Values for content-security-policy-report-only:
default-src 'self' www.google.com www.gstatic.com img6.wsimg.com *.secureserver.net collect.tealiumiq.com *.akamaihd.net c.go-mpulse.net *.akstat.io www.google-analytics.com www.googletagmanager.com stats.g.doubleclick.net googletagmanager.com *.godaddy.com data:;font-src * data: blob:;style-src 'self' 'unsafe-inline' img6.wsimg.com www.gstatic.com;script-src * data: blob: 'unsafe-inline' 'unsafe-eval';img-src * data: blob:;connect-src * data: blob:;frame-src * data: blob:;report-uri /forsale/api/csp-reports 467
default-src data: https: 'unsafe-inline' 'unsafe-eval'; report-uri https://a3frkpbrnzxvdwnkpssx604n.httpschecker.net/report; report-to https://a3frkpbrnzxvdwnkpssx604n.httpschecker.net/report 177
default-src 'self' data: blob: https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src connect.facebook.net static.xx.fbcdn.net 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net data:;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src wss://gateway.facebook.com wss://edge-chat.facebook.com *.facebook.com *.fbcdn.net wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ wss://*.whatsapp.com:* v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com ad.atdmt.com data: www.instagram.com *.vrich619.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0; 158
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report 136
default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; report-uri https://www.blogger.com/cspreport 98
default-src https: 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk; img-src 'self' data: *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com assets.digital.cabinet-office.gov.uk lux.speedcurve.com; script-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.gstatic.com www.signin.service.gov.uk *.ytimg.com www.youtube.com www.youtube-nocookie.com hmrc-uk.digital.nuance.com 'unsafe-inline'; style-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.gstatic.com 'unsafe-inline'; font-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk data:; connect-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.tax.service.gov.uk hmrc-uk.digital.nuance.com hmpowebchat.klick2contact.com www.signin.service.gov.uk lux.speedcurve.com; object-src 'none'; frame-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.youtube.com www.youtube-nocookie.com; report-uri https://jhpno0hk6b.execute-api.eu-west-2.amazonaws.com/production 77
default-src https: blob:; connect-src https:; font-src https: data:; frame-src https:; img-src https: data: blob:; media-src https:; object-src https: data: blob:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; worker-src blob:; report-uri /s/run/cspreport/reportHttp 71
block-all-mixed-content; report-uri https://blog.hatena.ne.jp/api/csp_report 50
block-all-mixed-content; img-src 'self' data: https://*; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.skyscanner.net https://*.skyscnr.com https://*.gbot.me https://*.cloudfront.net https://*.akstat.io https://*.akamaihd.net https://*.perimeterx.net https://*.px-cloud.net https://*.mixpanel.com https://*.mxpnl.com https://*.zscloud.net https://*.branch.io https://*.usabilla.com https://app.link https://*.go-mpulse.net https://*.krxd.net https://cx.atdmt.com https://*.criteo.com https://*.criteo.net https://*.yandex.ru https://*.bing.com https://*.facebook.com https://*.facebook.net https://*.newrelic.com https://*.nr-data.net https://*.google-analytics.com https://*.googletagservices.com https://*.googletagmanager.com https://*.googleadservices.com https://*.g.doubleclick.net https://*.googlesyndication.com https://*.gstatic.com https://*.googleapis.com https://*.google.com; report-uri https://slipstream.skyscanner.net/grp/v1/custom/public/csp-reports/report/security.ContentSecurityReport 37
29
report-uri https://content-api.canon-europe.com/cspreport/webapp/; upgrade-insecure-requests; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: ajax.googleapis.com vjs.zencdn.net admin.brightcove.com sc-static.net bat.bing.com cdnjs.cloudflare.com tags.tiqcdn.com cdn.optimizely.com sadmin.brightcove.com www.youtube.com sadmin.brightcove.com www.google-analytics.com www.google.com cdnssl.clicktale.net snap.licdn.com connect.facebook.net www.googletagmanager.com script.crazyegg.com s.ytimg.com snap.licdn.com visitor-service-eu-west-1.tealiumiq.com s1583749854.t.eloqua.com app.gatedcontent.com img.en25.com s1.adis.ws cdn.pricespider.com locate.pricespider.com wtbevents.pricespider.com c.la1-c1-frf.salesforceliveagent.com players.brightcove.net logx.optimizely.com collect-eu-west-1.tealiumiq.com stats.g.doubleclick.net insights.gatedcontent.com ajax.googleapis.com www.buzzsprout.com www.gstatic.com apps.bazaarvoice.com canon-test-comments.disqus.com tablesorter.com display.ugc.bazaarvoice.com analytics-static.ugc.bazaarvoice.com api.bazaarvoice.com network-eu.bazaarvoice.com visitor-service.tealiumiq.com app.optimizely.com c.evidon.com ds-aksb-a.akamaihd.net check.pricespider.com cdncache-a.akamaihd.net cdn3.optimizely.com turbo.qualaroo.com cdn-assets-prod.s3.amazonaws.com cdn.appdynamics.com s.adroll.com static.ads-twitter.com serve.albacross.com nexus.ensighten.com s.pinimg.com www.googleadservices.com analytics.tiktok.com dynamic.criteo.com adform.net ensighten.com pinimg.com refocus.ru dwin1.com cl.qualaroo.com ref.ccb-dev.com st.smartassistant.com wirewax.s3.eu-west-1.amazonaws.com service.force.com comeandsee--devxq3.my.salesforce.com devxq3-canon-europe.cs169.force.com c.la2-c1cs-ia4.salesforceliveagent.com d.la2-c1cs-ia4.salesforceliveagent.com i1.adis.ws mpsnare.iesnare.com canoneu.saas.appdynamics.com cloud.typography.com network.bazaarvoice.com s3.amazonaws.com www.canon-europe.com www.facebook.com apps.nexus.bazaarvoice.com platform.twitter.com tiger-cdn.zoovu.com cdn.syndication.twimg.com js.adsrvr.org code.tidio.co widget-v4.tidiochat.com canon.smartassistant.com code.jquery.com  25
default-src https: data: 'unsafe-inline' 'unsafe-eval' 25
default-src 'self' 21
default-src 'self' data: https://a0.awsstatic.com; connect-src 'self' https://112-tzm-766.mktoresp.com https://112-tzm-766.mktoutil.com https://a0.awsstatic.com https://a0.p.awsstatic.com https://a1.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazonwebservicesinc.tt.omtrdc.net https://api.regional-table.region-services.aws.a2z.com https://api.us-west-2.prod.pricing.aws.a2z.com https://aws.demdex.net https://b0.p.awsstatic.com https://c0.b0.p.awsstatic.com https://calculator.aws https://cm.everesttech.net https://d0.awsstatic.com https://d1.awsstatic.com https://d1fgizr415o1r6.cloudfront.net https://d3borx6sfvnesb.cloudfront.net https://dc.ads.linkedin.com https://dftu77xade0tc.cloudfront.net https://dpm.demdex.net https://fls-na.amazon.com https://googleads.g.doubleclick.net https://i18n-string.us-west-2.prod.pricing.aws.a2z.com https://prod-us-west-2.csp-report.marketing.aws.dev https://prod.log.shortbread.aws.dev https://prod.tools.shortbread.aws.dev https://s0.awsstatic.com https://s3.amazonaws.com/aws-messaging-pricing-information/ https://s3.amazonaws.com/public-pricing-agc/ https://spot-bid-advisor.s3.amazonaws.com https://target.aws.amazon.com https://view-stage.us-west-2.prod.pricing.aws.a2z.com https://view-staging.us-east-1.prod.plc1-prod.pricing.aws.a2z.com https://www.youtube-nocookie.com; font-src 'self' data: https://a0.awsstatic.com https://f0.awsstatic.com https://fonts.gstatic.com; frame-src 'self' https://aws.demdex.net https://c0.b0.p.awsstatic.com https://calculator.aws https://dpm.demdex.net https://www.youtube-nocookie.com; img-src 'self' * data:; media-src 'self' https://*.libsyn.com https://a0.awsstatic.com https://anchor.fm https://awsmedia.s3.amazonaws.com https://awspodcastsiberiaent.s3.eu-west-3.amazonaws.com https://chtbl.com https://d1.awsstatic.com https://d1hemuljm71t2j.cloudfront.net https://d1le29qyzha1u4.cloudfront.net https://d1oqpvwii7b6rh.cloudfront.net https://d1vo51ubqkiilx.cloudfront.net https://d1yyh5dhdgifnx.cloudfront.net https://d2908q01vomqb2.cloudfront.net https://d2a6igt6jhaluh.cloudfront.net https://d3ctxlq1ktw2nl.cloudfront.net https://d3h2ozso0dirfl.cloudfront.net https://dgen8gghn3u86.cloudfront.net https://dk261l6wntthl.cloudfront.net https://download.stormacq.com/aws/podcast/ https://dts.podtrac.com https://media.amazonwebservices.com https://mktg-apac.s3-ap-southeast-1.amazonaws.com https://s3-ap-northeast-1.amazonaws.com/aws-china-media/ https://www.buzzsprout.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a0.awsstatic.com https://amazonwebservicesinc.tt.omtrdc.net https://googleads.g.doubleclick.net https://static.doubleclick.net https://website.spot.ec2.aws.a2z.com https://www.google.com https://www.gstatic.com https://www.youtube.com/iframe_api https://www.youtube.com/s/player/; style-src 'self' 'unsafe-inline' https://a0.awsstatic.com; report-uri https://prod-us-west-2.csp-report.marketing.aws.dev/submit 19
default-src 'self' 'unsafe-eval' 'unsafe-inline' https: blob:; frame-ancestors 'self'; style-src https: 'unsafe-inline'; connect-src https:; frame-src https:; script-src 'unsafe-eval' 'unsafe-inline' https: blob: data:; font-src https: data:; img-src https: data:; media-src https: blob:; object-src 'none'; report-uri https://o144486.ingest.sentry.io/api/5543380/security/?sentry_key=e66dfe54be8e47219dd8103b4deb2f1a 19
default-src *;script-src 'unsafe-inline' 'unsafe-eval' *;style-src 'unsafe-inline' *;connect-src * blob:;report-uri https://cdn.website-start.de/app/reporting/policyviolation/submit 18
font-src 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 15
report-uri /report-csp-violation 14
frame-ancestors 'self'; report-uri /beacon/csp.php 13
default-src https: wss: data: blob: 'unsafe-inline' 'unsafe-eval'; report-uri https://logger.kataweb.it/csp/ 13
frame-ancestors 'self' https://skybox.eskypartners.com; report-uri https://secure.esky.com/csp-report 13
default-src https: data: blob: 'unsafe-eval' 'unsafe-inline' https://www.google.com https://www.gstatic.com https://www.recaptcha.net https://api.amplitude.com  wss://*.hotjar.com wss://*.qualified.com 'self';  frame-ancestors 'self' https://*.zendesk.com https://*.myshopify.com https://teams.microsoft.com https://*.eloqua.com https://*.surveymonkey.com https://*.sharepoint.com https://*.worldpay.com https://*.cardinalcommerce.com;report-uri https://csp.surveymonkey.com/report?e=false&c=prod&ar=true&a=cmscache 12
default-src 'self'; connect-src 'self' https://*.intentmedia.net https://*.etraveligroup.net https://*.doubleclick.net https://*.adform.net https://www.google-analytics.com https://widgets.hotels.com https://bat.bing.com https://etgrs2.com https://*.akstat.io https://*.go-mpulse.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.etraveli.com https://*.etraveligroup.com https://*.cdn-net.com https://bat.bing.com https://www.googletagmanager.com https://connect.facebook.net https://adtr.io https://*.bidr.io https://tag.yieldoptimizer.com https://*.visualwebsiteoptimizer.com https://*.google-analytics.com https://*.intentmedia.net https://*.adform.net https://*.mouseflow.com https://*.nrich.ai https://*.doubleclick.net https://*.eancdn.com https://*.bidswitch.net https://green.erne.co https://*.rentalcars.com https://widget.trustpilot.com https://www.googleadservices.com https://cdn.klarna.com https://maps.googleapis.com https://widget.getyourguide.com https://widgets.hotels.com https://*.klarnacdn.net https://*.go-mpulse.net; style-src 'self' 'unsafe-inline' data: blob: https://widgets.hotels.com https://fonts.googleapis.com; img-src 'self' data: https://*.etraveli.com https://*.visualwebsiteoptimizer.com https://*.bidswitch.net https://*.doubleclick.net https://*.nrich.ai https://*.hybrid.ai https://*.w55c.net https://*.adsrvr.org https://*.rlcdn.com https://*.bidr.io https://*.seadform.net https://green.erne.co https://tag.yieldoptimizer.com https://dpm.demdex.net https://*.adform.net https://*.zemanta.com https://beacon.krxd.net https://sd.turn.com https://*.google-analytics.com https://maps.googleapis.com https://tag.adaraanalytics.com https://www.facebook.com https://widgets.hotels.com https://bat.bing.com https://www.google.com https://www.google.se https://maps.gstatic.com https://www.googletagmanager.com https://*.akstat.io; font-src 'self' https://fonts.gstatic.com https://widgets.hotels.com; frame-ancestors 'self'; frame-src 'self' https://*.cdn-net.com https://*.cdn.intentmedia.net https://www.facebook.com https://widget.getyourguide.com https://system.etrack1.com https://widgets.hotels.com https://secure.rentalcars.com https://widget.trustpilot.com; object-src 'self' https://*.cdn-net.com 12
font-src 'self' https: data:; report-uri https://o98504.ingest.sentry.io/api/5871000/security/?sentry_key=7d320f4323694d468bd1a75eba48d37f&sentry_environment=production 12
default-src https: data: blob: wss: 'unsafe-inline' 'unsafe-eval'; report-uri /opt/csp-violation-report.php 11
report-uri https://www.rbb-online.de/app/tpso-cspr/cspr/;frame-ancestors 'self' https://www.rbb24.de https://*.rbb-online.de https://www.radioeins.de https://www.fritz.de https://www.antennebrandenburg.de https://www.inforadio.de https://www.rbb888.de; 11
default-src 'self' blob:; style-src 'self' 'unsafe-inline' vp-wmdev.3cx.net:9001 https://assets1.freshteam.com https://www.google.com https://tagmanager.google.com https://fonts.googleapis.com https://fonts.gstatic.com https://themes.googleusercontent.com https://wcdn.3cx.com https://wstatic.3cx.com https://d20hvw4zeymqbm.cloudfront.net https://cdn.materialdesignicons.com; font-src 'self' https://wcdn.3cx.com https://fonts.googleapis.com https://fonts.gstatic.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' vp-wmdev.3cx.net:9001 https://ajax.cloudflare.com https://wcdn.3cx.com https://wstatic.3cx.com https://cse.google.com https://snap.licdn.com  https://www.googletagmanager.com https://d20hvw4zeymqbm.cloudfront.net https://assets1.freshteam.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com  https://login.3cx.com https://www.redditstatic.com https://www.google-analytics.com https://ct.capterra.com tpc.googlesyndication.com pagead2.googlesyndication.com https://ssl.geoplugin.net https://services.3cx.com https://ajax.googleapis.com https://connect.facebook.net https://maps.googleapis.com www.gstatic.com;object-src 'none';img-src * data: blob:; media-src * data: blob:; connect-src 'self' vp-wmdev.3cx.net:9001 https://wcdn.3cx.com https://cdn.3cx.com https://3cx-talent.freshteam.com https://yoast.com https://my.yoast.com https://wstatic.3cx.com https://webapi.3cx.com https://www.google-analytics.com https://ssl.google-analytics.com https://stats.g.doubleclick.net sipcy.3cx.com team.3cx.com www.facebook.com translate.googleapis.com;child-src 'self' https://www.youtube.com blob:; frame-ancestors 'self'; frame-src 'self' mailto: tel: https://3cx.com https://www.google.com https://www.youtube-nocookie.com/  https://cse.google.com https://services.3cx.com https://audioconverter.3cx.com https://login.3cx.com https://docs.google.com https://www.facebook.com https://bid.g.doubleclick.net https://www.youtube.com https://www.googletagmanager.com; block-all-mixed-content; report-uri /csp/; 11
base-uri 'self'; frame-src https:; object-src 'none';	 worker-src 'self';	 default-src 'self'; img-src 'self' data: http: https:; connect-src 'self' https://*.google-analytics.com/ https://*.facebook.com https://*.ioam.de https://*.taboola.com https://translate.googleapis.com https://*.doubleclick.net https://eum-eu-west-1.instana.io wss://mpsnare.iesnare.com https://*.usercentrics.eu https://api.personio.de/recruiting/applicant ; font-src data: 'self' https://maxcdn.bootstrapcdn.com/font-awesome/ ; script-src https: 'report-sample' 'unsafe-inline' 'unsafe-eval' data: 'self' https://*.custhelp.com https://*.ioam.de; style-src 'self' 'unsafe-inline' https://www.parship.com https://*.custhelp.com https://fonts.googleapis.com https://partnerboerse.parship.de https://translate.googleapis.com https://maxcdn.bootstrapcdn.com/font-awesome/ ; media-src 'self' data: https://mpsnare.iesnare.com; prefetch-src 'self'; frame-ancestors 'self'; report-uri /ls/?reportOnly=true 11
default-src https: 'unsafe-inline' 'unsafe-eval' 10
default-src https: 'self' *.facebook.net *.googletagmanager.com *.bizibly.com *.doubleclick.net; font-src 'self' *.fontawesome.com data:; base-uri 'none'; object-src data: 'unsafe-eval'; img-src 'self' data: * ; script-src https: 'self' 'unsafe-eval' 'unsafe-inline' http://*.google-analytics.com http://*.gstatic.com http://*.bing.com http://*.googleadservices.com http://*.hs-scripts.com http://*.bizible.com *.facebook.net *.googletagmanager.com http://*.fontawesome.com; style-src https: 'self' *.fontawesome.com 'unsafe-inline'; report-uri /rest/trackers/csp; 10
script-src 'unsafe-eval' 'self' https: 'self' data: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline' internal-soap.wikia.com internal-soap.fandom.com internal-soap.wikia.org internal-soap.gamepedia.com www.fandom.com www.wikia.com www.wikia.org www.gamepedia.com; default-src 'self' data: blob: https://images.wikia.com https://static.wikia.nocookie.net https: 'self' data: blob: internal-soap.wikia.com internal-soap.fandom.com internal-soap.wikia.org internal-soap.gamepedia.com www.fandom.com www.wikia.com www.wikia.org www.gamepedia.com; style-src 'self' data: blob: https://images.wikia.com https://static.wikia.nocookie.net https: 'self' data: blob: internal-soap.wikia.com internal-soap.fandom.com internal-soap.wikia.org internal-soap.gamepedia.com www.fandom.com www.wikia.com www.wikia.org www.gamepedia.com 'unsafe-inline'; img-src * data: blob:; report-uri https://services.fandom.com/csp-logger/csp/ucp; worker-src 'self' blob: 10
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' ; style-src https: 'unsafe-inline'; frame-ancestors 'self'; img-src https: data: ; object-src 'none' ; report-uri https://sentry.uniregistry.com/api/18/security/?sentry_key=f430f663325b402bbc96cb5da277ab92 ; 9
default-src 'unsafe-inline' 'unsafe-eval' https: wss: blob: ms-appx-web: data:; report-uri /report-violation 9
font-src fonts.gstatic.com use.typekit.net data: *.sodatech.com *.sodatech.net *.gstatic.com *.typekit.net 'self' data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com player.vimeo.com www.googletagmanager.com *.adyen.com www.xtento.com *.vimeo.com *.youtube.com *.jsctool.com *.pinterest.com *.mmcagentur.at *.doubleclick.net *.facebook.com *.facebook.net *.google.com *.demdex.net *.authorize.net *.paypal.com *.googletagmanager.com *.xtento.com *.app-wallee.com *.waltpixel.com *.equitystory.com app-wallee.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.paypalobjects.com t.paypal.com p.typekit.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.adyen.com www.xtento.com cdn.xtento.com blob: lindt.test *.lindt.test maps.googleapis.com *.pinterest.com *.postcodeanywhere.co.uk *.klarna.com *.invibes.com *.b26net.com https://www.google-analytics.com *.googletagmanager.com *.cloudfront.net *.teads.tv *.videostep.com *.facebook.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.taboola.com *.doubleclick.net *.outbrain.com *.adobedtm.com *.omtrdc.net *.demdex.net *.everesttech.net *.magentocommerce.com *.sodatech.com *.sodatech.net app-wallee.com 'self' data: *.gstatic.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net unpkg.com commerce.adobedtm.com www.paypalobjects.com js.braintreegateway.com www.paypal.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com www.googletagmanager.com www.google-analytics.com *.adyen.com www.xtento.com cdn.xtento.com *.pcapredict.com *.newrelic.com *.nr-data.net lindt.slgnt.eu maps.googleapis.com *.pinterest.com *.postcodeanywhere.co.uk *.ratepay.com *.cloudflare.com *.teads.tv *.r66net.com *.facebook.net *.googleadservices.com *.doubleclick.net *.cookiepro.com *.cloudfront.net *.videostep.com *.mfgroup.ch *.taboola.com *.outbrain.com *.adobedtm.com *.authorize.net *.unpkg.com *.fontawesome.com *.sodatech.net *.sodatech.com app-wallee.com *.google.com *.gstatic.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com getfirebug.com *.fonts.net *.postcodeanywhere.co.uk *.cloudfront.net *.cloudflare.com *.sodatech.com *.sodatech.net *.googleapis.com *.getfirebug.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.cloudfront.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net api.magento.com commerce.adobe.io commerce.adobedtm.com commerce.adobedc.net *.adobe.io performance.typekit.net commerce.adobe.net qa-api.magedevteam.com *.adyen.com *.nr-data.net *.paypal.com *.postcodeanywhere.co.uk *.ratepay.com vimeo.com *.luckyorange.net *.cookiepro.com *.mfgroup.ch *.doubleclick.net *.visitors.live wss://in.visitors.live wss://visitors.live wss://in.visitors.live/ wss://visitors.live/ visitors.live *.taboola.com *.demdex.net *.omtrdc.net *.magento.com *.adobe.net *.adobedtm.com *.adobedc.net *.typekit.net *.magedevteam.com *.sodatech.com *.sodatech.net *.teads.tv *.google-analytics.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 9
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; report-uri https://xl86pc2ky3.execute-api.eu-central-1.amazonaws.com/prod/icorecspupload 9
connect-src *;frame-src *;img-src https: data: blob: about: safari-extension: safari-resource: chrome-extension: http://*.rackcdn.com http://*.tumblr.com http://huaban.com;worker-src https: blob:;script-src https: 'unsafe-eval' 'unsafe-inline'; report-uri /log/csp 8
default-src 'self' data: blob: *.verisign.com; img-src 'self' data: *.verisign.com *.siteimproveanalytics.io *.brightcove.com *.prod.boltdns.net; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.onetrust.com polyfill.io assets.adobedtm.com siteimproveanalytics.com players.brightcove.net *.zencdn.net *.verisign.com; style-src 'self' 'unsafe-inline'; connect-src 'self' *.prod.boltdns.net *.brightcove.com *.akamaihd.net *.greenhouse.io *.verisign.com; worker-src blob: 8
child-src blob: data: https:; connect-src https: wss:; default-src blob: data: https: 'report-sample' 'unsafe-eval' 'unsafe-inline'; font-src data: https:; form-action https:; frame-src data: https:; img-src blob: data: https:; media-src blob: data: https:; object-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; report-uri https://csp.ffx.io/ 8
default-src 'self' data: blob: https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src connect.facebook.net static.xx.fbcdn.net 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net data: https://www.gstatic.com/cv/js/sender/v1/cast_sender.js https://www.gstatic.com/eureka/clank/92/cast_sender.js https://www.gstatic.com/eureka/clank/93/cast_sender.js;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src wss://gateway.facebook.com wss://edge-chat.facebook.com *.facebook.com *.fbcdn.net wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ wss://*.whatsapp.com:* v.whatsapp.net *.fbsbx.com *.fb.com https://api.mapbox.com https://*.tiles.mapbox.com https://www.gstatic.com/cv/js/sender/v1/cast_sender.js;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com ad.atdmt.com data: www.instagram.com *.vrich619.com;worker-src blob: *.facebook.com data: https://www.gstatic.com/cv/js/sender/v1/cast_sender.js https://www.gstatic.com/eureka/clank/92/cast_sender.js https://www.gstatic.com/eureka/clank/93/cast_sender.js;report-uri https://www.facebook.com/csp/reporting/?minimize=0; 8
default-src https: 'unsafe-inline' 'unsafe-eval'; worker-src blob:; img-src https: data:; font-src https: data:; report-uri https://idg.report-uri.io/r/default/csp/reportOnly 8
script-src 'report-sample' 'unsafe-inline' https: http:;report-uri /_/PlayStoreUi/cspreport 8
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/webmaster/marketing_platform 7
block-all-mixed-content; report-uri https://dmgm.report-uri.com/r/t/csp/reportOnly 7
frame-ancestors 'self'; object-src 'none'; report-uri /api/csp-reporting 7
default-src 'self' https: wss: data: blob: 'unsafe-inline' 'unsafe-eval'; report-uri https://csp-endpoint.timeinc.net/ 7
frame-src https://www.google.com; font-src 'self' https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://img6.wsimg.com; style-src 'self' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://www.gstatic.com; script-src 'self' https://cdnjs.cloudflare.com https://www.googletagmanager.com https://js.hs-scripts.com https://tags.tiqcdn.com https://snap.licdn.com https://www.google.com https://www.gstatic.com https://www.googleadservices.com https://www.google-analytics.com https://js.hs-analytics.net https://js.hs-banner.com 'sha256-0GmZYAqaqzetS+w1EyLdzTxUer98JQtlleth+bhMzm4=' 'sha256-h4kRXx7uh9BDCM48lIeC8OTw0+lUQIlD+u3Rsxo8ixg='; report-uri https://sentry.brandsight.com/api/25/security/?sentry_key=d2a6cc459b0c48dd91884e7063bbddb4 7
img-src 'self' data: *; report-uri https://www.arcgames.com/en/report/enforce; 7
worker-src 'none'; 7
default-src https: 'self' data: blob:; script-src https: 'self' data: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'self' 'unsafe-inline' blob:; report-uri https://services.fandom.com/csp-logger/csp/f2 6
default-src 'self'; frame-ancestors 'self' *.bundesregierung.de *.bundeskanzlerin.de *.deutschland-kann-das.de *.deutscher-kurzfilmpreis.de *.eu-gleichbehandlungsstelle.de *.integrationsbeauftragte.de *.bund.de *.open-government-deutschland.de *.nationaler-aktionsplan-integration.de *.70jahregrundgesetz.de *.dieglorreichen17.de; frame-src *.bundesregierung.de *.bundeskanzlerin.de *.deutschland-kann-das.de *.deutscher-kurzfilmpreis.de *.eu-gleichbehandlungsstelle.de *.integrationsbeauftragte.de *.bund.de *.open-government-deutschland.de *.nationaler-aktionsplan-integration.de *.70jahregrundgesetz.de *.dieglorreichen17.de streaming.talk42.de app.datawrapper.de datawrapper.dwcdn.net 'self'; style-src *.bundesregierung.de *.bundeskanzlerin.de *.deutschland-kann-das.de *.deutscher-kurzfilmpreis.de *.eu-gleichbehandlungsstelle.de *.integrationsbeauftragte.de *.bund.de *.open-government-deutschland.de *.nationaler-aktionsplan-integration.de *.70jahregrundgesetz.de *.dieglorreichen17.de https://cdn.leafletjs.com/leaflet/v0.7.7/ https://cdnjs.cloudflare.com/ajax/libs/leaflet.markercluster/0.4.0/ 'unsafe-inline'; img-src *.bundesregierung.de *.bundeskanzlerin.de *.deutschland-kann-das.de *.deutscher-kurzfilmpreis.de *.eu-gleichbehandlungsstelle.de *.integrationsbeauftragte.de *.bund.de *.open-government-deutschland.de *.nationaler-aktionsplan-integration.de *.70jahregrundgesetz.de *.dieglorreichen17.de https://a.tile.openstreetmap.org https://b.tile.openstreetmap.org https://c.tile.openstreetmap.org https://a.tile.openstreetmap.de https://b.tile.openstreetmap.de https://c.tile.openstreetmap.de data: 'unsafe-inline'; script-src *.bundesregierung.de *.bundeskanzlerin.de *.deutschland-kann-das.de *.deutscher-kurzfilmpreis.de *.eu-gleichbehandlungsstelle.de *.integrationsbeauftragte.de *.bund.de *.open-government-deutschland.de *.nationaler-aktionsplan-integration.de *.70jahregrundgesetz.de *.dieglorreichen17.de https://ssl.p.jwpcdn.com/player/ https://www.youtube.com https://s.ytimg.com/yts/jsbin/ https://ajax.googleapis.com/ajax/libs/jquery/1.8.2/ https://vjs.zencdn.net/5.9.2/ 'unsafe-inline'; font-src *.bundesregierung.de *.bundeskanzlerin.de *.deutschland-kann-das.de *.deutscher-kurzfilmpreis.de *.eu-gleichbehandlungsstelle.de *.integrationsbeauftragte.de *.bund.de *.open-government-deutschland.de *.nationaler-aktionsplan-integration.de *.70jahregrundgesetz.de *.dieglorreichen17.de https://ssl.p.jwpcdn.com data: 'self'; media-src *.bundesregierung.de 'self'; 6
