.nl service2.loyaltyinabox.com ct.pinterest.com www.facebook.com www.youtube.com view.publitas.com www.google.com www.google.nl www.google.de maps.google.com chat.babypark.nl c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.klevu.com *.ksearchnet.com www.babypark.nl www.babypark.de m2.babypark.mavendev.com m2.babypark-de.mavendev.com www.ikenik.nl m2.ikenik.mavendev.com m2.babydump.mavendev.com m2.babydump-de.mavendev.com www.google.com www.google.nl www.google.de www.google.com.ua www.facebook.com ct.pinterest.com www.googletagmanager.com www.zenaps.com www.awin1.com static.zdassets.com bat.bing.com www.thuiswinkel.org i.ytimg.com img.youtube.com blob: www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com 'self' data: maps.gstatic.com https://widgets.trustedshops.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com https://*.dpdconnect.nl *.klevu.com *.ksearchnet.com *.avada.io www.googletagmanager.com checkout.buckaroo.nl www.clarity.ms j.clarity.ms t.clarity.ms lantern.roeyecdn.com widgets.trustedshops.com web-sdk.smartlook.com www.dwin1.com s.pinimg.com connect.facebook.net static.buckaroo.nl view.publitas.com api.360productviewer.com googleads.g.doubleclick.net bat.bing.com static.zdassets.com js.klevu.com js-agent.newrelic.com api.livechatinc.com cdn.livechatinc.com bam.eu01.nr-data.net chat.babypark.nl assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.google.com *.gstatic.com maps.googleapis.com https://widgets.trustedshops.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.klevu.com *.ksearchnet.com *.fontawesome.com *.typekit.net checkout.buckaroo.nl unsafe-inline *.googleapis.com *.gstatic.com https://widgets.trustedshops.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src static.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.klevu.com *.ksearchnet.com j.clarity.ms t.clarity.ms ct.pinterest.com stats.g.doubleclick.net manager.eu.smartlook.cloud ekr.zdassets.com babyparkgmbh.zendesk.com wss://widget-mediator.zopim.com api.360productviewer.com www.facebook.com livechat.fabulor.eu bam.eu01.nr-data.net region1.analytics.google.com www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.google-analytics.com *.trustedshops.com *.etrusted.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'unsafe-eval' 'unsafe-inline' blob: data: https: ws: wss:; img-src 'unsafe-inline' blob: data: *; report-uri https://csp.test.orlo.tech/report; 2
default-src 'self' data:; img-src 'self' https://*.laposte.fr; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com data:; script-src 'self'; style-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com 'unsafe-inline'; style-src-attr 'self' https://fonts.googleapis.com https://fonts.gstatic.com; frame-ancestors 'self'; report-uri https://apostello.uriports.com/reports/report; report-to default 2
default-src https: data: 'unsafe-eval' 'unsafe-inline'; script-src-elem 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.abstractscorecard.com www.googletagmanager.com www.mycadmium.com abstract.cadmiumcd.com abs.gocadmium.com; style-src-elem 'unsafe-eval' 'unsafe-inline' www.abstractscorecard.com www.mycadmium.com abstract.cadmiumcd.com abs.gocadmium.com; report-uri /csp-violation-report-endpoint/ 2
font-src *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * secure.pay1.de payments.amazon.de jsctool.com www.jsctool.com js.playground.klarna.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.mollie.com https://api.mapbox.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com cdn.pay1.de x.klarnacdn.net *.cloudfront.net maps.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com s7.addthis.com *.avada.io js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com secure.pay1.de d.ratepay.com static-eu.payments-amazon.com x.klarnacdn.net cdn.klarna.com jsctool.com d.payla.io maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com unsafe-inline assets.braintreegateway.com d.ratepay.com d.payla.io dr.payla.io 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com ekr.zdassets.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com payments.amazon.de d.ratepay.com jsctool.com eu.playground.klarnaevt.com autocomplete2.postdirekt.de 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
report-uri /algemeen/report_CSP_error.php; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; 2
default-src 'self' *.my127.site blob: *.my127.site inviqa.com inviqa.de youtube.com *.doubleclick.net *.google.com *.googleadservices.com *.google.co.uk *.hubspot.com *.trackedweb.net *.hotjar.com madixel.de cdn.cookielaw.org geolocation.onetrust.com; script-src 'self' 'unsafe-inline' blob: *.googleapis.com 'unsafe-eval' *.my127.site inviqa.com inviqa.de *.googletagmanager.com *.google-analytics.com *.doubleclick.net *.hotjar.com *.gstatic.com *.hs-scripts.com *.hs-banner.com *.hscollectedforms.net *.hs-analytics.net *.licdn.com *.twitter.com *.trackedweb.net *.trackedlink.net madixel.de *.googleadservices.com *.ads-twitter.com cdn.cookielaw.org; style-src 'self' 'unsafe-inline' *.my127.site inviqa.com inviqa.de; img-src 'self'  *.my127.site data: inviqa.com inviqa.de *.google.co.uk *.google.com *.google-analytics.com *.twitter.com *.linkedin.com t.co *.hubspot.com *.hsforms.com *.doubleclick.net cdn.cookielaw.org; frame-src *; frame-ancestors 'self'; child-src *; font-src 'self' *.my127.site data: inviqa.com inviqa.de; report-uri https://www.inviqa.report-uri.com/r/d/csp/reportOnly; upgrade-insecure-requests 2
report-uri https://fathom.report-uri.com/r/t/csp/wizard; default-src 'none'; form-action 'none'; object-src 'none'; frame-ancestors 'none'; block-all-mixed-content; upgrade-insecure-requests 2
font-src fonts.gstatic.com use.typekit.net d1dwsi2ysdg1so.cloudfront.net d15ll0qrusyhmh.cloudfront.net fonts.googleapis.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * api.bazaarvoice.com stg.api.bazaarvoice.com *.snapchat.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.gomoxie.solutions *.braintreegateway.com *.snapchat.com *.doubleclick.net *.paypalobjects.com *.google.com *.kaptcha.com *.adsrvr.org https://plumrocket.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com *.doubleclick.net d1dwsi2ysdg1so.cloudfront.net us.coca-cola.com cocacola.scene7.com ct.pinterest.com *.facebook.com *.userway.org *.agkn.com *.google.com *.snapchat.com *.cookielaw.org maps.googleapis.com maps.gstatic.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com assets.adobedtm.com commerce.adobe.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com *.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com d1dwsi2ysdg1so.cloudfront.net d15ll0qrusyhmh.cloudfront.net rpxnow.com *.rpxnow.com forty11115.pcapredict.com *.gomoxie.solutions js-agent.newrelic.com *.google.com *.gstatic.com bam.nr-data.net *.coca-cola.com *.pricespider.com *.googletagmanager.com sc-static.net *.sc-static.net *.pinimg.com cdn.kxrd.net *.userway.org *.doubleclick.net connect.facebook.net cdn.krxd.net cdn.cookielaw.org api.addressy.com *.ccnag.com *.sprinklr.com *.adsrvr.org *.snapchat.com *.googleoptimize.com maps.googleapis.com *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com unsafe-inline assets.braintreegateway.com display.ugc.bazaarvoice.com d1dwsi2ysdg1so.cloudfront.net d15ll0qrusyhmh.cloudfront.net *.gomoxie.solutions p.typekit.net *.pricespider.com api.addressy.com cdn.cookielaw.org *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.snplow.net commerce.adobedc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.net qa-api.magedevteam.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com d1dwsi2ysdg1so.cloudfront.net d15ll0qrusyhmh.cloudfront.net *.shareacoke.com *.gomoxie.solutions bam.nr-data.net *.braintreegateway.com *.google-analytics.com *.doubleclick.net *.coca-cola.com *.facebook.com ct.pinterest.com *.userway.org *.coke.com api.addressy.com *.ccnag.com *.paypalobjects.com *.snapchat.com *.googleapis.com *.cookielaw.org *.sprinklr.com https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com d1dwsi2ysdg1so.cloudfront.net d15ll0qrusyhmh.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://cokestore.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 2
default-src 'self'; font-src 'self' *.typekit.net *.gstatic.com https://widget.whisbi.com https://maxcdn.bootstrapcdn.com data:; script-src 'self' *.typekit.net *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.google-analytics.com *.googleadservices.com *.facebook.net *.ads-twitter.com https://wurfl.io https://config1.veinteractive.com https://static.whisbi.com https://px.veinteractive.com https://api.ipify.org https://library.whisbi.com https://code.jquery.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com widget.whisbi.com https://nebula-cdn.kampyle.com https://www.irishlife.ie https://script.crazyegg.com https://secure.quantserve.com https://snap.licdn.com https://bat.bing.com https://asset.gomoxie.solutions https://screencapture.kampyle.com https://screencaptue-cdn.kampyle.com https://cdn.cookielaw.org/scripttemplates/ https://cdn.cookielaw.org/consent/ https://googleads.g.doubleclick.net/pagead/viewthroughconversion/ https://rules.quantcount.com/rules-p-YVPTYyQxqBHy-.js https://analytics.twitter.com/i/ https://cdn.cookielaw.org/consent/f16f9427-5e76-4da0-81ad-7617fbf6cdf4/OtAutoBlock.js 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.typekit.net https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://widget.whisbi.com https://www.irishlife.ie https://script.crazyegg.com *.gomoxie.solutions https://config1.veinteractive.com/scripts/ 'unsafe-inline'; frame-src 'self' *.googletagmanager.com *.google.com *.vimeo.com  *.fls.doubleclick.net https://www.irishlife.ie https://config1.veinteractive.com https://script.crazyegg.com *.fls.doubleclick.net https://nebula-cdn.kampyle.com *.gomoxie.solutions https://permanenttsb.ehosts.net https://pay.realexpayments.com/;img-src 'self' *.google.ie *.typekit.net *.google-analytics.com *.gstatic.com *.googleapis.com *.google.com *.fls.doubleclick.net https://stats.g.doubleclick.net https://udc-neb.kampyle.com data: about: https://a.volvelle.tech https://x.bidswitch.net https://cookiee1.veinteractive.com https://www.irishlife.ie https://nebula-cdn.kampyle.com https://moxie-concierge.s3.amazonaws.com https://asset.gomoxie.solutions https://bat.bing.com/action/ https://t.co/i/ https://www.google.co.uk/pagead/ https://pixel.quantserve.com/ https://px.ads.linkedin.com/ https://www.facebook.com/tr/ https://p.adsymptotic.com/d/px/ https://www.linkedin.com/px/ https://www.google.co.uk/ads/ https://cdn.cookielaw.org/logos/ https://ad.doubleclick.net/ddm/ https://www.googletagmanager.com/ https://px4.ads.linkedin.com/ https://analytics.twitter.com/;connect-src 'self' *.typekit.net *.google-analytics.com https://www.google.co.uk/ads/ https://bats.bing.com https://analytics.google.com/ https://privacyportal-de.onetrust.com https://cookiee1.veinteractive.com https://api.whisbi.com https://sessionapi.veinteractive.com https://dtrc.veinteractive.com https://apps.irishlife.ie https://script.crazyegg.com https://nebula-cdn.kampyle.com https://udc-neb.kampyle.com *.gomoxie.solutions https://asset.gomoxie.solutions https://cdn.cookielaw.org/consent/ https://cdn.cookielaw.org/scripttemplates/ https://panel-settings-cdn-e1.ve.com/panelsettings/live/ https://stats.g.doubleclick.net/ https://panel-settings-cdn-e1.ve.com https://tracking.crazyegg.com/ https://pagestates-tracking.crazyegg.com/healthcheck https://assets-tracking.crazyegg.com/healthcheck https://fontawesome.com/ https://cookies-data.onetrust.io/bannersdk/ https://panel-settings-cdn-e1.veinteractive.com/da20settings/live/ https://region1.analytics.google.com/g/ https://drs2.veinteractive.com/ https://bat.bing.com/actionp/ https://cdn.cookielaw.org/logos/;worker-src 'self' blob:;object-src 'self' blob:; report-uri /api/contentSecurityPolicy/log 2
font-src *.bounceexchange.com *.google-analytics.com *.gstatic.com likeshop.me *.global-e.com data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.bounceexchange.com *.facebook.com *.nosto.com *.nos.to 'self' 'unsafe-inline'; frame-ancestors *.bolt.com *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ *.affirm.com *.affirm.ca *.authorize.net www.xtento.com *.shoprunner.com *.agilone.com *.facebook.com insight.adsrvr.org match.adsrvr.org *.signifyd.com *.online-metrix.net *.doubleclick.net *.cookiebot.com *.bounceexchange.com *.office365.com *.google.com *.google.lv *.bglobale.com *.global-e.com *.nosto.com *.nos.to https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.affirm.com *.affirm.ca store.paradoxlabs.com www.xtento.com cdn.xtento.com *.shoprunner.com *.bounceexchange.com *.bouncex.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.gstatic.com *.googleapis.com *.facebook.com connect.facebook.net www.google.lv *.bing.com *.lafayette148ny.com *.signifyd.com *.online-metrix.net *.postcodeanywhere.co.uk *.doubleclick.net heapanalytics.com *.heapanalytics.com *.bizrate.com *.dashhudson.com likeshop.me *.atdmt.com *.cdnwidget.com *.bglobale.com *.global-e.com *.clarity.ms *.cloudfront.net *.nosto.com *.nos.to https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io *.affirm.com *.affirm.ca *.authorize.net sandbox-assets.secure.checkout.visa.com www.xtento.com cdn.xtento.com *.shoprunner.io *.shoprunner.com *.googletagmanager.com www.google.com www.google.lv www.gstatic.com *.agilone.com *.bing.com *.upsellit.com connect.facebook.net *.sociomantic.com js.adsrvr.org *.algolianet.com *.algolia.net *.signifyd.com *.pcapredict.com *.addressy.com *.bizrate.com *.googleapis.com *.heapanalytics.com *.zdassets.com tag.wknd.ai *.bounceexchange.com *.dashhudson.com *.luckyorange.com *.cookiebot.com *.securedvisit.com *.pingdom.net *.cloudfront.net *.newrelic.com *.nr-data.net klear.com *.mczbf.com *.bglobale.com *.global-e.com *.clarity.ms cdn.noibu.com *.nosto.com *.nos.to https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.bounceexchange.com *.googleapis.com *.addressy.com *.bizrate.com *.bglobale.com *.global-e.com *.cloudfront.net *.nosto.com *.nos.to 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cloudfront.net *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.affirm.com *.affirm.ca *.authorize.net *.shoprunner.io *.shoprunner.com *.signifyd.com *.signifyd.com:* *.addressy.com *.bing.com *.bounceexchange.com *.bouncex.net *.zdassets.com *.zendesk.com *.zopim.com *.doubleclick.net *.google-analytics.com *.googleapis.com likeshop.me *.heapanalytics.com wss: *.luckyorange.net *.cookiebot.com *.cdnbasket.net *.cdnwidget.com *.pingdom.net *.nr-data.net *.facebook.com klear.com *.mczbf.com *.sjwoe.com *.clarity.ms input.noibu.com *.nosto.com *.nos.to https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src *.bounceexchange.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
img-src https://higherlogicdownload.s3.amazonaws.com/CSIRESOURCES/ https://cdn.jsdelivr.net/jquery.slick/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/CSIRESOURCES/ https://img.youtube.com/vi/ https://d2x5ku95bkycr3.cloudfront.net https://higherlogiclongterm.s3.amazonaws.com/CSIRESOURCES/ https://d132x6oi8ychic.cloudfront.net 'self'; style-src https://d132x6oi8ychic.cloudfront.net 'unsafe-inline' higherlogiccloudfront.s3.amazonaws.com https://cdn.jsdelivr.net/jquery.slick/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://d2x5ku95bkycr3.cloudfront.net/ https://ajax.googleapis.com/ajax/libs/jqueryui/ https://use.fortawesome.com/ fonts.googleapis.com https://fonts.googleapis.com/ https://d3uf7shreuzboy.cloudfront.net/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/CSIRESOURCES/ https://higherlogicdownload.s3.amazonaws.com/CSIRESOURCES/ https://higherlogiclongterm.s3.amazonaws.com/CSIRESOURCES/ 'self'; font-src https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://cdn.jsdelivr.net/jquery.slick/ higherlogiccloudfront.s3.amazonaws.com fonts.googleapis.com https://higherlogicdownload.s3.amazonaws.com/CSIRESOURCES/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/CSIRESOURCES/ 'self' https://higherlogiclongterm.s3.amazonaws.com/CSIRESOURCES/ https://maxcdn.bootstrapcdn.com/font-awesome/ https://d2x5ku95bkycr3.cloudfront.net https://d132x6oi8ychic.cloudfront.net data:; media-src https://higherlogiclongterm.s3.amazonaws.com/CSIRESOURCES/ https://higherlogicdownload.s3.amazonaws.com/CSIRESOURCES/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/CSIRESOURCES/ https://higherlogicstream.s3.amazonaws.com/CSIRESOURCES/ 'self' https://d132x6oi8ychic.cloudfront.net; script-src https://higherlogiclongterm.s3.amazonaws.com/CSIRESOURCES/ https://higherlogicdownload.s3.amazonaws.com/CSIRESOURCES/ https://ajax.aspnetcdn.com/ajax/ https://cdn.jsdelivr.net/jquery.slick/ https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery-ui.1.10.1-patched-2022-08-16.js https://d132x6oi8ychic.cloudfront.net cdn.informz.net 'unsafe-eval' https://use.fortawesome.com/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/CSIRESOURCES/ https://cdnjs.cloudflare.com/ajax/libs/prism/ 'unsafe-inline' https://d2x5ku95bkycr3.cloudfront.net/ higherlogiccloudfront.s3.amazonaws.com https://static.filestackapi.com https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery.1.10.2-patched-2022-12-05.js https://d3uf7shreuzboy.cloudfront.net/ 'self'; script-src-elem https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery-ui.1.10.1-patched-2022-08-16.js https://d3uf7shreuzboy.cloudfront.net/ https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery.1.10.2-patched-2022-12-05.js https://d2x5ku95bkycr3.cloudfront.net/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://static.filestackapi.com/filestack-js/ 'self' https://ajax.aspnetcdn.com/ajax/ 'unsafe-eval' 'unsafe-inline'; worker-src 'self'; frame-src https://api.connectedcommunity.org/ 'self' https://www.youtube.com/embed/; default-src 'self'; base-uri 'self'; connect-src 'self' hl-managedservices.informz.net; frame-ancestors https://*.connectedcommunity.org/ 'self'; object-src 'none'; manifest-src 'self'; 2
default-src 'self' 'unsafe-inline'; connect-src www.facebook.com *.ads.linkedin.com *.google-analytics.com vimeo.com eu.posthog.com static.theromogroup.com maps.googleapis.com 'self'; font-src 'self' fonts.gstatic.com; img-src 'self' *.googletagmanager.com fast.fonts.net *.google-analytics.com *.ads.linkedin.com www.facebook.com www.linkedin.com connect.facebook.net maps.googleapis.com maps.gstatic.com static.theromogroup.com; style-src 'self' fast.fonts.net; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' fast.fonts.net fonts.googleapis.com; script-src-elem 'self' *.google-analytics.com *.googletagmanager.com eu.posthog.com connect.facebook.net snap.licdn.com maps.googleapis.com www.recaptcha.net www.gstatic.cn www.gstatic.com 'unsafe-inline'; script-src-attr 'self' 'unsafe-inline'; script-src 'self' maps.googleapi.com www.gstatic.cn eu.posthog.com snap.licdn.com connect.facebook.net *.google-analytics.com *.googletagmanager.com www.recaptcha.net www.gstatic.com; frame-src 'self' view.publitas.com www.recaptcha.net payments.securetrading.net player.vimeo.com; object-src 'self' fast.fonts.net; report-to csp-endpoint; report-uri https://www.romo.com/site/csp; 2
default-src 'none'; font-src 'self' script.hotjar.com; img-src 'self' data: www.google.com.au lasoo.cloud lasoo.com.au beta.lasoo.com.au www.lasoo.com.au *.nr-data.net https://script.hotjar.com http://script.hotjar.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://www.googletagmanager.com https://analytics.google.com http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com https://js-agent.newrelic.com https://*.nr-data.net; style-src 'self' 'unsafe-inline' https://js-agent.newrelic.com; object-src 'none'; connect-src 'self' l.getsitecontrol.com connect.facebook.net www.facebook.com auth.lasoo.cloud auth.lasoo.com.au api.lasoo.cloud api.lasoo.com.au cognito-identity.ap-southeast-2.amazonaws.com *.nr-data.net *.hotjar.com:* vc.hotjar.io:* *.hotjar.io wss://*.hotjar.com www.google.com www.google.com.au adservice.google.com analytics.google.com googletagmanager.com www.googletagmanager.com www.google-analytics.com maps.googleapis.com *.doubleclick.net digitalapi.auspost.com.au js.afterpay.com; frame-src https://vars.hotjar.com; 2
connect-src 'self' *.g.doubleclick.net *.greatag.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com; font-src 'self' data:; frame-src 'self' *.greatag.com d14qt9b6zkutf5.cloudfront.net *.greatamericaninsurancegroup.com charts.aghost.net www.youtube.com; img-src 'self' data: *.g.doubleclick.net img.youtube.com *.dtn.com https://*.googletagmanager.com; script-src-attr 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' *.g.doubleclick.net https://*.googletagmanager.com; script-src 'unsafe-eval' 'self' 'unsafe-inline' *.g.doubleclick.net https://*.googletagmanager.com; style-src-attr 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline'; report-uri https://greatamericancrop.report-uri.com/r/t/csp/reportOnly https://www.greatag.com/CSPReporting; report-to ga-endpoint 2
child-src ; connect-src 'self' api.bellhop.com api.bellhops.dev api.omappapi.com api.segment.io api-js.mixpanel.com api-us-east-1.graphcms.com bellhop.extole.io *.clarity.ms cdn.segment.com ct.pinterest.com *.ingest.sentry.io *.intercom.io nexus-websocket-a.intercom.io maps.googleapis.com pnapi.invoca.net rs.fullstory.com stats.g.doubleclick.net www.google-analytics.com; default-src ; font-src 'self' fonts.gstatic.com js.intercomcdn.com; form-action ct.pinterest.com www.facebook.com; frame-src bid.g.doubleclick.net ct.pinterest.com js.stripe.com www.facebook.com; img-src 'self' ag.innovid.com analytics.twitter.com apolloprogram.io b1sync.zemanta.com bat.bing.com c.us1.dyntrk.com cm.adgrx.com cm.eyereturn.com cmi.netseer.com ct.pinterest.com d.adroll.com flask.nextdoor.com googleads.g.doubleclick.net ib.adnxs.com idsync.rlcdn.com js.intercomcdn.com *.loggly.com load.instinctiveads.com media.graphassets.com media.graphcms.com origin.xtlo.net p.truefitcorp.com pippio.com secure.insightexpressai.com segments.company-target.com static.intercomassets.com su.addthis.com sync.smartadserver.com t.co track2.securedvisit.com ups.analytics.yahoo.com us-u.openx.net vop.sundaysky.com wam.solution.weborama.fr www.facebook.com www.google.com www.google-analytics.com www.googletagmanager.com www.storygize.net x.bidswitch.net x.skimresources.com; manifest-src 'self'; media-src ; script-src 'unsafe-eval' 'unsafe-inline'; script-src-attr ; script-src-elem 'self' 'unsafe-inline' a.omappapi.com *.adroll.com ads.nextdoor.com bat.bing.com bellhop.extole.io cdn.segment.com connect.facebook.net d.impactradius-event.com edge.fullstory.com googleads.g.doubleclick.net js.intercomcdn.com js.stripe.com maps.googleapis.com pnapi.invoca.net s.pinimg.com shop.pe *.shop.pe solutions.invocacdn.com static.ads-twitter.com widget.intercom.io www.clarity.ms www.google-analytics.com www.googleadservices.com www.googletagmanager.com; style-src ; style-src-attr 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' a.omappapi.com fonts.googleapis.com origin.xtlo.net; worker-src ; 2
font-src *.gstatic.com data: *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.zopim.com *.zopim.io *.klevu.com *.ksearchnet.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.twitter.com *.facebook.com 'self' data: *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.chasepaymentechhostedpay.com *.chasepaymentechhostedpay-var.com *.chase.hostedpaymentservice.net *.chase-var.hostedpaymentservice.net 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com https://www.youtube.com http://www.sandbox.paypal.com *.twitter.com *.facebook.com 'self' data: c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.chasepaymentechhostedpay.com *.chasepaymentechhostedpay-var.com *.chase.hostedpaymentservice.net *.chase-var.hostedpaymentservice.net *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.bing.com *.zopim.com *.zopim.io *.doubleclick.net *.google.com *.google.co.in *.mastercard.com https://www.facebook.com/ *.klevu.com *.ksearchnet.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.bing.com *.zopim.com *.zdassets.com *.google.com *.dwin1.com *.getsitecontrol.com/ https://js-agent.newrelic.com/ https://connect.facebook.net/ https://cdn.cookielaw.org/ https://cdn.equalweb.com js.klevu.com *.ksearchnet.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.chasepaymentechhostedpay.com *.chasepaymentechhostedpay-var.com *.chase.hostedpaymentservice.net *.chase-var.hostedpaymentservice.net https://www.googletagmanager.com tagmanager.google.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.fontawesome.com *.bing.com *.klevu.com *.ksearchnet.com unsafe-inline tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zopim.com *.zopim.io 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.zdassets.com *.zopim.com *.zopim.io wss://widget-mediator.zopim.com *.google-analytics.com https://stats.g.doubleclick.net/ *.getsitecontrol.com/ https://bam.nr-data.net/ https://cdn.equalweb.com/ https://events.getsitectrl.com/ https://www.facebook.com/ https://cdn.cookielaw.org/ *.klevu.com *.ksearchnet.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.chasepaymentechhostedpay.com *.chasepaymentechhostedpay-var.com *.chase.hostedpaymentservice.net *.chase-var.hostedpaymentservice.net https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
img-src 'self' www.google-analytics.com www.facebook.com https://*.keywee.co https://*.quantserve.com images.getinconvo.com attachments-bucket-eu-west-1-prod.s3.eu-west-1.amazonaws.com data:; 2
font-src *.fontawesome.com script.hotjar.com hyfin.app data: maxcdn.bootstrapcdn.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.weltpixel.com *.wesupply.xyz https://wesupplylabs.com vars.hotjar.com maps.googleapis.com stats.g.doubleclick.net *.fls.doubleclick.net cdn.evgnet.com hyfin.app *.globalpay.com *.verygoodvault.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io static.hotjar.com script.hotjar.com maps.googleapis.com stats.g.doubleclick.net cdn.evgnet.com hyfin.app *.globalpay.com *.verygoodvault.com *.cdninstagram.com *.fbcdn.net * www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.cloudflare.com script.hotjar.com static.hotjar.com maps.googleapis.com stats.g.doubleclick.net cdn.evgnet.com *.us-6.evergage.com hyfin.app *.globalpay.com *.verygoodvault.com * www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com ajax.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.instagram.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com static.hotjar.com script.hotjar.com cdn.evgnet.com hyfin.app *.globalpay.com *.verygoodvault.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.hotjar.com *.hotjar.io wss://*.hotjar.com bam.nr-data.net stats.g.doubleclick.net cookie-cdn.cookiepro.com maps.googleapis.com cdn.evgnet.com *.us-6.evergage.com wss://*.hyfin.app hyfin.app *.globalpay.com *.verygoodvault.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://www.google-analytics.com *.instagram.com *.googleusercontent.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'none' ; manifest-src 'self' ; object-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: e.eltonjohnaidsfoundation.org connect.facebook.net bat.bing.com www.youtube.com/ www.clarity.ms https://www.googletagmanager.com https://ajax.googleapis.com/ajax/libs/jquery/ https://www.google-analytics.com/analytics.js *.dotdigital-pages.com/ https://tgbwidget.com/widget/script.js https://js.dev.shift4.com/shift4.js https://www.dafdirect.org/ddirect/dafdirect4.js https://giveamply.com/assets/js/widget.js ; style-src 'self' 'unsafe-inline' use.typekit.net p.typekit.net https://www.dafdirect.org/ddirect/css/dafdirect2.1.css ; img-src 'self' data: bat.bing.com https://www.google.com/ads/ https://www.facebook.com/tr/ www.google.co.tz/ads/ https://www.google-analytics.com/collect *.cdninstagram.com https://i.ytimg.com/ https://www.dafdirect.org/ddirect/ www.googletagmanager.com https://*.clarity.ms/ https://www.google.co.za/ads/ https://www.google.co.uk/ads/ https://www.google.ca/ads/ https://www.google.co.sa/ads/ https://www.google.com.pk/ads/ .google.com .google.ad .google.ae .google.com.af .google.com.ag .google.al .google.am .google.co.ao .google.com.ar .google.as .google.at .google.com.au .google.az .google.ba .google.com.bd .google.be .google.bf .google.bg .google.com.bh .google.bi .google.bj .google.com.bn .google.com.bo .google.com.br .google.bs .google.bt .google.co.bw .google.by .google.com.bz .google.ca .google.cd .google.cf .google.cg .google.ch .google.ci .google.co.ck .google.cl .google.cm .google.cn .google.com.co .google.co.cr .google.com.cu .google.cv .google.com.cy .google.cz .google.de .google.dj .google.dk .google.dm .google.com.do .google.dz .google.com.ec .google.ee .google.com.eg .google.es .google.com.et .google.fi .google.com.fj .google.fm .google.fr .google.ga .google.ge .google.gg .google.com.gh .google.com.gi .google.gl .google.gm .google.gr .google.com.gt .google.gy .google.com.hk .google.hn .google.hr .google.ht .google.hu .google.co.id .google.ie .google.co.il .google.im .google.co.in .google.iq .google.is .google.it .google.je .google.com.jm .google.jo .google.co.jp .google.co.ke .google.com.kh .google.ki .google.kg .google.co.kr .google.com.kw .google.kz .google.la .google.com.lb .google.li .google.lk .google.co.ls .google.lt .google.lu .google.lv .google.com.ly .google.co.ma .google.md .google.me .google.mg .google.mk .google.ml .google.com.mm .google.mn .google.com.mt .google.mu .google.mv .google.mw .google.com.mx .google.com.my .google.co.mz .google.com.na .google.com.ng .google.com.ni .google.ne .google.nl .google.no .google.com.np .google.nr .google.nu .google.co.nz .google.com.om .google.com.pa .google.com.pe .google.com.pg .google.com.ph .google.com.pk .google.pl .google.pn .google.com.pr .google.ps .google.pt .google.com.py .google.com.qa .google.ro .google.ru .google.rw .google.com.sa .google.com.sb .google.sc .google.se .google.com.sg .google.sh .google.si .google.sk .google.com.sl .google.sn .google.so .google.sm .google.sr .google.st .google.com.sv .google.td .google.tg .google.co.th .google.com.tj .google.tl .google.tm .google.tn .google.to .google.com.tr .google.tt .google.com.tw .google.co.tz .google.com.ua .google.co.ug .google.co.uk .google.com.uy .google.co.uz .google.com.vc .google.co.ve .google.co.vi .google.com.vn .google.vu .google.ws .google.rs .google.co.za .google.co.zm .google.co.zw .google.cat ; font-src 'self' data: use.typekit.net ; connect-src 'self' data: *.analytics.google.com *.clarity.ms https://www.google-analytics.com/ *.google-analytics.com/g/collect stats.g.doubleclick.net https://bat.bing.com/ analytics.google.com https://www.google.co.uk/ads/ https://www.google.ca/ads/ https://www.google.co.sa/ads/ https://www.google.com.pk/ads/ api-js.mixpanel.com https://www.facebook.com/tr/ .google.com .google.ad .google.ae .google.com.af .google.com.ag .google.al .google.am .google.co.ao .google.com.ar .google.as .google.at .google.com.au .google.az .google.ba .google.com.bd .google.be .google.bf .google.bg .google.com.bh .google.bi .google.bj .google.com.bn .google.com.bo .google.com.br .google.bs .google.bt .google.co.bw .google.by .google.com.bz .google.ca .google.cd .google.cf .google.cg .google.ch .google.ci .google.co.ck .google.cl .google.cm .google.cn .google.com.co .google.co.cr .google.com.cu .google.cv .google.com.cy .google.cz .google.de .google.dj .google.dk .google.dm .google.com.do .google.dz .google.com.ec .google.ee .google.com.eg .google.es .google.com.et .google.fi .google.com.fj .google.fm .google.fr .google.ga .google.ge .google.gg .google.com.gh .google.com.gi .google.gl .google.gm .google.gr .google.com.gt .google.gy .google.com.hk .google.hn .google.hr .google.ht .google.hu .google.co.id .google.ie .google.co.il .google.im .google.co.in .google.iq .google.is .google.it .google.je .google.com.jm .google.jo .google.co.jp .google.co.ke .google.com.kh .google.ki .google.kg .google.co.kr .google.com.kw .google.kz .google.la .google.com.lb .google.li .google.lk .google.co.ls .google.lt .google.lu .google.lv .google.com.ly .google.co.ma .google.md .google.me .google.mg .google.mk .google.ml .google.com.mm .google.mn .google.com.mt .google.mu .google.mv .google.mw .google.com.mx .google.com.my .google.co.mz .google.com.na .google.com.ng .google.com.ni .google.ne .google.nl .google.no .google.com.np .google.nr .google.nu .google.co.nz .google.com.om .google.com.pa .google.com.pe .google.com.pg .google.com.ph .google.com.pk .google.pl .google.pn .google.com.pr .google.ps .google.pt .google.com.py .google.com.qa .google.ro .google.ru .google.rw .google.com.sa .google.com.sb .google.sc .google.se .google.com.sg .google.sh .google.si .google.sk .google.com.sl .google.sn .google.so .google.sm .google.sr .google.st .google.com.sv .google.td .google.tg .google.co.th .google.com.tj .google.tl .google.tm .google.tn .google.to .google.com.tr .google.tt .google.com.tw .google.co.tz .google.com.ua .google.co.ug .google.co.uk .google.com.uy .google.co.uz .google.com.vc .google.co.ve .google.co.vi .google.com.vn .google.vu .google.ws .google.rs .google.co.za .google.co.zm .google.co.zw .google.cat ; media-src 'self' ; form-action 'self' https://www.facebook.com/tr/ ; frame-src 'self' https://e.eltonjohnaidsfoundation.org/ https://www.facebook.com/ https://www.youtube.com/ https://tgbwidget.com/ https://www.giveamply.com/ https://r1.dotdigital-pages.com/ www.youtube-nocookie.com ; worker-src self' blob: ; report-to csp-endpoint	 2