default-src 'self' *.sixflags.com *.laronde.com *.sixflags.com.mx *.6flags.com 'unsafe-inline' 'unsafe-eval' data: blob: *.wistia.net *.wistia.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss:// acsbapp.com *.acsbapp.com cdn.acsbapp.com *.convertexperiments.com *.evgnet.com sc-static.net *.cloudflare.com *.cloudflareinsights.com *.cloudflareaccess.com *.googletagmanager.com www.googletagmanager.com www.googleadservices.com www.google-analytics.com *.googlesyndication.com *.safeframe.googlesyndication.com www.googletagservices.com *.googleapis.com *.doubleclick.net *.g.doubleclick.net googleads.g.doubleclick.net *.fls.doubleclick.net *.google.com *.google.ca www.google.ca *.google.com.mx www.google.com.mx *.gstatic.com ups.analytics.yahoo.com bat.bing.com sixflags.us-4.evergage.com www.facebook.com *.facebook.net *.pardot.com *.akamaihd.net *.snapchat.com *.twitter.com *.livechatinc.com *.qualaroo.com js.adsrvr.org *.pbbl.co aa.agkn.com *.amgdgt.com dpm.demdex.net pixel.advertising.com www.youtube.com *.youtube.com *.ytimg.com *.freshdesk.com *.queue-it.net *.litix.io ;report-uri https://2850d87804f5002588a978dd8512ca22.report-uri.com/r/d/csp/wizard; 6
default-src 'self' https://*.avrotros.org https://*.avrotros.nl https://www.google-analytics.com https://avrotros.blueconic.net https://adscience-nocookie.nl https://stats.g.doubleclick.net https://*.google.com https://*.npo.nl https://kmnl.tns-nipo.com;font-src *;img-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';  media-src *; frame-src *; 6
script-src 'unsafe-eval' 'self' https: 'self' data: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline' internal-soap.wikia.com internal-soap.fandom.com internal-soap.wikia.org internal-soap.gamepedia.com www.fandom.com www.wikia.com www.wikia.org www.gamepedia.com *.fandom.com; default-src 'self' data: blob: https://images.wikia.com https://static.wikia.nocookie.net https: 'self' data: blob: internal-soap.wikia.com internal-soap.fandom.com internal-soap.wikia.org internal-soap.gamepedia.com www.fandom.com www.wikia.com www.wikia.org www.gamepedia.com *.fandom.com; style-src 'self' data: blob: https://images.wikia.com https://static.wikia.nocookie.net https: 'self' data: blob: internal-soap.wikia.com internal-soap.fandom.com internal-soap.wikia.org internal-soap.gamepedia.com www.fandom.com www.wikia.com www.wikia.org www.gamepedia.com *.fandom.com 'unsafe-inline'; img-src * data: blob:; report-uri https://services.fandom.com/csp-logger/csp/ucp; worker-src 'self' blob: 6
default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri /nmms/csp-reporting-lo 6
report-to webscaleCspEndpoint; report-uri https://xdymhcopnh.execute-api.us-east-1.amazonaws.com/default/cspReportingMonitor default-src 'self' 'unsafe-inline' www.shelterlogic.com stage.shelterlogic.com *.cloudmaestro.com h.online-metrix.net bat.bing.com ajax.googleapis.com api.hubapi.com *.zopim.com cdn.cookielaw.org bid.g.doubleclick.net connect.facebook.net d.adroll.com s.adroll.com fonts.googleapis.com fonts.gstatic.com forms.hsforms.com geolocation.onetrust.com js-hs.analytics.com js.hsadspixel.net js.hsforms.net js.hscollectedforms.net seal-ct.bbb.org secure.quantserve.com track.hubspot.com www.facebook.com static.zdassets.com 6
default-src 'self' *; img-src 'self' data: *; style-src 'self' 'unsafe-inline' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; frame-ancestors 'self' *.assurance.com; worker-src blob: *.assurance.com; report-uri https://60ede17b9dc1b52ae71f0257.endpoint.csper.io; 6
default-src *; script-src *; object-src *; style-src *; img-src *; media-src *; frame-src *; font-src *; connect-src * 6
font-src *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.googletagmanager.com www.google-analytics.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com unsafe-inline *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 6
default-src data: blob: about: 'self' 'unsafe-inline' 'unsafe-eval' https: wss:; report-uri /csp/report?always; 5
default-src * 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' data: https: blob: android-webview-video-poster: android-webview: chrome-extension: moz-extension: ms-browser-extension: about: 5
default-src https: 'unsafe-inline' 'unsafe-eval' 'self' data:; img-src 'self' *.eff.org data:; connect-src https: 'unsafe-inline' 'unsafe-eval' 'self' data: https://sentry.eff.org/api/2/store/; report-uri https://sentry.eff.org/api/2/security/?sentry_key=f1118ad37b5e4afbabe3487ca42fe73e 5
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.hollywoodreporter.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 5
frame-ancestors 'self' https://*.shopstyleqa.com https://*.shopstyle.com https://*.shopstyle.co.uk https://*.shopstyle.ca https://*.shopstyle.com.au https://apis.google.com https://*.shopstyleops.com/ https://local.shopstyleops.com:*/ https://*.shopstylecollective.com https://shopstylecollective.com https://*.builder.io/ https://builder.io; frame-src 'self' https://*.criteo.com https://*.criteo.net https://accounts.google.com https://*.shopstyleops.com/ https://www.youtube.com https://js.stripe.com *.doubleclick.net; default-src 'self'; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.shopstyledev.com https://*.shopstyleqa.com https://*.shopstyle.com https://*.shopstyle.co.uk https://*.shopstyle.ca https://*.shopstyle.com.au https://apis.google.com http://www.google-analytics.com https://*.google-analytics.com https://www.googletagmanager.com http://www.googletagmanager.com http://www.googleadservices.com https://connect.facebook.net https://appleid.cdn-apple.com https://sentry.io https://stage.rakuten.com https://www.rakuten.com/rewards-visited.htm https://www.rakuten.com/ *.pingdom.net *.doubleclick.net https://*.tipser.com *.bing.com *.criteo.net *.criteo.com https://*.builder.io/ *.fullstory.com; connect-src 'self' https://*.shopstyledev.com https://*.shopstyleqa.com https://*.shopstyle.com https://*.shopstyle.co.uk https://*.shopstyle.ca https://*.shopstyle.com.au *.pingdom.net *.doubleclick.net https://*.tipser.com https://appleid.cdn-apple.com https://*.google.com https://www.google-analytics.com http://www.google-analytics.com https://graph.facebook.com https://connect.facebook.net https://www.facebook.com https://sentry.io https://stage.rakuten.com https://www.rakuten.com/rewards-visited.htm https://www.rakuten.com/ https://*.builder.io/ https://builder.io/ *.bing.com *.criteo.net *.criteo.com *.fullstory.com; style-src 'self' 'unsafe-inline' https://cdn.tipser.com https://*.shopstyledev.com https://*.shopstyleqa.com https://*.shopstyle.com https://*.shopstyle.co.uk https://*.shopstyle.ca https://*.shopstyle.com.au; style-src-elem 'self' 'unsafe-inline' https://*.tipser.com; img-src 'self' https://*.shopstyle-cdn.com https://*.shopstyledev.com https://*.shopstyleqa.com https://*.shopstyle.com https://*.shopstyle.co.uk https://*.shopstyle.ca https://*.shopstyle.com.au https://www.rakuten.com https://cdn.builder.io https://builder.io https://*.facebook.com https://*.fbcdn.net https://*.tipser.com http://*.google-analytics.com http://*.google.com http://*.google.fr http://*.google.co.uk http://*.google.com.au http://*.google.ca http://*.googletagmanager.com https://*.doubleclick.net *.bing.com *.criteo.com; font-src 'self' https://*.tipser.com https://*.builder.io/ https://builder.io; form-action 'self' https://*.shopstyledev.com https://*.shopstyleqa.com https://*.shopstyle.com https://*.shopstyle.co.uk https://*.shopstyle.ca https://*.shopstyle.com.au; report-uri /csp-violation-report-only; 5
default-src 'self' blob:; script-src 'self' 'unsafe-eval' blob: https: www.google.com tags.tiqcdn.com secure.insightexpressai.com browser-update.org *.newrelic.com *.nr-data.net api.swiftype.com onqblog.disqus.com a.disquscdn.com platform.twitter.com snapdragonblog.disqus.com 3642644.fls.doubleclick.net 'sha256-/3jsvuZODfJI1Eg99StI7HtPfGc1mT2ElQZ8nHDbQbM='; object-src https://metrics.brightcove.com; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https: www.qualcomm.com pt-corpmktg.qualcomm.com qualcomm.sc.omtrdc.net sb.scorecardresearch.com metrics.brightcove.com *.nr-data.net analytics.twitter.com t.co controller.4seeresults.com events.foreseeresults.com insight.adsrvr.org; media-src 'self' blob: https: secure.brightcove.com; frame-src 'self' https: www.youtube.com disqus.com 3642644.fls.doubleclick.net www.juicer.io; font-src 'self' data: https: vjs.zencdn.net; connect-src 'self' https: *.nr-data.net links.services.disqus.com; report-uri /gen_204 5
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://snap.licdn.com https://static.ads-twitter.com  https://analytics.twitter.com https://connect.facebook.net https://cdn.cookielaw.org https://maxcdn.bootstrapcdn.com https://stackpath.bootstrapcdn.com https://www.youtube.com https://static.addtoany.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://www.googletagmanager.com https://js-agent.newrelic.com https://geolocation.onetrust.com https://bam-cell.nr-data.net https://cdnsecakmi.kaltura.com:* https://cdnapisec.kaltura.com:* http://cdnapi.kaltura.com:*   https://www.google-analytics.com:* https://cdn.jsdelivr.net:* https://script.crazyegg.com:* https://static.cloudflareinsights.com:*; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.cookielaw.org https://maxcdn.bootstrapcdn.com https://stackpath.bootstrapcdn.com https://www.youtube.com https://static.addtoany.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://www.googletagmanager.com https://js-agent.newrelic.com https://geolocation.onetrust.com https://bam-cell.nr-data.net https://script.crazyegg.com https://static.cloudflareinsights.com; report-uri /report-csp-violation 5
"default-src data: blob: 'unsafe-eval' 'unsafe-inline' https: 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'  ajax.googleapis.com *.bazaarvoice.com bat.bing.com cdn.attn.tv *.optimizely.com cdn.polyfill.io cdn1.affirm.com connect.facebook.net *.allposters.com *.doubleclick.net js.intercomcdn.com pixel.mathtag.com s.pinimg.com static.klaviyo.com tag.rmp.rakuten.com tags.bkrtx.com *.intercom.io *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com code.jquery.com *.intercom.io *.artprintimages.com *.affirm.com *.allpostersimages.com; object-src 'none'; base-uri 'self'; report-uri https://csp.prod.walmart.com/c/r/artal;" 5
default-src https: 'unsafe-inline' data: 5
frame-ancestors 'self' 5
report-uri /report-csp-violation; upgrade-insecure-requests 5
default-src 'self'; 5
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data: 5
default-src 'self' data: blob: https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src connect.facebook.net static.xx.fbcdn.net 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net data:;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src wss://gateway.facebook.com wss://edge-chat.facebook.com *.facebook.com *.fbcdn.net wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ wss://*.whatsapp.com:* v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.doubleclick.net dc.ads.linkedin.com analytics.twitter.com t.co;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com ad.atdmt.com data: www.instagram.com *.vrich619.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0; 5
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com 'unsafe-inline' 'unsafe-eval' *.newrelic.com 'unsafe-inline' 'unsafe-eval' googletagmanager.com 'unsafe-inline' *.sessioncam.com 'unsafe-inline' *.adyen.com 'unsafe-inline' *.google.com 'unsafe-inline' *.gstatic.com 'unsafe-inline' 'unsafe-eval' d2oh4tlt9mrke9.cloudfront.net 'unsafe-inline' 'unsafe-eval'; font-src data: 'self' 'unsafe-inline'; form-action 'self' 'unsafe-inline' *.facebook.com 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src *.force.com nestle-forms.cs.blip.ai *.facebook.com data: *.adyen.com 'self' 'unsafe-inline'; img-src * 'unsafe-inline' data: widgets.magentocommerce.com  *.sessioncam.com s.ytimg.com data: *.adyen.com *.google.com 'self' 'unsafe-inline'; script-src *.evgnet.com *.salesforce.com *.doubleclick.net *.facebook.net *.force.com  *.googletagmanager.com 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googleadservices.com s.ytimg.com  www.youtube.com *.adyen.com *.google.com google.com *.gstatic.com *.newrelic.com 'unsafe-inline' 'unsafe-eval' *.nr-data.net 'unsafe-inline' 'unsafe-eval' *.sessioncam.com 'unsafe-inline' 'unsafe-eval' d2oh4tlt9mrke9.cloudfront.net 'unsafe-inline' 'unsafe-eval' 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.force.com getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src 'self' 'unsafe-inline'  https://stats.g.doubleclick.net *.google-analytics.com *.nr-data.net ws.sessioncam.com ; child-src 'self' 'unsafe-inline'; base-uri 'self' 'unsafe-inline'; 5
font-src *.fontawesome.com *.tawk.to fonts.gstatic.com *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.tawk.to *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com https://hps.github.io https://api2.heartlandportico.com *.tawk.to *.wesupply.xyz *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de https://hps.github.io https://api2.heartlandportico.com *.facebook.com *.tawk.to cdn.jsdelivr.net *.gstatic.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com https://hps.github.io https://api2.heartlandportico.com *.googletagmanager.com *.facebook.net *.avada.io *.tawk.to cdn.jsdelivr.net *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com fonts.googleapis.com cdn.jsdelivr.net tagmanager.google.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.google-analytics.com *.tawk.to wss://*.tawk.to https://www.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 5
default-src 'self' data: blob: https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src connect.facebook.net static.xx.fbcdn.net 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net data: *.reachtheworldonfacebook.com reachtheworldonfacebook.com *.google-analytics.com;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline' *.reachtheworldonfacebook.com reachtheworldonfacebook.com;connect-src wss://gateway.facebook.com wss://edge-chat.facebook.com *.facebook.com *.fbcdn.net wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ wss://*.whatsapp.com:* v.whatsapp.net *.fbsbx.com *.fb.com media-dev-reachtheworldonfacebook.s3.us-east-2.amazonaws.com media-reachtheworldonfacebook.s3.ap-southeast-1.amazonaws.com *.reachtheworldonfacebook.com reachtheworldonfacebook.com *.mktoresp.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com *.reachtheworldonfacebook.com reachtheworldonfacebook.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.reachtheworldonfacebook.com reachtheworldonfacebook.com *.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.reachtheworldonfacebook.com reachtheworldonfacebook.com;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com ad.atdmt.com data: www.instagram.com *.vrich619.com *.reachtheworldonfacebook.com reachtheworldonfacebook.com;worker-src blob: *.facebook.com data: *.reachtheworldonfacebook.com reachtheworldonfacebook.com *.google-analytics.com;report-uri https://www.facebook.com/csp/reporting/?minimize=0; 5
default-src https: data: 'unsafe-inline' 'unsafe-eval' wss://*.hotjar.com blob:; report-uri https://fantastic.report-uri.com/r/d/csp/reportOnly 5
font-src fonts.gstatic.com use.typekit.net *.fontawesome.com https://cdnjs.cloudflare.com *.gstatic.com 'self' data: *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com player.vimeo.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.gigya.com https://*.gigya.com https://consentcdn.cookiebot.com https://*.addthis.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net p.typekit.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.gigya.com 'self' data: 'unsafe-inline' data: https://*.gigya.com https://www.google.it https://bam.nr-data.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net unpkg.com commerce.adobedtm.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de jquery.sellxed.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.gigya.com https://cdnjs.cloudflare.com https://legals.paninigroup.com https://*.cookiebot.com https://www.gstatic.com https://js-agent.newrelic.com https://bam.nr-data.net https://*.addthis.com https://*.facebook.com https://*.addthisedge.com https://*.moatads.com https://*.recaptcha.net assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.google.com *.gstatic.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com getfirebug.com cdn.dnky.co webchat.dotdigital.com 'unsafe-inline' data: *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com unsafe-inline *.googleapis.com *.gstatic.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net api.magento.com commerce.adobe.io commerce.adobedtm.com commerce.adobedc.net *.adobe.io performance.typekit.net commerce.adobe.net qa-api.magedevteam.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com https://legals.paninigroup.com https://stats.g.doubleclick.net https://*.facebook.com https://bam.nr-data.net https://*.addthis.com www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 5
font-src fonts.gstatic.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com *.vimeo.com *.texdecor.test *.texdecor.com www.google.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com data *.cdninstagram.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.texdecor.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.instagram.com *.texdecor.test *.texdecor.com *.fact-finder.fr www.google-analytics.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 5
default-src https:; connect-src https: wss:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' *.google.com fonts.googleapis.com static.pazaruvaj.com unpkg.com api.mapbox.com cdn.jsdelivr.net geowidget.easypack24.net maxcdn.bootstrapcdn.com ssl.ceneo.pl s.kk-resources.com elnino.daktela.com www.wiarygodneopinie.pl ts.tradetracker.net cdn.foxentry.cz; object-src 'self'; img-src 'self' https: data:; font-src https: data:; frame-ancestors 'self' *.creativecdn.com *.hotjar.com *.googletagmanager.com; report-uri https://elnino.report-uri.com/r/d/csp/enforce 5
default-src https:; connect-src https:; font-src https: data:; child-src https:; img-src https: data:; media-src https:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https: data:; report-uri https://18d36df5be4d2f0680090c55b489865d.report-uri.com/r/d/csp/reportOnly 5
block-all-mixed-content 5
default-src *.adlooxtracking.com *.adsafeprotected.com *.doubleverify.com *.googlesyndication.com *.imgsmail.ru *.mail.ru *.moatads.com *.mradx.net *.serving-sys.com an.yandex.ru cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org jstracer.yandex.ru mail.ru mc.yandex.by mc.yandex.com mc.yandex.fr mc.yandex.kz mc.yandex.md mc.yandex.ru mc.yandex.ua mc.yandex.uz strm.yandex.ru yandex.ru yandex.st yastat.net yastatic.net; script-src *.adlooxtracking.com *.adsafeprotected.com *.criteo.com *.doubleclick.net *.doubleverify.com *.dvtps.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagservices.com *.imgsmail.ru *.mail.ru *.moatads.com *.mradx.net *.odnoklassniki.ru *.relap.io *.roxot-panel.com *.serving-sys.com *.vk.com adservice.google.com adservice.google.ru an.yandex.ru cdn.ampproject.org cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org cdn.consentmanager.net mail.ru mc.yandex.by mc.yandex.com mc.yandex.fr mc.yandex.kz mc.yandex.md mc.yandex.ru mc.yandex.ua mc.yandex.uz ok.ru relap.io static.criteo.net vk.com yandex.ru yandex.st yastat.net yastatic.net 'unsafe-eval' 'unsafe-inline'; connect-src *.adlooxtracking.com *.adsafeprotected.com *.criteo.com *.doubleverify.com *.imgsmail.ru *.mail.ru *.moatads.com *.mradx.net *.relap.io *.roxot-panel.com *.serving-sys.com *.vk.com ads.betweendigital.com an.yandex.ru cdn.consentmanager.mgr.consensu.org cdn.jsdelivr.net consentmanager.mgr.consensu.org csi.gstatic.com ib.adnxs.com jstracer.yandex.ru mail.ru mc.yandex.by mc.yandex.com mc.yandex.fr mc.yandex.kz mc.yandex.md mc.yandex.ru mc.yandex.ua mc.yandex.uz ok.ru pagead2.googlesyndication.com pb.adriver.ru prebid-bidder.rutarget.ru prebid-eu.creativecdn.com px.adhigh.net relap.io securepubads.g.doubleclick.net ssp.hybrid.ai ssp.otm-r.com static.criteo.net strm.yandex.ru vk.com yandex.ru yandex.st yastat.net yastatic.net ymetrica1.com; img-src data: blob: *; media-src *.imgsmail.ru *.mail.ru *.mradx.net *.ok.ru *.strm.yandex.ru *.vk.com *.yandex.net coub-anubis-a.akamaized.net data: mail.ru ok.ru strm.yandex.ru vk.com yandex.ru yandex.st yastat.net yastatic.net; style-src *.imgsmail.ru *.mail.ru *.mradx.net blob: cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org yandex.st yastat.net yastatic.net 'unsafe-eval' 'unsafe-inline'; font-src *.imgsmail.ru *.mail.ru *.mradx.net an.yandex.ru blob: data: https: yastat.net yastatic.net 'self'; frame-src *.criteo.com *.doubleclick.net *.doubleverify.com *.googlesyndication.com *.imgsmail.ru *.mail.ru *.mradx.net *.ok.ru *.vk.com *.yandex.ru *.yandexadexchange.net awaps.yandex.net mail.ru mc.yandex.by mc.yandex.com mc.yandex.fr mc.yandex.kz mc.yandex.md mc.yandex.ru mc.yandex.ua mc.yandex.uz ok.ru tpc.googlesyndication.com vk.com www.google.com yandexadexchange.net yastat.net yastatic.net; report-uri https://cspreport.mail.ru/splash?v=30.09.21; 4
block-all-mixed-content; report-uri /csp-report?p=%21unknown; base-uri 'none'; default-src 'none'; style-src 'unsafe-inline' 'self' https://b.stripecdn.com; connect-src 'self' https://stripe.com https://errors.stripe.com https://b.stripecdn.com https://climate.stripe.com https://www.google-analytics.com https://stats.g.doubleclick.net https://ad.doubleclick.net https://www.googletagmanager.com https://ga.clearbit.com; font-src 'self' https://b.stripecdn.com; form-action 'self' https://stripe.com https://climate.stripe.com; frame-src 'self' https://js.stripe.com https://b.stripecdn.com https://www.googletagmanager.com; img-src 'self' https://b.stripecdn.com https://q.stripe.com https://images.ctfassets.net https://assets.ctfassets.net https://www.google-analytics.com https://stats.g.doubleclick.net https://ad.doubleclick.net https://www.googletagmanager.com data: https://px.ads.linkedin.com https://p.adsymptotic.com; media-src 'self' https://b.stripecdn.com https://videos.ctfassets.net; script-src 'self' https://js.stripe.com 'sha256-6hCrKkhcyMhhMFEfSpCTaBOu2I3bF+wiEjLQdI7s+jQ=' 'sha256-cCM0Z4lzGkzQnmbdVw+ouz0JRawyaKcZ4yiqzqYS7ek=' 'sha256-5LtzXhT7UFn+GqP5pKEMGL08UNZsrzANHFEBW/mQHGw=' 'sha256-3aWvb9tRBjmz1OjR3n7mwiTm94+s4iki4mMZF82asmc=' 'sha256-4HwZEt/y+k0EIqGfaNZ1MRmRCUbC03K3G03imkZ/EyA=' 'sha256-T9Iq7ZVmxSNDo0MtKOVaMklBUMHeY5FCy6zb50dqr28=' 'sha256-beLzNcen8LrazzSCRjAapoIMTgJI0osPWGNSX7aK6lc=' https://b.stripecdn.com https://www.google-analytics.com https://stats.g.doubleclick.net https://ad.doubleclick.net 'sha256-ELZBkO1eLwWs6QKigj+FQzktzusJRQek0e2CLudl4N8=' https://www.googletagmanager.com https://ga.clearbit.com 'report-sample'; frame-ancestors 'self' https://app.contentful.com 4
default-src 'self' https: wss: data: blob: none: gsa: 'unsafe-inline' 'unsafe-eval'; report-uri https://csp-endpoint.timeinc.net/ 4
script-src 'unsafe-inline' 'unsafe-eval' 'self' blob: data: https:; style-src 'self' 'unsafe-inline' blob: data: https:; default-src 'self' https:; img-src https: blob: data: android-webview-video-poster:; frame-src blob: data: https:; worker-src blob: data: https:; child-src blob: data: https:; object-src 'self'; font-src 'self' https: blob: data: safari-extension://*; media-src 'self' blob: data: https:; connect-src wss: blob: data: https:; report-uri /csp_ep 4
child-src js.driftt.com platform.twitter.com play.vidyard.com syndication.twitter.com www.youtube.com w.soundcloud.com embed.podcasts.apple.com 8450953.fls.doubleclick.net bid.g.doubleclick.net cm.g.doubleclick.net; connect-src 'self' 565-bdo-100.mktoresp.com 565-bdo-100.mktoutil.com bam-cell.nr-data.net cdn.cookielaw.org cds.taboola.com p.typekit.net p1.parsely.com pages.marketintelligence.spglobal.com primer.typekit.net privacyportal.onetrust.com rtp-static.marketo.com trc-events.taboola.com use.typekit.net www.google-analytics.com code.jquery.com 838-ldp-483.mktoresp.com l.sharethis.com play.vidyard.com www.googletagmanager.com adservice.google.com stats.g.doubleclick.net cdn.plot.ly 583-tms-002.mktoresp.com media.spglobal.com 78b96a8e-458e-6638-1562-9c34cd7187e1.z1.dca0.com; default-src 'self' 'unsafe-eval' 'unsafe-inline' app-sjqe.marketo.com bam-cell.nr-data.net cdn.cookielaw.org cdn.vidyard.com data: js-agent.newrelic.com marketing.spglobal.com p.typekit.net pi.pardot.com platform.linkedin.com platform.twitter.com play.vidyard.com searchg2-assets.crownpeak.net syndication.twitter.com use.typekit.net www.google-analytics.com www.googletagmanager.com 565-bdo-100.mktoresp.com abrtp1-cdn.marketo.com abrtp1.marketo.com cdn.parsely.com cdn.taboola.com geolocation.onetrust.com js.driftt.com p1.parsely.com rtp-static.marketo.com 'self' trc-events.taboola.com trc.taboola.com w.soundcloud.com www.facebook.com www.snl.com cdn.syndication.twimg.com embed.podcasts.apple.com munchkin.marketo.net pbs.twimg.com privacyportal.onetrust.com stats.g.doubleclick.net googleads.g.doubleclick.net; font-src 'self' use.typekit.net data: media.spglobal.com cdnjs.cloudflare.com fonts.googleapis.com maxcdn.bootstrapcdn.com use.fontawesome.com www.spglobal.com; form-action 'self' careers.spglobal.com platform.twitter.com syndication.twitter.com twitter.com feedburner.google.com login.spglobal.com openid.login.spglobal.com disclosure.spglobal.com www.spglobal.com platform.marketintelligence.spglobal.com; frame-src embed.podcasts.apple.com js.driftt.com platform.twitter.com play.vidyard.com syndication.twitter.com w.soundcloud.com www.youtube.com 'self' html5-player.libsyn.com twitter.com player.vimeo.com tableau.marketplace.spglobal.com www.googletagmanager.com 10404489.fls.doubleclick.net 8450953.fls.doubleclick.net bid.g.doubleclick.net cm.g.doubleclick.net open.spotify.com optimize.google.com code.highcharts.com www.spglobal.com; img-src 'self' cdn.cookielaw.org cdn.vidyard.com cds.taboola.com data: p1.parsely.com pages.marketintelligence.spglobal.com platform.twitter.com play.vidyard.com spglobal.com syndication.twitter.com www.facebook.com www.google-analytics.com www.googletagmanager.com www.snl.com pbs.twimg.com platform.mi.spglobal.com ton.twimg.com www.lcdcomps.com www.spglobal.com bam-cell.nr-data.net img.youtube.com sync.outbrain.com sync.taboola.com platform.midev.spglobal.com ratings.spglobal.com s3.amazonaws.com twitter.com www.indexologyblog.com www.linkedin.com login.spglobal.com media.spglobal.com www.googleadservices.com www.google.com cm.g.doubleclick.net googleads.g.doubleclick.net l.sharethis.com platform-cdn.sharethis.com assets.libsyn.com ssl-static.libsyn.com static.libsyn.com www.highyieldbond.com srv-2021-05-26-14.pixel.parsely.com srv-2021-05-26-15.pixel.parsely.com cdn.spgi.spglobal.com pixel.spotify.com platform.marketintelligence.spglobal.com platts.com www.cusip.com disclosure.spglobal.com investor.spglobal.com snl.com stage.www.spglobal.com www.trucost.com; media-src data: js.driftt.com 'self' cdn.vidyard.com; script-src-attr 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' abrtp1-cdn.marketo.com abrtp1.marketo.com app-sjqe.marketo.com bam-cell.nr-data.net cdn.cookielaw.org cdn.parsely.com cdn.taboola.com cdnjs.cloudflare.com connect.facebook.net geolocation.onetrust.com js-agent.newrelic.com js.driftt.com marketing.spglobal.com munchkin.marketo.net pi.pardot.com platform.linkedin.com platform.twitter.com play.vidyard.com rtp-static.marketo.com searchg2-assets.crownpeak.net trc.taboola.com use.typekit.net w.soundcloud.com www.google-analytics.com www.googletagmanager.com cdn.syndication.twimg.com code.highcharts.com analytics.twitter.com www.youtube.com app-ab15.marketo.com platform-api.sharethis.com player.vimeo.com t.sharethis.com tableau.marketplace.spglobal.com www.google.com www.spindices.com buttons-config.sharethis.com login.spglobal.com use.fontawesome.com googleads.g.doubleclick.net www.googleadservices.com cdn.plot.ly spglobal.com srv-2021-05-26-15.pixel.parsely.com optimize.google.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' abrtp1-cdn.marketo.com abrtp1.marketo.com app-sjqe.marketo.com bam-cell.nr-data.net cdn.cookielaw.org cdn.parsely.com cdn.taboola.com connect.facebook.net geolocation.onetrust.com js-agent.newrelic.com js.driftt.com marketing.spglobal.com munchkin.marketo.net pages.marketintelligence.spglobal.com pi.pardot.com platform.linkedin.com platform.twitter.com play.vidyard.com rtp-static.marketo.com searchg2-assets.crownpeak.net trc.taboola.com w.soundcloud.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com plattsinfo.spglobal.com use.typekit.net www.youtube.com cdn.syndication.twimg.com cdnjs.cloudflare.com www.google.com analytics.twitter.com 565-bdo-100.mktoutil.com 325-kyl-599.mktoutil.com 838-ldp-483.mktoutil.com app-ab15.marketo.com code.highcharts.com login.spglobal.com ratings.spglobal.com tableau.marketplace.spglobal.com www.spindices.com 583-tms-002.mktoutil.com googleads.g.doubleclick.net cdn.plot.ly use.fontawesome.com; style-src-attr 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' cdnjs.cloudflare.com p.typekit.net platform.twitter.com rtp-static.marketo.com use.typekit.net ton.twimg.com app-ab15.marketo.com spglobal.com use.fontawesome.com optimize.google.com; style-src 'self' 'unsafe-eval' 'unsafe-inline' platform.twitter.com rtp-static.marketo.com cdnjs.cloudflare.com p.typekit.net ton.twimg.com use.typekit.net app-ab15.marketo.com fonts.googleapis.com; frame-ancestors 'self'; worker-src www.spglobal.com; report-uri https://5017ae7b6342bc1727d66f6970134e09.report-uri.com/r/d/csp/reportOnly 4
default-src https: data: 'unsafe-eval' 'unsafe-inline'; img-src https: data: 'self'; frame-ancestors 'self'; report-uri https://sitepoint.report-uri.com/r/d/csp/wizard; report-to default 4
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: ; img-src 'self' data: secure.gravatar.com www.gravatar.com; report-uri https://verve.com?gdsih-csp-report; 4
default-src 'self' data: https://fonts.gstatic.com/ https://*.dhl.de/ https://*.dhl.de/ https://*.dhl.com/ https://dpm.demdex.net/ https://*.paypal.com/ https://dpcomepost.tt.omtrdc.net/;  img-src 'self' data: https://pixel.consentric.de/ https://c1.adform.net/ https://t23.intelliad.de/ https://t.ssl.ak.dynamic.tiles.virtualearth.net/ https://t1.ssl.ak.dynamic.tiles.virtualearth.net/ https://t0.ssl.ak.dynamic.tiles.virtualearth.net/ https://deutschepostag1.d3.sc.omtrdc.net/ https://deutschepostwpmdpagprod2.112.2o7.net/ https://deutschepostpostidprod.112.2o7.net/ https://deutschepostag.112.2o7.net/ https://www.gstatic.com/ https://cdn.cookielaw.org/ https://www.facebook.com/ https://www.google.com/ https://t.leadlab.click/ https://insight.adsrvr.org/ https://*.dhl.de/ https://*.dhl.de/ https://*.dhl.com/ https://dpm.demdex.net/ https://*.paypal.com/ https://dpcomepost.tt.omtrdc.net/;  script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.youtube.com/ https://cdn.cookielaw.org/ https://assets.adobedtm.com/ https://maps.google.com/ https://maps.googleapis.com/ https://cookie-cdn.cookiepro.com/ https://geolocation.onetrust.com/ https://www.bing.com/ https://t.ssl.ak.dynamic.tiles.virtualearth.net/ https://t1.ssl.ak.dynamic.tiles.virtualearth.net/ https://t0.ssl.ak.dynamic.tiles.virtualearth.net/ https://dev.virtualearth.net/ https://service.force.com/ https://d.la1-c1-fra.salesforceliveagent.com/ https://d.la3-c2-fra.salesforceliveagent.com/ https://d.la1-c1cs-fra.salesforceliveagent.com/ https://meinservice.my.salesforce.com/ https://www.google.com/ https://www.gstatic.com/ https://meinservice-dhl-sites.secure.force.com/ https://static.heidelpay.com/ https://www.google-analytics.com/ https://connect.facebook.net/ https://www.googletagmanager.com/ https://cdn.tt.omtrdc.net/ https://*.dhl.de/ https://*.dhl.de/ https://*.dhl.com/ https://dpm.demdex.net/ https://*.paypal.com/ https://dpcomepost.tt.omtrdc.net/;  style-src 'self' 'unsafe-inline' https://meinservice.my.salesforce.com/ https://service.force.com/ https://www.bing.com/ https://meinservice-dhl-sites.secure.force.com/ https://cdn.tt.omtrdc.net/ https://*.dhl.de/ https://*.dhl.de/ https://*.dhl.com/ https://dpm.demdex.net/ https://*.paypal.com/ https://dpcomepost.tt.omtrdc.net/;  frame-src 'self' https://www.youtube.com/ https://meinservice.my.salesforce.com/ https://service.force.com/ https://www.google.com/ https://payment.heidelpay.com/ https://assets.adobedtm.com/ https://*.dhl.de/ https://*.dhl.de/ https://*.dhl.com/ https://dpm.demdex.net/ https://*.paypal.com/ https://dpcomepost.tt.omtrdc.net/;  connect-src 'self' https://cdn.cookielaw.org/ https://assets.adobedtm.com/ https://dpcomepost.tt.omtrdc.net/ https://privacyportal-de.onetrust.com/ https://t.leadlab.click/ https://www.bing.com/ https://meinservice--rqa.my.salesforce.com/ https://deutschepostag1.d3.sc.omtrdc.net/ https://meinservice-dhl-sites.secure.force.com/ https://pixel.consentric.de/ https://meinservice.my.salesforce.com/ https://client-analytics.braintreegateway.com/ https://api.braintreegateway.com/ https://payments.braintree-api.com/ https://depst-salaut-prod1.pegacloud.net/ https://payment.heidelpay.com/ https://api.heidelpay.com/ https://www.google-analytics.com/ https://insight.adsrvr.org/ https://*.dhl.de/ https://*.dhl.de/ https://*.dhl.com/ https://dpm.demdex.net/ https://*.paypal.com/ https://dpcomepost.tt.omtrdc.net/;  report-uri /bin/csp/report 4
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https:; report-uri /error/js; img-src 'self' https: data:; 4
default-src 'self';connect-src 'self' https://maps.googleapis.com https://cex.io wss://cex.io/ws/;frame-src 'self' * ext.cex.io;font-src 'self' data: 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://static.cex.io;img-src 'self' data: https://static.cex.io;media-src 'self' https://static.cex.io;style-src 'self' 'unsafe-inline' https://*.googleapis.com https://code.jquery.com https://static.cex.io;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.cex.io;report-uri https://cex.io/cspr; 4
media-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: images.hw.net; form-action  www.facebook.com; style-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: cdnassets.hw.net images.hw.net; img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: tpc.googlesyndication.com csi.gstatic.com metrics.brightcove.com www.facebook.com cdnassets.hw.net *.2mdn.net cdns.gigya.com ads2000.hw.net www.google.com *.doubleclick.net www.google-analytics.com images.hw.net www.googletagmanager.com pagead2.googlesyndication.com; connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: csi.gstatic.com metrics.brightcove.com www.google-analytics.com *.doubleclick.net fastlane.rubiconproject.com ap.lijit.com pagead2.googlesyndication.com hit.uptrendsdata.com hb.emxdgt.com gw.geoedge.be cdns.us1.gigya.com cdns.gigya.com www.facebook.com htlb.casalemedia.com www.google.com; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: pagead2.googlesyndication.com www.google.com cdns.gigya.com connect.facebook.net hit.uptrendsdata.com *.doubleclick.net images.hw.net www.googletagservices.com www.google-analytics.com rumcdn.geoedge.be tpc.googlesyndication.com cdnassets.hw.net www.googletagmanager.com adservice.google.com; frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: cdns.us1.gigya.com player.vimeo.com *.doubleclick.net images.hw.net www.facebook.com www.youtube.com tpc.googlesyndication.com cdns.gigya.com *.googlesyndication.com www.google.com; font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: cdnassets.hw.net images.hw.net fonts.gstatic.com; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob:; report-uri /csp_report 4
default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self';base-uri 'self';form-action 'self';  frame-ancestors 'self' *.inloco.com.br 4
default-src https: wss: data: blob:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data: blob:; font-src https: data:; worker-src blob:; report-uri /csp-report 4
font-src *.head.com *.head-test.com *.zoggs.com *.zoggs-test.com *.mares.com *.mares-test.com *.tyrolia.com *.tyrolia-test.com cloud.webtype.com use.fontawesome.com *.hotjar.com oppwa.com *.oppwa.com *.fontawesome.com *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.facebook.com oppwa.com *.oppwa.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.adyen.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.head.com *.head-test.com *.zoggs.com *.zoggs-test.com *.mares.com *.mares-test.com *.tyrolia.com *.tyrolia-test.com *.cookiebot.com www.youtube.com vars.hotjar.com oppwa.com *.oppwa.com *.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.adyen.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.head.com *.head-test.com *.zoggs.com *.zoggs-test.com *.mares.com *.mares-test.com *.tyrolia.com *.tyrolia-test.com pls.webtype.com www.w3.org data: www.google.com www.google.de www.google.com.ua googleads.g.doubleclick.net stats.g.doubleclick.net www.google-analytics.com *.ytimg.com bat.bing.com head.locally.com *.hotjar.com img.youtube.com *.oppwa.com oppwa.com https://a.klaviyo.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com www.google-analytics.com www.youtube.com *.adyen.com jquery.sellxed.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.head.com *.head-test.com *.zoggs.com *.zoggs-test.com *.mares.com *.mares-test.com *.tyrolia.com *.tyrolia-test.com js-agent.newrelic.com bam.nr-data.net www.google.com *.googleapis.com *.scarabresearch.com head.locally.com bat.bing.com hit.uptrendsdata.com/ static.hotjar.com script.hotjar.com www.googleadservices.com *.cookiebot.com connect.getflowbox.com www.gstatic.com *.abtasty.com *.oppwa.com oppwa.com https://static.klaviyo.com https://fast.a.klaviyo.com *.yotpo.com *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.head.com *.head-test.com *.zoggs.com *.zoggs-test.com *.mares.com *.mares-test.com *.tyrolia.com *.tyrolia-test.com cloud.webtype.com use.fontawesome.com oppwa.com *.oppwa.com *.fontawesome.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src *.head.com *.head-test.com *.zoggs.com *.zoggs-test.com *.mares.com *.mares-test.com *.tyrolia.com *.tyrolia-test.com 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.head.com *.head-test.com *.zoggs.com *.zoggs-test.com *.mares.com *.mares-test.com *.tyrolia.com *.tyrolia-test.com bam.nr-data.net webchannel-content.eservice.emarsys.net recommender-eu.scarabresearch.com www.google-analytics.com stats.g.doubleclick.net bat.bing.com *.hotjar.com *.hotjar.io wss://*.hotjar.com oppwa.com *.oppwa.com hit.uptrendsdata.com/ *.abtasty.com https://static.klaviyo.com https://fast.a.klaviyo.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.head.com *.head-test.com *.zoggs.com *.zoggs-test.com *.mares.com *.mares-test.com *.tyrolia.com *.tyrolia-test.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 4
default-src https: wss:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report 4
default-src 'self'; script-src 'self' webstats.surf.nl *.mailplus.nl platform.twitter.com syndication.twitter.com cdn.syndication.twimg.com www.instagram.com www.google.com www.gstatic.com *.mopinion.com; style-src 'self' 'unsafe-inline' static.mailplus.nl fonts.googleapis.com use.typekit.net p.typekit.net platform.twitter.com *.mopinion.com; img-src http: https: data:;; frame-src 'self' *.surf.nl openonderwijsapi.nl www.surfspace.nl surfspace.nl www.slideshare.net player.vimeo.com www.youtube.com www.youtube-nocookie.com surf.mediamission.nl platform.twitter.com syndication.twitter.com www.instagram.com www.facebook.com www.linkedin.com www.google.com *.mopinion.com; child-src 'self' surf.mediamission.nl www.slideshare.net player.vimeo.com www.youtube.com www.youtube-nocookie.com surf.mediamission.nl platform.twitter.com syndication.twitter.com www.instagram.com www.facebook.com www.linkedin.com; font-src 'self' *.mopinion.com fonts.gstatic.com data:; connect-src *.mopinion.com; report-uri /report-csp-violation; upgrade-insecure-requests 4
default-src https: data: wss: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval';report-uri https://www.facebook.com/csp/reporting/?minimize=0;require-trusted-types-for 'script'; 4
base-uri 'none'; report-uri https://vault.gostatera.com/collect/csp 4
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.vimeo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.vimeo.com *.vimeocdn.com *.newrelic.com *.nr-data.net www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net ajax.googleapis.com www.googletagmanager.com; style-src 'self' 'unsafe-inline' data: *.vimeocdn.com fonts.googleapis.com; img-src 'self' data: secure.gravatar.com www.gravatar.com www.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com; connect-src 'self' *.vimeo.com www.google-analytics.com; font-src 'self' data: fonts.gstatic.com; frame-src 'self' data: *.vimeo.com *.vimeocdn.com; child-src 'self' data: *.vimeo.com *.vimeocdn.com; frame-ancestors 'self' ; report-uri https://www.e2open.com?gdsih-csp-report; 4
default-src https: wss: 4
default-src 'self' *.everbridge.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://*.youtube.com https://www.facebook.com https://consentcdn.cookiebot.com https://*.doubleclick.net https://*.driftt.com https://*.hotjar.com https://static.addtoany.com https://www.comparably.com https://*.linkedin.com; img-src 'self' data: *.everbridge.com https://*.itcentralstation.com https://*.gravatar.com https://b.6sc.co https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://*.linkedin.com https://px.ads.linkedin.com https://*.adsymptotic.com https://www.facebook.com https://static.addtoany.com https://t.co/i/adsct https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat; media-src 'self' https://js.driftt.com; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.cookiebot.com https://www.google.com https://www.google-analytics.com https://www.googleadservices.com https://www.googleoptimize.com https://ajax.googleapis.com https://www.googletagmanager.com https://snap.licdn.com https://*.marketo.net https://*.marketo.com https://*.mktoresp.com  https://static.ads-twitter.com https://js.driftt.com https://static.addtoany.com https://*.hotjar.com https://*.6sc.co https://*.marketo.com https://connect.facebook.net https://analytics.twitter.com https://*.doubleclick.net https://www.comparably.com https://*.itcentralstation.com https://*.linkedin.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.google-analytics.com https://static.addtoany.com https://*.marketo.com; prefetch-src 'self' ajax.googleapis.com s.w.org; child-src 'none'; connect-src 'self' https://secure.adnxs.com https://*.hotjar.com https://*.hotjar.io https://go.everbridge.com https://*.google.com https://*.googlesyndication.com https://epsilon.6sense.com https://*.6sc.co https://www.facebook.com https://www.google-analytics.com https://*.marketo.com https://*.mktoresp.com https://*.doubleclick.net https://*.linkedin.com https://*.mktoutil.com https://consentcdn.cookiebot.com; report-uri https://eblogging.report-uri.com/r/d/csp/reportOnly; 4
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://axaxl.com https://eus-prd-f8372a898644-xp2-cd.azurewebsites.net https://cdnjs.cloudflare.com https://cdnjs.cloudflare.com https://cf-images.us-east-1.prod.boltdns.net https://manifest.prod.boltdns.net https://bcbolt446c5271-a.akamaihd.net https://id.rlcdn.com *.company-target.com https://company-target.com https://api.company-target.com *.demandbase.com https://demandbase.com https://tag.demandbase.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.google.com *.gstatic.com *.googleadservices.com *.doubleclick.net *.fls.doubleclick.net https://www.google-analytics.com https://ajax.googleapis.com https://www.googletagmanager.com https://adservice.google.com https://www.google.com https://www.gstatic.com https://tagmanager.google.com https://ssl.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://ssl.gstatic.com https://www.gstatic.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.google.co.uk https://doubleclick.net https://bid.g.doubleclick.net https://match.prod.bidr.io *.linkedin.com https://snap.licdn.com https://px.ads.linkedin.com https://vjs.zencdn.net *.newrelic.com *.nr-data.net https://bam.nr-data.net https://js-agent.newrelic.com *.brightcove.com  *.brightcove.net *.media.brightcove.net *.api.brightcove.net https://secure.brightcove.com https://brightcove.com https://players.brightcove.net https://metrics.brightcove.com f1.media.brightcove.com https://edge.api.brightcove.com https://p.adsymptotic.com *.adsymptotic.com *.newscred.com analytics.newscred.com pixel.newscred.com t.newscred.com https://analytics.newscred.com https://pixel.newscred.com https://t.newscred.com https://img04.en25.com *.eloqua.com https://s754241824.t.eloqua.com; report-uri https://axaxl.com/cspviolation; report-to https://axaxl.com/cspviolation 4
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/webmaster/verily 4
default-src 'self' *.optomaeurope.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *.optomaeurope.com *.optoma.co code.jquery.com fast.fonts.net  www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://unpkg.com *.unpkg.com secure.neck6bake.com https://youtube.com *.youtube.com youtube.com *.vimeo.com static.cloudflareinsights.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io cdn.storerocket.io api.mapbox.com *.jsdelivr.net cdn.polyfill.io https://cdnjs.cloudflare.com https://ldynamicspublicapi.leadforensics.com https://*.fontawesome.com; object-src 'self'; style-src 'self' data: 'unsafe-inline' *.optomaeurope.com *.optoma.co https://tagmanager.google.com https://fonts.googleapis.com *.jsdelivr.net; img-src 'self' blob: data: *.optomaeurope.com *.optoma.co *.youtube.com *.ytimg.com *.vimeo.com www.googletagmanager.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://www.google.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io cdn.storerocket.io https://ssl.gstatic.com https://www.gstatic.com https://s3-us-west-2.amazonaws.com *.optoma.com; media-src 'self' *.optomaeurope.com; frame-src 'self' *.optomaeurope.com *.optoma.co *.youtube.com *.youtube-nocookie.com *.vimeo.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://player.simplecast.com; font-src 'self' *.optomaeurope.com *.optoma.co http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://fonts.gstatic.com data: ; connect-src 'self' *.optomaeurope.com https://www.google-analytics.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://ldynamicspublicapi.leadforensics.com *.storerocket.io https://storerocket.io storerocket.global.ssl.fastly.net *.mapbox.com https://stats.g.doubleclick.net https://*.fontawesome.com; report-uri https://c9f3e0efddb3b5a8f702c2632d2e3942.report-uri.com/r/d/csp/reportOnly 4
script-src 'self' 4
font-src fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com *.fontawesome.com *.cloudflare.com *.typekit.net *.trustedshops.com oct8necdneu.azureedge.net blob: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com *.adyen.com www.google.com www.xtento.com *.cloudflare.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.hotjar.com www.googletagmanager.com *.googletagmanager.com connect.nosto.com *.nosto.com widgets.trustedshops.com static-eu.oct8ne.com js-agent.newrelic.com consent.trustarc.com r1-t.trackedlink.net static.hotjar.com vars.hotjar.com script.hotjar.com www.facebook.com connect.facebook.net www.google-analytics.com stats.g.doubleclick.net *.g.doubleclick.net cdn.ravenjs.com bam.eu01.nr-data.net tracker.twenga.es ajax.cloudflare.com *.google.com *.gstatic.com *.oct8ne.com www.youtube.com consent-pref.trustarc.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.adyen.com maps.googleapis.com maps.gstatic.com www.xtento.com cdn.xtento.com *.cloudflare.com https://cdn.klarna.com *.paypal.com https://s.ytimg.com *.trustedshops.com *.usercentrics.eu www.googletagmanager.com *.googletagmanager.com connect.nosto.com *.nosto.com widgets.trustedshops.com static-eu.oct8ne.com js-agent.newrelic.com consent.trustarc.com r1-t.trackedlink.net static.hotjar.com *.hotjar.com vars.hotjar.com script.hotjar.com www.facebook.com connect.facebook.net stats.g.doubleclick.net *.g.doubleclick.net cdn.ravenjs.com bam.eu01.nr-data.net tracker.twenga.es ajax.cloudflare.com www.google.com *.google.com *.gstatic.com cdn.buff.com *.oct8ne.com oct8necdneu.azureedge.net www.google.lv www.google.ac www.google.ad www.google.ae www.google.com.af www.google.com.ag www.google.com.ai www.google.al www.google.am www.google.as www.google.at www.google.com.au www.google.ba www.google.be www.google.bf www.google.bg www.google.com.bh www.google.bi www.google.bj www.google.com.bn www.google.com.bo www.google.com.br www.google.bs www.google.bt www.google.by www.google.com.bz www.google.ca www.google.cd www.google.cf www.google.cg www.google.ch www.google.ci www.google.cl www.google.cm www.google.cn www.google.com.cu www.google.cv www.google.com.cy www.google.cz www.google.de www.google.dj www.google.dk www.google.dm www.google.do www.google.dz www.google.com.ec www.google.ee www.google.com.eg www.google.es www.google.cat www.google.com.et www.google.fi www.google.com.fj www.google.fm www.google.fr www.google.ga www.google.gd www.google.ge www.google.gg www.google.com.gh www.google.com.gi www.google.gl www.google.gm www.google.gp www.google.gr www.google.com.gt www.google.gy www.google.com.hk www.google.hn www.google.hr www.google.ht www.google.hu www.google.ie www.google.im www.google.co.in www.google.io www.google.iq www.google.is www.google.it www.google.je www.google.com.jm www.google.jo www.google.co.jp www.google.kg www.google.com.kh www.google.ki www.google.kr www.google.com.kw www.google.kz www.google.la www.google.com.lb www.google.li www.google.lk www.google.lt www.google.lu www.google.com.ly www.google.co.ma www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.com.mm www.google.mn www.google.mp www.google.ms www.google.com.mt www.google.mu www.google.mv www.google.mw www.google.com.mx www.google.com.na www.google.com.nf www.google.com.ng www.google.com.ni www.google.nl www.google.no www.google.com.np www.google.nr www.google.nu www.google.co.nz www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.pl www.google.pn www.google.com.pr www.google.ps www.google.pt www.google.com.py www.google.com.qa www.google.re www.google.ro www.google.rs www.google.ru www.google.rw www.google.com.sa www.google.com.sb www.google.sc www.google.se www.google.sg www.google.sh www.google.si www.google.sk www.google.com.sl www.google.sm www.google.sn www.google.so www.google.sr www.google.st www.google.com.sv www.google.td www.google.tg www.google.co.th www.google.com.tj www.google.tk www.google.tl www.google.tm www.google.tn www.google.to www.google.com.tr www.google.tt www.google.com.tw www.google.com.ua www.google.co.uk www.google.com.uy www.google.co.uz www.google.com.vc www.google.co.ve www.google.vg www.google.com.vn www.google.vu www.google.ws www.google.co.za www.google.co.zm www.google.co.zw blob: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.adyen.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com www.xtento.com cdn.xtento.com *.cloudflare.com *.trustedshops.com *.usercentrics.eu www.googletagmanager.com *.googletagmanager.com connect.nosto.com *.nosto.com widgets.trustedshops.com static-eu.oct8ne.com js-agent.newrelic.com consent.trustarc.com r1-t.trackedlink.net static.hotjar.com *.hotjar.com vars.hotjar.com script.hotjar.com www.facebook.com connect.facebook.net stats.g.doubleclick.net *.g.doubleclick.net cdn.ravenjs.com bam.eu01.nr-data.net tracker.twenga.es ajax.cloudflare.com www.google.com *.google.com *.gstatic.com *.oct8ne.com targetemsecure.blob.core.windows.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com maxcdn.bootstrapcdn.com *.fontawesome.com *.cloudflare.com *.typekit.net *.trustedshops.com *.usercentrics.eu 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://geoip-js.com *.cloudflare.com *.paypal.com https://cdn.klarna.com *.vimeocdn.com https://s.ytimg.com *.trustedshops.com *.usercentrics.eu www.googletagmanager.com *.googletagmanager.com connect.nosto.com *.nosto.com widgets.trustedshops.com static-eu.oct8ne.com js-agent.newrelic.com consent.trustarc.com r1-t.trackedlink.net static.hotjar.com *.hotjar.com vars.hotjar.com script.hotjar.com www.facebook.com connect.facebook.net www.google-analytics.com stats.g.doubleclick.net *.g.doubleclick.net cdn.ravenjs.com bam.eu01.nr-data.net tracker.twenga.es ajax.cloudflare.com www.google.com *.google.com *.gstatic.com cdn.buff.com *.oct8ne.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 4
script-src 'self' 'unsafe-eval' https://www.googletagmanager.com https://www.youtube.com https://s.ytimg.com https://www.google-analytics.com https://*.moatads.com https://*.addthis.com https://*.doubleclick.net https://*.addthisedge.com https://*.newrelic.com https://*.nr-data.net https://*.googlevideo.com https://*.arcgis.com https://*.gov.uk https://*.facebook.com; frame-src 'self' https://*.addthis.com https://*.youtube.com https://www.googletagmanager.com https://*.arcgis.com; report-uri https://snhwebsite.report-uri.com/r/d/csp/reportOnly 4
default-src 'self' *.experteer.com gap://ready https:; font-src 'self' *.experteer.com fonts.gstatic.com https: data: 'unsafe-inline'; img-src 'self' *.experteer.com https: data: 'unsafe-inline'; object-src 'self'; script-src 'self' *.experteer.com www.google-analytics.com www.linkedin.com https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.experteer.com https: 'unsafe-inline'; connect-src 'self' *.experteer.com https: wss://ws.inspectlet.com www.google-analytics.com; report-uri https://www.experteer.com/csp_violation_notifications 4
font-src fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.zopim.com *.fontawesome.com data: https://www.gstatic.com https://fonts.gstatic.com https://www.level1.com https://www.conceptronic.net https://www.equip-info.net 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.facebook.com https://www.level1.com https://www.conceptronic.net https://www.equip-info.net 'self' 'unsafe-inline'; frame-ancestors https://www.level1.com https://www.conceptronic.net https://www.equip-info.net 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com cdn.dnky.co youtube.com www.youtube.com *.hotjar.com https://www.google.com *.facebook.com *.trustpilot.com *.criteo.com https://www.level1.com https://www.conceptronic.net https://www.equip-info.net 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com www.google.com www.google.nl data: connect.onlinesucces.nl px.ads.linkedin.com stats.g.doubleclick.net *.googleapis.com *.gstatic.com www.linkedin.com linkedin.com www.googletagmanager.com googletagmanager.com gallery.mailchimp.com amcglobal.sc.omtrdc.net cm.everesttech.net *.trustedshops.com www.facebook.com *.zopim.com cdn.jsdelivr.net *.jmango360.com *.datatrics.com *.smaato.net https://www.level1.com https://www.conceptronic.net https://www.equip-info.net 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com google.com www.google.com gstatic.com www.gstatic.com *.googletagmanager.com *.googleapis.com cdn.dnky.co api.comapi.com *.trackedlink.net snap.licdn.com chimpstatic.com checkout.buckaroo.nl *.adyen.com *.zopim.com *.hotjar.com *.zdassets.com *.sendcloud.sc *.mailchimp.com *.trustedshops.com *.fontawesome.com *.facebook.net *.feedbackcompany.com *.google-analytics.com *.trustpilot.com *.newrelic.com *.nr-data.net cdn.jsdelivr.net www.googleoptimize.com www.clarity.ms *.datatrics.com *.criteo.net *.criteo.com *.youtube.com https://www.google.com https://www.gstatic.com https://www.level1.com https://www.conceptronic.net https://www.equip-info.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com cdn.dnky.co checkout.buckaroo.nl *.fontawesome.com *.mailchimp.com *.trustpilot.com cdn.jsdelivr.net https://www.level1.com https://www.conceptronic.net https://www.equip-info.net 'self' 'unsafe-inline'; object-src https://www.level1.com https://www.conceptronic.net https://www.equip-info.net 'self' 'unsafe-inline'; media-src *.zopim.com https://www.level1.com https://www.conceptronic.net https://www.equip-info.net 'self' 'unsafe-inline'; manifest-src https://www.level1.com https://www.conceptronic.net https://www.equip-info.net 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com commerce.adobedc.net api.comapi.com google-analytics.com www.google-analytics.com stats.g.doubleclick.net *.zdassets.com *.hotjar.com *.hotjar.io *.zopim.com wss://*.zopim.com dpm.demdex.net *.feedbackcompany.com amcglobal.sc.omtrdc.net *.zendesk.com *.nr-data.net www.clarity.ms *.facebook.com *.datatrics.com https://www.level1.com https://www.conceptronic.net https://www.equip-info.net 'self' 'unsafe-inline'; child-src https://www.level1.com https://www.conceptronic.net https://www.equip-info.net 'self' 'unsafe-inline'; default-src https://www.level1.com https://www.conceptronic.net https://www.equip-info.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri https://www.level1.com https://www.conceptronic.net https://www.equip-info.net 'self' 'unsafe-inline'; report-uri /csp_reporter.php; 4