child-src 'self'; connect-src 'self' *.analytics.google.com *.aptrinsic.com *.flippingbook.com *.google-analytics.com *.google.co.uk *.googleapis.com *.hotjar.com *.interactive-img.com *.monsido-consent.com *.monsido.com *.mouseflow.com *.pure.cloud *.reciteme.com chats.landbot.io https://api.monsido-consent.com https://content.hotjar.io https://dc.services.visualstudio.com https://kappa-nwl-webapp1-prod.azurewebsites.net https://metrics.hotjar.io/ https://monsido-consent.com https://webservices.data-8.co.uk messages.landbot.io stats.g.doubleclick.net welcome.landbot.io wss://webmessaging.euw2.pure.cloud wss://ws.hotjar.com; default-src 'self' *.apple.com; frame-src 'self' *.flippingbook.com *.google.com *.pure.cloud *.realexpayments.com forms.office.com https://kappa-nwl-webapp1-prod.azurewebsites.net td.doubleclick.net view.pagetiger.com www.youtube.com; img-src 'self' data: *.adnxs.com *.cloudfront.net *.flippingbook.com *.google-analytics.com *.google.co.uk *.google.com *.googleapis.com *.gstatic.com *.interactive-img.com *.monsido.com *.reciteme.com https://www.googletagmanager.com i.ytimg.com static.landbot.io; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.adnxs.com *.aptrinsic.com *.cloudfront.net *.episerver.net *.flippingbook.com *.google-analytics.com *.google.com *.googleapis.com *.gstatic.com *.hotjar.com *.interactive-img.com *.monsido-consent.com *.monsido.com *.mouseflow.com *.pure.cloud *.reciteme.com cdn.jsdelivr.net cdn.landbot.io cdnjs.cloudflare.com https://*.msecnd.net https://api.monsido-consent.com https://auth.lrcontent.com https://dc.services.visualstudio.com https://monsido-consent.com https://webservices.data-8.co.uk https://www.googletagmanager.com interactive-img.com js.monitor.azure.com; style-src 'self' 'unsafe-inline' *.aptrinsic.com *.episerver.net *.googleapis.com *.reciteme.com cdn.jsdelivr.net cdn.landbot.io; font-src 'self' data: *.cloudfront.net *.gstatic.com *.hotjar.com *.reciteme.com cdn.landbot.io; media-src *.reciteme.com www.youtube.com; 2
default-src             'self'         ;         script-src             'self'             'unsafe-eval'             'unsafe-inline'             https://bt.fraud0.com             https://consent.cookiebot.com             https://consentcdn.cookiebot.com             https://maps.googleapis.com             https://player.podigee-cdn.net             https://www.gstatic.com             https://www.google.com             https://www.googletagmanager.com         ;     style-src             'self'             'unsafe-inline'             https://fonts.googleapis.com             https://player.podigee-cdn.net         ;     object-src             'none'         ;     base-uri             'self'         ;     connect-src             'self'             https://*.google-analytics.com             https://api.fraud0.com             https://consentcdn.cookiebot.com             https://maps.googleapis.com             https://omicron.matomo.cloud         ;     font-src             'self'             data:             https://fonts.gstatic.com             https://player.podigee-cdn.net         ;         frame-ancestors            'self'            https://staging-www.omicroncybersecurity.com            https://www.omicroncybersecurity.com.docker         ;     frame-src             'self'             https://consentcdn.cookiebot.com             https://player.podigee-cdn.net             https://www.google.com             https://www.youtube.com         ;     img-src             'self'             data:             https://*.google-analytics.com             https://i.ytimg.com             https://img.youtube.com             https://maps.googleapis.com             https://maps.gstatic.com         ;     manifest-src             'self'         ;     media-src             'self'         ;     worker-src             'none'         ; report-to default-1; 2
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval'  https://*.usablenet.com/ https://federicos-midlandcredit-a40.udev1a.net/ https://bat.bing.com/ https://cdn.aerisapi.com/ https://cdn.optimizely.com/ https://connect.facebook.net/ https://*.criteo.com/ https://mcmcg.us.unblu.app/ https://munchkin.marketo.net/ https://player.vimeo.com/ https://seal.digicert.com/ https://www.google-analytics.com/ https://*.google.com/ https://www.googletagmanager.com/ https://www.gstatic.com/; style-src 'report-sample' 'self' 'unsafe-inline' https://*.usablenet.com/ https://mcmcg.us.unblu.app/; object-src 'none'; base-uri 'self'; connect-src 'self' https://get663.com/ https://*.google.com/ https://346-ulh-428.mktoresp.com/ https://346-ulh-428.mktoutil.com/ https://api.aerisapi.com/ https://bat.bing.com/ https://*.optimizely.com/ https://*.unblu.app/ https://*.doubleclick.net/ https://*.google-analytics.com/ wss://mcmcg.us.unblu.app/ https://cdnma.cdnservice.space/ https://www.facebook.com/ https://*.criteo.com/; font-src 'self' data: https://fonts.gstatic.com/ https://mcmcg.us.unblu.app/ https://zip.co/ https://at.alicdn.com/ https://www.slant.co/; frame-src 'self' https://www.youtube.com/ https://*.doubleclick.net/ https://a8475024065.cdn.optimizely.com/ https://accounts.midlandcredit.com/ https://*.criteo.com/ https://*.criteo.net/ https://*.vimeo.com/ https://vimeo.com/ https://*.opendns.com/ https://www.google.com/ https://www.googletagmanager.com/ https://gateway.zscalerthree.net/ https://mozbar.moz.com/; img-src * data:; manifest-src 'self'; media-src 'self' data: https://mcmcg.us.unblu.app/; report-uri https://62fe666c46dbffc8b5c2b37e.endpoint.csper.io?v=10; worker-src 'none'; 2
default-src 'self';   script-src 'self' 'unsafe-eval' 'unsafe-inline' https://assets.adobedtm.com https://customer.cludo.com https://ds-aksb-a.akamaihd.net https://help.cybonline.co.uk https://googleservices.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://maps.googleapis.com https://www.google.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://fusiontables.google.com https://connect.facebook.net https://www.youtube.com https://s.ytimg.com https://cse.google.com https://www.advanced-web-analytics.com https://platform.twitter.com https://casper.tsbc.com https://healthcheck252.tsbc.com https://t.contentsquare.net https://contentsquare.com https://webapp.woosmap.com https://dispawsusva.inmoment.com https://intercept-client.inmoment.com;   style-src 'self' 'unsafe-inline' https://www.gstatic.com https://fonts.googleapis.com https://www.google.com https://platform.twitter.com https://casper.tsbc.com https://healthcheck252.tsbc.com;   img-src 'self' https: data: ;   font-src 'self' https: ;   connect-src 'self' https://clydesdalebank.tt.omtrdc.net https://clydesdalebank.d3.sc.omtrdc.net https://dpm.demdex.net https://ds-aksb-a.akamaihd.net https://api-eu1.cludo.com https://api.cludo.com https://www.google.com https://www.facebook.com https://www.twitter.com https://www.linkedin.com https://www.youtube.com https://my.cybservices.co.uk https://adservice.google.com https://casper.tsbc.com https://*.contentsquare.net https://api.woosmap.com https://webapp-conf.woosmap.com https://cybg.egain.cloud https://dispawsusva.inmoment.com https://ad.doubleclick.net https://maps.googleapis.com;   media-src 'self';   object-src 'self';   worker-src 'self' blob:;   child-src 'self' blob:;  frame-src 'self' https://*.cybusinessonline.co.uk https://*.cbonline.co.uk https://*.ybonline.co.uk https://*.cybonline.co.uk https://clydesdalebankplc.demdex.net https://*.fls.doubleclick.net https://www.youtube.com https://bid.g.doubleclick.net https://www.google.com https://assets.adobedtm.com https://player.vimeo.com https://platform.twitter.com https://syndication.twitter.com https://www.youtube-nocookie.com https://healthcheck252.tsbc.com https://www.inmoment.com https://td.doubleclick.net;   frame-ancestors 'self' https://*.cybusinessonline.co.uk https://*.cbonline.co.uk https://*.ybonline.co.uk https://*.cybonline.co.uk;   report-uri https://cyburi.report-uri.com/r/t/csp/reportOnly; 2
script-src 'self' 'unsafe-eval' chrome-extension: 'unsafe-inline' 'unsafe-inline' https://mc.yandex.ru https://st.top100.ru https://bitrix.info blob: opera: https://cdn.randomhow.com data: https://translate.google.com https://translate.googleapis.com https://ucads-cdn.ucweb.com 127.0.0.1:8182 127.0.0.1:8888 127.0.0.1:5005; frame-src 'self' https://mc.yandex.ru chrome-extension: https://acestream.me https://mc.yandex.com https://www.ciuvo.com https://cdn.rutarget.ru https://skytraf.xyz https://m.youtube.com https://remove.video https://surfe.be https://dl.metabar.ru https://div.show https://ucads-cdn.ucweb.com https://youtu.be https://www.youtube.com https://aflt.market.yandex.ru https://noop.style; object-src 'self' https://noop.style chrome-extension:; report-uri /cspreportonly; 2
report-uri https://xtm.cloud/contact/; font-src 'self' 'unsafe-inline' data: fonts.gstatic.com ka-p.fontawesome.com;; script-src 'self' 'unsafe-inline' 'unsafe-eval' code.jquery.com tracking.g2crowd.com https://cdn.cookielaw.org/ https://extend.vimeocdn.com https://f.vimeocdn.com https://js.hs-scripts.com js.hs-analytics.net js.hsadspixel.net js.hs-banner.com js.hscollectedforms.net www.googletagmanager.com forms.hscollectedforms.net api.hubapi.com static.hsappstatic.net https://cdn.jsdelivr.net embed.typeform.com extend.vimeocdn.com kit.fontawesome.com snap.licdn.com www.google-analytics.com connect.facebook.com connect.facebook.net googleads.g.doubleclick.net js.usemessages.com ws.zoominfo.com bat.bing.com static.hotjar.com www.gstatic.com www.google.com forms-na1.hsforms.com js.hsforms.net j.6sc.co;; style-src 'self' 'unsafe-inline' 'unsafe-eval' embed.typeform.com fonts.googleapis.com ka-p.fontawesome.com kit.fontawesome.com;; img-src 'self' 'unsafe-inline' data: cdn.cookielaw.org i.vimeocdn.com track.hubspot.com secure.gravatar.com images.typeform.com bat.bing.com forms.hsforms.com www.google.com www.google.pl px.ads.linkedin.com www.facebook.com forms-na1.hsforms.com b.6sc.co www.googletagmanager.com;; object-src 'unsafe-eval' 2
font-src *.mailcampaigns.nl https://widgets.trustedshops.com *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net www.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.facebook.com www.google.com *.hotjar.com *.weltpixel.com https://maps.google.com/ *.multisafepay.com https://pay.google.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.paypalobjects.com t.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io https://images.unsplash.com *.bing.com *.google-analytics.com *.google.nl *.google.com *.clarity.ms *.facebook.com *.facebook.net *.googletagmanager.com *.chromeburner.test blob: *.chromeburner.com *.chromeburner.nl *.hotjar.com *.mailcampaigns.nl *.cloudfront.net https://widgets.trustedshops.com https://widgets-qa.trustedshops.com *.gstatic.com *.multisafepay.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.bing.com *.google-analytics.com *.webgains.io *.clarity.ms *.facebook.net *.googleadservices.com *.doubleclick.net *.chromeburner.test *.chromeburner.com *.chromeburner.nl *.hotjar.com *.mailcampaigns.nl analytics.tiktok.com cdn.flbx.io *.getflowbox.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com widget.freshworks.com m2epro.freshdesk.com https://www.googletagmanager.com tagmanager.google.com *.multisafepay.com https://pay.google.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.mailcampaigns.nl https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com widget.freshworks.com m2epro.freshdesk.com tagmanager.google.com *.fontawesome.com maxcdn.bootstrapcdn.com *.multisafepay.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.bing.com *.doubleclick.net *.google.com *.google.nl *.clarity.ms *.chromeburner.test *.chromeburner.com *.chromeburner.nl *.googletagmanager.com *.hotjar.com *.google-analytics.com *.mailcampaigns.nl analytics.tiktok.com cdn.flbx.io *.getflowbox.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site widget.freshworks.com m2epro.freshdesk.com https://www.google-analytics.com *.multisafepay.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.facebook.com rum-static.pingdom.net *.googleapis.com *.demdex.net content.hotjar.io *.youtube-nocookie.com www.google-analytics.com *.omtrdc.net *.hotjar.com rum-collector-2.pingdom.net www.google.com.au *.facebook.net www.googletagmanager.com yourir.info *.doubleclick.net code.jquery.com vc.hotjar.io analytics.google.com assets.adobedtm.com *.gstatic.com www.google.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 2
default-src 'unsafe-inline' 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self'; img-src 'unsafe-inline' 'self' *; 2
default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; connect-src https: ws: ;frame-ancestors 'self'; report-uri /csp-violation-report-endpoint/ 2
default-src 'self' blob:;script-src 'self' 'unsafe-eval' https://www.googletagmanager.com https://www.youtube.com https://www.google-analytics.com;script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;img-src 'self'; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com data:;media-src 'self';frame-src 'self' https://www.youtube.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.google-analytics.com https://www.googletagmanager.com;report-uri https://cspreportviolations.report-uri.com/r/d/csp/reportOnly;connect-src 'self'; 2
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.hubspot.com *.onetrust.com www.google-analytics.com z.omappapi.com *.facebook.net js.hs-banner.com *.wistia.com forms.hsforms.com js.hsadspixel.net www.googletagmanager.com *.gbgplc.com assets4.lottiefiles.com *.azure.com id.rlcdn.com js.hsforms.net region1.google-analytics.com js.hs-scripts.com adservice.google.com b.6sc.co *.licdn.com ipv6.6sc.co c.6sc.co www.google.co.uk www.clickcease.com api.company-target.com *.googleadservices.com a.opmnstr.com forms-na1.hsforms.com *.gstatic.com j.6sc.co epsilon.6sense.com *.bidr.io *.ads-twitter.com www.googleoptimize.com a.omappapi.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 2
default-src 'self' blob: wss: data: https: 'report-sample'; block-all-mixed-content; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: https: 'report-sample'; style-src 'self' 'unsafe-inline' data: https: 'report-sample'; report-uri /nelmio/csp/report 2
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; media-src https: data:; object-src https: data:; img-src https: data:; font-src https: data:; report-uri /csp-report 2
default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://v.altos.re https://d3lvyvnpx5ojp0.cloudfront.net https://d2j5mmc5xd3gqs.cloudfront.net https://cdn.altos.re https://cdn.staging.altos.re https://d2iiunr5ws5ch1.cloudfront.net https://d2v26nvc3n2c51.cloudfront.net https://js.stripe.com https://checkout.stripe.com https://cdn.mxpnl.com https://api.mixpanel.com https://www.google-analytics.com https://code.jquery.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdn.ckeditor.com https://code.highcharts.com https://code.angularjs.org https://maxcdn.bootstrapcdn.com https://ssl.google-analytics.com https://connect.facebook.net https://www.bugherd.com; style-src 'self' 'unsafe-inline' https://v.altos.re https://d2j5mmc5xd3gqs.cloudfront.net https://d3lvyvnpx5ojp0.cloudfront.net https://d2iiunr5ws5ch1.cloudfront.net https://d2v26nvc3n2c51.cloudfront.net https://cdn.staging.altos.re https://cdn.ckeditor.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://fonts.googleapis.com; img-src 'self' data: https://v.altos.re https://d2j5mmc5xd3gqs.cloudfront.net https://d3lvyvnpx5ojp0.cloudfront.net https://cdn.altos.re https://cdn.staging.altos.re https://ssl.google-analytics.com https://www.google-analytics.com https://us.altosresearch.com https://google.com https://www.gstatic.com https://s-static.ak.facebook.com https://www.facebook.com https://altosimages-staging.s3.amazonaws.com https://altosimages.s3.amazonaws.com https://api.url2png.com https://cdn.ckeditor.com https://q.stripe.com https://maps.googleapis.com https://www.bugherd.com https://bugherd-attachments.s3.amazonaws.com https://d2iiunr5ws5ch1.cloudfront.net; font-src 'self' https://v.altos.re https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://themes.googleusercontent.com https://www.bugherd.com; connect-src 'self' https://charts.altosresearch.com https://cdn.staging.altos.re https://cdn.altos.re wss://ws.pusherapp.com/app/edf8b9a8b50d1c28bb17 https://api.mixpanel.com https://www.bugherd.com https://checkout.stripe.com; object-src 'self' ; child-src https://www.facebook.com https://s-static.ak.facebook.com https://www.filestackapi.com https://www.youtube.com https://checkout.stripe.com https://js.stripe.com https://dialog.filestackapi.com; block-all-mixed-content; reflected-xss block; report-uri https://altos.report-uri.io/r/default/csp/reportOnly; 2