font-src 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net cdn-scripts.signifyd.com www.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 4
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri  /csp-report 4
font-src 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 4
default-src 'self' *.google-analytics.com fonts.gstatic.com 'unsafe-inline' pi.pardot.com go.globalpaymentsinc.com go.globalpayments.com go.heartlandpaymentsystems.com go.openedgepayments.com cdn.cookielaw.org 'unsafe-eval' *.visualwebsiteoptimizer.com bid.g.doubleclick.net; font-src 'self' fonts.gstatic.com *.dataweavers.io; frame-ancestors 'none'; img-src 'self' *.adsymptotic.com *.dataweavers.io data: *.visualwebsiteoptimizer.com app.vwo.com *.google-analytics.com t.co www.facebook.com px.ads.linkedin.com www.google.com www.google.com.au; script-src-elem 'self' www.googletagmanager.com static.ads-twitter.com platform.twitter.com *.licdn.com pi.pardot.com go.globalpaymentsinc.com go.globalpayments.com go.heartlandpaymentsystems.com go.openedgepayments.com 'unsafe-inline' *.google-analytics.com cdn.cookielaw.org *.facebook.net *.doubleclick.net *.visualwebsiteoptimizer.com app.vwo.com *.dataweavers.io 'unsafe-eval' www.googleadservices.com analytics.twitter.com ws.zoominfo.com; style-src-elem 'self' *.dataweavers.io 'unsafe-inline'; worker-src 'self' blob:; 4
font-src *.yotpo.com *.googleapis.com *.gstatic.com data: data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de api.bazaarvoice.com stg.api.bazaarvoice.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.fls.doubleclick.net vars.hotjar.com cdn.krxd.net insight.adsrvr.org *.flashtalking.com *.amazon-adsystem.com www.xtento.com *.optimizely.com *.google.com *.pepperjamnetwork.com *.bounceexchange.com ids.cdnwidget.com *.dotdigital-pages.com *.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com tst.kaptcha.com *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com store.paradoxlabs.com 'self' data: pt.ispot.tv bat.bing.com sp.analytics.yahoo.com google.com ct.pinterest.com facebook.com https://www.facebook.com/ *.amazon-adsystem.com *.doubleclick.net www.xtento.com cdn.xtento.com *.krxd.net cdn.cookielaw.org *.bounceexchange.com *.bouncex.net *.cdnwidget.com pippio.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.yotpo.com google.ru data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com contentorigin.bazaarvoice.com google-analytics.com static.hotjar.com script.hotjar.com *.facebook.net bat.bing.com s.pinimg.com js.adsrvr.org s.yimg.com *.doubleclick.net *.g.doubleclick.net *.kruxd.net *.newrelic.com *.nr-data.net www.xtento.com cdn.xtento.com *.optimizely.com *.amazonaws.com *.ucarecdn.com *.krxd.net *.google.com *.gstatic.com *.pepperjam.com *.authorize.net cdn.cookielaw.org *.segment.io *.segment.com *.bounceexchange.com *.wknd.ai *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com *.execute-api.us-east-1.amazonaws.com *.maxmind.com *.yotpo.com *.pages04.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com display.ugc.bazaarvoice.com unsafe-inline *.yotpo.com *.googleapis.com *.bounceexchange.com *.bazaarvoice.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com s.yimg.com ct.pinterest.com google-analytics.com *.nr-data.net *.optimizely.com *.pepperjam.com *.authorize.net cdn.cookielaw.org *.segment.io *.segment.com *.bounceexchange.com *.wknd.ai *.bouncex.net *.cdnbasket.net *.cdnwidget.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.mmapiws.com *.yotpo.com *.doubleclick.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 4
font-src *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com static.curations.bazaarvoice.com 'unsafe-inline' data: *.yotpo.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.twitter.com *.facebook.com *.snapchat.com *.tiktok.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.twitter.com s.amazon-adsystem.com *.youtube.com *.facebook.com *.fls.doubleclick.net insight.adsrvr.org *.filestackapi.com *.addthis.com flexfaceoffsweeps.azurewebsites.net match.adsrvr.org *.viewinyourspace.com *.snapchat.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.bazaarvoice.com *.google.com *.taboola.com *.facebook.com *.facebook.net *.hubspot.com *.hsforms.com r.turn.com *.adnxs.com pixel.mediaiqdigital.com *.gravatar.com *.youtube.com cscoreproweustor.blob.core.windows.net www.skil.com *.gstatic.com *.googleapis.com www.googletagmanager.com *.fls.doubleclick.net *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.cloudflare.com *.twitter.com *.google-analytics.com *.google.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.bazaarvoice.com *.filestackapi.com *.facebook.net *.crazyegg.com js.hs-scripts.com *.taboola.com js.adsrvr.org js.hs-analytics.net js.hs-banner.com js.hscollectedforms.net *.googleapis.com geoip-js.com secure-ds.serving-sys.com *.adnxs.com bs.serving-sys.com *.viewinyourspace.com *.addthis.com *.addthisedge.com z.moatads.com cscoreproweustor.blob.core.windows.net flexfaceoffsweeps.azurewebsites.net js.monitor.azure.com edge.curalate.com ipinfo.io *.newrelic.com *.nr-data.net *.tiktok.com sc-static.net *.channelsight.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.bazaarvoice.com cscoreproweustor.blob.core.windows.net *.channelsight.com cdn.dnky.co webchat.dotdigital.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src api.bazaarvoice.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.bazaarvoice.com *.crazyegg.com forms.hubspot.com *.channelsight.com *.google-analytics.com stats.g.doubleclick.net *.taboola.com secure-ds.serving-sys.com *.viewinyourspace.com chervon-website-api.herokuapp.com chervon-website-api-dev.herokuapp.com *.jotform.com dc.services.visualstudio.com *.addthis.com edge.curalate.com geoip-js.com *.hsforms.com *.nr-data.net *.facebook.com *.tiktok.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 4
default-src https: 'self'; script-src https: 'self' 'unsafe-inline' 'unsafe-eval'; style-src https: 'self' 'unsafe-inline'; img-src https: 'self' data:; 4
default-src 'self';               script-src 'self' 'unsafe-eval' 'unsafe-inline' www.googletagmanager.com *.dynatrace.com ajax.googleapis.com *.assurantsolutions.com *.optimizely.com www.google.com stats.g.doubleclick.net www.enterice.com www.google-analytics.com www.gstatic.com az416426.vo.msecnd.net ajax.aspnetcdn.com;               connect-src 'self' *.dynatrace.com *.optimizely.com www.enterice.com stats.g.doubleclick.net www.google-analytics.com dc.services.visualstudio.com;               img-src 'self' www.trustlogo.com www.enterice.com www.google-analytics.com mywirelessclaim.com *.assurantsolutions.com stats.g.doubleclick.net www.google.com secure.comodo.com www.googletagmanager.com ajax.aspnetcdn.com;               style-src 'self' 'unsafe-inline' fonts.googleapis.com www.enterice.com maxcdn.bootstrapcdn.com ajax.aspnetcdn.com;               font-src 'self' fonts.gstatic.com;               frame-src 'self' *.optimizely.com www.google.com www.surveymonkey.com; 4
font-src fonts.gstatic.com *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.googleapis.com *.fontawesome.com *.bootstrapcdn.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.twitter.com *.iterable.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src https://*.online-metrix.net https://imgs.signifyd.com www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.dotdigital-pages.com *.dotdigital.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es cdn.dnky.co webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.twitter.com *.google.com *.addthis.com *.paymetric.com *.hotjar.com *.doubleclick.net *.adsrvr.org *.cloudfront.net *.cloudflareinsights.com *.oraclecloud.com *.pur.com *.honeywellpluggedin.com *.vickshumidifiers.com *.stingerproducts.com *.febrezeairpurifiers.com *.braunhealthcare.com *.oxo.com *.hottools.com *.sdiapi.com *.youtube.com vice-prod.sdiapi.com *.weltpixel.com www.xtento.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src https://imgs.signifyd.com https://*.online-metrix.net www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cloudflare.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.google.com t.co *.custhelp.com *.rnengage.com 'self' data: *.omtrdc.net *.trustarc.com *.pinterest.com *.signifyd.com *.doubleclick.net *.ytimg.com www.xtento.com cdn.xtento.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src https://cdn-scripts.signifyd.com https://imgs.signifyd.com test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com www.googletagmanager.com cdn.ampproject.org raw.githubusercontent.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es cdn.dnky.co api.comapi.com webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cloudflare.com *.twitter.com *.ads-twitter.com *.google-analytics.com *.google.com *.gstatic.com *.trustedshops.com *.fontawesome.com *.addthis.com s7.addthis.com m.addthis.com z.moatads.com *.addthisedge.com apis.google.com *.facebook.net widgets.pinterest.com *.hotjar.com *.doubleclick.net *.custhelp.com *.rnengage.com *.sdiapi.com *.rapidspike.com *.oraclecloud.com *.atgsvcs.com *.trustarc.com *.livelook.com *.newrelic.com *.nr-data.net *.pinimg.com sc-static.net *.sc-static.net *.signifyd.com *.iterable.com www.xtento.com cdn.xtento.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com *.cloudflare.com *.googleapis.com *.twitter.com *.gstatic.com *.typekit.net *.fontawesome.com *.bootstrapcdn.com *.custhelp.com maxcdn.bootstrapcdn.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src https://imgs.signifyd.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com cdn.ampproject.org *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es api.comapi.com webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cloudflare.com *.twitter.com *.paypal.com *.hotjar.com *.signifyd.com *.rapidspike.com *.oraclecloud.com *.sdiapi.com *.hotjar.io *.doubleclick.net *.facebook.com *.atgsvcs.com *.nr-data.net *.pinterest.com *.google-analytics.com *.iterable.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 4
base-uri 'self'; default-src 'none'; child-src; connect-src 'self' https://rec.smartlook.com http://rec.smartlook.com rec.smartlook.com https://apikeys.civiccomputing.com http://apikeys.civiccomputing.com apikeys.civiccomputing.com https://ig.instant-tokens.com http://ig.instant-tokens.com ig.instant-tokens.com https://graph.instagram.com http://graph.instagram.com graph.instagram.com https://*.hotjar.com http://*.hotjar.com *.hotjar.com https://*.doubleclick.net http://*.doubleclick.net *.doubleclick.net https://*.google-analytics.com http://*.google-analytics.com *.google-analytics.com; font-src 'self' https://fonts.gstatic.com http://fonts.gstatic.com fonts.gstatic.com https://use.typekit.net http://use.typekit.net use.typekit.net data:; form-action 'self' https://*.twitter.com http://*.twitter.com *.twitter.com https://*.facebook.com http://*.facebook.com *.facebook.com; frame-ancestors 'none'; frame-src https://*.youtube.com http://*.youtube.com *.youtube.com https://*.twitter.com http://*.twitter.com *.twitter.com https://*.doubleclick.net http://*.doubleclick.net *.doubleclick.net https://*.google-analytics.com http://*.google-analytics.com *.google-analytics.com https://*.hotjar.com http://*.hotjar.com *.hotjar.com; img-src 'self' https://www.google-analytics.com http://www.google-analytics.com www.google-analytics.com https://www.google.com http://www.google.com www.google.com https://www.google.co.uk http://www.google.co.uk www.google.co.uk https://*.cdninstagram.com http://*.cdninstagram.com *.cdninstagram.com https://*.googletagmanager.com http://*.googletagmanager.com *.googletagmanager.com https://*.facebook.com http://*.facebook.com *.facebook.com https://i.ytimg.com http://i.ytimg.com i.ytimg.com blob: data:; media-src https://youtube.com http://youtube.com youtube.com; object-src 'none'; manifest-src 'self'; script-src 'self' https://www.googletagmanager.com http://www.googletagmanager.com www.googletagmanager.com https://www.google-analytics.com http://www.google-analytics.com www.google-analytics.com https://www.googleadservices.com http://www.googleadservices.com www.googleadservices.com https://*.googleapis.com http://*.googleapis.com *.googleapis.com https://*.doubleclick.net http://*.doubleclick.net *.doubleclick.net https://cc.cdn.civiccomputing.com http://cc.cdn.civiccomputing.com cc.cdn.civiccomputing.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://*.typekit.net http://*.typekit.net *.typekit.net https://*.googleapis.com http://*.googleapis.com *.googleapis.com https://*.mailchimp.com http://*.mailchimp.com *.mailchimp.com 'unsafe-inline'; 4
default-src 'self' https: 'unsafe-inline' 'unsafe-eval'; report-uri content.php?action=150&module=core&handler=ContentSecurityPolicyHandler&mode=reportCspViolation; 4
default-src *;script-src 'unsafe-inline' 'unsafe-eval' *;style-src 'unsafe-inline' *;connect-src * blob:;report-uri https://cdn.initial-website.com/app/reporting/policyviolation/submit 4
default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' 'unsafe-inline' 'unsafe-eval' data:; 4
default-src https: blob: wss: data: android-webview-video-poster: android-webview: chrome-extension: safari-extension: 'unsafe-eval' 'unsafe-inline'; report-uri https://www.dailymotion.com/content_security_policy_report_uri 3
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl 3
default-src * data: blob:;worker-src 'self' blob:;script-src blob: 'unsafe-inline' https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/viewer/ https://cdn.ampproject.org/rtv/ https://www.googletagmanager.com/gtag/js https://playground.amp.dev/ https://preview.amp.dev/ https://go.amp.dev/ https://log.amp.dev/;object-src 'none';style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://playground.amp.dev/ https://preview.amp.dev/ https://go.amp.dev/ https://log.amp.dev/;report-uri /csp-report 3
report-uri /ab/csp/index; report-to csp-endpoint 3
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://variety.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 3
default-src https: data: wss: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval';block-all-mixed-content;report-uri https://www.facebook.com/csp/reporting/?minimize=0; 3
default-src https: data: blob: 'unsafe-eval' 'unsafe-inline' https://www.google.com https://www.gstatic.com https://www.recaptcha.net https://api.amplitude.com  wss://*.hotjar.com wss://*.qualified.com 'self';  frame-ancestors 'self' https://*.zendesk.com https://*.myshopify.com https://teams.microsoft.com https://*.eloqua.com https://*.surveymonkey.com https://*.sharepoint.com https://*.worldpay.com https://*.cardinalcommerce.com;report-uri https://csp.surveymonkey.com/report?e=false&c=prod&ar=true&a=wufoocms 3
default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri https://qualys.report-uri.com/r/d/csp/reportOnly 3
require-trusted-types-for 'script';report-uri /_/Gstore/cspreport 3
frame-ancestors 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' *.coinall.ltd static.okex.com ok-public-hk.oss-cn-hongkong.aliyuncs.com *.sentry.io *.googleadservices.com *.google-analytics.com api.lab.amplitude.com *.geetest.com *.googletagmanager.com *.qiyukf.com *.alicdn.com *.google.com telegram.org pay.itez.com cdn.ronghub.com storage.googleapis.com cdnjs.cloudflare.com *.ada.support p11.techlab-cdn.com *.zendesk.com api.sixclovers.com qiyukf.com googleads.g.doubleclick.net www.googleadservices.com www.googletagmanager.com; report-uri /csp-reports 3
connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: cdn.cookielaw.org privacyportal-eu.onetrust.com www.shareaholic.net *.omtrdc.net analytics.shareaholic.com collection.decibelinsight.net *.doubleclick.net www.google.com dpm.demdex.net www.google-analytics.com; frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: tools.eurolandir.com www.youtube.com *.doubleclick.net www.google.com platform.twitter.com *.demdex.net; img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google.com dpm.demdex.net www.google.de www.google.co.th www.googletagmanager.com img.youtube.com *.doubleclick.net www.google.ca www.google.co.uk www.google.pl *.everesttech.net www.google-analytics.com www.google.com.eg s266319173.t.eloqua.com cdn.cookielaw.org www.google.com.mx www.google.com.ua connect.facebook.net www.google.co.jp *.omtrdc.net www.google.fr px.ads.linkedin.com www.google.com.sg; font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: m9m6e2w5.stackpathcdn.com fonts.gstatic.com; style-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: fonts.googleapis.com; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob:; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.youtube.com www.googleadservices.com www.google.com www.google.com.eg tags.tiqcdn.com geolocation.onetrust.com www.google-analytics.com m9m6e2w5.stackpathcdn.com analytics.twitter.com www.googletagmanager.com www.google.co.uk www.google.fr connect.facebook.net platform.twitter.com cdn.cookielaw.org cdnjs.cloudflare.com apps.shareaholic.com www.google.de tools.euroland.com *.doubleclick.net js.maxmind.com www.google.pl img06.en25.com ; form-action 'none' data: blob: ; report-uri /csp_report 3
default-src https: data: blob: wss: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.dow.com dow.6connex.com; report-uri /cxsite/csp-report/csp-report.html 3
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://stylecaster.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 3
script-src https://shopping.com https://*.shopping.com https://*.paypalobjects.com https://*.paypal.com https://www.google-analytics.com https://checkout.ebay.com 'unsafe-inline'; connect-src https://shopping.com https://*.shopping.com https://*.paypal.com; form-action https://shopping.com https://*.shopping.com; img-src https://shopping.com https://*.shopping.com https://*.paypal.com https://*.ebayimg.com https://*.cnnx.io https://www.paypalobjects.com data:; report-uri https://monitor.ebay.com/csp-report/shoppingdotcom 3
report-uri https://52723791ca12811bfedec52ea4c44290.report-uri.com/r/d/csp/reportOnly; default-src 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; script-src-elem * 'unsafe-inline'; script-src-attr 'unsafe-inline'; style-src 'self' 'unsafe-inline'; style-src-elem * 'unsafe-inline'; style-src-attr 'self' 'unsafe-inline'; img-src * data:; font-src * data:; connect-src *; media-src * blob:; object-src 'none'; frame-src *; frame-ancestors *; form-action 'self' 3
block-all-mixed-content; default-src 'self'; connect-src 'self' https://www.google-analytics.com; font-src 'self' https://themes.googleusercontent.com https://fonts.gstatic.com https://cdn.jsdelivr.net data:; frame-src 'self' https://www.youtube.com; img-src 'self' https://translate.google.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.jsdelivr.net https://i.ytimg.com https://www.gstatic.com https://maps.gstatic.com https://maps.googleapis.com data:; script-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://polyfill.io https://unpkg.com maps.google.com 'unsafe-inline'; script-src-attr 'self'; style-src 'self' fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com 'unsafe-inline'; style-src-attr 'self' 'unsafe-inline'; report-uri https://ae2fed611bf04be7d3efc10226296849.report-uri.com/r/d/csp/reportOnly 3
default-src 'self' *.smartschool.be; script-src 'self' 'unsafe-inline' 'unsafe-eval' c0.wp.com https://ssl.p.jwpcdn.com stats.wp.com use.typekit.net p.jwpcdn.com *.google-analytics.com; script-src-attr 'none'; style-src 'self' *.smartschool.be 'unsafe-inline' c0.wp.com; font-src 'self' *.smartschool.be *.typekit.net wordpress.com data:; img-src 'self' *.typekit.net pixel.wp.com *.google-analytics.com stats.g.doubleclick.net data:; connect-src performance.typekit.net stats.g.doubleclick.net; report-uri /csp-violation.php 3
img-src https:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'; 3
img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google.com pagead2.googlesyndication.com *.googlesyndication.com www.facebook.com www.google-analytics.com cdnassets.hw.net hit.uptrendsdata.com www.googletagmanager.com *.doubleclick.net; form-action  www.facebook.com; style-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: cdnassets.hw.net ads2000.hw.net fonts.googleapis.com; font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: cdnassets.hw.net fonts.gstatic.com; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob:; connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: hb.emxdgt.com gw.geoedge.be *.googlesyndication.com htlb.casalemedia.com fastlane.rubiconproject.com *.doubleclick.net hit.uptrendsdata.com www.facebook.com *.lijit.com pagead2.googlesyndication.com cdns.us1.gigya.com; frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.doubleclick.net cdns.us1.gigya.com www.google.com www.googletagmanager.com www.facebook.com; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: pagead2.googlesyndication.com adservice.google.com www.google-analytics.com www.google.com *.googlesyndication.com ads2000.hw.net hit.uptrendsdata.com *.doubleclick.net cdns.gigya.com connect.facebook.net rumcdn.geoedge.be cdn.ampproject.org cdnassets.hw.net www.googletagservices.com apis.google.com *.googleadservices.com www.googletagmanager.com; report-uri /csp_report 3
default-src 'unsafe-inline' 'unsafe-eval' https: blob: data:; object-src 'self'; base-uri 'self'; form-action 'self' https://www.facebook.com https://syndication.twitter.com https://platform.twitter.com; 3
frame-ancestors 'self'; report-uri /stf/reportiframe 3
default-src 'none'; style-src 'self' 'unsafe-inline' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src rs.fullstory.com/rec/bundle https:; font-src 'self' https: data:; img-src 'self' *.csagroup.org *.wpengine.com p.typekit.net stats.g.doubleclick.net www.google.ca/ads www.google.com/ads www.google-analytics.com https: data:; object-src 'none'; upgrade-insecure-requests; report-uri https://csagroup.report-uri.com/r/d/csp/reportOnly; 3
default-src 'self'; img-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 3
default-src 'self'; report-uri https://csp.loopia.se;form-action 'self' https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://bib.eway2pay.com https://ticket.siriusit.net https://payment.architrade.com https://www.facebook.com;font-src 'self' https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://tpc.googlesyndication.com https://fonts.gstatic.com https://chat.puzzel.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' https://chat.puzzel.com https://www.google.com https://www.googletagmanager.com https://ssl.google-analytics.com https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://www.youtube.com https://*.ytimg.com https://tpc.googlesyndication.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.google.se https://bat.bing.com https://connect.facebook.net https://api.exponea.com https://widget.trustpilot.com https://static.hotjar.com https://script.hotjar.com https://active24.ladesk.com https://api.infinario.com https://g.microsoft.com https://snap.licdn.com;connect-src 'self' https://chat.puzzel.com https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://www.facebook.com https://stats.g.doubleclick.net https://www.google-analytics.com https://api.exponea.com https://in.hotjar.com https://bat.bing.com https://vc.hotjar.io https://api.infinario.com;img-src 'self' https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://ssl.google-analytics.com https://*.ytimg.com https://track.double.net https://tbs.tradedoubler.com https://sealserver.trustkeeper.net https://www.gstatic.com https://track.adform.net https://www.googletagmanager.com https://chat.puzzel.com https://www.google.com.cy https://www.google.no https://www.google.rs https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.google.es https://googleads.g.doubleclick.net https://www.facebook.com https://www.google.se https://bat.bing.com https://www.google.fi https://www.google.gr data: https://px.ads.linkedin.com https://www.linkedin.com;media-src https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://chat.puzzel.com;frame-src https://*.facebook.com https://player.vimeo.com https://*.mynewsdesk.com https://tpc.googlesyndication.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://*.soundcloud.com https://www.youtube.com https://widget.trustpilot.com https://vars.hotjar.com https://active24.ladesk.com https://1-vbus-eu.ladesk.com;object-src 'self';style-src 'self' 'unsafe-inline' https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://chat.puzzel.com https://fonts.googleapis.com 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.sharethis.com *.sharethis.mgr.consensu.org geoip-db.com *.facebook.com *.connect.facebook.net *.google-analytics.com *.googletagmanager.com stats.g.doubleclick.net *.googleusercontent.com *.gravatar.com *.soundcloud.com 01.org *.youtube.com asciinema.org *.addtoany.com https://translate.googleapis.com; script-src 'self'  'unsafe-inline'  'unsafe-eval'  data:  blob:  *.connect.facebook.net/en_US/   https://stg.01.org/  https://code.jquery.com/  https://www.googletagmanager.com/  https://www.google-analytics.com/analytics.js  https://connect.facebook.net/en_US/  https://*.static.addtoany.com/menu/  https://static.addtoany.com/menu/page.js  https://static.addtoany.com/menu/locale/ https://static.addtoany.com/menu/svg/icons.29.svg.js  https://geoip-db.com/jsonp ; img-src 'self' data: blob: https://secure.gravatar.com/avatar/ https://software.intel.com/sites/ https://corpredirect.intel.com/ https://*.www.gstatic.com/images/ https://www.googletagmanager.com/ https://www.gstatic.com/images/branding/product/ http://1.bp.blogspot.com/ http://2.bp.blogspot.com/ http://3.bp.blogspot.com/ http://4.bp.blogspot.com/ https://asciinema.org/ https://img.youtube.com/vi/ https://www.google-analytics.com/collect https://lh3.googleusercontent.com/ https://lh4.googleusercontent.com/ https://lh5.googleusercontent.com/ https://lh6.googleusercontent.com/; font-src 'self' *.fonts.gstatic.com/s/roboto/v20/ https://*.fonts.gstatic.com/s/roboto/v20/; report-uri /admin/config/system/seckit/csp-report 3
default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.adobedtm.com *.amazon-adsystem.com *.appdemostore.com *.atdmt.com *.avocet.io *.blubrry.com *.clicktale.net *.craftyclicks.co.uk *.doubleclick.net *.everesttech.net *.facebook.com *.facebook.net *.fca.org.uk *.google.co.uk *.google.com *.googleadservices.com *.jwpcdn.com *.liveperson.net *.linkedin.com *.lpsnmedia.net *.neolane.net *.omguk.com *.omtrdc.net *.pinimg.com *.pinterest.com *.raptmedia.com *.rbos.com *.rbs.co.uk *.rbs.com *.rbsdigital.com *.supportcentre-rbs.co.uk *.snapchat.com *.userzoom.com *.youtube.com *.ytimg.com analytics.twitter.com api.swiftype.com dcs.demdex.net dpm.demdex.net fast.demdex.net fast.rbs.demdex.net jwpltx.com rbs.demdex.net sc-static.net search-rbs.co.uk static.ads-twitter.com t.co www.brightedge.com; upgrade-insecure-requests; report-uri https://rbspersonal.report-uri.com/r/t/csp/reportOnly 3
block-all-mixed-content; report-uri https://www.warau.jp/mixedcontentreport.php 3
report-uri /_/csp-reports 3
img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google.com c.evidon.com cdn.jsdelivr.net bam.nr-data.net l.evidon.com; style-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: cdn.jsdelivr.net; font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: cdn.jsdelivr.net fonts.gstatic.com; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: bam.nr-data.net; connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: bam.nr-data.net www.google-analytics.com; frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google.com www.youtube.com; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google.com c.evidon.com bam.nr-data.net www.gstatic.com cdn.jsdelivr.net ; form-action 'none' data: blob: ; report-uri /csp_report 3
object-src 'none'; 3
default-src 'none'; img-src * data:; connect-src 'self' *.appcues.com *.appcues.net api.amplitude.com api.segment.io cdn.segment.com delivra.zendesk.com ekr.zdassets.com ws: wss:; font-src 'self' cdnjs.cloudflare.com fonts.gstatic.com kendo.cdn.telerik.com maxcdn.bootstrapcdn.com; style-src 'self' 'unsafe-inline' *.appcues.com *.appcues.net cdnjs.cloudflare.com fonts.googleapis.com kendo.cdn.telerik.com maxcdn.bootstrapcdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.appcues.com *.appcues.net ajax.googleapis.com code.jquery.com cdnjs.cloudflare.com cdn.segment.com cdn.amplitude.com static.zdassets.com; frame-src 'self' *.appcues.com editor.ne16.com; report-uri /Reports/LogCspError.ashx; 3
default-src 'self' ; frame-src 'self' 'unsafe-inline' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://apis.google.com https://www.recaptcha.net/ https://www.youtube-nocookie.com https://www.youtube.com/ https://www.youtub.com/  youtube.com https://www.googletagmanager.com https://lpcdn.lpsnmedia.net/ https://vars.hotjar.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://apis.google.com https://www.recaptcha.net/ https://www.youtube.com/ https://www.googletagmanager.com https://unpkg.com https://cdnjs.cloudflare.com https://cdn.cookielaw.org https://www.google-analytics.com http://www.googleadservices.com https://snap.licdn.com https://cdn.mouseflow.com https://static.hotjar.com http://bat.bing.com https://tag.demandbase.com https://lptag.liveperson.net https://accdn.lpsnmedia.net http://cdn.pardot.com http://pi.pardot.com https://pi.pardot.com https://script.hotjar.com https://lpcdn.lpsnmedia.net https://lo.v.liveperson.net https://googleads.g.doubleclick.net ; style-src 'self' https://unpkg.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com 'unsafe-inline'; img-src 'self' data: 'unsafe-eval' https://malvern.dist.sdlmedia.com https://www.materials-talks.com https://unpkg.com https://malvern.ssl.cdn.sdlmedia.com https://px.ads.linkedin.com https://match.prod.bidr.io https://bat.bing.com https://www.google.com https://www.google.ie https://segments.company-target.com https://www.google-analytics.com https://www.googletagmanager.com https://id.rlcdn.com https://googleads.g.doubleclick.net  ; connect-src 'self'  https://segments.company-target.com https://cdn.cookielaw.org https://www.google-analytics.com https://stats.g.doubleclick.net https://api.company-target.com https://in.hotjar.com https://ws19.hotjar.com wss://ws19.hotjar.com;font-src 'self' https://unpkg.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; base-uri 'self'; 3
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; media-src https: data:; font-src https: data:; report-uri /csp-report; 3
default-src 'self' artists.ultramusicfestival.com assets.ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net *.resistancemusic.com *.roadtoultra.com; font-src 'self' artists.ultramusicfestival.com assets.ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net *.resistancemusic.com *.roadtoultra.com data: fonts.gstatic.com; script-src 'self' artists.ultramusicfestival.com assets.ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net *.resistancemusic.com *.roadtoultra.com 'unsafe-inline' 'unsafe-eval' *.youtube.com *.ytimg.com *.datadoghq-browser-agent.com *.getclicky.com clicky.com *.twitter.com *.ads-twitter.com *.facebook.net *.olark.com *.adroll.com *.googletagmanager.com tagmanager.google.com *.google-analytics.com www.google.com *.googleadservices.com googleads.g.doubleclick.net; style-src 'self' artists.ultramusicfestival.com assets.ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net *.resistancemusic.com *.roadtoultra.com 'unsafe-inline' *.getclicky.com clicky.com *.olark.com fonts.googleapis.com; img-src 'self' artists.ultramusicfestival.com assets.ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net *.resistancemusic.com *.roadtoultra.com 'unsafe-inline' data: secure.gravatar.com *.getclicky.com t.co *.facebook.com *.olark.com *.adroll.com *.google-analytics.com *.gstatic.com *.g.doubleclick.net *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat; media-src 'self' artists.ultramusicfestival.com assets.ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net *.resistancemusic.com *.roadtoultra.com *.olark.com; connect-src 'self' artists.ultramusicfestival.com assets.ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net *.resistancemusic.com *.roadtoultra.com *.datadoghq.com *.getclicky.com *.facebook.com *.olark.com *.google-analytics.com *.g.doubleclick.net; frame-src 'self' artists.ultramusicfestival.com assets.ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net *.resistancemusic.com *.roadtoultra.com *.apple.com open.spotify.com *.soundcloud.com www.youtube.com www.facebook.com *.olark.com www.google.com bid.g.doubleclick.net; 3
default-src 'self'; connect-src 'self' www.linkedin.com content.linkedin.com lnkd.demdex.net dpm.demdex.net www.google-analytics.com linkedin.sc.omtrdc.net lnkd.tt.omtrdc.net opreq.observepoint.com www.linkedin-ei.com adservice.google.com stats.g.doubleclick.net static.licdn.com; img-src data: blob: android-webview-video-poster: *; font-src data: *; frame-src 'self' www.linkedin.com lnkd.demdex.net www.youtube-nocookie.com platform.twitter.com www.facebook.com plusone.google.com play.vidyard.com www.slideshare.net; style-src https: 'unsafe-inline' *.licdn.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' *.licdn.com www.linkedin.com content.linkedin.com platform.linkedin.com *.ads.linkedin.com lnkd.demdex.net *.salesforceliveagent.com sb.scorecardresearch.com sjs.bizographics.com bcvipva02.rightnowtech.com; script-src-elem 'unsafe-inline' tags.tiqcdn.com *.salesforceliveagent.com platform.linkedin-ei.com platform.linkedin.com content.linkedin.com snap.licdn.com sjs.bizographics.com www.linkedin.com bcvipva02.rightnowtech.com sb.scorecardresearch.com; frame-ancestors 'self'; object-src 'self'; report-uri https://www.linkedin.com/platform-telemetry/csp?f=ms 3
img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google.com www.facebook.com www.google-analytics.com *.facebook.net 6147797.global.siteimproveanalytics.io www.instagram.com prismahealth.org www.googletagmanager.com; media-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: prismahealth.org; form-action  www.facebook.com; manifest-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: prismahealth.org; style-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: pro.fontawesome.com p.typekit.net prismahealth.org use.typekit.net; font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: pro.fontawesome.com use.typekit.net; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob:; connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: network.prismahealth.org use.typekit.net *.doubleclick.net www.google-analytics.com www.facebook.com pro.fontawesome.com www.instagram.com; frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google.com www.facebook.com; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.facebook.net www.google-analytics.com www.google.com siteimproveanalytics.com prismahealth.org *.googleadservices.com *.doubleclick.net www.googletagmanager.com; report-uri /csp_report 3
font-src *.cloudflare.com *.cloudfront.net *.credomobile.com *.taboola.com *.pinimg.com *.bing.com *.facebook.com *.fullstory.com *.liadm.com *.pdst.fm *.opmnstr.com *.criteo.net *.paypal.com www.google-analytics.com www.google.com *.doubleclick.net *.gstatic.com *.trustedshops.com *.usercentrics.eu *.hotjar.com *.getletterpress.com *.zendesk.com *.kaptcha.com *.shareasale-analytics.com shareasale-analytics.com *.googletagmanager.com *.shareasale.com *.bootstrapcdn.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.facebook.com 'self' 'unsafe-inline'; frame-ancestors ; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.cloudflare.com *.cloudfront.net *.credomobile.com *.taboola.com *.pinimg.com *.bing.com *.facebook.com *.fullstory.com *.liadm.com *.pdst.fm *.opmnstr.com *.criteo.net *.paypal.com www.google-analytics.com www.google.com *.doubleclick.net *.gstatic.com *.trustedshops.com *.usercentrics.eu *.hotjar.com *.getletterpress.com *.zendesk.com *.criteo.com *.kaptcha.com *.shareasale-analytics.com shareasale-analytics.com *.googletagmanager.com *.shareasale.com *.bootstrapcdn.com *.youtube.com js.authorize.net jstest.authorize.net accept.authorize.net 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com data: d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.cloudflare.com *.cloudfront.net *.credomobile.com *.taboola.com *.pinimg.com *.bing.com *.facebook.com *.fullstory.com *.liadm.com *.pdst.fm *.opmnstr.com *.criteo.net *.agkn.com *.pinterest.com *.paypal.com *.ytimg.com www.google.com *.doubleclick.net *.gstatic.com *.trustedshops.com *.usercentrics.eu *.hotjar.com *.getletterpress.com *.zendesk.com *.kaptcha.com *.shareasale-analytics.com shareasale-analytics.com *.googletagmanager.com *.shareasale.com *.bootstrapcdn.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.googletagmanager.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.cloudflare.com *.cloudfront.net *.credomobile.com *.credo.com *.taboola.com *.pinimg.com *.bing.com *.facebook.com *.facebook.net *.fullstory.com *.liadm.com *.pdst.fm *.opmnstr.com *.criteo.net *.criteo.com *.paypal.com *.newrelic.com *.nr-data.net www.google.com *.doubleclick.net *.gstatic.com *.trustedshops.com *.usercentrics.eu *.hotjar.com *.getletterpress.com *.zendesk.com static.zdassets.com *.kaptcha.com *.shareasale.com *.shareasale-analytics.com shareasale-analytics.com *.googletagmanager.com *.bootstrapcdn.com js.authorize.net jstest.authorize.net sandbox-assets.secure.checkout.visa.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.cloudflare.com *.cloudfront.net *.credomobile.com *.taboola.com *.pinimg.com *.bing.com *.facebook.com *.fullstory.com *.liadm.com *.pdst.fm *.opmnstr.com *.criteo.net *.paypal.com www.google-analytics.com www.google.com *.doubleclick.net *.gstatic.com *.trustedshops.com *.usercentrics.eu *.hotjar.com *.getletterpress.com *.zendesk.com *.kaptcha.com *.shareasale-analytics.com shareasale-analytics.com *.googletagmanager.com *.shareasale.com *.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src static.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.cloudflare.com *.cloudfront.net *.credomobile.com *.credo.com *.taboola.com *.pinimg.com *.bing.com *.facebook.com *.fullstory.com *.liadm.com *.pdst.fm *.opmnstr.com *.criteo.net widget-mediator.zopim.com *.zopim.com *.cloudfunctions.net *.omappapi.com wss://widget-mediator.zopim.com *.paypal.com *.nr-data.net www.google-analytics.com www.google.com *.doubleclick.net *.gstatic.com *.pinterest.com *.trustedshops.com *.usercentrics.eu *.hotjar.com *.getletterpress.com *.zendesk.com *.zdassets.com/ credomobilesupport.zendesk.com *.kaptcha.com *.shareasale-analytics.com shareasale-analytics.com *.googletagmanager.com *.shareasale.com *.bootstrapcdn.com js.authorize.net jstest.authorize.net api.authorize.net apitest.authorize.net accept.authorize.net test.authorize.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 3
default-src https: data: 'unsafe-inline'; report-uri https://3j40yr1pel.execute-api.us-east-1.amazonaws.com/prod/report-only 3
default-src 'self'; img-src *; style-src 'unsafe-inline'; script-src 'unsafe-inline' 'unsafe-eval' 3
frame-ancestors 'none'; report-uri https://endpoint3.collection.us2.sumologic.com/receiver/v1/http/ZaVnC4dhaV30Tj5vtZfuZ0tYPfqb8xOSxI9TJ5CbQ_ZE4W4aGoGW8HViqViD0nttCcDqHOZNNhObvJtSbYn1XDP7uSjlITCzSLlNsuSdwZ46El5dcVC6kg== 3
font-src fonts.gstatic.com use.typekit.net *.fontawesome.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com api.bazaarvoice.com stg.api.bazaarvoice.com *.sagepay.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.sagepay.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net p.typekit.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com www.xtento.com cdn.xtento.com https://imgs.signifyd.com https://*.online-metrix.net 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net commerce.adobedtm.com www.paypalobjects.com js.braintreegateway.com www.paypal.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com video.google.com vimeo.com www.vimeo.com www.googletagmanager.com www.google-analytics.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com *.sagepay.com maps.googleapis.com www.xtento.com cdn.xtento.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com getfirebug.com display.ugc.bazaarvoice.com *.fontawesome.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net api.magento.com commerce.adobe.io commerce.adobedtm.com commerce.adobedc.net *.adobe.io performance.typekit.net commerce.adobe.net qa-api.magedevteam.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.sagepay.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
default-src 'none'; script-src 'self' 'unsafe-inline' *.google-analytics.com *.typekit.net ajax.googleapis.com *.googletagmanager.com cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' ajax.googleapis.com *.typekit.net *.myfonts.net; img-src 'self' data: *.google-analytics.com ajax.googleapis.com *.typekit.net *.doubleclick.net; connect-src 'self'; font-src 'self' data: *.typekit.net; object-src 'self'; media-src  'self'; frame-src *.addthis.com player.vimeo.com www.youtube.com; manifest-src 'self'; 3
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; connect-src https: wss:; report-uri /csp-report 3
form-action  www.flycorsair.com www.facebook.com mareservation.corsair.fr; style-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: fonts.googleapis.com hello.myfonts.net; img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.instagram.com connect.facebook.net px4.ads.linkedin.com c.clarity.ms px.ads.linkedin.com *.doubleclick.net bam.nr-data.net secure.adnxs.com simage2.pubmatic.com sync.e-planning.net cm.adform.net www.facebook.com us-u.openx.net bat.bing.com sync-t1.taboola.com criteo-partners.tremorhub.com pixel.advertising.com www.google.com jadserve.postrelease.com *.rubiconproject.com ad.360yield.com id5-sync.com profile.ssp.rambler.ru *.yahoo.com ib.adnxs.com *.criteo.com r.casalemedia.com gum.criteo.com an.yandex.ru criteo-sync.teads.tv x.bidswitch.net rtb-csync.smartadserver.com i.liadm.com ads.stickyadstv.com pixel.tapad.com www.google-analytics.com s.ad.smaato.net t.co www.google.fr www.googletagmanager.com www.linkedin.com cm.mgid.com eb2.3lift.com ih.adscale.de c.bing.com visitor.omnitagjs.com contextual.media.net sync-criteo.ads.yieldmo.com match.sharethrough.com crb.kargo.com exchange.mediavine.com sync.outbrain.com ad.tpmn.co.kr; connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.instagram.com s.yimg.com *.doubleclick.net try.abtasty.com dcinfos-cache.abtasty.com bam.nr-data.net dashboard.chatfuel.com www.facebook.com px.ads.linkedin.com www.google.com adservice.google.com ariane.abtasty.com bat.bing.com www.clarity.ms; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: static.ads-twitter.com s.yimg.com cdn.jsdelivr.net www.google.com connect.facebook.net try.abtasty.com www.google-analytics.com bam.nr-data.net js-agent.newrelic.com static.criteo.net dashboard.chatfuel.com bat.bing.com www.clarity.ms sslwidget.criteo.com analytics.skyscanner.net www.googletagmanager.com analytics.twitter.com snap.licdn.com; frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.facebook.com www.youtube.com static.criteo.net web.facebook.com www.google.com gum.criteo.com; font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: static3.avast.com fonts.gstatic.com; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob:; report-uri /csp_report 3
font-src *.fontawesome.com *.gstatic.com https://js.klevu.com data: https://*.hotjar.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://www.facebook.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com player.vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.adyen.com www.xtento.com https://*.demdex.net https://*.adyen.com https://www.youtube.com https://youtu.be https://pay.google.com https://*.fls.doubleclick.net https://www.paypalobjects.com https://vars.hotjar.com http://www.yotpo.com https://player.vimeo.com/ https://*.googleapis.com/ https://www.facebook.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.adyen.com https://www.xtento.com cdn.xtento.com *.gstatic.com *.google.co.uk *.google.com https://www.googletagmanager.com https://*.googleapis.com https://services.postcodeanywhere.co.uk https://www.rnengage.com https://js.klevu.com https://bat.bing.com https://mgl.sc.omtrdc.net https://cm.everesttech.net https://*.adyen.com https://*.demdex.net/ https://amcglobal.sc.omtrdc.net https://*.widget.custhelp.com https://*.cloudiq.com https://*.pinterest.com https://www.facebook.com https://cdn.cookielaw.org https://*.hotjar.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com www.googletagmanager.com https://*.adyen.com www.xtento.com cdn.xtento.com http://maybo11111.pcapredict.com https://services.postcodeanywhere.co.uk https://polyfill.io https://js.klevu.com https://www.google.com https://www.gstatic.com https://*.googleapis.com https://*.widget.custhelp.com https://*.custhelp.com https://*.rightnowtech.com https://www.rnengage.com https://bat.bing.com https://pay.google.com https://googleads.g.doubleclick.net https://*.newrelic.com https://bam-cell.nr-data.net https://*.hotjar.com https://connect.facebook.net https://cdn.cookielaw.org https://*.cloudiq.com https://*.onetrust.com https://*.pinimg.com *.avada.io https://*.trustpilot.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.fontawesome.com https://services.postcodeanywhere.co.uk https://*.widget.custhelp.com https://www.gstatic.com https://fonts.googleapis.com https://js.klevu.com https://*.googleapis.com/ yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adyen.com https://services.postcodeanywhere.co.uk https://*.ksearchnet.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.demdex.net https://bam-cell.nr-data.net https://cdn.cookielaw.org https://amcglobal.sc.omtrdc.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.onetrust.com https://*.pinterest.com https://bat.bing.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://secure.tt-staging.com/; report-to report-endpoint; 3
connect-src * https://*.tiles.mapbox.com https://api.mapbox.com; default-src blob:; font-src * data:; frame-src * data:; img-src * data: blob:; object-src data:; report-uri /vizql/csp-report; script-src * blob:; style-src * 'unsafe-inline' 3
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data: blob:; font-src https: data:; report-uri /csp-report 3
font-src *.fontawesome.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es js.stripe.com hooks.stripe.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com https://static.afterpay.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es store.paradoxlabs.com 'self' 'unsafe-inline'; script-src js.authorize.net jstest.authorize.net secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com https://js.sandbox.afterpay.com https://js.afterpay.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net js.stripe.com *.authorize.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com static.afterpay.com/ js.sandbox.afterpay.com js.afterpay.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src static.afterpay.com js.sandbox.afterpay.com js.afterpay.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net *.stripe.com *.authorize.net 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
default-src 'none'; font-src fonts.gstatic.com maxcdn.bootstrapcdn.com use.fontawesome.com data: *.nlm.nih.gov; connect-src google-analytics.com siteintercept.qualtrics.com stats.g.doubleclick.net *.nlm.nih.gov; frame-src platform.twitter.com www.google.com; img-src 'self' data: www.google-analytics.com www.googletagmanager.com gtrk.s3.amazonaws.com stats.g.doubleclick.net co1.qualtrics.com; media-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' *.nlm.nih.gov ajax.googleapis.com siteintercept.qualtrics.com www.google-analytics.com dap.digitalgov.gov www.googletagmanager.com code.jquery.com *.cloudfront.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com use.fontawesome.com maxcdn.bootstrapcdn.com *.nlm.nih.gov code.jquery.com cdn.datatables.net; upgrade-insecure-requests; report-uri https://nlmoccs.report-uri.com/r/d/csp/reportOnly 3
report-uri https://www.tv5unis.ca/csp-report;default-src 'self' *.googlesyndication.com ;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.2mdn.net *.amazon-adsystem.com *.doubleclick.net *.facebook.com *.facebook.net *.google.ca *.google.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.scorecardresearch.com *.google-analytics.com *.gstatic.com *.hotjar.com *.m32.media *.pinimg.com cdn.ampproject.org tag.aticdn.net sc-static.net ;style-src 'self' 'unsafe-inline' ;img-src 'self' data: *.doubleclick.net *.facebook.com *.google.ca *.google.com *.googleusercontent.com *.google-analytics.com *.googlesyndication.com *.scorecardresearch.com bcp.crwdcntrl.net platform-lookaside.fbsbx.com https://image-proxy.tv5unis.ca ;media-src 'self' blob: *.2mdn.net *.llnw.net ;frame-src 'self' *.doubleclick.net *.facebook.com *.firebaseapp.com/ *.googlesyndication.com imasdk.googleapis.com vars.hotjar.com tr.snapchat.com ;font-src 'self' data: ;connect-src 'self' *.2mdn.net *.adnxs.com *.amazon-adsystem.com *.amazon-adsystem.com *.doubleclick.net *.facebook.com *.google-analytics.com *.google.ca *.google.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.gstatic.com *.llnw.net *.m32.media *.scorecardresearch.com bcp.crwdcntrl.net cdn.ampproject.org cdn.jsdelivr.net licensing.bitmovin.com platform-lookaside.fbsbx.com sc-static.net sentry.io static.hotjar.com tag.aticdn.net us-central1-m32-infrastructure.cloudfunctions.net vendorlist.consensu.org https://api.tv5unis.ca https://image-proxy.tv5unis.ca ;worker-src 'self' blob: ;form-action 'self' www.facebook.com/tr tr.snapchat.com ; 3
default-src 'none'; connect-src 'self' https: wss://*.zopim.com; font-src data: https:; frame-src https://js.stripe.com https://m.stripe.network https://www.google.com https://www.youtube.com https://googleads.g.doubleclick.net https://bid.g.doubleclick.net; img-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https://d3tw2v68rmxuj7.cloudfront.net https://fonts.googleapis.com; report-uri /csp 3
frame-ancestors 'self'; block-all-mixed-content; default-src 'self'; script-src 'self' 'report-sample' https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://snap.licdn.com https://static-exp1.licdn.com https://content.linkedin.com https://platform.linkedin.com https://js.hs-scripts.com https://js.hsleadflows.net https://js.hs-banner.com https://js.hsadspixel.net https://js.hubspotfeedback.com https://js.usemessages.com https://js.hs-analytics.net https://js.hscollectedforms.net https://js.hsforms.net https://js-na1.hs-scripts.com https://forms.hsforms.com https://static.hotjar.com https://script.hotjar.com https://www.googletagmanager.com https://googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com; style-src 'self' 'report-sample' 'unsafe-inline' *.licdn.com; object-src 'none'; frame-src 'self' *.facebook.com connect.facebook.net www.linkedin.com *.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net js.usemessages.com vars.hotjar.com www.googletagmanager.com; child-src 'self' *.facebook.com connect.facebook.net app.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net js.usemessages.com www.googletagmanager.com; img-src 'self' data: blob: *.facebook.com *.facebook.net *.fbcdn.net *.linkedin.com *.licdn.com *.hubspot.com cdn2.hubspot.net forms.hsforms.com script.hotjar.com www.googletagmanager.com www.google-analytics.com ssl.google-analytics.com www.google.com analytics.google.com; font-src 'self' data: script.hotjar.com; connect-src 'self' *.facebook.com connect.facebook.net *.linkedin.com *.licdn.com *.hubspot.com api.hubapi.com js.usemessages.com js.hsleadflows.net js.hs-banner.com js.hubspotfeedback.com js.hsadspixel.net js.hs-analytics.net js.hs-scripts.com forms.hsforms.com *.hotjar.com wss://*.hotjar.com *.hotjar.io www.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com about:; manifest-src 'self'; base-uri 'self'; form-action 'self' *.facebook.com connect.facebook.net forms.hsforms.com forms.hubspot.com; media-src 'self' media.licdn.com; prefetch-src 'self'; worker-src 'self'; report-uri https://gate.rapidsec.net/g/r/csp/cb9e5e15-5425-4474-84ff-dd767521bba1/0/1/3?sct=88b1c42d-fa4d-4fc5-a747-b3bc3e8c6efe&dpos=report 3
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; media-src https: data:; object-src https: data:; img-src https: data:; font-src https: data:; report-uri /csp-report 3
font-src *.fontawesome.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.facebook.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net cdn-scripts.signifyd.com www.youtube.com *.googletagmanager.com *.facebook.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.fontawesome.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
default-src https: data: blob: 'self' 'unsafe-inline' 'unsafe-eval'; img-src data: https:; font-src data: https:; report-uri https://kilian.report-uri.io/r/default/csp/reportOnly 3
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://6419468.collect.igodigital.com https://assets.adobedtm.com https://players.brightcove.net https://*.homeoffice.wal-mart.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: *.everesttech.net *.demdex.net *.omtrdc.net *.xx.fbcdn.net https://*.brightcove.com nova.collect.igodigital.com https://*.walmart.com https://*.wal-mart.com; font-src 'self' data: https://one.walmart.com; connect-src *; frame-src 'self' *.demdex.net https://wiresurveys.southcentralus.cloudapp.azure.com pfedprod.wal-mart.com https://*.walmart.com https://*.brightcove.com; media-src 'self' https://*.brightcove.com; report-uri https://csp.walmart.com/c/r/wmo 3