default-src 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data: android-webview-video-poster:; font-src * data:; connect-src *; media-src * blob:; frame-src * blob: navigate:; worker-src 'self' blob:; frame-ancestors https://commentsold.com dashboard.popshop.live dashboard.dev.popshop.live; form-action 'self' www.facebook.com tr.snapchat.com pos.commentsold.com; object-src 'none'; manifest-src *; child-src 'self' blob:; report-uri https://o43862.ingest.sentry.io/api/239693/security/?sentry_key=deb2fc6b7d104f7ea6241356c26c14d0 2
script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' cdnjs.cloudflare.com kit.fontawesome.com apps.elfsight.com static.elfsight.com cdn.usebootstrap.com *.cloudmaestro.com www.gstatic.com www.google-analytics.com www.google.com googletagmanager.com *.googletagmanager.com *.optimizely.com stockist.co *.stockist.co; report-uri /.webscale/csp-report 2
font-src *.googleapis.com *.gstatic.com data: *.klarnacdn.net *.klevu.com *.ksearchnet.com *.zopim.com *.fontawesome.com maxcdn.bootstrapcdn.com https://widgets.trustedshops.com *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com use.fontawesome.com fonts.gstatic.com *.yotpo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.twitter.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.google.com *.klarna.com js.mollie.com *.twitter.com *.hotjar.com *.criteo.com *.criteo.net *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: *.paypal.com *.gstatic.com *.googleapis.com www.apptrian.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.klarna.com *.klarnaevt.com *.klarnacdn.net *.klevu.com *.ksearchnet.com *.zopim.com *.zopim.io flagpedia.net https://www.mollie.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com *.cloudflare.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com bat.bing.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.facebook.com *.google.de *.bidswitch.net *.doubleclick.net *.adnxs.com *.360yield.com *.media.net *.outbrain.com *.rubiconproject.com *.sharethrough.com *.smartadserver.com *.taboola.com *.criteo.com *.krxd.net *.thebrighttag.com *.yahoo.com *.casalemedia.com *.emxdgt.com *.yieldmo.com *.yieldlab.net *.tremorhub.com *.pubmatic.com *.mediavine.com *.ivitrack.com *.id5-sync.com *.omnitagjs.com *.adform.net *.3lift.com *.teads.tv *.twiago.com *.yotpo.com swellrewards.com *.swellrewards.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.klarna.com *.klarnacdn.net *.klarnaservices.com js.klevu.com *.ksearchnet.com *.zopim.com *.zdassets.com maps.googleapis.com js.mollie.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com bat.bing.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.tiktok.com *.facebook.net *.hotjar.com *.deinetorte.de *.pingdom.net *.criteo.com *.yotpo.com swellrewards.com *.swellrewards.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com downloads.mailchimp.com *.klarnacdn.net *.klevu.com *.ksearchnet.com *.fontawesome.com maxcdn.bootstrapcdn.com *.gstatic.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com www.apptrian.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com *.klevu.com *.ksearchnet.com *.zdassets.com *.zopim.com widget-mediator.zopim.com www.gstatic.com maps.googleapis.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site *.cloudflare.com *.twitter.com *.twimg.com *.zendesk.com *.tiktok.com *.facebook.com *.pingdom.net wss://widget-mediator.zopim.com *.google-analytics.com *.doubleclick.net *.deinetorte.de *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.deinetorte.de/; report-to report-endpoint; 2
default-src 'self'; connect-src 'self' dc.services.visualstudio.com ssl.google-analytics.com stats.g.doubleclick.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com partner.testseek.com intranet.microk12.com middleman.microk12.com; font-src 'self' data: fonts.gstatic.com static.stockinthechannel.com; frame-src 'self' accounts.us.stockinthechannel.com app.powerbi.com ad.doubleclick.net bid.g.doubleclick.net www.youtube.com; frame-ancestors accounts.us.stockinthechannel.com; img-src * data:; media-src 'self' images.us.stockinthechannel.com media.stockinthechannel.com; manifest-src images.us.stockinthechannel.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' accounts.us.stockinthechannel.com images.us.stockinthechannel.com static.stockinthechannel.com www.googleadservices.com ssl.google-analytics.com googleads.g.doubleclick.net https://*.googletagmanager.com; style-src 'self' 'unsafe-inline' static.stockinthechannel.com fonts.googleapis.com ajax.googleapis.com; report-uri https://stockchannel.report-uri.com/r/d/csp/reportOnly 2
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; media-src https: data:; font-src https: data:; report-uri /csp-report; 2
font-src https://cdn.checkout.com *.fontawesome.com https://instantcredit.net/ *.klarnacdn.net *.googleapis.com *.gstatic.com *.yotpo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors https://instantcredit.net/ 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.awin1.com *.zenaps.com *.fls.doubleclick.net https://js.checkout.com *.klarna.com https://instantcredit.net/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.awin1.com *.zenaps.com cdn.doofinder.com *.klarna.com *.klarnaevt.com *.klarnacdn.net * www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.awin1.com www.dwin1.com *.zenaps.com https://the.sciencebehindecommerce.com https://cdn.checkout.com *.klarnacdn.net cdn.doofinder.com *.plugins.emarsys.net *.scarabresearch.com https://instantcredit.net/ https://code.jquery.com/ *.klarna.com *.klarnaservices.com * *.fontawesome.com *.googleapis.com *.gstatic.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src https://cdn.checkout.com *.fontawesome.com *.doofinder.com https://instantcredit.net/ *.klarnacdn.net unsafe-inline *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://the.sciencebehindecommerce.com https://js.checkout.com *.klarnaevt.com *.doofinder.com wss://*.doofinder.com *.scarabresearch.com *.eservice.emarsys.net https://instantcredit.net/ https://test.instantcredit.net/ *.klarnacdn.net *.klarna.com *.klarnaservices.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.yotpo.com 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src https://api.itau.com.br/ https://api.itau.com.br:443/ https://sts.itau.com.br/ https://sts.itau.com.br:443/ https://secure.api.itau/ https://secure.api.itau:443/ https://apisandbox.redeecommerce.rede.com.br/ https://apiquerysandbox.redeecommerce.rede.com.br/ https://api.redeecommerce.rede.com.br/ https://apiquery.redeecommerce.rede.com.br/ 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src fonts.googleapis.com fonts.gstatic.com *.googleapis.com *.gstatic.com data: *.yotpo.com static.olark.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.yotpo.com www.facebook.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.getbread.com *.breadpayments.com *.rbcpayplan.com *.yotpo.com static.olark.com *.facebook.com *.pinterest.com *.addthis.com *.doubleclick.net *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com https://images.unsplash.com maps.googleapis.com maps.gstatic.com *.gstatic.com *.googleapis.com *.getbread.com *.breadpayments.com *.rbcpayplan.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.yotpo.com store.paradoxlabs.com *.pinterest.com *.olark.com *.facebook.com *.googleadservices.com *.google.com *.google.com.vn *.doubleclick.net *.bing.com *.clarity.ms cdn.innovolifestyles.com cdn.logfurnitureplace.com cdn.woodlandcreekfurniture.com innovolifestyles.com logfurnitureplace.com woodlandcreekfurniture.com *.facebook.net *.googletagmanager.com img.youtube.com *.breadfinancial.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.gstatic.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.getbread.com *.breadpayments.com *.rbcpayplan.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.yotpo.com https://cdn.polyfill.io https://browser.sentry-cdn.com player.vimeo.com *.authorize.net js.braintreegateway.com *.googletagmanager.com *.dotdigital-pages.com *.facebook.net *.klaviyo.com s.pinimg.com *.olark.com *.addthis.com z.moatads.com v1.addthisedge.com *.bing.com www.gstatic.com *.clarity.ms *.doubleclick.net https://www.googletagmanager.com tagmanager.google.com unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com https://static.klaviyo.com *.yotpo.com static.olark.com *.klaviyo.com s.pinimg.com *.doubleclick.net tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com static.olark.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.getbread.com *.breadpayments.com *.rbcpayplan.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.yotpo.com https://*.ingest.sentry.io *.authorize.net *.dotdigital-pages.com webchat.dotdigital.com ct.pinterest.com *.klaviyo.com knrpc.olark.com *.googleadservices.com *.google.com *.doubleclick.net *.clarity.ms *.addthis.com *.googletagmanager.com *.facebook.com *.breadgateway.net *.googlesyndication.com *.google-analytics.com *.facebook.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.getbread.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src https://cdn.checkout.com *.useinsider.com *.klarnacdn.net www.searchanise.com *.searchserverapi.com *.fontawesome.com maxcdn.bootstrapcdn.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.searchanise.com *.searchserverapi.com *.twitter.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://js.checkout.com *.klarna.com *.dotdigital-pages.com *.dotdigital.com *.useinsider.com www.searchanise.com *.searchserverapi.com *.twitter.com *.mention-me.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.trustpilot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com *.useinsider.com *.klarna.com *.klarnaevt.com *.klarnacdn.net *.twitter.com *.twimg.com www.google.ru www.searchanise.com *.searchserverapi.com s3.amazonaws.com *.facebook.com flagpedia.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://redchamps.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.attn.tv events.attentivemobile.com https://cdn.checkout.com *.klarnacdn.net *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com widget.freshworks.com m2epro.freshdesk.com *.useinsider.com *.klarna.com *.klarnaservices.com searchanise-ef84.kxcdn.com s3.amazonaws.com ajax.aspnetcdn.com www.searchanise.com *.searchserverapi.com *.searchanise.com api.amplitude.com *.twitter.com *.twimg.com *.googletagmanager.com *.facebook.net *.mention-me.com *.gstatic.com maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://cdn.checkout.com widget.freshworks.com m2epro.freshdesk.com *.useinsider.com *.klarnacdn.net www.searchanise.com *.searchserverapi.com searchanise-ef84.kxcdn.com s3.amazonaws.com *.twitter.com ton.twimg.com *.fontawesome.com maxcdn.bootstrapcdn.com *.gstatic.com unsafe-inline assets.braintreegateway.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src *.useinsider.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.attn.tv events.attentivemobile.com https://js.checkout.com *.klarnaevt.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com widget.freshworks.com m2epro.freshdesk.com *.useinsider.com *.klarnacdn.net *.klarna.com *.klarnaservices.com api.amplitude.com stats.g.doubleclick.net *.google-analytics.com *.mention-me.com www.gstatic.com maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.typekit.net *.hotjar.com *.audioeye.com *.fontawesome.com https://cdnjs.cloudflare.com *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.google.com *.doubleclick.net *.facebook.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.trustpilot.com *.criteo.com *.pinterest.com *.hotjar.com *.audioeye.com andros.easi.chat *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.g.doubleclick.net *.googletagmanager.com *.gstatic.com validate.fishpig.co.uk *.typekit.net *.google.fr *.google-analytics.com *.pinterest.com cdn.wisepops.com tracking.wisepops.com *.hotjar.com secure.adnxs.com *.criteo.com img2.storyblok.com shareasale.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://www.mollie.com https://api.mapbox.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.trustpilot.com *.typekit.net *.youtube.com *.googleapis.com *.crazyegg.com *.hotjar.com *.pinimg.com *.criteo.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net cdn.wisepops.com loader.wisepops.com cdn.cookielaw.org *.audioeye.com *.easiware.fr *.easiwebforms.net *.easiconnect.io *.dwin1.com s.skimresources.com easiconnect-io-s3-prod-cachebucket-jgz0hjxjivav.s3.eu-west-1.amazonaws.com andros.easi.chat *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.avada.io js.mollie.com https://cdnjs.cloudflare.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.hotjar.com cdn.dnky.co webchat.dotdigital.com downloads.mailchimp.com *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com unsafe-inline *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.googleapis.com *.doubleclick.net *.g.doubleclick.net *.google.fr *.googletagmanager.com *.analytics.google.com *.pinterest.com bam.nr-data.net gov-bam.nr-data.net activity.wisepops.com popup.wisepops.com tracking.wisepops.com cdn.cookielaw.org *.hotjar.com *.hotjar.io *.audioeye.com *.easiware.fr *.easiwebforms.net *.easiconnect.io *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com autocomplete2.postdirekt.de *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src *;script-src 'unsafe-inline' 'unsafe-eval' *;style-src 'unsafe-inline' *;connect-src * blob:;report-uri https://cdn.website-start.de/app/reporting/policyviolation/submit 2
font-src fonts.gstatic.com *.gstatic.com data: https://geowidget.easypack24.net *.fontawesome.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com fonts.googleapis.com *.cloudflare.com *.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com sandbox.przelewy24.pl secure.przelewy24.pl 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com www.google.com account.fetchify.com https://geowidget-app.inpost.pl/ *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.trustpilot.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com api.createx-editor.com *.facebook.com *.facebook.net *.hotjar.com/ *.pinterest.com/ *.webpower.eu 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com *.googleapis.com maps.googleapis.com maps.gstatic.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org static.przelewy24.pl www.gstatic.com gstatic.com www.magmodules.eu *.squeezely.tech api.createx-editor.com work.cloudlab.at:9012 localhost:8080 *.facebook.com *.goedgemerkt.nl goedgemerkt.nl *.bing.com/ *.trengo.eu/ *.pinterest.com *.amazonaws.com/ *.feefo.com/ *.salesfire.co.uk *.cloudflare.com squeezely.tech data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.ampproject.org raw.githubusercontent.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.googleapis.com maps.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.vimeo.com maps.gstatic.com fonts.googleapis.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org sandbox.przelewy24.pl secure.przelewy24.pl squeezely.tech www.squeezely.tech *.squeezely.tech *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.trustpilot.com *.cloudflare.com *.hotjar.com/ *.facebook.com/ *.facebook.net/ api.your-printq.com/ *.bing.com/ *.tiktok.com/ *.widget.trengo.eu/ *.pinimg.com/ *.feefo.com/ *.salesfire.co.uk *.googleoptimize.com/ s3.amazonaws.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com unsafe-inline cc-cdn.com https://geowidget.easypack24.net https://geowidget.inpost.pl *.fontawesome.com *.trustpilot.com fonts.gstatic.com *.cloudflare.com *.feefo.com/ *.salesfire.co.uk cdn-images.mailchimp.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://geowidget.easypack24.net *.trengo.eu/ api.createx-editor.com work.cloudlab.at:9012 localhost:8080 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com cdn.ampproject.org api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk *.easypack24.net *.inpost.pl *.openstreetmap.org sandbox.przelewy24.pl secure.przelewy24.pl wss://sandbox-ws.przelewy24.pl wss://secure-ws.przelewy24.pl apple-pay-gateway.apple.com squeezely.tech *.squeezely.tech *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com api.createx-editor.com work.cloudlab.at:9012 localhost:8080 *.facebook.com *.trustpilot.com *.tiktok.com *.pinterest.com *.widget.trengo.eu/ *.hotjar.com/ stats.g.doubleclick.net/ *.google-analytics.com/ *.goedgemerkt.nl gtmss.bienmarquer.fr *.feefo.com/ *.smartmetrics.co.uk *.salesfire.co.uk 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