font-src fonts.gstatic.com use.typekit.net 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.googletagmanager.com *.demdex.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de http://app.bronto.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.pages03.net *.facebook.com *.google.com *.hotjar.com *.issuu.com *.kaptcha.com *.mkt932.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.pages03.net *.amazonaws.com *.coremetrics.com *.facebook.com *.facebook.net *.google.com *.paypal.com *.bronto.com *.hotjar.com 'self' 'unsafe-inline'; script-src *.adobedtm.com secure.authorize.net test.authorize.net unpkg.com commerce.adobedtm.com www.googleadservices.com www.google-analytics.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net * www.paypalobjects.com js.braintreegateway.com www.paypal.com assets.adobedtm.com commerce.adobe.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com polyfill.io *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.bronto.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.pages03.net *.putmeinthestory.com *.brilliantcollector.com *.facebook.net *.google.com *.gstatic.com *.hotjar.com *.nr-data.net *.newrelic.com *.integration-5ojmyuq-kolnt6avkh4uo.us-3.magentosite.cloud *.c.kolnt6avkh4uo.dev.ent.magento.cloud *.vagrant.com *.zdassets.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net getfirebug.com cdn.dnky.co webchat.dotdigital.com unsafe-inline *.amazonaws.com *.materialdesignicons.com *.jsdelivr.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.zdassets.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net api.magento.com commerce.adobe.io commerce.adobedtm.com commerce.adobedc.net *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io p13n.adobe.io p13n-mr.adobe.io * *.adobe.io performance.typekit.net www.sandbox.paypal.com commerce.adobe.net qa-api.magedevteam.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.algolia.net *.algolia.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com www.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.brilliantcollector.com *.brontops.com *.doubleclick.net *.google-analytics.com *.hotjar.com *.hotjar.io *.nr-data.net *.zdassets.com *.zendesk.com wss://*.zopim.com https://*.zopim.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://cd6149b609c1e427f5d8597d1534d2c7.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 3
script-src 'self' https://mychart.tidalhealth.org https://cdnjs.cloudflare.com https://polyfill.io https://unpkg.com 'unsafe-inline'; script-src-attr 'self'; style-src 'self' https://mychart.tidalhealth.org https://unpkg.com 'unsafe-inline'; style-src-attr 'self'; frame-ancestors * 3
upgrade-insecure-requests; frame-ancestors 'self'; frame-src 'self' *.google.com *.google.com.mx *.twitter.com *.youtube.com *.vimeo.com *.facebook.com  *.instagram.com *.ampproject.org *.doubleclick.net *.googleapis.com *.retargetly.com *.googlesyndication.com *.ampproject.net *.admanmedia.com *.vidible.tv *.cxense.com *.googletagmanager.com *.adnxs.com *.rubiconproject.com *.indexww.com *.openx.net *.doubleverify.com *.tiktok.com *.pubmatic.com *.adxyield.com *.indexww.com *.facebook.net; report-uri https://cmsmedios2.report-uri.com/r/d/csp/reportOnly 3
style-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: cdn.jsdelivr.net unpkg.com; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob:; connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: privacyportalde-cdn.onetrust.com www.google-analytics.com bam.nr-data.net; frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.youtube.com platform.twitter.com; img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: bam.nr-data.net www.google.com.mx www.facebook.com; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: connect.facebook.net bam.nr-data.net platform.twitter.com cdn.jsdelivr.net unpkg.com ; form-action 'none' data: blob: ; report-uri /csp_report 3
font-src *.fontawesome.com *.cloudfront.net *.googleapis.com *.bootstrapcdn.com *.gstatic.com 'unsafe-inline' data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.cloudfront.net data: www.xtento.com cdn.xtento.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com https://cdn.polyfill.io https://browser.sentry-cdn.com *.cloudfront.net *.google.com *.trustedshops.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.fontawesome.com *.cloudfront.net *.google.com *.trustedshops.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.cloudfront.net *.amazonaws.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com https://*.ingest.sentry.io 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
default-src 'self' *.qq.com *.google-analytics.com *.ytimg.com *.youtube.com *.googletagmanager.com *.baidu.com *.cookieinformation.com *.licdn.com *.facebook.net *.marketingautomation.com *.sleeknote.com *.sharpspring.com *.gstatic.com https: 'unsafe-inline' 'unsafe-eval'; block-all-mixed-content; report-uri https://94f62820d7c43df17e384a74a389587c.report-uri.com/r/t/csp/reportOnly 3
default-src 'self';base-uri 'self';block-all-mixed-content;font-src * data:;frame-ancestors 'self';img-src https:;object-src 'none';script-src https: 'unsafe-inline' 'unsafe-eval';script-src-attr 'none';style-src https: 'unsafe-inline';upgrade-insecure-requests;connect-src 'self' dc.services.visualstudio.com *.google.com *.facebook.com wss://*.hotjar.com *.hotjar.com *.hotjar.io s.yimg.com bat.bing.com *.google-analytics.com stats.g.doubleclick.net *.nr-data.net;frame-src https:;report-uri /csp-report;report-to csp-report 3
frame-ancestors * 3
; frame-ancestors 'self' 3
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; 3
script-src 'self' 'unsafe-eval' 'unsafe-inline' data: 'self' blob: www.google-analytics.com www.googletagmanager.com ajax.googleapis.com www.google.com js.klevu.com www.gstatic.com *.cloudmaestro.com www.googleadservices.com googleads.g.doubleclick.net; report-uri /.webscale/csp-report 3
font-src *.gstatic.com *.addtoany.com *.hotjar.com *.hotjar.io *.fontawesome.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.addtoany.com *.hotjar.com *.hotjar.io *.hsforms.com *.google.com *.braintreegateway.com *.paypal.com *.kaptcha.com *.youtube.com cdn.dnky.co webchat.dotdigital.com *.weltpixel.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es data: *.paypal.com *.hubspot.com *.hotjar.com *.hotjar.io wss://*.hotjar.com amcglobal.sc.omtrdc.net *.facebook.com *.google.com *.gstatic.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net cdn-scripts.signifyd.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.gstatic.com *.addtoany.com *.hotjar.com *.hotjar.io *.hsforms.com *.hsforms.net *.hs-scripts.com *.hsleadflows.net *.hs-analytics.net *.hs-banner.com *.google.com *.braintreegateway.com *.paypal.com amcglobal.sc.omtrdc.net https://js.hsadspixel.net https://connect.facebook.net https://googleads.g.doubleclick.net r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com *.avada.io https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com amcglobal.sc.omtrdc.net cdn.dnky.co webchat.dotdigital.com *.fontawesome.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.hubspot.com *.google.com hubspot-forms-static-embed.s3.amazonaws.com *.braintreegateway.com *.braintree-api.com *.paypal.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.hs-banner.com amcglobal.sc.omtrdc.net *.facebook.com *.facebook.net https://api.hubapi.com https://googleads.g.doubleclick.net *.doubleclick.net r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.fixando.com/ https://cdn.fixando.com/ https://pics.fixando.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://www.googletagservices.com/ https://www.googleadservices.com/ https://tpc.googlesyndication.com/ https://pagead2.googlesyndication.com/ https://adservice.google.com.pk/ https://adservice.google.com.br/ https://adservice.google.com.py/ https://adservice.google.com.do/ https://adservice.google.com/ https://adservice.google.pt/ https://adservice.google.nl/ https://adservice.google.cl/ https://adservice.google.it/ https://adservice.google.pl/ https://adservice.google.no/ https://adservice.google.fr/ https://adservice.google.bg/ https://adservice.google.es/ https://adservice.google.se/ https://adservice.google.be/ https://adservice.google.de/ https://adservice.google.ch/ https://adservice.google.hu/ https://adservice.google.ie/ https://adservice.google.lu/ https://adservice.google.ru/ https://adservice.google.be/ https://adservice.google.co.uk/ https://adservice.google.co.ao/ https://adservice.google.co.in/ https://partner.googleadservices.com/ https://maps.googleapis.com/ https://optimize.google.com/ https://www.gstatic.com/ https://googleads.g.doubleclick.net/ https://pubads.g.doubleclick.net/ https://static.zdassets.com/ https://widget-mediator.zopim.com/ https://www.facebook.com/ https://connect.facebook.net/ https://static.hotjar.com/ https://script.hotjar.com/ https://cdn.jsdelivr.net/ https://ageas.fixando.com/ https://mambo.mundoageas.pt/ https://static.zdassets.com/ https://d2wy8f7a9ursnm.cloudfront.net/ https://apis.google.com/ https://tagmanager.google.com/ 3
default-src 'self';base-uri 'self' https://*.microsoft.com https://*.skype.com;script-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: https://*.azure.net https://*.s-microsoft.com https://*.ytimg.com https://www.youtube.com https://*.microsoft.com https://*.skypeassets.com https://*.clicktale.net https://*.wx-int.trafficmanager.net https://*.wx-int.skype.com https://*.skype.com https://statics-uhf-eus.akamaized.net https://statics-uhf-neu.akamaized.net https://statics-uhf-wus.akamaized.net https://statics-uhf-eas.akamaized.net https://*.msecnd.net https://connect.facebook.net/;style-src 'unsafe-inline' 'unsafe-eval' 'self' data: https://*.skype.com https://*.skypeassets.com https://*.microsoft.com https://*.s-microsoft.com https://statics-uhf-eus.akamaized.net https://statics-uhf-neu.akamaized.net https://statics-uhf-wus.akamaized.net https://statics-uhf-eas.akamaized.net https://*.msecnd.net;img-src 'self' data: blob: https://docs.botframework.com https://bot-framework.azureedge.net https://*.skype.com https://*.skypeassets.com https://c.microsoft.com https://*.clicktale.net https://*.microsoft.com https://img-prod-cms-rt-microsoft-com.akamaized.net https://www.facebook.com https://*.msecnd.net https://ad.doubleclick.net https://adservice.google.com;font-src data: https://*.skypeassets.com https://*.s-microsoft.com https://*.microsoft.com https://assets.onestore.ms https://*.skype.com https://fonts.gstatic.com;media-src 'self' data: blob: https://*.skypeassets.com https://*.skype.com;connect-src https://*.skype.com https://*.clicktale.net https://*.microsoft.com https://*.live.com https://*.skypeassets.com wss://*.trouter.skype.com https://web.vortex.data.microsoft.com https://prod-video-cms-rt-microsoft-com.akamaized.net https://eus-streaming-video-rt-microsoft-com.akamaized.net https://wus-streaming-video-rt-microsoft-com.akamaized.net;object-src 'none';frame-ancestors 'none';frame-src 'self' https://*.microsoft.com https://*.skype.com https://*.live.com https://www.youtube.com;form-action https://login.skype.com;report-uri https://edge.skype.com/r/c; 2
default-src https: 'unsafe-inline' 'unsafe-eval' data: blob: ; report-uri https://reports.baidu.com/csp-report 2
default-src 'none'; script-src 'self' 'unsafe-eval' https://www.googleoptimize.com https://cdn.cookielaw.org https://*.mutinycdn.com https://d2c7xlmseob604.cloudfront.net 'sha256-09i4AWokmEmm6Xf4VnfX81XolkoAMDCJvfdfJlP5Ab4=' 'sha256-dRFH+TXDvASWWrsMkIeDmELTKAqptEiJh+299/59BUU=' 'sha256-IWGIsg1U5mon7c38uPIpRVRWrSilS+ey2Dp3q2208TU=' 'sha256-paT8fBGOtK3nkhGazWTfRCYXOG/pubylwthGOtoWO/E=' 'sha256-egpbluqkD8NT0bY3bWy7raM9tRIMkfUWboq0Y8KqsFk=' 'sha256-jJnbKS0QlbPjAGrJOn9lmCJcsYlL7QHTvWNPBa1y6yA=' 'sha256-qoKHf0EN7296KIec+9B7hm/MLAIrH6j0SdLCr/3qvHM=' www.googletagmanager.com cdn.bizible.com https://bat.bing.com www.googleadservices.com https://snap.licdn.com https://static.hotjar.com https://script.hotjar.com https://redditstatic.com https://www.redditstatic.com https://www.fastly-insights.com https://*.fastly-insights.com https://www.google-analytics.com https://googleads.g.doubleclick.net; style-src 'self' 'unsafe-inline'; img-src 'self' data: www.fastly.com https://cdn.cookielaw.org *.doubleclick.net https://d.turn.com https://bat.bing.com https://cdn.bizible.com https://cdn.bizibly.com https://www.google-analytics.com https://px.ads.linkedin.com https://alb.reddit.com https://www.google.com https://p.adsymptotic.com; worker-src data: blob:; connect-src 'self' localhost:* ws: https://cdn.cookielaw.org https://api.smartling.com https://*.fastly-insights.com https://fastly-insights.com https://stats.g.doubleclick.net https://www.google-analytics.com https://*.hotjar.com https://*.hotjar.io; frame-src *.doubleclick.net https://vars.hotjar.com; font-src 'self' data:; report-uri https://csp.global.ssl.fastly.net/csp/fastly-prod?report_only=1; 2
frame-ancestors 'self' *.qualtrics.com; report-uri https://sjc1.qualtrics.com/csp-report; report-to csp-endpoint 2
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.rollingstone.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 2
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data: blob: file:; frame-ancestors 'self' *.salesforce.com *.force.com *.visualforce.com *.documentforce.com; font-src https: data: blob: file:; connect-src 'self' https:; report-uri https://csp-gia.force.com/_/ContentDomainCSPNoAuth?type=communities 2
upgrade-insecure-requests; default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.sentry.dev www.googletagmanager.com www.google-analytics.com www.googleadservices.com js.driftt.com connect.facebook.net assets.calendly.com player.vimeo.com www.redditstatic.com m.servedby-buysellads.com static.zdassets.com googleads.g.doubleclick.net bat.bing.com munchkin.marketo.net cdn.bizible.com cdn.amplitude.com; connect-src 'self' sentry.io *.sentry.io www.sentry.dev reload.getsentry.net api.amplitude.com ekr.zdassets.com sentry.zendesk.com www.google-analytics.com stats.g.doubleclick.net 776-mjn-501.mktoresp.com; img-src 'self' data: www.sentry.dev sentry-blog.storage.googleapis.com images.ctfassets.net www.google-analytics.com stats.g.doubleclick.net assets.calendly.com q.quora.com alb.reddit.com www.facebook.com www.googletagmanager.com bat.bing.com www.google.com i.vimeocdn.com i.ytimg.com cdn.bizible.com cdn.bizibly.com; style-src 'self' 'unsafe-inline' www.sentry.dev assets.calendly.com fonts.googleapis.com; media-src 'self' videos.ctfassets.net; font-src 'self' www.sentry.dev fonts.gstatic.com; frame-src player.vimeo.com www.youtube-nocookie.com js.driftt.com calendly.com bid.g.doubleclick.net; manifest-src 'self' www.sentry.dev; report-uri https://o1.ingest.sentry.io/api/1297627/security/?sentry_key=e811b9077ef64dcf8a279ec18a61b222 2
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://deadline.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 2
default-src https: data: blob: wss: android-webview-video-poster: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://sentry.io/api/256178/csp-report/?sentry_key=c2fb05422b2242faaec1d6d8a2a000fc 2
default-src 'unsafe-inline' 'unsafe-eval' * data: blob:; report-uri https://sentry.io/api/1312882/security/?sentry_key=9e854fd5af164d1e98cee1bedb942a22 2
default-src 'none'; form-action 'none'; frame-ancestors 'none'; report-uri https://greenhouseprod.report-uri.com/r/d/csp/wizard; 2
media-src blob: https:; worker-src blob: https:; font-src chrome-extension: data: https:; img-src data: blob: about: https: http://track.adform.net; default-src https: blob: data: ms-appx-web: wss: 'unsafe-inline'  'unsafe-eval'; report-uri https://handelsblatt.report-uri.com/r/d/csp/reportOnly 2
connect-src *; frame-src *; img-src https: data: blob: about: safari-extension: safari-resource: chrome-extension:; worker-src blob: https: 'unsafe-eval' 'unsafe-inline'; script-src https: 'unsafe-eval' 'unsafe-inline'; report-uri https://portfolio.adobe.com/api/v1/errors/csp 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.ubs.com *.adobedtm.com *.demdex.net *.decibelinsight.net *.adform.net *.everesttech.net *.googleapis.com *.brightcove.net *.2o7.net *.omtrdc.net *.tt.omtrdc.net *.zencdn.net *.facebook.net *.googleadservices.com *.raisenow.com; style-src 'self' 'unsafe-inline'; object-src 'none'; base-uri 'none'; frame-ancestors *.ubs.com; form-action *.ubs.com; frame-src *.ubs.com https://ubs.demdex.net; connect-src *.ubs.com https://collection.decibelinsight.net; report-uri /csp/reports 2
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://bgr.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 2
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/webmaster/chrome 2
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://wwd.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 2
frame-ancestors 'self' *.hudl.com *.youtube.com *.sendtonews.com *.cbssports.com *.247sports.com *.scout.com *.ampproject.org *.amp.cloudflare.com; default-src https: 'unsafe-inline' 'unsafe-eval' wss: ;img-src https: data: blob: ; font-src https: data:; form-action https:; report-uri https://cbsi.report-uri.io/r/default/csp/reportOnly 2
default-src 'unsafe-eval' 'unsafe-inline' 'self' http: https: data: wss://mirror-socket2.karte.io blob: ; report-uri /cgi-bin/csp-reports.cgi 2
default-src https: wss: data: 'self' 'unsafe-inline' 'unsafe-eval'; report-uri https://cspreport.olx.com.br/api/v1/cspreport/mixedcontent 2
default-src 'self' 'unsafe-inline' *.fca.org.uk; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com *.googletagmanager.com *.google.com *.gstatic.com *.facebook.net www.googleadservices.com siteimproveanalytics.com *.siteimproveanalytics.io *.twitter.com *.jquery.com *.nr-data.net *.newrelic.com static.ads-twitter.com js.adsrvr.org *.doubleclick.net *.fca.org.uk fca.funnelback.co.uk *.salesforceliveagent.com *.twentythree.net; img-src 'self' 'unsafe-inline' data: *.facebook.com *.google-analytics.com *.siteimproveanalytics.io *.google.com t.co *.doubleclick.net *.fca.org.uk *.google.ie *.videomarketingplatform.co www.google.co.uk *.nr-data.net *.googletagmanager.com *.fca.org.uk *.gstatic.com www.glassdoor.co.uk *.fca.org.uk; frame-src 'self' 'unsafe-inline' *.buto.tv *.videomarketingplatform.co *.view-it.co.uk *.fcaconnect.force.com prezi.com wearebigrock.com *.fca.org.uk player.vimeo.com www.thinglink.com *.google.com *.doubleclick.net insight.adsrvr.org *.fca.org.uk *.googletagmanager.com *.youtube.com; frame-ancestors 'self' *.fca.org.uk; child-src 'self' 'unsafe-inline' *.buto.tv *.videomarketingplatform.co *.view-it.co.uk *.fcaconnect.force.com prezi.com wearebigrock.com *.fca.org.uk player.vimeo.com www.thinglink.com *.google.com *.fca.org.uk; font-src 'self' fonts.gstatic.com *.fca.org.uk; connect-src 'self' www.google-analytics.com *.googletagmanager.com *.google.com *.gstatic.com *.facebook.net www.googleadservices.com siteimproveanalytics.com *.siteimproveanalytics.io *.twitter.com *.jquery.com *.nr-data.net *.newrelic.com static.ads-twitter.com js.adsrvr.org *.doubleclick.net *.fca.org.uk fca.funnelback.co.uk *.googleapis.com; report-uri /report-csp-violation; upgrade-insecure-requests 2
default-src 'self' 'unsafe-inline' data: blob: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.drift.com *.driftt.com *.kinstacdn.com api.intellimize.co www.google-analytics.com www.instagram.com www.googleadservices.com *.quoracdn.net www.google.com *.googleapis.com snap.licdn.com googleads.g.doubleclick.net rum-static.pingdom.net *.wistia.com *.wistia.net api.greenhouse.io cdn.segment.com https://cdn.split.io cdn.madkudu.com cdn.bizible.com ga.clearbit.com app-sj27.marketo.com widget.drift.com *.jquery.com https://www.google-analytics.com https://www.googletagmanager.com *.quora.com *.hsforms.com *.hsforms.net munchkin.marketo.net s.adroll.com d.adroll.mgr.consensu.org d.adroll.com *.facebook.net static.ads-twitter.com *.twitter.com twitter.com *.6sc.co *.dca0.com *.twimg.com tpc.googlesyndication.com use.typekit.net drift.referralrock.com gateway.on24.com; img-src 'self' 'unsafe-inline' data: * ; report-uri https://o13824.ingest.sentry.io/api/5269096/security/?sentry_key=e9bb6faf1b4c4ce1927908a451904d1d 2
block-all-mixed-content; frame-ancestors 'none'; report-uri /global-cgi-bin/csp-report 2
default-src data: https: 'unsafe-inline' 'unsafe-eval'; report-uri https://kontur.ru/private/csp-report 2
script-src 'unsafe-inline' https:; object-src 'none'; base-uri 'none'; 2
base-uri 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https://p.teads.tv https://s.yimg.com https://www.googleadservices.com https://acdn.adnxs.com https://www.googleads.g.doubleclick.net https://analytics.tiktok.com https://vk.com https://cdn-akamai.mookie1.com https://tags.tiqcdn.cn https://tags.tiqcdn.com https://connect.facebook.net/ https://sc-static.net https://platform.twitter.com https://static.ads-twitter.com https://analytics.twitter.com https://www.upsellit.com https://cdn.inspectlet.com https://api.map.baidu.com https://dlswbr.baidu.com https://utt.impactcdn.com https://opsg-statics-gl.heytapimg.com https://ocs-ap-south1.heytapcs2.com https://sgp-sow-cms.oppo.com https://image.oppo.com https://www.oppo.com https://htsg-oasisstatics-gl.heytapimg.com https://static-common.heytapdl.com https://htsg-statics-gl.heytapimg.com https://pv.sohu.com https://static.hotjar.com https://connect.facebook.net https://script.hotjar.com https://code.oppo.com https://www.google-analytics.com https://www.googletagmanager.com; object-src none;frame-src http: https:;block-all-mixed-content; report-uri https://ti.oppo.com/csp/DataReport 2
default-src 'self' 'unsafe-eval' 'unsafe-inline' https: blob:;style-src https: 'unsafe-inline';connect-src https:;frame-src https:;script-src 'unsafe-eval' 'unsafe-inline' https: blob: data:;font-src https: data:;img-src https: data:;media-src https: blob:; report-uri /csp_rep 2
default-src data: https: 'self' 'unsafe-inline' 'unsafe-eval'; report-uri /mixed-content-collector; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.etracker.com/ https://*.etracker.de/ https://*.signalize.com/; img-src 'self' data: s.w.org ps.w.org ts.w.org secure.gravatar.com www.gravatar.com i.ytimg.com; frame-src 'self' data: www.youtube.com; child-src 'self' data: www.youtube.com; 2
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.artnews.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 2
default-src data: blob: 'unsafe-eval' 'unsafe-inline' https: 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'  ajax.googleapis.com *.bazaarvoice.com bat.bing.com cdn.attn.tv *.optimizely.com cdn.polyfill.io cdn1.affirm.com connect.facebook.net *.art.com *.doubleclick.net js.intercomcdn.com pixel.mathtag.com s.pinimg.com static.klaviyo.com tag.rmp.rakuten.com tags.bkrtx.com widget.intercom.io *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com *.art.com cdn.pbbl.co *.googleadservices.com code.jquery.com *.intercom.io *.artprintimages.com *.google.com *.affirm.com *.allpostersimages.com; object-src 'none'; base-uri 'self'; report-uri https://csp.prod.walmart.com/c/r/art 2
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; frame-src * ldb1: data:; media-src * data: about:; frame-ancestors 'self' *.aleks.com *.connectmath.com *.mhcampus.com; report-uri /aleks/csp_report?stamp=web2020111702&uri=%2F&referer= 2
frame-ancestors 'self'; report-uri https://csp.threatx.com/threatx-csp-violations/ 2
connect-src 'self' https://na-data-projects.s3.amazonaws.com https://releases.wagtail.io https://www.google-analytics.com https://stats.g.doubleclick.net https://sumo.com https://bam-cell.nr-data.net; script-src-elem https://js-agent.newrelic.com https://load.sumo.com https://www.google-analytics.com https://www.youtube.com https://analytics.twitter.com https://bam-cell.nr-data.net; default-src 'self'; img-src 'self' https://d3fvh0lm0eshry.cloudfront.net https://d1y8sb8igg2f8e.cloudfront.net data: https://*.gravatar.comhttps://t.co https://www.google-analytics.comhttps://micro-cdn.sumo.com; frame-src 'self' datawrapper.dwcdn.net https://www.google.com https://www.youtube.com; media-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.googletagmanager.com http://static.ads-twitter.com https://static.ads-twitter.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://na-data-projects.s3.amazonaws.com https://www.youtube.com https://cdnjs.cloudflare.com; object-src 'self'; font-src 'self' https://d3fvh0lm0eshry.cloudfront.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; report-uri https://o357627.ingest.sentry.io/api/2985675/security/?sentry_key=f4f199da565a4320b619d2f4e8eb928f 2
default-src pixel.sojern.com *.krxd.net cdnjs.cloudflare.com cdn.ucb.org.br d1p5cqqchvbqmy.cloudfront.net ajax.aspnetcdn.com *.simon.com *.premiumoutlets.com pubads.g.doubleclick.net match.adsrvr.org log.pinterest.com ib.adnxs.com fcmatch.youtube.com d3j72de684fey1.cloudfront.net cm.g.doubleclick.net beacon.sojern.com assets.pinterest.com ad.doubleclick.net *.mappedin.com 'self' 'unsafe-inline' tags.srv.stackadapt.com *.googleapis.com *.google.com.mx *.google.com *.google-analytics.com *.facebook.net *.facebook.com *.doubleclick.net *.cookielaw.org *.clickmeter.com blob: lh3.googleusercontent.com 'unsafe-eval' *.yottaa.net *.yimg.com *.yahoo.com *.westworldmedia.com *.splashthat.com *.recaptcha.net *.rackspacecloud.com *.gstatic.com *.gstatic.cn *.googleadservices.com *.googletagmanager.com p.adsymptotic.com mipubapistorageprod.blob.core.windows.net p.placed.com *.clarity.ms www.linkedin.com web-proxy.mappedin.com tn.alphonso.tv stats.g.doubleclick.net sp.analytics.yahoo.com snap.licdn.com simm.netmng.com rules.quantcount.com px.ads.linkedin.com *.bing.com *.adsrvr.org data: *.rackspace.com *.rackcdn.com *.quantserve.com *.qualtrics.com *.pingdom.net *.onetrust.com *.movies-previews.com *.movienewsletters.net; script-src-elem tags.srv.stackadapt.com simm.netmng.com rules.quantcount.com px.ads.linkedin.com pubads.g.doubleclick.net pixel.sojern.com p.placed.com p.adsymptotic.com mipubapistorageprod.blob.core.windows.net match.adsrvr.org *.yahoo.com *.westworldmedia.com *.splashthat.com *.simon.com *.googleadservices.com log.pinterest.com ib.adnxs.com fcmatch.youtube.com d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net cm.g.doubleclick.net beacon.sojern.com assets.pinterest.com *.googleapis.com *.google.com.mx *.google.com *.google-analytics.com *.facebook.net *.facebook.com *.premiumoutlets.com *.doubleclick.net *.cookielaw.org *.clickmeter.com *.clarity.ms *.bing.com *.adsrvr.org www.linkedin.com web-proxy.mappedin.com tn.alphonso.tv stats.g.doubleclick.net sp.analytics.yahoo.com snap.licdn.com ad.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval' *.yottaa.net *.yimg.com *.recaptcha.net *.rackspacecloud.com *.rackspace.com *.rackcdn.com *.quantserve.com *.qualtrics.com *.pingdom.net *.onetrust.com *.movies-previews.com *.movienewsletters.net *.mappedin.com ajax.aspnetcdn.com *.krxd.net *.gstatic.com *.gstatic.cn *.googletagmanager.com; img-src cm.g.doubleclick.net *.google.com *.google-analytics.com *.googleadservices.com *.facebook.net *.facebook.com *.doubleclick.net *.cookielaw.org *.clickmeter.com *.clarity.ms *.bing.com www.linkedin.com *.rackcdn.com *.quantserve.com *.qualtrics.com *.pingdom.net *.onetrust.com *.movies-previews.com *.movienewsletters.net *.mappedin.com *.krxd.net *.google.com.mx sp.analytics.yahoo.com snap.licdn.com simm.netmng.com rules.quantcount.com log.pinterest.com ib.adnxs.com web-proxy.mappedin.com tn.alphonso.tv stats.g.doubleclick.net *.adsrvr.org data: *.gstatic.com *.premiumoutlets.com px.ads.linkedin.com pubads.g.doubleclick.net pixel.sojern.com p.placed.com p.adsymptotic.com mipubapistorageprod.blob.core.windows.net match.adsrvr.org tags.srv.stackadapt.com lh3.googleusercontent.com beacon.sojern.com assets.pinterest.com *.googleapis.com ad.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval' *.gstatic.cn *.googletagmanager.com blob: *.yottaa.net *.yimg.com *.yahoo.com *.westworldmedia.com *.splashthat.com *.simon.com *.recaptcha.net *.rackspacecloud.com *.rackspace.com fcmatch.youtube.com d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net; script-src *.splashthat.com pixel.sojern.com p.placed.com *.simon.com *.recaptcha.net *.rackspacecloud.com *.rackspace.com *.rackcdn.com *.quantserve.com *.onetrust.com *.movies-previews.com *.movienewsletters.net *.mappedin.com *.krxd.net *.gstatic.com *.gstatic.cn *.googletagmanager.com *.googleapis.com *.google.com.mx *.google.com *.google-analytics.com *.googleadservices.com *.facebook.net *.facebook.com *.doubleclick.net *.cookielaw.org *.clickmeter.com *.clarity.ms *.bing.com *.adsrvr.org www.linkedin.com web-proxy.mappedin.com tn.alphonso.tv stats.g.doubleclick.net sp.analytics.yahoo.com snap.licdn.com simm.netmng.com rules.quantcount.com d1p5cqqchvbqmy.cloudfront.net *.qualtrics.com *.pingdom.net px.ads.linkedin.com pubads.g.doubleclick.net p.adsymptotic.com mipubapistorageprod.blob.core.windows.net match.adsrvr.org log.pinterest.com ib.adnxs.com fcmatch.youtube.com d3j72de684fey1.cloudfront.net cm.g.doubleclick.net beacon.sojern.com assets.pinterest.com ad.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval' *.yottaa.net *.yimg.com *.yahoo.com *.westworldmedia.com cdnjs.cloudflare.com cdn.ucb.org.br ajax.aspnetcdn.com *.premiumoutlets.com tags.srv.stackadapt.com; report-uri https://qoe-1.yottaa.net/_/csp-reports?siteKey=jwnWW90ZnBm4_w 2
frame-ancestors *.adguard.com adguard.com 'self'; connect-src  *.adguard.com adguard.com 'self'; script-src https://cdn.paddle.com/paddle/paddle.js https://widget.cloudpayments.ru/bundles/cloudpayments *.adguard.com adguard.com 'unsafe-inline' 'unsafe-eval' 'self'; style-src cdn.paddle.com *.adguard.com adguard.com 'unsafe-inline' 'self'; img-src * data: *.adguard.com adguard.com 'self'; frame-src *.paddle.com widget.cloudpayments.ru *.youtube.com *.adguard.com adguard.com 'self'; font-src  *.adguard.com adguard.com 'self'; report-uri https://sentry.adguard.com/api/141/security/?sentry_key=25d351967596406c8824d0677089b8ea; default-src *.adguard.com adguard.com 'self' 2
block-all-mixed-content; report-uri https://events.ocdn.eu/v2/csp-report?_ac=events&_fv=businessinsider.com.pl::RING_WEBSITES_2_0_77 2
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.vibe.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 2
block-all-mixed-content; report-uri https://67j9vz1kye.execute-api.ap-northeast-1.amazonaws.com/csp/csp 2
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' *.govdelivery.com *.cludo.com *.facebook.net *.flickr.com *.fontawesome.com *.google-analytics.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.monsido.com *.myfwc.com *.sharethis.com *.webreserv.com *.wufoo.com *.youtube.com;object-src 'self' *.myfwc.com;style-src 'self' 'unsafe-inline' *.cludo.com *.googleapis.com *.myfwc.com *.sharethis.com;img-src 'self' data: *.cludo.com *.facebook.com *.google-analytics.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.sharethis.com *.staticflickr.com *.vimeocdn.com *.ytimg.com;media-src 'self';frame-src 'self' *.consensu.org *.google.com *.googletagmanager.com *.myfwc.com *.vimeo.com *.webreserv.com *.wufoo.com *.youtube.com;font-src 'self' data: *.gstatic.com;connect-src 'self' *.cludo.com *.doubleclick.net *.flickr.com *.fontawesome.com *.google-analytics.com *.googleapis.com *.sharethis.com *.vimeo.com vimeo.com;manifest-src 'self';report-uri /WebResource.axd?cspReport=true https://csp-reports.proworks.xyz/r/d/csp/reportOnly 2
frame-ancestors 'none'; block-all-mixed-content; default-src 'none'; script-src 'self' 'report-sample'; style-src 'self' 'report-sample'; object-src 'none'; frame-src 'none'; child-src 'none'; img-src 'self'; font-src 'self'; connect-src 'none'; manifest-src 'none'; base-uri 'self'; form-action 'none'; media-src 'none'; prefetch-src 'none'; worker-src 'none'; report-uri https://gate.rapidsec.net/g/r/csp/1fd6f776-a9fc-4559-b96f-35c786b7aac4/0/0/3?sct=ec2420d6-f204-40ea-aa00-9274e9514a62&dpos=report 2
default-src https:; media-src blob:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri  /csp-report 2
default-src 'self' * 'unsafe-inline'; img-src 'self' data: *; 2
default-src 'self'; style-src 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes' fonts.googleapis.com photorankstatics-a.akamaihd.net; img-src 'self' data: *; media-src *; frame-src *; connect-src *; font-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes' *.anantara.com *.anantara.com.cn *.avanihotels.com *.avanihotels.com.cn *.minorhotels.com *.minorhotels.com.cn *.naladhu.com *.naladhu.com.cn *.nhcollection-dohavyra.com *.nhcollection-dohavyra.com.cn *.niyama.com *.niyama.com.cn *.oakshotels.com *.oakshotels.com.cn *.tivolihotels.com *.tivolihotels.com.cn world.nh-hotels.com world.nh-hotels.com.cn *.affilired.com *.bing.com *.chinesean.com *.doubleclick.net *.dwin1.com *.facebook.com *.facebook.net *.glopss.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.shareasale.com *.sojern.com *.thehotelsnetwork.com *.tradetracker.net *.trivago.com *.webgains.com *.yahoo.co.jp *.zdassets.com *.zenaps.com *.zendesk.com *.adform.net analytics.tiktok.com az416426.vo.msecnd.net cdn.brand-display.com d.line-scdn.net *.baidu.com fm.ipinyou.com linkcenterus.derbysoftca.com linkcenterus.derbysoftsec.com mc.yandex.ru s.yimg.jp sc-static.net snap.licdn.com stats.ipinyou.com t.2c2p.com t.skyscnr.com tag.yieldoptimizer.com tags.tiqcdn.cn tags.tiqcdn.com tr.brand-display.com widget-mediator.zopim.com www.googleoptimize.com www.tripadvisor.com js.sentry-cdn.com api.openweathermap.org photorankstatics-a.akamaihd.net polyfill.io cdn.jsdelivr.net www.google.com cdn.denomatic.com; report-uri https://minorhotels.report-uri.com/r/t/csp/reportOnly 2
default-src 'self' data: 'unsafe-eval' 'unsafe-inline' https://*.baidu.com http://*.baidu.com https://*.baidustatic.com http://*.baidustatic.com https://*.hao123.com http://*.hao123.com https://*.bdstatic.com http://*.bdstatic.com https://*.hao123img.com http://*.hao123img.com https://*.hao222.com http://*.hao222.com https://*.baidu.cn http://*.baidu.cn https://*.shifen.com http://*.shifen.com https://*.bdimg.com http://*.bdimg.com https://*.bcebos.com http://*.bcebos.com https://dwz.cn http://dwz.cn; img-src * data:; media-src * data:; report-uri /hao123_api/csp/report 2
default-src 'self' *.my127.site blob: *.webpipeline.net *.my127.site *.brightcove.net *.brightcove.com *.boltdns.net *.akamaihd.net *.typekit.net *.nr-data.net *.buyatab.com *.aman.com *.quantummetric.com  'unsafe-inline' 'unsafe-eval'; worker-src blob:; child-src blob:;; script-src 'self' 'unsafe-inline' blob: *.googleapis.com 'unsafe-eval' *.webpipeline.net *.brightcove.net *.googletagmanager.com *.zencdn.net *.newrelic.com *.nr-data.net *.typekit.net *.buyatab.com *.aman.com *.ipstack.com *.quantummetric.com *.doubleclick.net *.yimg.jp *.googleadservices.com amanresorts.pxf.io impactradius-event.com utt.impactcdn.com ojrq.net logs-01.loggly.com *.cinnox.com *.gstatic.com; style-src 'self' 'unsafe-inline' cloud.typography.com *.webpipeline.net *.buyatab.com *.aman.com *.cinnox.com *.googleapis.com; img-src 'self' *.my127.site data: *.webpipeline.net *.brightcove.net *.brightcove.com *.boltdns.net *.googletagmanager.com *.buyatab.com *.aman.com *.cinnox.com; media-src 'self' blob: *.akamaihd.net *.boltdns.net *.buyatab.com *.aman.com; frame-src *; frame-ancestors 'self'; font-src 'self' *.my127.site data: *.webpipeline.net *.typekit.net *.aman.com *.gstatic.com; connect-src 'self' *.my127.site *.aman.com 'unsafe-eval' amanresorts.pxf.io impactradius-event.com utt.impactcdn.com ojrq.net logs-01.loggly.com *.cinnox.com *.googleapis.com; report-uri https://aman.report-uri.com/r/d/csp/reportOnly; upgrade-insecure-requests 2
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https://* data: ; frame-src https://* about: javascript: ; report-uri /vdc-csp-report 2
default-src https: ; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; report-uri /csp/ 2
default-src https:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'; block-all-mixed-content 2
script-src 'unsafe-eval' 'self' https: 'self' data: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline' internal-soap.wikia.com internal-soap.fandom.com internal-soap.wikia.org internal-soap.gamepedia.com www.fandom.com www.wikia.com www.wikia.org www.gamepedia.com; default-src 'self' data: blob: https: 'self' data: blob: internal-soap.wikia.com internal-soap.fandom.com internal-soap.wikia.org internal-soap.gamepedia.com www.fandom.com www.wikia.com www.wikia.org www.gamepedia.com; style-src 'self' data: blob: https: 'self' data: blob: internal-soap.wikia.com internal-soap.fandom.com internal-soap.wikia.org internal-soap.gamepedia.com www.fandom.com www.wikia.com www.wikia.org www.gamepedia.com 'unsafe-inline'; img-src * data: blob:; report-uri https://services.fandom.com/csp-logger/csp/ucp; worker-src 'self' blob: 2
default-src 'self' 'unsafe-eval' 'unsafe-inline' https: blob:; frame-ancestors 'self'; style-src https: 'unsafe-inline'; connect-src https:; frame-src https:; script-src 'unsafe-eval' 'unsafe-inline' https: blob: data:; font-src https: data:; img-src https: data:; media-src https: blob:; object-src 'none'; report-uri https://o144486.ingest.sentry.io/api/5543380/security/?sentry_key=e66dfe54be8e47219dd8103b4deb2f1a&sentry_environment=policy_reports 2
default-src 'self'; img-src 'self' data: https:; object-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' *.googletagmanager.com *.google-analytics.com www.google.com/jsapi *.facebook.net *.facebook.com *.recaptcha.net *.gstatic.com; connect-src 'self' sentry.io 2
default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri /report-csp-violation 2
default-src 'self' *.fineco.it *.finecobank.com finecobank.com *.promotorifinecobank.it *.finecobank.co.uk www.youtube.com responder.wt-safetag.com www.google-analytics.com www.googletagmanager.com connect.facebook.net bat.bing.com track.adform.net js.omg.neodatagroup.com trz.neodatagroup.com pixeL.mathtag.com www.google.com g.microsoft.com s2.adform.net googLeads.g.doubLeclick.net static.opentok.com cdn.cookielaw.org data: 'unsafe-eval' 'unsafe-inline'; frame-ancestors finecobank.com finecobank.co.uk *.fineco.it *.promotorifinecobank.it *.finecobank.co.uk; frame-src finecobank.com finecobank.co.uk *.fineco.it *.promotorifinecobank.it *.finecobank.co.uk www.youtube.com *.mateti.net vars.hotjar.com track.adform.net c1.adform.net widget.trustpilot.com; img-src 'self' data: https://images.fineco.it https://images.finecobank.com https://images*.finecobank.com https://finecobank.com http://localhost:9095 https://analytics.google.com https://t.mateti.net https://lt.morningstar.com https://www.morningstar.it https://t.co https://www.linkedin.com https://px.ads.linkedin.com https://d.omg.neodatagroup.com https://www.youronlinechoices.com https://uip.semasio.net https://server.seadform.net https://aax-eu.amazon-adsystem.com https://pixel.mathtag.com https://tracker.neodatagroup.com https://www.google-analytics.com https://*.twimg.com https://finecoitalia01.wt-eu02.net https://bat.bing.com https://www.facebook.com https://cm.g.doubLeclick.net https://match.adsrvr.org https://dmp.adform.net https://secure.adnxs.com https://b1sync.zemanta.com https://cms.anaLytics.yahoo.com https://trz.neodatagroup.com https://www.googLe.com https://www.googLe.it ; connect-src wss://tradepush.finecobank.com https://*.fineco.it https://*.finecobank.com https://finecobank.com https://analytics.google.com https://stats.g.doubleclick.net https://in.hotjar.com https://vc.hotjar.io https://script.crazyegg.com https://r.mateti.net wss://*.tokbox.com https://www.google-analytics.com https://*.tokbox.com https://config.opentok.com https://anvil.opentok.com https://cdn.cookielaw.org https://www.googletagmanager.com https://widget.trustpilot.com  'unsafe-eval' 'unsafe-inline'; script-src-elem 'self' *.fineco.it *.finecobank.com finecobank.com responder.wt-safetag.com static.opentok.com www.google-analytics.com track.adform.net s2.adform.net trz.neodatagroup.com pixel.mathtag.com d.omg.neodatagroup.com js.omg.neodatagroup.com www.googleadservices.com www.googletagmanager.com bat.bing.com connect.facebook.net googleads.g.doubleclick.net cdn.mateti.net static.hotjar.com static.ads-twitter.com snap.licdn.com script.crazyegg.com ethn.io script.hotjar.com analytics.twitter.com www.youtube.com widget.trustpilot.com cdn.cookielaw.org 'unsafe-eval' 'unsafe-inline'; report-uri https://www.fineco.it/_csp-report 2
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://sourcingjournal.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 2
default-src 'self' 'unsafe-inline' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; img-src 'self' https: data: image/*; frame-ancestors 'self' *.sunrise.ch; frame-src https:; connect-src https: wss: data:; font-src https: data:; media-src 'self' https:; report-uri https://www.sunrise.ch/csp-collector; upgrade-insecure-requests 2
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://pmc.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 2
default-src 'self' www.youtube.com *.stripe.com *.addthis.com; script-src 'self' assets.sutori.com *.twitter.com *.twimg.com 'unsafe-inline' www.google-analytics.com *.stripe.com apis.google.com 'unsafe-eval' maps.googleapis.com *.crisp.chat *.crisp.im www.youtube.com *.ytimg.com *.addthis.com *.addthisedge.com data: z.moatads.com *.pinterest.com *.iubenda.com cdn.thinglink.me http://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js https://www.thinglink.com *.instagram.com connect.facebook.net *.imgur.com *.flickr.com blob: cdn.headwayapp.co risk.clearbit.com teams.microsoft.com https://cdnjs.cloudflare.com/ajax/libs/lamejs/1.2.0/lame.min.js; script-src-elem assets.sutori.com *.twitter.com *.twimg.com 'unsafe-inline' www.google-analytics.com *.stripe.com https://apis.google.com/ accounts.google.com 'unsafe-eval' maps.googleapis.com *.crisp.chat *.crisp.im www.youtube.com *.ytimg.com *.addthis.com *.addthisedge.com data: z.moatads.com *.pinterest.com *.iubenda.com cdn.thinglink.me http://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js https://www.thinglink.com *.instagram.com connect.facebook.net *.imgur.com *.flickr.com blob: cdn.headwayapp.co risk.clearbit.com teams.microsoft.com play.vidyard.com; worker-src blob: 'self'; font-src 'self' data: assets.sutori.com fonts.gstatic.com https://client.crisp.chat; connect-src 'self' https://www.googleapis.com wss://www.sutori.com assets.sutori.com s3.amazonaws.com/assets.sutori.com www.google-analytics.com *.stripe.com accounts.google.com api.amplitude.com wss://*.crisp.chat https://*.crisp.chat *.addthis.com https://syndication.twitter.com/settings https://*.wikipedia.org geo.query.yahoo.com *.flickr.com api.unsplash.com risk.clearbit.com login.microsoftonline.com blob:; img-src 'self' data: * maps.googleapis.com https://maps.gstatic.com/mapfiles/api-3/images/ https://csi.gstatic.com/ https://i.ytimg.com *.addthis.com *.pinterest.com *.iubenda.com; style-src 'self' assets.sutori.com platform.twitter.com 'unsafe-inline' accounts.google.com *.googleapis.com https://client.crisp.chat *.iubenda.com cdn.thinglink.me https://ton.twimg.com cdn.headwayapp.co; media-src 'self' assets.sutori.com https://client.crisp.chat blob:; child-src 'self' * https://www.sutori.com *.stripe.com https://www.google.com/ https://www.youtube-nocookie.com/embed/ https://www.youtube.com/embed/ *.addthis.com *.pinterest.com blob:; manifest-src assets.sutori.com; 2
manifest-src 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; upgrade-insecure-requests ; frame-ancestors 'self' clientelastaging.papersource.com https://s7.addthis.com; form-action 'self' https://1.camp.papersource.com:9101 https://accounts.google.com https://www.facebook.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://papersource.resultsstage.com https://tagmanager.google.com https://papersource.resultspage.com getfirebug.com fonts.googleapis.com *.subscribepro.com unsafe-inline *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.paypal.com https://www.paypalobjects.com https://core.spreedly.com https://papersource.resultspage.com https://app.customily.com https://js-agent.newrelic.com https://papersource.resultsstage.com https://*.addthis.com https://*.addthisedge.com https://www.google-analytics.com https://*.optimove.net https://*.optimove.events https://static.zdassets.com https://bam.nr-data.net https://z.moatads.com https://v1.addthisedge.com https://widget-mediator.zopim.com/* https://widgets.pinterest.com https://graph.facebook.com https://integration9tracksdk-stg.optimove.net https://integration9tracksdk-stg.optimove.net/* https://integration9tracksdk-stg.optimove.net/piwik.php https://assets.pinterest.com/js/pinmarklet.js https://cdn.gartnerstudios.com https://tags.bkrtx.com https://cdn.attn.tv https://insights.bizrate.com https://*.bizrate.com assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://*.customily.com https://*.amazonaws.com https://www.mczbf.com https://service.maxymiser.net core.spreedly.com *.subscribepro.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'none'; media-src https://static.zdassets.com; img-src 'self' data: https://*.scene7.com https://*.paypal.com https://www.paypalobjects.com https://store.paradoxlabs.com https://papersource.resultsstage.com https://assets.resultspage.com https://www.google-analytics.com https://*.optimove.net https://*.gstatic.com https://www.googletagmanager.com https://bam.nr-data.net https://stats.g.doubleclick.net https://api.gartnerstudios.com https://app.customily.com https://cm.g.doubleclick.net/pixel* https://create.paper-source.com/* https://gcm.optimove.events/setCookie* https://www.addthis.com/bookmark.php https://log.pinterest.com https://cm.g.doubleclick.net https://gcm.optimove.events https://www.google.com/ads/ga-audiences https://*.google.com https://*.papersource.com https://*.paper-source.com https://*.emjcd.com https://*.dotomi.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com maps.googleapis.com maps.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de https://*.customily.com https://*.amazonaws.com 'self' data: store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com 'self' 'unsafe-inline'; frame-src 'self' https://www.youtube.com/embed/* https://s7.addthis.com https://assets.pinterest.com https://login.dotomi.com https://www.google.com https://stags.bluekai.com https://core.conversant.mgr.consensu.org https://papersource.attn.tv fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com player.vimeo.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de core.spreedly.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com https://static.zdassets.com https://tagmanager.google.com https://papersource.resultsstage.com fonts.googleapis.com fonts.gstatic.com https://*.customily.com https://*.amazonaws.com 'self' data: *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; connect-src 'self' https://*.addthis.com https://www.paypal.com https://*.optimove.events https://*.optimove.net https://ekr.zdassets.com https://www.google-analytics.com/collect https://www.google-analytics.com/r/collect https://papersource.zendesk.com https://bam.nr-data.net wss://widget-mediator.zopim.com/* wss://widget-mediator.zopim.com https://static.zdassets.com https://app.customily.com https://integration9tracksdk-stg.optimove.net https://integration9tracksdk-stg.optimove.net/* https://integration9tracksdk-stg.optimove.net/piwik.php https://api.gartnerstudios.com/ https://cdn.gartnerstudios.com/ https://1.camp.papersource.com:9101/gartner/images https://*.sjwoe.co https://*.pinterest.com dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de https://*.customily.com https://*.amazonaws.com *.mczbf.com *.doubleclick.net *.google-analytics.com *.zendesk.com *.optimove.net *.zopim.com *.attn.tv *.subscribepro.com www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.yotpo.com 'self' 'unsafe-inline'; default-src 'self' https://static.zdassets.com https://s7.addthis.com/static/sh* 'self' 'unsafe-inline' 'unsafe-eval'; 2
script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https://*.criteo.com https://*.dynamicyield.com https://*.g.doubleclick.net https://*.hotjar.com https://*.salesforceliveagent.com https://*.taboola.com https://ajax.googleapis.com https://amplify.outbrain.com https://api.tiles.mapbox.com/mapbox-gl-js/v0.40.0/mapbox-gl.js https://app-ab06.marketo.com https://bat.bing.com/bat.js https://cdn.heapanalytics.com/js/ https://cdn.walkme.com https://cdnjs.cloudflare.com https://connect.facebook.net https://dsms0mj1bbhn4.cloudfront.net/assets/pub/shareaholic.js https://extend.vimeocdn.com https://flex.atdmt.com https://freecurrencyrates.com https://graph.facebook.com https://intljs.rmtag.com https://k4z6w9b5.stackpathcdn.com https://media.gadventures.com/ghql/ https://munchkin.marketo.net https://npmcdn.com/@turf/turf@4.6.1/turf.min.js https://rules.quantcount.com https://s.pinimg.com https://s.ytimg.com https://s3.amazonaws.com/gadventures/ https://secure.quantserve.com https://service.force.com https://starling.crowdriff.com/js/ https://static.criteo.net https://static.filestackapi.com https://tags.tiqcdn.com/utag/gadventures/ https://tags.tiqcdn.com/utag/tiqapp/ https://tpc.googlesyndication.com https://upload.crowdriff.com/js/ https://use.fontawesome.com https://widget.trustpilot.com https://widgets.pinterest.com https://www.awin1.com https://www.dwin1.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://www.youtube.com/iframe_api https://media.gadventures.com/media-server/; frame-src https://*.criteo.com https://*.facebook.com https://*.instagram.com https://app-ab06.marketo.com https://bid.g.doubleclick.net/xbbe/pixel https://cdn.walkme.com https://gadventures.qualtrics.com https://maps.google.com https://player.vimeo.com https://service.force.com https://static.criteo.net https://tpc.googlesyndication.com https://vars.hotjar.com https://widget.trustpilot.com https://www.awin1.com https://www.youtube.com; img-src 'self' blob: data: https://*.criteo.com https://*.criteo.net https://*.g.doubleclick.net https://*.gadventures.com https://*.outbrain.com https://bat.bing.com https://cdn.dynamicyield.com/api/8771071/images/ https://ct.pinterest.com https://cx.atdmt.com https://d3qvqlc701gzhm.cloudfront.net https://freecurrencyrates.com https://heapanalytics.com https://i.vimeocdn.com https://i.ytimg.com https://media-gadventures.global.ssl.fastly.net https://nypi.dc-storm.com https://pixel.quantserve.com https://starling.crowdriff.com https://static.filestackapi.com https://unpkg.com/leaflet@1.2.0/dist/images/ https://www.awin1.com https://www.clixgalore.com https://www.emjcd.com https://www.facebook.com https://www.google-analytics.com https://www.google.ca https://www.google.com https://www.googletagmanager.com https://www.zenaps.com/a/b.php https://media.gadventures.com/media-server/ https://www.google.com; manifest-src https://media.gadventures.com; default-src 'none'; upgrade-insecure-requests; connect-src 'self' https://*.dynamicyield.com https://*.filestackapi.com https://110-ail-152.mktoresp.com/webevents/ https://analytics.shareaholic.com https://api.maptiler.com https://ct.pinterest.com/user/ https://heapanalytics.com https://in.hotjar.com https://media.gadventures.com https://rest.gadventures.com https://sentry.io/api/126322/store/ https://starling.crowdriff.com/graphql https://stats.g.doubleclick.net https://trc.taboola.com https://upload.crowdriff.com https://vc.hotjar.io https://widget.trustpilot.com/data/jsonld/business-unit/ https://www.facebook.com/tr/ https://www.google-analytics.com https://www.shareaholic.net; child-src blob:; frame-ancestors 'self'; font-src data: https://cdn.dynamicyield.com/onsite/fonts/ https://cdnjs.cloudflare.com https://fonts.gstatic.com https://freecurrencyrates.com https://k4z6w9b5.stackpathcdn.com https://media-gadventures.global.ssl.fastly.net https://s3.amazonaws.com/gadventures/ https://use.fontawesome.com https://media.gadventures.com/media-server/; media-src https://crowdriff-video-upload.s3.amazonaws.com https://media-gadventures.global.ssl.fastly.net https://www.gadventures.com https://media.gadventures.com/media-server/; style-src 'unsafe-inline' https://api.tiles.mapbox.com/mapbox-gl-js/v0.40.0/mapbox-gl.css https://app-ab06.marketo.com https://cdn.dynamicyield.com https://cdnjs.cloudflare.com https://fonts.googleapis.com/css https://s3.amazonaws.com/gadventures/ https://service.force.com https://starling.crowdriff.com/css/ https://static.filestackapi.com https://unpkg.com/leaflet@1.2.0/dist/leaflet.css https://use.fontawesome.com https://media.gadventures.com/media-server/; form-action 'self' https://*.facebook.com 2
base-uri 'self'; default-src 'none'; child-src; connect-src 'self' https://rec.smartlook.com rec.smartlook.com; font-src 'self' https://fonts.gstatic.com fonts.gstatic.com https://use.typekit.net use.typekit.net; form-action 'self' https://*.twitter.com *.twitter.com; frame-ancestors 'none'; frame-src https://youtube.com youtube.com https://*.twitter.com *.twitter.com; img-src 'self' https://www.google-analytics.com www.google-analytics.com https://*.doubleclick.net *.doubleclick.net https://*.twitter.com *.twitter.com https://*.twimg.com *.twimg.com blob: data:; media-src https://youtube.com youtube.com; object-src 'none'; script-src 'self' https://www.googletagmanager.com www.googletagmanager.com https://www.google-analytics.com www.google-analytics.com https://platform.twitter.com platform.twitter.com https://rec.smartlook.com rec.smartlook.com https://*.twimg.com *.twimg.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://*.typekit.net *.typekit.net https://*.googleapis.com *.googleapis.com https://*.twitter.com *.twitter.com https://*.twimg.com *.twimg.com 'unsafe-inline'; 2
worker-src https: 'unsafe-inline'; report-uri https://api.mp.pl/csp-violation/ 2
default-src https: 'unsafe-inline' 'unsafe-eval' data:;report-uri /error/cspreport;connect-src ws: https: 'unsafe-inline' 'unsafe-eval' data:; 2
script-src 'self' https://culturaltracking.ru chrome-extension: 'unsafe-inline' https://bitrix.info https://www.googletagmanager.com https://mc.yandex.ru https://support.rusneb.ru https://www.google-analytics.com https://rum-static.pingdom.net 'unsafe-eval' blob: https://connect.facebook.net https://viewplugin.com https://mc.yandex.com https://mc.yandex.kz data: 127.0.0.1:8182 127.0.0.1:8888 127.0.0.1:5005; frame-src 'self' https://m.youtube.com chrome-extension: https://support.rusneb.ru https://skytraf.xyz https://acestream.me https://remove.video https://dl.metabar.ru https://www.youtube.com https://mc.yandex.com https://pstatic.davebestdeals.com https://t.032168.com https://fansaide.com https://mini.bijiatu.com; object-src 'self'; report-uri /cspreportonly; 2