report-uri https://megatix.report-uri.com/r/d/csp/reportOnly;base-uri 'self';connect-src 'self' blob: dno8k294lrbzv.cloudfront.net d76l4udv93w2z.cloudfront.net d1629ugb7moz2f.cloudfront.net d2v9c1f99a4hkc.cloudfront.net megatix-prod.s3-ap-southeast-2.amazonaws.com megatix-admin.s3-ap-southeast-2.amazonaws.com *.facebook.com *.google-analytics.com *.googleapis.com *.doubleclick.net *.doku.com *.paypal.com *.tiktok.com sc-static.net *.snapchat.com *.helpscout.net d3hb14vkzrxvla.cloudfront.net *.livechatinc.com *.nr-data.net *.bugsnag.com;default-src 'self';font-src 'self' data: dno8k294lrbzv.cloudfront.net d76l4udv93w2z.cloudfront.net d1629ugb7moz2f.cloudfront.net d2v9c1f99a4hkc.cloudfront.net megatix-prod.s3-ap-southeast-2.amazonaws.com megatix-admin.s3-ap-southeast-2.amazonaws.com *.gstatic.com maxcdn.bootstrapcdn.com;img-src 'self' data: blob: dno8k294lrbzv.cloudfront.net d76l4udv93w2z.cloudfront.net d1629ugb7moz2f.cloudfront.net d2v9c1f99a4hkc.cloudfront.net megatix-prod.s3-ap-southeast-2.amazonaws.com megatix-admin.s3-ap-southeast-2.amazonaws.com *.facebook.com *.facebook.net *.fbcdn.net *.google-analytics.com *.gstatic.com *.googletagmanager.com *.google.com *.google.com.au *.googleusercontent.com *.google.co.th *.google.co.jp *.google.co.id *.google.com.sg *.google.com.my cdnjs.cloudflare.com/ajax/libs/fancybox/ cdnjs.cloudflare.com/ajax/libs/jquery/ *.doku.com *.paypal.com *.paypalobjects.com *.zipmoney.com.au live.staticflickr.com cdn.intelligencebank.com;media-src 'self' dno8k294lrbzv.cloudfront.net d76l4udv93w2z.cloudfront.net d1629ugb7moz2f.cloudfront.net d2v9c1f99a4hkc.cloudfront.net megatix-prod.s3-ap-southeast-2.amazonaws.com megatix-admin.s3-ap-southeast-2.amazonaws.com *.livechatinc.com;style-src-elem 'self' 'unsafe-inline' dno8k294lrbzv.cloudfront.net d76l4udv93w2z.cloudfront.net d1629ugb7moz2f.cloudfront.net d2v9c1f99a4hkc.cloudfront.net megatix-prod.s3-ap-southeast-2.amazonaws.com megatix-admin.s3-ap-southeast-2.amazonaws.com *.googleapis.com cdnjs.cloudflare.com/ajax/libs/fancybox/ cdnjs.cloudflare.com/ajax/libs/jquery/ maxcdn.bootstrapcdn.com *.seatsio.net;script-src-elem 'self' 'unsafe-inline' dno8k294lrbzv.cloudfront.net d76l4udv93w2z.cloudfront.net d1629ugb7moz2f.cloudfront.net d2v9c1f99a4hkc.cloudfront.net megatix-prod.s3-ap-southeast-2.amazonaws.com megatix-admin.s3-ap-southeast-2.amazonaws.com *.facebook.net *.gstatic.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.google.com *.doubleclick.net *.stripe.com cdnjs.cloudflare.com/ajax/libs/fancybox/ cdnjs.cloudflare.com/ajax/libs/jquery/ *.doku.com *.2c2p.com *.xendit.co *.paypal.com *.paypalobjects.com *.zipmoney.com.au *.twitter.com *.line-scdn.net *.tiktok.com sc-static.net polyfill.io *.polyfill.io *.helpscout.net *.livechatinc.com *.newrelic.com *.nr-data.net *.seatsio.net;script-src 'self' 'unsafe-inline' 'unsafe-eval' dno8k294lrbzv.cloudfront.net d76l4udv93w2z.cloudfront.net d1629ugb7moz2f.cloudfront.net d2v9c1f99a4hkc.cloudfront.net megatix-prod.s3-ap-southeast-2.amazonaws.com megatix-admin.s3-ap-southeast-2.amazonaws.com *.facebook.net *.gstatic.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.google.com *.stripe.com cdnjs.cloudflare.com/ajax/libs/fancybox/ cdnjs.cloudflare.com/ajax/libs/jquery/ *.doku.com *.2c2p.com *.paypal.com *.paypalobjects.com *.zipmoney.com.au *.twitter.com *.line-scdn.net *.tiktok.com sc-static.net polyfill.io *.polyfill.io *.helpscout.net *.livechatinc.com *.newrelic.com *.nr-data.net *.seatsio.net;style-src 'self' 'unsafe-inline' dno8k294lrbzv.cloudfront.net d76l4udv93w2z.cloudfront.net d1629ugb7moz2f.cloudfront.net d2v9c1f99a4hkc.cloudfront.net megatix-prod.s3-ap-southeast-2.amazonaws.com megatix-admin.s3-ap-southeast-2.amazonaws.com *.googleapis.com cdnjs.cloudflare.com/ajax/libs/fancybox/ cdnjs.cloudflare.com/ajax/libs/jquery/ maxcdn.bootstrapcdn.com *.seatsio.net;script-src-attr 'self' 'unsafe-hashes' 'unsafe-inline';style-src-attr 'self' 'unsafe-hashes' 'unsafe-inline' *.facebook.net;frame-src 'self' *.facebook.com *.googleapis.com *.google.com *.youtube.com *.stripe.com *.doku.com *.paypal.com *.paypalobjects.com *.twitter.com *.line.me *.snapchat.com *.livechatinc.com *.seatsio.net;form-action 'self' *.facebook.com *.doku.com *.2c2p.com *.snapchat.com 2
font-src *.googleapis.com *.gstatic.com data: fonts.googleapis.com fonts.gstatic.com *.klarnacdn.net *.fontawesome.com *.cloudflare.com *.bootstrapcdn.com *.commerce-connector.com *.typekit.net */csp/report/uri/ *.hotjar.com *.hotjar.io *.yotpo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.facebook.com *.cardinalcommerce.com *.paypal.com https://plumrocket.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.klarna.com *.mercadolibre.com *.google.com *.gstatic.com *.facebook.com *.bluesnap.com *.kaptcha.com *.adsrvr.org *.hotjar.com *.hotjar.io */csp/report/uri/ *.hubspot.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com https://plumrocket.com www.xtento.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobedtm.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com maps.googleapis.com maps.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com *.klarna.com *.klarnaevt.com *.klarnacdn.net *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.mercadolivre.com *.essentialaccessibility.com *.wahlanimal.com  s.ytimg.com  *.google.com  *.google.com.mx  *.google-analytics.com *.facebook.com ct.pinterest.com bat.bing.com *.google.co.in *.cloudflare.com *.wahlclipper.com *.powerreviews.com *.googletagmanager.com *.cloudfront.net *.webcollage.net *.syndigo.cloud *.postcodeanywhere.co.uk */csp/report/uri/ *.reddit.com *.hsforms.com *.hubspot.com  *.google.com.in  *.payments-amazon.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com www.xtento.com cdn.xtento.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.klarna.com *.klarnacdn.net *.klarnaservices.com *.avada.io *.mlstatic.com *.mercadopago.com *.powerreviews.com *.google.com *.newrelic.com js-agent.newrelic.com *.googletagmanager.com https://www.googletagmanager.com/gtm.js connect.facebook.net bat.bing.com *.google-analytics.com *.googleoptimize.com https://www.googleoptimize.com/optimize.js *.trustedsite.com *.cloudflare.com *.twitter.com *.fontawesome.com *.nr-data.net *.wahlclipper.com *.googleapis.com *.jsdelivr.net *.bluesnap.com *.webcollage.net *.syndigo.com *.adsrvr.org *.hotjar.com *.hotjar.io *.pcapredict.com *.postcodeanywhere.co.uk *.commerce-connector.com *.amazonaws.com/ */csp/report/uri/ *.redditstatic.com *.hs-scripts.com *.hscollectedforms.net *.hs-banner.com *.usemessages.com *.hs-analytics.net *.kaptcha.com *.hsadspixel.net *.hsleadflows.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com www.xtento.com cdn.xtento.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.klarnacdn.net *.fontawesome.com *.googleapis.com *.powerreviews.com getfirebug.com display.ugc.bazaarvoice.com cdn.dnky.co webchat.dotdigital.com *.yotpo.com *.cloudflare.com *.bootstrapcdn.com *.wahlclipper.com *.jsdelivr.net *.postcodeanywhere.co.uk *.commerce-connector.com *.typekit.net */csp/report/uri/ unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com https://get.geojs.io *.avada.io *.mercadopago.com *.mercadolibre.com stats.g.doubleclick.net ct.pinterest.com *.google-analytics.com *.whatcounts.com siteanalytics.whatcounts.com https://siteanalytics.whatcounts.com *.amazonaws.com/ api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.amazonaws.com *.yotpo.com *.cloudflare.com *.powerreviews.com *.nr-data.net *.wahlclipper.com *.syndigo.com *.postcodeanywhere.co.uk wss://ws41.hotjar.com *.commerce-connector.com */csp/report/uri/ *.facebook.com wss://*.hotjar.com *.hotjar.com *.hotjar.io *.hubspot.com *.hubapi.com *.hs-banner.com *.kaptcha.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 2
font-src fonts.googleapis.com fonts.gstatic.com https://js.klevu.com/klevu-css/* https://js.klevu.com/ *.klevu.com js.klevu.com *.cloudflare.com *.cloudfront.net *.bootstrapcdn.com *.typekit.net *.gstatic.com 'self' data: 'unsafe-inline' data: *.klarnacdn.net *.ksearchnet.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.sharethis.com *.braintreegateway.com *.google.com https://*.youtube.com www.facebook.com *.fls.doubleclick.net *.g.doubleclick.net *.shophumm.com.au *.criteo.com *.hotjar.com *.adsrvr.org https://viewer-whitelabel.shopfully.cloud https://www.tiendeo.co.nz *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com portal.sandbox.afterpay.com portal.afterpay.com *.weltpixel.com *.klarna.com widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk *.wesupply.xyz https://wesupplylabs.com *.dotdigital.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io maps.gstatic.com *.sharethis.com maps.googleapis.com *.klevu.com *.cloudflare.com https://cdn.klarna.com *.paypal.com *.afterpay.com https://img.youtube.com https://*.paypal.com *.nextopia.net https://*.zipmoney.com.au www.facebook.com *.data-dynamic.net *.godfreys.com.au *.feefo.com *.fls.doubleclick.net *.google.com *.google.com.ph *.google.com.au *.shophumm.com.au *.googletagmanager.com.au *.googletagmanager.com *.gstatic.com *.googleapis.com *.tvsquared.com *.bing.com *.hotjar.com *.quantserve.com *.criteo.com *.clarity.ms *.klarna.com *.klarnaevt.com *.klarnacdn.net https://static.afterpay.com https://site-assets.afterpay.com/ *.trackedlink.net connect.facebook.net graph.facebook.com business.facebook.com *.ksearchnet.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com maps.googleapis.com *.sharethis.com maps.gstatic.com fonts.googleapis.com *.klevu.com *.cloudflare.com *.fontawesome.com portal.afterpay.com *.gstatic.com *.google.com *.paypalobjects.com *.newrelic.com *.nr-data.net *.bronto.com *.barilliance.com *.barilliance.net *.cdn4.forter.com *.facebook.net *.fls.doubleclick.net *.g.doubleclick.net *.cloudfront.net *.feefo.com *.shophumm.com.au *.livechatinc.com *.serving-sys.com *.googleapis.com *.clarity.ms *.criteo.net *.criteo.com *.as.criteo.com *.bing.com *.quantserve.com *.hotjar.com *.tvsquared.com *.quantcount.com *.adsrvr.org *.googlecommerce.com *.rmp.rakuten.com *.openpay.com.au https://js-agent.newrelic.com/nr-1208.min.js https://unpkg.com *.azureedge.net https://viewer-whitelabel.shopfully.cloud/scripts/v1/init.min.js *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com x.klarnacdn.net portal.sandbox.afterpay.com *.klarna.com *.klarnaservices.com https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com https://js.sandbox.afterpay.com https://js.afterpay.com *.ddlnk.net debug-tracking.dotdigital.internal www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.klevu.com *.ksearchnet.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.sharethis.com fonts.googleapis.com https://js.klevu.com/klevu-css/* *.klevu.com *.cloudflare.com *.bootstrapcdn.com *.fontawesome.com *.googleapis.com *.ecomm-nav.com https://*.zipmoney.com.au *.nextopiasoftware.com https://*.facebook.com https://*.safelinks.protection.outlook.com/ *.zdassets.com *.barilliance.com *.barilliance.net *.newrelic.com *.nr-data.net data: https://fonts.googleapis.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://use.typekit.net https://p.typekit.net *.nextopia.net *.cloudfront.net *.feefo.com static.afterpay.com/ js.sandbox.afterpay.com js.afterpay.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.klarnacdn.net *.ksearchnet.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.sharethis.com *.cloudflare.com *.paypal.com *.braintree-api.com *.braintreegateway.com https://*.cloudfront.net https://*.zip.co *.nr-data.net *.forter.com wss://cdn0.forter.com *.google-analytics.com *.googleapis.com *.feefo.com *.serving-sys.com *.clarity.ms *.hotjar.com *.g.doubleclick.net *.hotjar.io *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com https://www.barilliance.net https://sslwidget.criteo.com https://socialplugin.facebook.net www.facebook.com https://prod-api-v1-widgets.azurewebsites.net wss://prod-eh-v1-analytics.servicebus.windows.net https://api.amplitude.com x.klarnacdn.net portal.sandbox.afterpay.com portal.afterpay.com *.adsrvr.org *.klarnaevt.com static.afterpay.com static.sandbox.afterpay.com js.sandbox.afterpay.com js.afterpay.com connect.facebook.net graph.facebook.com business.facebook.com *.klarnaservices.com *.klevu.com *.ksearchnet.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.google.com google.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
frame-ancestors 'self'; report-uri /ocapi/Public/report-uri/csp; 2
font-src maxcdn.bootstrapcdn.com *.narvar.com *.narvar.qa *.lasportivausa.com data: *.googleapis.com *.gstatic.com *.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com api.bazaarvoice.com stg.api.bazaarvoice.com https://plumrocket.com *.cardinalcommerce.com *.paypal.com *.lasportivausa.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.sharethis.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://plumrocket.com *.weltpixel.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.lasportivausa.com *.doubleclick.net *.google.com *.googleapis.com *.vimeo.com *.addthis.com *.pinterest.com disqus.com *.bazaarvoice.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.sharethis.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.narvar.com *.narvar.qa www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.lasportivausa.com *.google.com *.googleapis.com *.gstatic.com via.placeholder.com *.pinterest.com *.disqus.com *.addthis.com *.bazaarvoice.com *.viglink.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.sharethis.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com chimpstatic.com downloads.mailchimp.com *.list-manage.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.lasportivausa.com bam.nr-data.net cdnjs.cloudflare.com *.cookielaw.org *.doubleclick.net *.google.com *.googleapis.com *.gstatic.com js-agent.newrelic.com *.newrelic.com player.vimeo.com *.addthis.com *.addthisedge.com *.moatads.com *.avmws.com *.pinimg.com *.pinterest.com *.disqus.com *.disquscdn.com *.bazaarvoice.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.sharethis.com display.ugc.bazaarvoice.com downloads.mailchimp.com maxcdn.bootstrapcdn.com unsafe-inline *.lasportivausa.com *.disquscdn.com *.bazaarvoice.com *.googleapis.com 'self' 'unsafe-inline'; object-src *.bolt.com 'self' 'unsafe-inline'; media-src *.adobe.com *.narvar.com *.narvar.qa *.lasportivausa.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.sharethis.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com sessions.bugsnag.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.lasportivausa.com bam.nr-data.net *.doubleclick.net *.google.com *.googleapis.com *.pinterest.com *.disqus.com *.addthis.com *.bazaarvoice.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.lasportivausa.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.facebook.com *.doubleclick.net www.google.com www.google.com.co *.windows.net *.googlesyndication.com www.googleoptimize.com udc-neb.kampyle.com *.clarity.ms lla-cms-prod.directus.app *.serving-sys.com content.hotjar.io www.google.com.pe static.kameleoon.com bat.bing.com recommender.scarabresearch.com www.google.com.pa *.facebook.net cdnjs.cloudflare.com analytics.google.com www.google.com.ni *.hotjar.com *.googleapis.com *.gstatic.com metrics.hotjar.io webchannel-content.eservice.emarsys.net ayuda.masmovilpanama.com www.google-analytics.com data.kameleoon.io cro.movil.pa cdn.storerocket.io 0xfagbzc9j.kameleoon.eu cdn.scarabresearch.com cwpanama.speedtestcustom.com static.scarabresearch.com vc.hotjar.io *.msecnd.net p.typekit.net events.mapbox.com statin.lat mapadecobertura.movil.pa *.quantummetric.com www.googletagmanager.com ssl.google-analytics.com www.youtube.com analytics.masmovilpanama.com embed.binkies3d.com api.mapbox.com nebula-cdn.kampyle.com adservice.google.com *.googleadservices.com www.google.co.in storerocket.io store-stats.cwpweb.cc use.typekit.net www.masmovilpanama.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 2
font-src *.sagepay.com https://use.fontawesome.com https://stackpath.bootstrapcdn.com https://fonts.gstatic.com 'self' data: *.klarnacdn.net *.fontawesome.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.sagepay.com https://www.facebook.com/ 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ https://www.youtube.com *.youtube-nocookie.com *.sagepay.com https://player.vimeo.com https://widget.trustpilot.com https://vars.hotjar.com https://www.facebook.com https://www.google.com https://secure.livechatinc.com *.klarna.com *.weltpixel.com *.google.com/ www.xtento.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.paypal.com *.sagepay.com https://www.google.com https://www.google.co.uk https://stats.g.doubleclick.net https://www.facebook.com https://bat.bing.com https://cdn.livechatinc.com *.klarna.com *.klarnaevt.com *.klarnacdn.net https://www.magezon.com maps.gstatic.com *.gstatic.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ chimpstatic.com downloads.mailchimp.com *.list-manage.com *.sagepay.com https://www.googletagmanager.com https://chimpstatic.com http://widget.trustpilot.com https://widget.trustpilot.com https://invitejs.trustpilot.com https://static.hotjar.com https://script.hotjar.com https://connect.facebook.net https://www.google.com https://www.gstatic.com http://bat.bing.com https://cdn.livechatinc.com https://secure.livechatinc.com *.google.com/ https://js-agent.newrelic.com https://bam-cell.nr-data.net *.klarna.com *.klarnacdn.net *.klarnaservices.com s7.addthis.com player.vimeo.com maps.googleapis.com tagmanager.google.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src downloads.mailchimp.com *.sagepay.com https://use.fontawesome.com https://stackpath.bootstrapcdn.com https://fonts.gstatic.com https://fonts.googleapis.com *.klarnacdn.net *.fontawesome.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src https://cdn.livechatinc.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com vimeo.com *.paypal.com *.sagepay.com https://use.fontawesome.com https://vc.hotjar.io https://in.hotjar.com https://api.craftyclicks.co.uk https://bat.bing.com https://www.google-analytics.com https://stats.g.doubleclick.net *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com ekr.zdassets.com/ 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri /envisagecsp; report-to report-endpoint; 2
font-src *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: *.gstatic.com *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com *.google.com *.gstatic.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com t.elasticsuite.io *.google-analytics.com *.facebook.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://csp-report.ctidigital.com/report; report-to report-endpoint; 2
default-src https:; 						script-src https: 'unsafe-inline' 'unsafe-eval'; 						style-src https: 'unsafe-inline'; 						font-src https: data:; 						img-src https: data: about: ; 						connect-src https: wss: 'self'; 						worker-src https: blob: 'self'; 2
default-src 'self' cdn.sanity.io https://www.bigmarker.com *.youtube.com *.ytimg.com *.ggpht.com; script-src 'self' 'unsafe-inline' *.gstatic.com *.googlesyndication.com *.doubleclick.net *.google-analytics.com *.googleapis.com *.google.com *.google.com.au *.googletagmanager.com *.redditstatic.com *.reddit.com *.facebook.net *.facebook.com *.ads.linkedin.com snap.licdn.com cdn.linkedin.oribi.io *.clearbit.com cdn.sanity.io noembed.com cdn.cookie-script.com geo.cookie-script.com *.youtube.com *.ytimg.com *.ggpht.com content.hotjar.io *.hotjar.com api.segment.io cdn.segment.com fast.wistia.com embed-ssl.wistia.com ; connect-src 'self' *.gstatic.com *.googlesyndication.com *.doubleclick.net *.google-analytics.com *.googleapis.com *.google.com *.google.com.au *.googletagmanager.com *.redditstatic.com *.reddit.com *.facebook.net *.facebook.com *.ads.linkedin.com snap.licdn.com cdn.linkedin.oribi.io *.clearbit.com cdn.sanity.io noembed.com cdn.cookie-script.com geo.cookie-script.com *.youtube.com *.ytimg.com *.ggpht.com content.hotjar.io *.hotjar.com wss://*.hotjar.com api.segment.io cdn.segment.com fast.wistia.com fast.wistia.net embed-cloudfront.wistia.com pipedream.wistia.com distillery.wistia.com; img-src 'self' data: *.gstatic.com *.googlesyndication.com *.doubleclick.net *.google-analytics.com *.googleapis.com *.google.com *.google.com.au *.googletagmanager.com *.redditstatic.com *.reddit.com *.facebook.net *.facebook.com *.ads.linkedin.com snap.licdn.com cdn.linkedin.oribi.io *.clearbit.com cdn.sanity.io *.youtube.com *.ytimg.com *.ggpht.com fast.wistia.com embed-ssl.wistia.com; style-src 'self' 'unsafe-inline' data: *.youtube.com *.ytimg.com *.ggpht.com; font-src 'self' data: fonts.gstatic.com fast.wistia.com embed-ssl.wistia.com; frame-ancestors 'none' 2
default-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; object-src https:; style-src 'unsafe-inline' https:; img-src https: 'self' data:; media-src https:; frame-src https:; font-src https: data:; connect-src https: wss:; report-uri /report-csp-violation 2
default-src * data: ; script-src * 'unsafe-inline' 'unsafe-eval'  ; style-src * 'unsafe-inline' data: ; frame-ancestors 'self'; report-uri /csp-violation-report-endpoint/ 2
object-src 'none'; script-src 'self' cdnjs.cloudflare.com https://maps.google.com https://maps.googleapis.com https://static.addtoany.com https://use.fontawesome.com https://www.google.com; script-src-attr 'self'; style-src 'self' cdnjs.cloudflare.com https://fonts.googleapis.com; style-src-attr 'self'; frame-ancestors 'self' 2
font-src *.googleapis.com *.gstatic.com data: *.fontawesome.com *.twitter.com *.zopim.com fonts.gstatic.com *.ubteam.com *.ubteam.co.uk *.ubteam.ca *.ubteam.com.au *.ubteam.co.nz *.ubteam.eu *.ubteam.fr *.intercomcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com *.ubteam.com *.ubteam.co.uk *.twitter.com *.ubteam.ca *.ubteam.com.au *.ubteam.co.nz *.ubteam.eu *.ubteam.fr *.b2clogin.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.google.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.wistia.com *.wistia.net *.mercadolibre.com *.google.com *.google.mu *.twitter.com *.vimeo.com *.ubteam.com *.ubteam.co.uk *.ubteam.ca *.ubteam.com.au *.ubteam.co.nz *.ubteam.eu *.ubteam.fr *.brightcove.net *.authorize.net *.braintreegateway.com *.kaptcha.com *.flipsnack.com *.networkmerchants.com *.ceros.com www.xtento.com 'self' 'unsafe-inline'; img-src *.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com *.googleapis.com *.trackedlink.net 'self' data: *.wistia.com *.wistia.net *.mercadopago.com *.mercadolibre.com *.sagepay.co.uk *.opayo.co.uk *.magentocommerce.com *.paypalobjects.com *.ytimg.com www.xtento.com *.authorize.net *.cardinalcommerce.com *.googleadservices.com *.google-analytics.com *.twitter.com *.newrelic.com *.nr-data.net *.googletagmanager.com *.doubleclick.net *.zopim.com https://ryanscomputers.com https://www.ryanscomputers.com *.lenovo.com *.asus.com *.samsung.com *.raxcdn.com *.wikichip.org *.scan.co.uk *.broadcastbruce.com *.akamaihd.net *.ubteam.com *.ubteam.co.uk *.ubteam.ca *.ubteam.com.au *.ubteam.co.nz *.ubteam.eu *.ubteam.fr 'self' blob: *.news18.com *.google.mu *.google.co.nz *.google.co.uk *.google.com.ua *.google.com.ph *.google.com *.klarna.com *.amazonaws.com *.rackcdn.com/ *.google.com.vn/ *.intercomcdn.com *.mcusercontent.com *.intercomassets.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co api.comapi.com webchat.dotdigital.com *.avada.io *.wistia.com *.wistia.net *.networkmerchants.com *.google.com *.google.mu *.mlstatic.com *.sagepay.co.uk *.sagepay.com www.google.com/recaptcha/api.js js-agent.newrelic.com https://bam.nr-data.net fonts.gstatic.com *.authorize.net *.cardinalcommerce.com *.ccdc02.com *.paypalobjects.com *.ytimg.com *.signifyd.com *.xtento.com *.getfirebug.com *.google-analytics.com *.braintreegateway.com *.zdassets.com *.zopim.com *.akamaihd.net *.googleadservices.com 'unsafe-inline' wss: 'self' data: *.ubteam.com *.ubteam.co.uk *.ubteam.ca *.ubteam.com.au *.ubteam.co.nz *.ubteam.eu *.ubteam.fr *.cloudflareinsights.com *.googletagmanager.com *.embed.typeform.com *.intercom.io *.intercomcdn.com *.ceros.com *.cdnjs.cloudflare.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com *.googleapis.com *.twitter.com *.gstatic.com *.typekit.net *.getfirebug.com *.google.com *.google.mu *.networkmerchants.com *.mercadopago.com *.zdassets.com *.omtrdc.net *.zopim.com 'unsafe-inline' wss: 'self' data: *.ubteam.com *.ubteam.co.uk *.ubteam.ca *.ubteam.com.au *.ubteam.co.nz *.ubteam.eu *.ubteam.fr *.wistia.com *.wistia.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com blob: * 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net *.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.googleapis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com https://get.geojs.io *.avada.io *.networkmerchants.com *.mercadopago.com *.twitter.com *.doubleclick.net *.zdassets.com 'unsafe-inline' wss: *.google-analytics.com *.akamaihd.net *.wistia.com *.wistia.net *.litix.io *.ubteam.com *.ubteam.co.uk *.ubteam.ca *.ubteam.com.au *.ubteam.co.nz *.ubteam.eu *.ubteam.fr *.zendesk.com *.intercom.io *.cdnjs.cloudflare.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com blob: * http: https: blob: 'self' 'unsafe-inline'; default-src blob: * 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self'; img-src * 2
worker-src * blob:; font-src *.gstatic.com *.fontawesome.com *.livechatinc.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.hcaptcha.com hcaptcha.com cdn.jsdelivr.net *.cloudflare.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.googleadservices.com *.google-analytics.com *.gstatic.com *.usercentrics.eu *.fontawesome.com connect.facebook.net *.paypalobjects.com *.paypal.com *.googletagmanager.com *.trustpilot.com *.cookiebot.com *.doubleclick.net *.criteo.com *.criteo.net *.stripe.com *.livechatinc.com *.googleapis.com *.atlantic.fr *.azurewebsites.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io groupe-mb.scene7.com *.cloudflare.com *.gstatic.com *.google.com *.google.co.in www.facebook.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.connect.facebook.net *.doubleclick.net *.youtube.com *.google.fr *.criteo.com *.trustpilot.com * *.stripe.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.hcaptcha.com hcaptcha.com maps.googleapis.com cdn.jsdelivr.net *.cloudflare.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.googleadservices.com *.google-analytics.com *.gstatic.com *.usercentrics.eu *.fontawesome.com connect.facebook.net *.paypalobjects.com *.paypal.com *.googletagmanager.com *.youtube.com *.trustpilot.com *.cookiebot.com *.doubleclick.net *.criteo.com *.criteo.net *.stripe.com *.licdn.com *.bing.com *.livechatinc.com *.clarity.ms *.sparkow.net t4.my-probance.one *.contentsquare.net *.googleapis.com bam.nr-data.net bam.eu01.nr-data.net *.newrelic.com *.octipas-emerch.net assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.livechatinc.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.hcaptcha.com hcaptcha.com cdn.jsdelivr.net *.cloudflare.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.googleadservices.com *.google-analytics.com *.gstatic.com *.usercentrics.eu *.fontawesome.com connect.facebook.net *.paypalobjects.com *.paypal.com *.googletagmanager.com *.youtube.com *.trustpilot.com *.cookiebot.com *.doubleclick.net *.criteo.com *.criteo.net *.stripe.com *.clarity.ms *.scandit.com *.livechatinc.com *.bing.com *.sparkow.net *.contentsquare.net bam.nr-data.net bam.eu01.nr-data.net *.googleapis.com *.octipas-emerch.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src yotpo.com 'self' data: 'unsafe-inline' data: *.magentocommerce.com *.googleapis.com *.gstatic.com *.cloudfront.net *.bootstrapcdn.com fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.zopim.com *.fontawesome.com *.paypal.com *.feefo.com *.pcapredict.com *.postcodeanywhere.co.uk *.magentosite.cloud *.yotpo.com https://cdnjs.cloudflare.com maxcdn.bootstrapcdn.com connect.facebook.net *.amazonaws.com *.acsbapp.com *.typekit.net https://use.typekit.net/fpf5obn.css https://use.typekit.net use.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com https://infinity-public-js.500apps.com/widget.min.js *.500apps.com yotpo.com www.apptrian.com facebook.com connect.facebook.net graph.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com 'self' data: 'unsafe-inline' data: *.authorize.net *.sandbox.paypal.com *.vimeo.com *.googletagmanager.com *.cardinalcommerce.com *.magentocommerce.com cdn.dnky.co www.youtube.com *.hotjar.com *.google.com/ www.facebook.com *.trustpilot.com *.paypal.com *.feefo.com *.pcapredict.com *.postcodeanywhere.co.uk *.magentosite.cloud yotpo.com *.dotdigital-pages.com *.dotdigital.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.yotpo.com swellrewards.com *.swellrewards.com connect.facebook.net *.doubleclick.net *.expertvoice.com *.acsbapp.com https://www.paypalobjects.com https://infinity-public-js.500apps.com/widget.min.js *.500apps.com nytrng.com www.apptrian.com facebook.com graph.facebook.com webchat.dotdigital.com webchat.staging.dotdigital.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com * *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com 'self' 'unsafe-inline'; img-src *.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io 'self' data: 'unsafe-inline' data: *.sandbox.paypal.com *.ytimg.com yotpo.com www.facebook.com *.ssl-images-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de store.paradoxlabs.com *.yotpo.com swellrewards.com *.swellrewards.com *.magentocommerce.com *.cloudfront.net *.gstatic.com www.google.nl connect.onlinesucces.nl px.ads.linkedin.com stats.g.doubleclick.net *.googleapis.com www.linkedin.com linkedin.com googletagmanager.com gallery.mailchimp.com *.trustedshops.com *.zopim.com cdn.jsdelivr.net *.paypal.com *.feefo.com *.pcapredict.com *.postcodeanywhere.co.uk *.magentosite.cloud connect.facebook.net *.adnxs.com *.amplifi.io *.quantserve.com *.mediaiqdigital.com *.doubleclick.net *.hotjar.com *.acgbrands.com https://acgbrands.com *.acsbapp.com alb.reddit.com *.google.co.in i.liadm.com us-central1-addshoppers-data-production.cloudfunctions.net www.apptrian.com facebook.com graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://www.magezon.com maps.gstatic.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ 'self' data: 'unsafe-inline' data: *.authorize.net *.googleadservices.com *.paypalobjects.com *.braintreegateway.com *.sandbox.paypal.com *.ytimg.com *.google.com/ vimeo.com *.cardinalcommerce.com *.ccdc02.com *.magentocommerce.com *.cloudfront.net google.com www.google.com gstatic.com www.gstatic.com *.googletagmanager.com *.googleapis.com cdn.dnky.co api.comapi.com *.trackedlink.net snap.licdn.com chimpstatic.com checkout.buckaroo.nl *.adyen.com *.zopim.com *.hotjar.com *.zdassets.com *.sendcloud.sc *.mailchimp.com *.trustedshops.com *.fontawesome.com connect.facebook.net www.feedbackcompany.com *.google-analytics.com *.trustpilot.com *.newrelic.com *.nr-data.net cdn.jsdelivr.net www.googleoptimize.com www.clarity.ms *.paypal.com *.feefo.com *.pcapredict.com *.postcodeanywhere.co.uk *.magentosite.cloud yotpo.com www.facebook.com *.trackedweb.net *.dotdigital-pages.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital.com https://storage.googleapis.com *.yotpo.com swellrewards.com *.swellrewards.com *.quantcount.com *.quantserve.com *.doubleclick.net *.experticity.com *.dwin1.com *.expertvoice.com *.acsbapp.com https://acsbapp.com/apps/app/dist/js/app.js https://acsbapp.com https://shop.pe https://shopper.shop.pe/input.js https://infinity-public-js.500apps.com/widget.min.js *.500apps.com *.redditstatic.com addshoppers.s3.amazonaws.com www.apptrian.com facebook.com graph.facebook.com webchat.dotdigital.com webchat.staging.dotdigital.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com s7.addthis.com maps.googleapis.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com 'self' data: 'unsafe-inline' data: getfirebug.com *.googleapis.com *.magentocommerce.com *.cloudfront.net *.bootstrapcdn.com cdn.dnky.co *.fontawesome.com *.mailchimp.com *.trustpilot.com cdn.jsdelivr.net *.paypal.com *.feefo.com *.pcapredict.com *.postcodeanywhere.co.uk *.magentosite.cloud *.yotpo.com *.dotdigital.com swellrewards.com *.swellrewards.com fonts.googleapis.com connect.facebook.net https://cdnjs.cloudflare.com *.acsbapp.com *.typekit.net https://use.typekit.net/fpf5obn.css https://p.typekit.net yotpo.com webchat.dotdigital.com webchat.staging.dotdigital.com unsafe-inline assets.braintreegateway.com tagmanager.google.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zopim.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com 'self' data: 'unsafe-inline' data: *.cloudfront.net *.magentocommerce.com commerce.adobedc.net api.comapi.com *.google-analytics.com stats.g.doubleclick.net *.zdassets.com *.hotjar.com *.hotjar.io *.zopim.com wss://*.zopim.com www.feedbackcompany.com *.cardinalcommerce.com *.zendesk.com *.nr-data.net www.clarity.ms *.paypal.com *.feefo.com *.pcapredict.com *.postcodeanywhere.co.uk *.magentosite.cloud yotpo.com connect.facebook.net www.facebook.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.dotdigital.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.yotpo.com swellrewards.com *.swellrewards.com *.braintreegateway.com *.braintree-api.com *.cloudflare.com *.googleapis.com *.experticity.com *.grin.co *.acsbapp.com https://infinity-public-js.500apps.com/widget.min.js *.500apps.com shopper.shop.pe app.shop.pe *.acgbrands.com nytrng.com ws2.hotjar.com shop.pe wss://*.hotjar.com www.apptrian.com facebook.com graph.facebook.com webchat.dotdigital.com webchat.staging.dotdigital.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.google.com google.com ekr.zdassets.com/ https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src https://cdn.checkout.com *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.fontawesome.com data: checkout.tabby.ai widgets.tabby.ai cdn.tabby.ai fonts.googleapis.com storage.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.ccavenue.ae 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://js.checkout.com *.klarna.com *.ccavenue.ae https://c.sharethis.mgr.consensu.org https://secure.ccavenue.ae checkout.tabby.ai 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.ccavenue.ae *.magentocommerce.com *.cloudfront.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu https://l.sharethis.com https://sharethis.com https://platform-cdn.sharethis.com *.facebook.com data: checkout.tabby.ai widgets.tabby.ai cdn.tabby.ai fonts.googleapis.com storage.googleapis.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://cdn.checkout.com *.klarnacdn.net *.ccavenue.ae *.moengage.com sc-static.net *.snapchat.com *.spotii.me *.cloudflare.com *.authorize.net *.braintreegateway.com www.google.com *.ytimg.com *.paypal.com *.payments-amazon.com *.croapp.net https://buttons-config.sharethis.com https://platform-api.sharethis.com s7.addthis.com *.googletagmanager.com *.facebook.net checkout.tabby.ai widgets.tabby.ai cdn.segment.com cdn.sift.com score.jcsc.online seondf.com deviceinf.com getdeviceinf.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://cdn.checkout.com *.yotpo.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://js.checkout.com *.klarnaevt.com *.ccavenue.ae *.moengage.com sc-static.net *.snapchat.com *.spotii.me *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com https://l.sharethis.com https://sharethis.com ekr.zdassets.com/ *.google-analytics.com checkout.tabby.ai widgets.tabby.ai cdn.segment.com api.segment.com api.segment.io api.amplitude.com *.seondfresolver.com *.deviceinfresolver.com *.getdeviceinfresolver.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.seondnsresolve.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self' https://static.diatoetsen.nl/ https://fonts.gstatic.com/ https://fonts.googleapis.com/ https://kozea.github.io/ https://stats.g.doubleclick.net/ https://www.google.com/ads/ https://www.google.nl/ads/ https://www.google-analytics.com/ https://www.youtube.com/ https://www.googletagmanager.com/ https://static.browsealoud.nl/ https://plus.browsealoud.com/ https://www.browsealoud.com/ https://api.geogebra.org/ https://www.geogebra.org/ https://www.google.hu/ https://www.google.be/ https://www.google.com/ https://www.gstatic.com/ https://maps.googleapis.com/ https://maps.gstatic.com/ https://www.google.ae/ https://www.google.com.qa/ https://www.google.co.id/ https://speech.speechstream.net/ https://toolbar.speechstream.net/ https://pronunciation.speechstream.net/ https://www.facebook.com/ https://www.google.de/ https://translate.google.com/ https://translate.googleapis.com/ https://turboeagle.co/ https://*.readspeaker.com/ https://cdn.jsdelivr.net/ https://*.analytics.google.com blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; report-uri https://csp-reports.tbai.nl/csp/report/; report-to default 2
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.klevu.com *.ksearchnet.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.google.com *.doubleclick.net *.facebook.com www.paypal.com www.sandbox.paypal.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * s7.addthis.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.klevu.com *.ksearchnet.com www.paypal.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com js.klevu.com *.ksearchnet.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com s7.addthis.com m.addthis.com v1.addthisedge.com z.moatads.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.klevu.com *.ksearchnet.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com *.bolt.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.klevu.com *.ksearchnet.com www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com s7.addthis.com m.addthis.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src *.fontawesome.com fonts.gstatic.com www.google.com www.gstatic.com maxcdn.bootstrapcdn.com helpcrunch.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.co *.facebook.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com zolotakraina.ua *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com https://www.googletagmanager.com https://polyfill.io polyfill.io multisearch.io widget.helpcrunch.com connect.facebook.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.google.com *.gstatic.com *.avada.io assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com maxcdn.bootstrapcdn.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com widget.helpcrunch.com wss://uniongroup.helpcrunch.com/ uniongroup.helpcrunch.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src *.klevu.com *.ksearchnet.com *.gstatic.com *.fontawesome.com *.googleapis.com maxcdn.bootstrapcdn.com fonts.gstatic.com tvape.com torontovaporizer.ca stonersguardian.com api.payengine.de payengine.de *.olark.com cdn.tvape.fr *.cloudflare.com cdnjs.cloudflare.com cloudflare.com js.klevu.com *.yotpo.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.google.com accounts.google.com *.canadapost.ca https://sso.epost.ca *.purolator.com hubspot.com forms.hubspot.com hsforms.net forms.hsforms.com hsforms.com js.hsforms.net stonersguardian.com api.payengine.de payengine.de signin.ebay.com auth.ebay.com ebay.com www.ebay.com *.cardinalcommerce.com tvape.de *.rfihub.com *.wibmo.com *.hsforms.com *.epost.ca *.paypal.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.meetanshi.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ consentcdn.cookiebot.com www.google.com accounts.google.com *.google.com *.google.com.ua *.google.co.uk *.meetanshi.com *.purolator.com www.facebook.com platform.twitter.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com https://hosted.paysafe.com *.sendcloud.sc customer-upskkbfxkf3xe5cz.cloudflarestream.com iframe.videodelivery.net static.olark.com tracking.sezzle.com online.fliphtml5.com r1.dotmailer-surveys.com pp.payengine.de hsforms.net forms.hsforms.com js.hsforms.net dpm.demdex.net demdex.net youtu.be youtube.com stonersguardian.com api.payengine.de payengine.de vimeo.com 20813811p.rfihub.com *.rfihub.com *.wibmo.com *.hsforms.com *.epost.ca *.paypal.com *.klarna.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com www.google.com accounts.google.com *.google.com *.google.com.ua *.google.co.uk *.gstatic.com *.doubleclick.net mageside.com *.canadapost.ca *.googleapis.com *.meetanshi.com www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://redchamps.com videodelivery.net customer-upskkbfxkf3xe5cz.cloudflarestream.com tvape.co.uk verify.bluecheck.me torontovaporizer.ca cdn.torontovaporizer.ca tvape.com stats.g.doubleclick.net maps.gstatic.com d3svog4tlx445w.cloudfront.net static.olark.com log.olark.com media.sezzle.com www.googletagmanager.com maps.googleapis.com js.hsforms.net hsforms.net forms.hsforms.com perf.hsforms.com forms.hubspot.com *.tvape.com demdex.net chart.googleapis.com stonersguardian.com api.payengine.de payengine.de r1-t.trackedlink.net img.onesignal.com *.cardinalcommerce.com js.klevu.com x.klarnacdn.net *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ consent.cookiebot.com widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.klevu.com *.ksearchnet.com www.google.com accounts.google.com *.google.com *.google.com.ua *.google.co.uk *.gstatic.com *.googletagmanager.com *.doubleclick.net *.googleapis.com *.meetanshi.com *.purolator.com connect.facebook.net twitter.com platform.twitter.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com https://hosted.paysafe.com https://api.test.paysafe.com https://api.paysafe.com  https://songbirdstag.cardinalcommerce.com embed.sendcloud.sc www.youtube.com cdn.jsdelivr.net embed.cloudflarestream.com embed.videodelivery.net knrpc.olark.com static.cloudflareinsights.com maps.googleapis.com www.googletagmanager.com stats.g.doubleclick.net googleads.g.doubleclick.net www.gstatic.com r1-t.trackedlink.net c1.rfihub.net a.rfihub.net pp.payengine.de static.olark.com assets.olark.com api.olark.com a.optnmstr.com widget.sezzle.com r1.dotmailer-surveys.com g1782759016.co js.hsforms.net hsforms.net forms.hsforms.com dpm.demdex.net demdex.net stonersguardian.com ajax.cloudflare.com api.payengine.de payengine.de g594253005.co verify.bluecheck.me g1782759015.co.de g1782759015.co cdn.onesignal.com onesignal.com bam.nr-data.net *.cardinalcommerce.com script.crazyegg.com cdn.noibu.com cdn4.mxpnl.com *.mxpnl.com *.mantisadnetwork.com g594253006.co *.crazyegg.com *.newrelic.com *.klarnacdn.net *.clarity.ms *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com *.klevu.com *.ksearchnet.com *.googleapis.com *.googletagmanager.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline static.olark.com media.sezzle.com fonts.googleapis.com hsforms.net forms.hsforms.com dpm.demdex.net demdex.net stonersguardian.com api.payengine.de payengine.de accounts.google.com onesignal.com cdn.tvape.fr verify.bluecheck.me *.cloudflare.com cdnjs.cloudflare.com cloudflare.com js.klevu.com tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com tvape.co.uk torontovaporizer.ca static.olark.com cdn.torontovaporizer.ca stonersguardian.com api.payengine.de payengine.de cdn.tvape.fr *.cardinalcommerce.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com www.google.com accounts.google.com *.google-analytics.com *.google.com *.meetanshi.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com https://api.test.paysafe.com https://api.paysafe.com region1.google-analytics.com *.crazyegg.com knrpc.olark.com api.omappapi.com geoip.sezzle.com media.sezzle.com *.googleapis.com stats.g.doubleclick.net developer.google.com hsforms.net forms.hsforms.com demdex.net stonersguardian.com api.payengine.de payengine.de bam.nr-data.net onesignal.com *.cardinalcommerce.com cdn.noibu.com script.crazyegg.com input.noibu.com *.noibu.com wss://input.noibu.com/pv_part verify.bluecheck.me *.bluecheck.me cdn4.mxpnl.com *.mxpnl.com api-js.mixpanel.com *.mixpanel.com *.paypal.com *.amazonaws.com *.klarnaevt.com *.clarity.ms https://www.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://torontovaporizer.ca/; report-to report-endpoint; 2
font-src maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.nosto.com *.nos.to *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com *.nosto.com *.nos.to c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.api-ingenico.com *.secured-by-ingenico.com *.nosto.com *.nos.to www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.nosto.com *.nos.to assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com maxcdn.bootstrapcdn.com *.nosto.com *.nos.to unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.api-ingenico.com *.secured-by-ingenico.com *.nosto.com *.nos.to api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: blob: 'unsafe-inline' 2
default-src * data: 'unsafe-inline'; 2
default-src 'self' *.optomaeurope.com; script-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.optomaeurope.com *.optoma.co code.jquery.com fast.fonts.net www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://unpkg.com *.unpkg.com https://youtube.com *.youtube.com youtube.com *.vimeo.com static.cloudflareinsights.com https://*.mapbox.com *.jsdelivr.net cdn.polyfill.io https://cdnjs.cloudflare.com https://*.fontawesome.com https://downloads-global.3cx.com https://*.3cx.cloud/ https://*.nr-data.net https://js-agent.newrelic.com https://www.gstatic.com; object-src 'self'; style-src 'self' data: 'unsafe-inline' *.optomaeurope.com *.optoma.co https://tagmanager.google.com https://fonts.googleapis.com *.jsdelivr.net; img-src 'self' blob: data: *.optomaeurope.com *.optoma.co *.youtube.com *.ytimg.com *.vimeo.com www.googletagmanager.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://www.google.com https://ssl.gstatic.com https://www.gstatic.com https://s3-us-west-2.amazonaws.com *.optoma.com https://*.3cx.cloud https://img.youtube-nocookie.com; media-src 'self' blob: data: *.optomaeurope.com; frame-src 'self' *.optomaeurope.com *.optoma.co *.youtube.com *.youtube-nocookie.com *.vimeo.com https://player.simplecast.com https://www.google.com/; font-src 'self' *.optomaeurope.com *.optoma.co https://fonts.gstatic.com data: ; connect-src 'self' *.optomaeurope.com https://*.google-analytics.com *.mapbox.com https://stats.g.doubleclick.net https://*.fontawesome.com https://*.3cx.cloud wss://*.3cx.cloud https://*.nr-data.net https://js-agent.newrelic.com https://adservice.google.com; report-uri https://c9f3e0efddb3b5a8f702c2632d2e3942.report-uri.com/r/d/csp/reportOnly 2
font-src *.gstatic.com data: *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com maps.googleapis.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com unsafe-inline tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src maxcdn.bootstrapcdn.com fonts.gstatic.com *.yotpo.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com account.fetchify.com https://www.googletagmanager.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.google.com *.facebook.com *.paypal.com *.paypalobjects.com *.braintreegateway.com storage.googleapis.com *.livechatinc.com *.kaptcha.com *.doubleclick.net *.instagram.com sibautomation.com *.brevo.com cutlistevo.com *.trustpilot.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.facebook.com *.google.com *.google.co.uk paypal-eu-arh.cloudiq.com *.paypal.com *.bing.com *.googletagmanager.com *.cloudfront.net *.yotpo.com *.clarity.ms *.luckyorange.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.google.com *.gstatic.com *.googletagmanager.com *.googleoptimize.com *.livechatinc.com *.facebook.net *.bing.com googleads.g.doubleclick.net paypal-eu-cdn.cloudiq.com *.paypal.com *.cloudfront.net *.craftyclicks.co.uk *.luckyorange.com *.clarity.ms *.qeryz.net *.instagram.com *.debugbear.com *.sendinblue.com sibautomation.com *.brevo.com https://cdn.jsdelivr.net/npm/@growthbook/growthbook/dist/bundles/index.js *.trustpilot.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com cc-cdn.com maxcdn.bootstrapcdn.com unsafe-inline *.googleapis.com *.cloudfront.net *.luckyorange.com *.myfonts.net *.stackpathcdn.com *.trustpilot.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ *.cloudfront.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.google.com stats.g.doubleclick.net *.luckyorange.com settings.luckyorange.net wss://realtime.luckyorange.com wss://visitors.live wss://in.visitors.live *.facebook.com *.paypal.com *.clarity.ms qeryz.com *.googleapis.com *.googlesyndication.com *.brevo.com *.debugbear.com *.growthbook.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.trustpilot.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src fonts.gstatic.com use.typekit.net images.latitudepayapps.com imageapi.magebinary.co.nz *.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.images.latitudepayapps.com *.imageapi.magebinary.co.nz *.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net https://*.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk www.google.com *.braintreegateway.com *.google.com https://*.facebook.com *.doubleclick.net *.shophumm.com.au *.criteo.com *.hotjar.com *.adsrvr.org *.freshchat.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com www.xtento.com zip.co sandbox.zip.co zipmoney.com.au sandbox.zipmoney.com.au checkout.gb.zip.co checkout.quadpay.com checkout-sandbox.quadpay.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com https://img.youtube.com validator.swagger.io *.ftcdn.net *.behance.net https://static.afterpay.com https://site-assets.afterpay.com/ ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.klevu.com *.cloudflare.com https://cdn.klarna.com *.paypal.com *.afterpay.com *.cloudfront.net https://*.paypal.com *.nextopia.net https://*.zipmoney.com.au https://*.facebook.com *.data-dynamic.net images.latitudepayapps.com *.godfreys.com.au *.feefo.com *.google.com *.google.com.au *.googletagmanager.com.au *.googletagmanager.com *.gstatic.com *.googleapis.com *.bing.com *.criteo.com *.bluekai.com *.socdm.com *.krxd.net *.pubmatic.com *.outbrain.com *.mediavine.com *.aralego.com *.aralego.net *.smaato.net *.clmbtech.com *.yieldmo.com *.emxdgt.com *.doubleclick.net *.bidswitch.net *.adnxs.com *.media.net *.rubiconproject.com *.sharethrough.com *.smartadserver.com *.taboola.com *.teads.tv *.yahoo.com *.casalemedia.com *.dable.io *.adingo.jp *.stickyadstv.com *.rlcdn.com *.3lift.com *.360yield.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com maps.gstatic.com *.facebook.com www.xtento.com cdn.xtento.com t.zip.co static.zipmoney.com.au data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com https://js.sandbox.afterpay.com https://js.afterpay.com polyfill.io www.google.com/recaptcha/ www.gstatic.com/recaptcha/ chimpstatic.com downloads.mailchimp.com *.list-manage.com *.forter.com *.cloudfront.net *.openpay.com.au https://js-agent.newrelic.com https://oc-library.playground.klarnaservices.com/lib.js images.latitudepayapps.com *.bing.com *.criteo.com *.facebook.net *.mytopia.com.au *.google.com *.googleoptimize.com *.cfjump.com *.freshchat.com *.zip.co js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com unpkg.com www.xtento.com cdn.xtento.com static.zipmoney.com.au zip.co https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com static.afterpay.com/ js.sandbox.afterpay.com js.afterpay.com downloads.mailchimp.com images.latitudepayapps.com/ imageapi.magebinary.co.nz/ https://js.klevu.com/klevu-css/* *.klevu.com *.cloudflare.com *.bootstrapcdn.com *.fontawesome.com *.googleapis.com *.ecomm-nav.com https://*.zipmoney.com.au *.nextopiasoftware.com https://*.facebook.com https://*.safelinks.protection.outlook.com/ *.zdassets.com *.barilliance.com *.barilliance.net *.newrelic.com *.nr-data.net data: https://fonts.googleapis.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://use.typekit.net https://p.typekit.net *.nextopia.net *.cloudfront.net *.freshchat.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net *.bolt.com qa-api.magedevteam.com *.sentry.io static.afterpay.com static.sandbox.afterpay.com js.sandbox.afterpay.com js.afterpay.com *.algolia.net *.algolia.io *.algolianet.com *.insights.algolia.io *.cloudfront.net *.forter.com *.zipmoney.com.au *.zip.co *.criteo.com *.googlesyndication.com *.facebook.com *.googleapis.com *.afterpay.com *.qrtags.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.google-analytics.com *.facebook.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.images.latitudepayapps.com *.imageapi.magebinary.co.nz 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
object-src 'none'; script-src 'self' https://static.addtoany.com kit.fontawesome.com; script-src-attr 'self'; script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://static.addtoany.com kit.fontawesome.com; style-src 'self' fonts.googleapis.com use.fontawesome.com 'unsafe-inline'; style-src-attr 'self'; frame-ancestors 'self' 2
font-src https://js.klevu.com *.googleapis.com *.hotjar.com dhv2ziothpgrr.cloudfront.net *.klevu.com *.ksearchnet.com *.fontawesome.com *.yotpo.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com *.ometria.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com account.fetchify.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://plumrocket.com *.hotjar.com https://9957200.fls.doubleclick.net https://danv01ao0kdr2.cloudfront.net https://dj3zaulksz6yg.cloudfront.net *.brandlock.io *.braintreegateway.com *.klarna.com *.mention-me.com https://accounts.google.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://www.incontinencechoice.co.uk https://prod.choiceadmin.co.uk https://staging.choiceadmin.co.uk https://admin.vivactive.com https://trk.ometria.com *.brandlock.io https://www.google.com https://bat.bing.com https://pixel.quantserve.com https://www.facebook.com *.googleapis.com *.klarna.com *.klarnaevt.com *.klarnacdn.net https://s3-eu-west-1.amazonaws.com dhv2ziothpgrr.cloudfront.net *.klevu.com *.ksearchnet.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://cdn.ometria.com *.hotjar.com https://polyfill.io https://js.klevu.com/ https://bat.bing.com https://secure.quantserve.com https://www.gstatic.com https://connect.facebook.net https://dj3zaulksz6yg.cloudfront.net *.brandlock.io https://cdn-ukwest.onetrust.com https://geolocation.onetrust.com https://songbirdstag.cardinalcommerce.com https://www.googleoptimize.com https://cdn.oribi.io https://app.factors.ai https://rules.quantcount.com https://googleads.g.doubleclick.net https://www.clarity.ms *.googleapis.com https://www.googletagmanager.com/gtag/js *.klarna.com *.klarnacdn.net https://tag.rmp.rakuten.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net js.klevu.com *.ksearchnet.com *.mention-me.com https://accounts.google.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cc-cdn.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.hotjar.com dhv2ziothpgrr.cloudfront.net *.klevu.com *.ksearchnet.com *.fontawesome.com https://accounts.google.com https://www.gstatic.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://payments.sandbox.braintree-api.com https://api.sandbox.braintreegateway.com https://origin-analytics-sand.sandbox.braintree-api.com/ https://danv01ao0kdr2.cloudfront.net *.brandlock.io https://cdn-ukwest.onetrust.com https://privacyportal-uk.onetrust.com *.google-analytics.com https://stats.g.doubleclick.net https://www.paypal.com https://geolocation.onetrust.com *.hotjar.com *.hotjar.io wss://*.hotjar.com https://api.factors.ai https://b.clarity.ms *.googleapis.com *.klarnaevt.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com *.klevu.com *.ksearchnet.com *.mention-me.com *.ometria.com https://accounts.google.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report/ 2
default-src https: data: blob: 'self' 'unsafe-inline' 'unsafe-eval'; img-src data: https:; font-src data: https:; report-uri https://kilian.report-uri.io/r/default/csp/reportOnlyi; connect-src https: data: blob: 'self' 'unsafe-inline' 'unsafe-eval' https://client.crisp.chat https://storage.crisp.chat wss://client.relay.crisp.chat wss://stream.relay.crisp.chat 2
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://ggj3qf05xeualpl0weo7xdrg.httpschecker.net/report 2
font-src *.fontawesome.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.ogone.com *.ingenico.com *.v-psp.com *.epdq.co.uk *.postfinance.ch *.paypage.be *.payengine.de *.eupayglobe.com *.tpvecommerce.es *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.ogone.com *.ingenico.com *.v-psp.com *.epdq.co.uk *.postfinance.ch *.paypage.be *.payengine.de *.eupayglobe.com *.tpvecommerce.es c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * cl.avis-verifies.com 'self' 'unsafe-inline'; img-src *.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.facebook.com bat.bing.com *.linkedin.com *.avis-verifies.com *.netreviews.eu *.googletagmanager.com *.adsymptotic.com *.kameleoon.com *.kameleoon.eu www.netreviews.eu cl.avis-verifies.com 'self' data: data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com cdn.lefebvre-sarrut.be *.facebook.com *.facebook.net bat.bing.com snap.licdn.com sdk.privacy-center.org www.google.com www.gstatic.com *.avis-verifies.com *.pardot.com *.larcier-intersentia.com *.clarity.ms *.kameleoon.com *.kameleoon.eu *.piwik.pro cl.avis-verifies.com *.google.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.ogone.com *.ingenico.com *.v-psp.com *.epdq.co.uk *.postfinance.ch *.paypage.be *.payengine.de *.eupayglobe.com *.tpvecommerce.es api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com bat.bing.com *.doubleclick.net *.clarity.ms https://address-validation-service-api.pim-testing.aws.lsbit.be t.elasticsuite.io *.kameleoon.com *.kameleoon.eu *.kameleoon.io *.piwik.pro *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src https://address-validation-service-api.pim-testing.aws.lsbit.be *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src *.bootstrapcdn.com *.cloudflare.com *.gstatic.com data: maxcdn.bootstrapcdn.com 'self' data: data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.twitter.com *.realexpayments.com www.facebook.com *.adyen.com 'self' connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.vimeo.com *.hotjar.com www.facebook.com mention-me.com coals2u.mention-me.com *.coals2u.co.uk *.adyen.com www.google.com *.dotdigital-pages.com *.dotdigital.com optimize.google.com *.weltpixel.com www.xtento.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.cloudflare.com *.google-analytics.com *.google.com *.google.co.uk *.klarna.com *.paypal.com *.adnxs.com *.bing.com *.clarity.ms www.facebook.com *.adyen.com *.gstatic.com *.googleapis.com *.trackedlink.net www.xtento.com cdn.xtento.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.cloudflare.com *.fontawesome.com *.google.com *.google.co.uk *.google-analytics.com *.gstatic.com www.facebook.com *.feefo.com *.hotjar.com *.moatads.com *.adnxs.com *.webgains.io *.addthisedge.com *.bing.com *.facebook.net *.clarity.ms static.mention-me.com tag.mention-me.com *.coals2u.co.uk *.newrelic.com *.adyen.com *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal googleoptimize.com www.xtento.com cdn.xtento.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com connect.facebook.net graph.facebook.com business.facebook.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.bootstrapcdn.com *.cloudflare.com *.fontawesome.com *.googleapis.com *.gstatic.com optimize.google.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bootstrapcdn.com *.cloudflare.com *.google-analytics.com *.paypal.com *.paypalobjects.com *.pcapredict.com *.sandbox.paypal.com *.feefo.com *.hotjar.com www.facebook.com *.mention-me.com *.bronto.com *.brontops.com *.clarity.ms *.adyen.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.ideal-postcodes.co.uk connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js https://app-ab10.marketo.com/js/forms2/js/forms2.min.js https://c.evidon.com/sitenotice/evidon-sitenotice-tag.js https://c.evidon.com/geo/country.js https://c.evidon.com/sitenotice/3453/ge/settings.js https://c.evidon.com/sitenotice/3453/snthemes.js https://static.cloudflareinsights.com/beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194 https://munchkin.marketo.net/munchkin.js https://tribl.io/footer.js cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com maps.googleapis.com platform.twitter.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-hashes'; script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtm.js https://www.google-analytics.com/analytics.js https://c.evidon.com/sitenotice/evidon-sitenotice-tag.js https://c.evidon.com/geo/country.js https://c.evidon.com/sitenotice/3453/snthemes.js https://c.evidon.com/sitenotice/3453/gerenewableenergy/settings.js https://c.evidon.com/sitenotice/3453/translations/en.js https://app-ab10.marketo.com/js/forms2/js/forms2.min.js https://app-ab10.marketo.com https://munchkin.marketo.net/munchkin.js https://munchkin.marketo.net/161/munchkin.js https://app-ab10.marketo.com/index.php/form/getForm https://tribl.io/footer.js https://tribl.io/analytics.min.js https://c.evidon.com/sitenotice/3453/ge/settings.js https://static.cloudflareinsights.com/beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194 https://connect.facebook.net/en_US/fbevents.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://static.ads-twitter.com/uwt.js https://www.youtube.com/player_api https://www.youtube.com/s/player/3a393eba/www-widgetapi.vflset/www-widgetapi.js https://analytics.twitter.com/i/adsct https://connect.facebook.net/signals/config/ https://c.evidon.com/sitenotice/evidon-banner.js https://www.youtube.com/s/player/1d26561d/www-widgetapi.vflset/www-widgetapi.js https://cdn.taboola.com/libtrc/unip/1397597/tfa.js https://www.youtube.com/s/player/596ef930/www-widgetapi.vflset/www-widgetapi.js https://trc.taboola.com https://cdn.taboola.com https://tags.crwdcntrl.net cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com maps.googleapis.com platform.twitter.com; style-src 'self' 'unsafe-inline' https://app-ab10.marketo.com/js/forms2/css/forms2.css https://app-ab10.marketo.com/js/forms2/css/forms2-theme-simple.css cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://app-ab10.marketo.com/js/forms2/css/forms2-theme-simple.css https://app-ab10.marketo.com/js/forms2/css/forms2.css cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com; frame-ancestors 'self' 2
font-src *.klevu.com *.ksearchnet.com *.fontawesome.com *.cloudflare.com *.googleapis.com *.zopim.com *.gstatic.com *.tawk.to *.jsdelivr.net media.flixfacts.com 'unsafe-inline' data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com oppwa.com *.oppwa.com *.facebook.com webchat.jdg.co.za *.jdg.co.za 'self' 'unsafe-inline'; frame-ancestors *.hana.ondemand.com 'self'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com oppwa.com *.oppwa.com data:text *.google.com *.nosto.com *.youtube.com *.issuu.com *.hotjar.com *.hotjar.io *.googletagmanager.com *.criteo.net *.criteo.com *.addthis.com *.facebook.com webchat.jdg.co.za *.jdg.co.za 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com 'unsafe-inline' data: www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com oppwa.com *.oppwa.com *.cloudflare.com *.google.com *.google.lv *.google.co.za *.google.com.na *.google.na *.gstatic.com *.zopim.com *.nosto.com *.hotjar.com *.hotjar.io *.googletagmanager.com *.zopim.io *.sfdr.co sfdr.co *.tawk.to tawk.link *.tawk.link *.addthis.com *.jsdelivr.net *.facebook.com *.youtube.com *.azurewebsites.net www.google-analytics.com maps.googleapis.com app.mobicredwidget.co.za amcglobal.sc.omtrdc.net media.flixcar.com rt.flix360.com assets.secure.checkout.visa.com 'self' 'unsafe-inline'; script-src secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com www.vimeo.com www.googletagmanager.com www.google-analytics.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com *.oppwa.com oppwa.com worldtimeapi.org *.zopim.com *.videoly.co sfdr.co *.cnetcontent.com *.cloudfront.net *.newrelic.com *.google.com *.google.lv *.google.co.za *.google.com.na *.google.na *.cloudflare.com *.cloudflareinsights.com *.nosto.com *.hotjar.com *.googletagmanager.com *.criteo.net *.criteo.com *.sfdr.co *.tawk.to *.tawk.link *.jsdelivr.net *.addthis.com *.addthisedge.com *.moatads.com *.mouseflow.com *.nr-data.net *.facebook.com maps.googleapis.com www.googleadservices.com commerce.adobedtm.com magento-recs-sdk.adobe.net static.zdassets.com app.mobicredwidget.co.za www.gstatic.com connect.facebook.net bam.nr-data.net googleads.g.doubleclick.net js.testfreaks.com media.flixfacts.com media.flixcar.com security-hub.vaimo.network 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com https://static.klaviyo.com *.klevu.com *.ksearchnet.com *.fontawesome.com oppwa.com *.oppwa.com *.cloudflare.com *.googleapis.com *.jsdelivr.net www.gstatic.com media.flixcar.com 'unsafe-inline' data: 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com oppwa.com *.oppwa.com *.testfreaks.com *.google.com *.nosto.com *.hotjar.io *.hotjar.com *.doubleclick.net *.zendesk.com *.paypal.com *.tawk.to wss://*.tawk.to *.tawk.link *.addthis.com *.addthisedge.com *.nr-data.net vsb111.tawk.to ekr.zdassets.com api.magento.com commerce.adobedc.net app.mobicredwidget.co.za www.google-analytics.com wss://widget-mediator.zopim.com bam.nr-data.net *.googletagmanager.com security-hub.vaimo.network 'unsafe-