default-src 'self' https://*.wistia.com https://*.wistia.net https://*.hsforms.net https://*.hsforms.com https://cdnjs.cloudflare.com; script-src 'self' 'unsafe-inline' 'report-sample' https://*.wistia.com https://*.wistia.net https://1r4z5a9gfu1acm33245gbc10-wpengine.netdna-ssl.com  https://embedwistia-a.akamaihd.net/ https://bat.bing.com https://cdn.mxpnl.com https://cdnjs.cloudflare.com/ajax/libs/ https://connect.facebook.net/en_US/ https://d.adroll.com https://d.adroll.mgr.consensu.org/consent/ https://fast.wistia.com https://forms.hsforms.com https://googleads.g.doubleclick.net/ https://js-na1.hs-scripts.com https://js.hs-analytics.net https://js.hs-banner.com https://js.hsforms.net https://js.hsleadflows.net https://js.usemessages.com https://maxcdn.bootstrapcdn.com https://s.adroll.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com/c/ https://static.manula.com/js/ https://t.trackedlink.net https://unpkg.com/@lottiefiles/ https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://assets.adobedtm.com https://www.rumiview.com/ https://twin-iq.kickfire.com/; style-src 'self' 'unsafe-inline' 'report-sample' https://*.wistia.com https://*.wistia.net https://1r4z5a9gfu1acm33245gbc10-wpengine.netdna-ssl.com https://cdn.manula.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://static.manula.com ; img-src 'self' data: https://*.wistia.com https://*.wistia.net https://1r4z5a9gfu1acm33245gbc10-wpengine.netdna-ssl.com https://bat.bing.com https://cdn.manula.com https://dify.wpengine.com https://embedwistia-a.akamaihd.net https://googleads.g.doubleclick.net https://manula.r.sizr.io https://manula.s3.amazonaws.com https://px.ads.linkedin.com https://secure.gravatar.com https://static.manula.com https://track.hubspot.com https://tracking.g2crowd.com https://www.google-analytics.com https://www.google.co.uk https://www.google.com https://dc.ads.linkedin.com; connect-src 'self' https://*.wistia.com https://1r4z5a9gfu1acm33245gbc10-wpengine.netdna-ssl.com https://bat.bing.com https://*.hsforms.net https://*.hsforms.com https://forms.hubspot.com/  https://embedwistia-a.akamaihd.net/ https://api.hubspot.com/ https://hubspot-forms-static-embed.s3.amazonaws.com/prod/ https://js.hs-banner.com/cookie-banner/ https://pipedream.wistia.com https://stats.g.doubleclick.net https://www.google-analytics.com; font-src 'self' data: https://1r4z5a9gfu1acm33245gbc10-wpengine.netdna-ssl.com https://fonts.gstatic.com https://www.condecosoftware.com https://script.hotjar.com/; media-src 'self' data: blob: https://1r4z5a9gfu1acm33245gbc10-wpengine.netdna-ssl.com https://www.condecosoftware.com https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net https://embedwistia-a.akamaihd.net/; child-src blob:;  form-action 'self'  https://forms.hsforms.com;  frame-ancestors 'self' https://vars.hotjar.com; object-src 'none'; frame-src 'self' https://app.hubspot.com https://vars.hotjar.com https://www.youtube.com https://youtube.com https://forms.hsforms.com https://*.wistia.net/ https://*.wistia.com/; worker-src 'self' blob:; base-uri 'self'; 2
img-src https: blob:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'; 2
default-src self https: data: 'unsafe-inline' 'unsafe-eval'; script-src self https: 'unsafe-inline' 'unsafe-eval'; base-uri 'self' https://creator.zmags.com https://www.googletagmanager.com; report-uri https://fa920c4c3c2352efe32641b67b2f3fbe.report-uri.com/r/d/csp/reportOnly 2
font-src *.cloudflare.com *.bootstrapcdn.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.facebook.com *.twitter.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.cloudflare.com *.cloudfront.net *.baen.com *.twitter.com *.twimg.com store.paradoxlabs.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.cloudflare.com *.twitter.com *.fontawesome.com *.facebook.net *.authorize.net js.authorize.net jstest.authorize.net yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.cloudflare.com *.fontawesome.com *.bootstrapcdn.com *.gstatic.com *.twitter.com *.twimg.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.cloudflare.com *.authorize.net *.google-analytics.com *.doubleclick.net js.authorize.net jstest.authorize.net yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src fonts.googleapis.com fonts.gstatic.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es cdn.dnky.co webchat.dotdigital.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com maps.googleapis.com maps.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
report-uri https://cd36466f21f5db895967ac9cb87c0cb5.report-uri.com/r/d/csp/reportOnly; default-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://js-agent.newrelic.com https://bam.nr-data.net https://www.googletagmanager.com https://www.google-analytics.com https://ad.doubleclick.net https://browser.sentry-cdn.com https://bs.serving-sys.com https://cdn.monsido.com https://connect.facebook.net https://googleads.g.doubleclick.net https://in.getclicky.com https://media.twiliocdn.com https://pagead2.googlesyndication.com https://s.ytimg.com https://sc-static.net https://script.hotjar.com https://snap.licdn.com https://static.getclicky.com https://static.hotjar.com https://www.google.com https://www.googleadservices.com https://www.googletagservices.com https://www.gstatic.com https://www.youtube.com https://secure-ds.serving-sys.com https://bam-cell.nr-data.net https://maps.googleapis.com https://code.jquery.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://fonts.googleapis.com; img-src * data:; font-src * data:; frame-ancestors self 2
frame-ancestors 'self' www.visitvictoria.com *.visitvictoria.com www.visitmelbourne.com *.visitmelbourne.com; upgrade-insecure-requests; 2
default-src https: data: 'unsafe-inline' 'unsafe-eval';report-uri /wsapi/rest/v1/logging/reportcspviolation; 2
default-src 'self' data: https://s3.cn-north-1.amazonaws.com.cn/aws-assets-prod/; connect-src 'self' https://112-tzm-766.mktoresp.com https://112-tzm-766.mktoutil.com https://amazonwebservices.d2.sc.omtrdc.net https://api.regional-table.region-services.aws.a2z.com https://aws-brew-sr-offers-china-live-prod-cn-north-1.s3.cn-north-1.amazonaws.com.cn https://aws.demdex.net https://b0.p.awsstatic.cn https://c0.b0.p.awsstatic.cn https://cm.everesttech.net https://d2i62n0n7jhjo8.cloudfront.net https://d2x0ubwn53pje2.cloudfront.net https://dc.ads.linkedin.com https://dftu77xade0tc.cloudfront.net https://dpm.demdex.net https://fls-na.amazon.com https://googleads.g.doubleclick.net https://prod-us-west-2.csp-report.marketing.aws.dev https://prod.log.shortbread.aws.dev https://prod.tools.shortbread.aws.dev https://s3.amazonaws.com/aws-messaging-pricing-information/ https://s3.amazonaws.com/public-pricing-agc/ https://s3.cn-north-1.amazonaws.com.cn/aws-assets-prod/ https://s3.cn-north-1.amazonaws.com.cn/aws-dam-prod/ https://view-stage.cn-northwest-1.prod.pricing.aws.a2z.org.cn; font-src 'self' data: https://fonts.gstatic.com https://s3.cn-north-1.amazonaws.com.cn/aws-assets-prod/; frame-src 'self' https://aws.demdex.net https://c0.b0.p.awsstatic.cn https://dpm.demdex.net; img-src 'self' data: https://*.ads.linkedin.com https://*.vidyard.com https://amazonwebservices.d2.sc.omtrdc.net https://aws-quickstart.s3.amazonaws.com https://aws.demdex.net https://awsmedia.s3.amazonaws.com https://cm.everesttech.net https://d1.awsstatic.com/ https://d2908q01vomqb2.cloudfront.net https://d36cz9buwru1tt.cloudfront.net https://docs.aws.amazon.com https://dpm.demdex.net https://fls-na.amazon.com https://googleads.g.doubleclick.net https://marketingplatform.google.com https://media.amazonwebservices.com https://p.adsymptotic.com https://pages.awscloud.com https://s3.amazonaws.com/aws-quickstart/ https://s3.cn-north-1.amazonaws.com.cn/aws-assets-prod/ https://s3.cn-north-1.amazonaws.com.cn/aws-dam-prod/ https://ssl-static.libsyn.com https://static-cdn.jtvnw.net https://www.google.com https://www.linkedin.com; media-src 'self' https://*.libsyn.com https://anchor.fm https://awsmedia.s3.amazonaws.com https://awspodcastsiberiaent.s3.eu-west-3.amazonaws.com https://chtbl.com https://d1hemuljm71t2j.cloudfront.net https://d1le29qyzha1u4.cloudfront.net https://d1oqpvwii7b6rh.cloudfront.net https://d1vo51ubqkiilx.cloudfront.net https://d1yyh5dhdgifnx.cloudfront.net https://d2908q01vomqb2.cloudfront.net https://d2a6igt6jhaluh.cloudfront.net https://d3ctxlq1ktw2nl.cloudfront.net https://d3h2ozso0dirfl.cloudfront.net https://dgen8gghn3u86.cloudfront.net https://dk261l6wntthl.cloudfront.net https://download.stormacq.com/aws/podcast/ https://dts.podtrac.com https://media.amazonwebservices.com https://mktg-apac.s3-ap-southeast-1.amazonaws.com https://onlineedu.s3.cn-north-1.amazonaws.com.cn https://s3.cn-north-1.amazonaws.com.cn/aws-dam-prod/ https://www.buzzsprout.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a0.awsstatic.com https://googleads.g.doubleclick.net https://s3.cn-north-1.amazonaws.com.cn/aws-assets-prod/ https://static.doubleclick.net https://website.spot.ec2.aws.a2z.com https://www.google.com https://www.gstatic.com; style-src 'self' 'unsafe-inline' https://acerendering-awsmarketplace.amazonaws.cn https://contessa-awsmarketplace.amazonaws.cn https://s3.cn-north-1.amazonaws.com.cn/aws-assets-prod/; report-uri https://prod-us-west-2.csp-report.marketing.aws.dev/submit 2
default-src 'self' *.wargaming.net https://*.wgcdn.co https://*.gcdn.co https://www.youtube.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.wargaming.net *.tvsquared.com https://*.adform.net https://partner.worldoftanks.com https://*.wgcdn.co https://*.gcdn.co https://www.googletagmanager.com https://*.google-analytics.com https://www.googleadservices.com https://*.yandex.ru https://*.yandex.net https://*.yandex.ua https://*.yandex.by https://*.yandex.kz https://*.yandex.com.tr http://*.yandex.ru http://*.yandex.net http://*.yandex.ua http://*.yandex.by http://*.yandex.kz http://*.yandex.com.tr https://*.yandex.st https://*.yandex.com https://*.yandex.fr https://yandex.st https://u360.d-bi.fr https://bat.bing.com https://connect.facebook.net https://connect.ok.ru https://*.vk.com https://googleads.g.doubleclick.net https://*.adroll.com https://*.addthis.com https://*.addthisedge.com https://tag.marinsm.com https://pixel-geo.prfct.co https://static.criteo.net 	 https://stackadapt.com https://*.creative-serving.com https://*.criteo.com https://*.vihub.ru https://*.cloudfront.net https://js.gleam.io https://a1.adform.net https://ajax.googleapis.com https://www.youtube.com https://animate.adobe.com https://*.stackadapt.com ; style-src 'self' 'unsafe-inline' *.wargaming.net https://fonts.googleapis.com https://*.wgcdn.co https://*.gcdn.co ; img-src 'self' data: android-webview-video-poster: * ; connect-src 'self' *.wargaming.net wss://worldoftanks.ru wss://worldoftanks.eu wss://worldoftanks.asia wss://worldoftanks.com https://stats.g.doubleclick.net https://*.yandex.ru https://*.yandex.net https://*.yandex.ua https://*.yandex.by https://*.yandex.kz https://*.yandex.com.tr http://*.yandex.ru http://*.yandex.net http://*.yandex.ua http://*.yandex.by http://*.yandex.kz http://*.yandex.com.tr https://*.yandex.st https://*.yandex.com https://*.yandex.fr https://graph.facebook.com https://*.addthis.com https://*.google-analytics.com https://ymetrica1.com https://*.cloudfront.net https://google.com https://google.ru https://google.com.ua https://google.by https://google.pl https://*.doubleclick.net https://*.googleapis.com ; font-src 'self' *.wargaming.net https://fonts.gstatic.com https://*.wgcdn.co https://*.gcdn.co ; media-src 'self' *.wargaming.net https://*.wgcdn.co https://*.gcdn.co ; frame-src 'self' *.wargaming.net https://*.adform.net https://*.facebook.com https://ad3.adfarm1.adition.com https://connect.facebook.net https://www.youtube.com https://bid.g.doubleclick.net https://*.criteo.com https://yastatic.net https://*.addthis.com https://gleam.io https://*.gcdn.co https://*.wgcdn.co https://aax-eu.amazon-adsystem.com ; object-src 'self' *.wargaming.net https://*.gcdn.co https://www.youtube.com ; report-uri https://cspreport.wargaming.net/cspreport 2
font-src *.gstatic.com 'unsafe-inline' data: *.bic.com *.cloudflare.com *.typekit.net https://cdnjs.cloudflare.com *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es api.bazaarvoice.com stg.api.bazaarvoice.com *.snapchat.com www.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.adyen.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.google.com *.snapchat.com *.criteo.com cdn.dnky.co webchat.dotdigital.com www.facebook.com insight.adsrvr.org www.youtube.com www.pinterest.com static.criteo.net 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.adyen.com *.gstatic.com *.googleapis.com data: d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com *.twiago.com *.smartadserver.com *.adnxs.com *.360yield.com *.adscale.de *.bic.com *.outbrain.com *.bing.com *.google.com *.google.fr *.pinterest.com *.bazaarvoice.com *.facebook.com *.doubleclick.net *.stickyadstv.com *.yahoo.com *.googletagmanager.com *.teads.tv *.rubiconproject.com *.adform.net *.openx.net *.pubmatic.com *.3lift.com *.criteo.com *.casalemedia.com *.media.net *.omnitagjs.com *.bidswitch.net *.smaato.net *.advertising.com *.sharethrough.com *.ivitrack.com *.taboola.com gum.criteo.com px.ads.linkedin.com ad.tpmn.co.kr an.yandex.ru ad.as.amanad.adtdp.com trends.revcontent.com jadserve.postrelease.com profile.ssp.rambler.ru sync.aralego.com pixel.tapad.com ad.mail.ru sync-criteo.ads.yieldmo.com criteo-partners.tremorhub.com ad.yieldlab.net exchange.mediavine.com sync.e-planning.net image2.pubmatic.com ids.ad.gt match.adsrvr.org i.liadm.com u.openx.net cm.mgid.com cm.g.doubleclick.net trc.taboola.com editor-assets.abtasty.com secure.adnxs.com bh.contextweb.com sync.smartadserver.com match.prod.bidr.io sync.mathtag.com sync.go.sonobi.com dpm.demdex.net ad.sxp.smartclip.net cw.addthis.com crb.kargo.com gen.sendtric.com www.facebook.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com *.adyen.com *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com *.bic.com *.cloudflare.com *.gstatic.com *.snapchat.com *.bazaarvoice.com *.googletagmanager.com *.google.com *.facebook.net *.criteo.net *.bing.com *.pinimg.com *.abtasty.com *.windows.net *.batch.com *.yimg.com *.doubleclick.net *.outbrain.com *.privacy-center.org *.sc-static.net sc-static.net *.polyfill.io *.ad.gt *.yahoo.com *.criteo.com https://cdnjs.cloudflare.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com *.avada.io snap.licdn.com analytics.tiktok.com js.adsrvr.org www.googletagmanager.com aufp.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com display.ugc.bazaarvoice.com *.bic.com *.typekit.net *.fonts.googleapis.com *.bazaarvoice.com https://fonts.googleapis.com https://cdnjs.cloudflare.com *.fontawesome.com cdn.dnky.co webchat.dotdigital.com *.googleapis.com *.google.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src data: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.slgnt.eu *.bic.com *.bazaarvoice.com *.paypal.com *.google-analytics.com *.batch.com *.pinterest.com *.yimg.com *.abtasty.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com bat.bing.com stats.g.doubleclick.net analytics.tiktok.com api.privacy-center.org 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src https: blob: wss://*.zopim.com 'unsafe-inline' 'unsafe-eval' wss://*.flightcentre.com.au:*; frame-ancestors *.calypso.net.au *.flightcentre.com.au; report-uri /api/csp_report; img-src https: blob: data:; font-src https: blob: data:; 2
frame-ancestors 'none';block-all-mixed-content;default-src 'self';style-src      'self' 'unsafe-inline' https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://translate.googleapis.com;style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://translate.googleapis.com;img-src 'self' data: blob: https://www.google-analytics.com https://translate.googleapis.com https://v2assets.zopim.io https://v2uploads.zopim.io https://www.googletagmanager.com/ https://www.gstatic.com https://maps.gstatic.com https://v2.zopim.com https://static.zdassets.com android-webview-video-poster: https://translate.google.com/;media-src 'self' blob: https://static.zdassets.com https://*.fansly.com https://v2.zopim.com;script-src 'self' 'unsafe-inline' 'unsafe-eval'  https://www.googletagmanager.com/ https://www.google-analytics.com/ https://static.zdassets.com/ https://fansly.com https://maps.googleapis.com/ https://gleam.io/ https://widget-mediator.zopim.com/ https://v2.zopim.com https://translate.googleapis.com https://translate.google.com/;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com/ https://www.google-analytics.com/ https://static.zdassets.com/ https://fansly.com https://maps.googleapis.com/ https://gleam.io/ https://widget-mediator.zopim.com/ https://v2.zopim.com https://translate.googleapis.com;font-src 'self' data: https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://v2.zopim.com;connect-src 'self' wss://*.fansly.com/  https://fansly.com https://*.fansly.com/ https://gleam.io/ https://widget-mediator.zopim.com wss://widget-mediator.zopim.com/ https://ekr.zdassets.com/ https://fansly-upload.s3-accelerate.amazonaws.com/ https://goselectmedia.zendesk.com/ wss://goselectmedia.zendesk.com https://www.google-analytics.com/ https://api.inoviopay.com/ wss://*.dev.fansly.com/ https://translate.googleapis.com https://static.zdassets.com https://www.googletagmanager.com/ https://fonts.gstatic.com/ https://gate.rapidsec.net https://maps.googleapis.com/ https://maps.gstatic.com;manifest-src 'self' https://fansly.com/;frame-src 'self' https://*.cardinalcommerce.com/ https://*.fansly.com/ https://gleam.io/ https://www.googletagmanager.com/;base-uri 'self';object-src 'none';child-src 'self';form-action 'self' https://*.cardinalcommerce.com/;prefetch-src 'none';worker-src 'self' https://fansly.com/;report-uri https://gate.rapidsec.net/g/r/csp/4e6946bb-32da-4e7e-8547-b0830e63712f/0/2/3?sct=2facf14f-49b8-4393-82d3-bd28f32f6896&dpos=report; 2
default-src blob: data: https:; script-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; report-uri https://www.hsn.com/mixed-content-collector; 2
default-src 'self' blob:; child-src: 'self' blob:; script-src 'self' 'unsafe-inline' w3.siemens.com tools.adlytics.net cdn.cookielaw.org assets.adobedtm.com players.brightcove.net img.en25.com vjs.zencdn.net www.automation.siemens.com w3.siemens.com profiles.siemens.com; style-src 'self' 'unsafe-inline' w3.siemens.com tools.adlytics.net profiles.siemens.com; img-src 'self' data: assets.new.siemens.com maps.siemens.com metrics.brightcove.com brightcove04pmdo-a.akamaihd.net cf-images.eu-west-1.prod.boltdns.net cf-images.us-east-1.prod.boltdns.net siemens.sc.omtrdc.net track.adform.net s2033604275.t.eloqua.com cdn.cookielaw.org cookies.siemens.com; font-src 'self' data: tools.adlytics.net; connect-src 'self' search.new.siemens.com w3.siemens.com siemens.sc.omtrdc.net siemens.tt.omtrdc.net *.demdex.net tools.adlytics.net cdn.cookielaw.org dmp.adform.net metrics.brightcove.com edge.api.brightcove.com secure.brightcove.com *.media.brightcove.com privacyportal-eu.onetrust.com manifest.prod.boltdns.net www.fortbildung.siemens.com profiles.siemens.com searchapi.new.siemens.com house-fastly-signed-eu-west-1-prod.brightcovecdn.com; media-src 'self' assets.new.siemens.com secure.brightcove.com *.media.brightcove.com blob: manifest.prod.boltdns.net house-fastly-signed-eu-west-1-prod.brightcovecdn.com; worker-src 'self' 'unsafe-inline' blob:; object-src players.brightcove.net; block-all-mixed-content; reflected-xss block; base-uri 'self'; referrer origin-when-cross-origin; report-uri https://report-uri.dc.siemens-energy.com/ 2
report-uri /api/csp-report/ 2
font-src fonts.googleapis.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net player.vimeo.com www.googletagmanager.com data: youtube.com www.youtube.com vimeo.com google.com www.google.com www.gstatic.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.vimeocdn.com s.ytimg.com www.google.com www.google.ca maps.gstatic.com www.maps.gstatic.com maps.googleapis.com developers.google.com play.google.com linkmaker.itunes.apple.com ssl.gstatic.com img.riskified.com www.w3.org 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.googletagmanager.com www.youtube.com jquery.sellxed.com data: js-agent.newrelic.com maps.googleapis.com google.com www.google.com www.gstatic.com bam.nr-data.net bam-cell.nr-data.net tagmanager.google.com beacon.riskified.com www.beanstream.com web.na.bambora.com c.riskified.com dpm.demdex.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com tagmanager.google.com fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net bam.nr-data.net bam-cell.nr-data.net c.riskified.com stats.g.doubleclick.net www.google-analytics.com web.na.bambora.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
: default-src 'self'; report-uri https://mtsrs.report-uri.com/r/d/csp/reportOnly; 2
font-src *.fontawesome.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.yotpo.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com store.paradoxlabs.com maps.gstatic.com *.yotpo.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.avada.io *.authorize.net maps.googleapis.com *.yotpo.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.authorize.net *.yotpo.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/webmaster/edu_google 2
font-src *.fontawesome.com 'self' *.gstatic.com 'self' data: api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de https://plumrocket.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com assets.braintreegateway.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de cdn.dnky.co webchat.dotdigital.com account.fetchify.com https://www.google.com/ https://www.youtube.com https://www.googletagmanager.com/ https://www.facebook.com https://www.e-shop-direct.com https://handel.ortlieb.com/ https://plumrocket.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com *.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.facebook.com https://www.magezon.com https://med-euw3c.squarelovin.com/ https://www.google.*/ads/ https://www.facebook.com https://cdn.ywxi.net https://maps.googleapis.com https://maps.gstatic.com https://www.e-shop-direct.com https://www.google-analytics.com https://www.google.com https://www.google.de 'self' data: *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com *.googletagmanager.com *.facebook.net *.google.com 'report-sample' https://www.googletagmanager.com/gtm.js https://www.google.com/recaptcha/api.js https://*.cookiefirst.com/ https://chimpstatic.com/ https://squarelovin.com/squarelovin.js https://squarelovin.com/api/index/get-stream-media/ https://connect.facebook.net/signals/config/995641483818596 https://consent.cookiefirst.com/banner.js https://www.google-analytics.com/analytics.js https://www.google-analytics.com/plugins/ua/ecommerce.js https://cdn.klarna.com/1.0/code/client/all.js https://maps.googleapis.com/maps/api/js https://www.e-shop-direct.com/libs/js/jquery-3.1.1.min.js https://unpkg.com/web-vitals@0.2.2/dist/web-vitals.es5.umd.min.js *.gstatic.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com cc-cdn.com *.fontawesome.com 'report-sample' https://*.cookiefirst.com/ https://*.squarelovin.com/squarelovin.css https://med-cf-1.squarelovin.com https://www.e-shop-direct.com *.googleapis.com *.gstatic.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'none' 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com payments.sandbox.braintree-api.com origin-analytics-sand.sandbox.braintree-api.com assets.braintreegateway.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk *.google-analytics.com https://static.cookiefirst.com/ https://stats.g.doubleclick.net/ https://www.facebook.com/tr/ api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.ipay88.com.my *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com player.vimeo.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.google.com *.botframework.com *.livechatinc.com *.tiqcdn.com *.doubleclick.net *.in.freshchat.com *.freshchat.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.sandbox.paypal.com *.paypal.com *.googleadservices.com *.google-analytics.com *.paypalobjects.com *.ytimg.com *.magentocommerce.com *.gstatic.com *.googleapis.com/ *.google.com *.google.com.my *.in.freshchat.com *.freshchat.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com *.vimeo.com www.vimeo.com *.vimeocdn.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.jquery.com *.google.com *.gstatic.com *.sandbox.paypal.com *.paypal.com *.googleadservices.com *.google-analytics.com *.paypalobjects.com *.youtube.com *.ytimg.com *.authorize.net *.cardinalcommerce.com *.magentocommerce.com *.newrelic.com *.facebook.com *.facebook.net *.g.doubleclick.net/ *.code.jquery.com *.googletagmanager.com *.botframework.com *.nr-data.net *.googleapis.com *.livechatinc.com *.mookie1.com *.tiqcdn.com *.in.freshchat.com *.freshchat.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.googleapis.com/ *.in.freshchat.com *.freshchat.com unsafe-inline *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.botframework.com wss://directline.botframework.com https://directline.botframework.com/v3/directline/conversations *.google-analytics.com *.g.doubleclick.net/ *.nr-data.net *.livechatinc.com *.in.freshchat.com *.freshchat.com www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.forgerock.com *.wistia.com *.wistia.net *.listenloop.com *.company-target.com *.google-analytics.com *.googleoptimize.com *.mktoresp.com *.doubleclick.net *.driftt.com *.driftqa.com *.pingdom.net *.swiftypecdn.com *.swiftype.com *.abtasty.com *.cookielaw.org *.hotjar.com *.hotjar.io *.nr-data.net *.marketo.com *.twitter.com *.soundcloud.com *.youtube.com *.akamaihd.net; font-src * data:; img-src * data:; media-src * blob:; prefetch-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.forgerock.com *.google.com *.googletagmanager.com *.google-analytics.com *.googleoptimize.com *.mktoresp.com *.googleadservices.com *.twitter.com *.ads-twitter.com *.licdn.com *.engagio.com *.listenloop.com *.demandbase.com *.driftt.com *.facebook.net *.adroll.com *.adroll.mgr.consensu.org *.newrelic.com *.hotjar.com googleads.g.doubleclick.net https://dn1f1hmdujj40.cloudfront.net *.swiftypecdn.com geoip-js.com *.pingdom.net *.abtasty.com *.cookielaw.org *.nr-data.net *.marketo.com *.marketo.net *.twimg.com *.jquery.com *.onetrust.com *.maxmind.com s3.amazonaws.com *.bugsnag.com *.wistia.net www.forgerock.com http://www.forgerock.com blob: chosen.jquery.js https://fast.wistia.com https://static.addtoany.com https://unpkg.com; style-src 'self' 'unsafe-inline' *.forgerock.com *.googleapis.com *.cloudflare.com *.swiftypecdn.com *.driftt.com *.marketo.com *.wistia.com *.wistia.net *.twitter.com *.twimg.com chosen.css; report-uri https://forgerock.report-uri.com/r/t/csp/wizard 2
default-src 'self' polyfill.io cdn.bizible.com 346-poj-129.mktoresp.com script.crazyegg.com www.google.co.uk www.google.com px.ads.linkedin.com ws.zoominfo.com stats.g.doubleclick.net explore.amexglobalbusinesstravel.com tracking.crazyegg.com consent.trustarc.com bat.bing.com www.google-analytics.com www.googletagmanager.com ws-assets.zoominfo.com bugcrowd.com amexgbt.com youtube.com twitter.com assets.bugcrowdusercontent.com bat.bing.com abrtp2-cdn.marketo.com cdn.bizible.com script.crazyegg.com customer.d41.co consent.trustarc.com www.instagram.com www.linkedin.com ws-assets.zoominfo.com cdnjs.cloudflare.com app-ab43.marketo.com; frame-src 'self' polyfill.io cdn.bizible.com 346-poj-129.mktoresp.com script.crazyegg.com www.google.co.uk www.google.com px.ads.linkedin.com ws.zoominfo.com stats.g.doubleclick.net explore.amexglobalbusinesstravel.com tracking.crazyegg.com consent.trustarc.com bat.bing.com www.google-analytics.com www.googletagmanager.com ws-assets.zoominfo.com bugcrowd.com amexgbt.com youtube.com twitter.com assets.bugcrowdusercontent.com bat.bing.com abrtp2-cdn.marketo.com cdn.bizible.com script.crazyegg.com customer.d41.co consent.trustarc.com www.instagram.com www.linkedin.com ws-assets.zoominfo.com cdnjs.cloudflare.com app-ab43.marketo.com; object-src 'self' polyfill.io cdn.bizible.com 346-poj-129.mktoresp.com script.crazyegg.com www.google.co.uk www.google.com px.ads.linkedin.com ws.zoominfo.com stats.g.doubleclick.net explore.amexglobalbusinesstravel.com tracking.crazyegg.com consent.trustarc.com bat.bing.com www.google-analytics.com www.googletagmanager.com ws-assets.zoominfo.com bugcrowd.com amexgbt.com youtube.com twitter.com assets.bugcrowdusercontent.com bat.bing.com abrtp2-cdn.marketo.com cdn.bizible.com script.crazyegg.com customer.d41.co consent.trustarc.com www.instagram.com www.linkedin.com ws-assets.zoominfo.com cdnjs.cloudflare.com app-ab43.marketo.com; report-uri /_/csp-reports 2
default-src 'self' *.gstatic.com *.google.com *.google.co.uk *.youtube.com *.google-analytics.com *.bazaarvoice.com *.openstreetmap.org *.iesnare.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com *.youtube.com *.google.com *.gstatic.com *.cloudflare.com *.bugherd.com bat.bing.com *.bazaarvoice.com *.facebook.net *.googleapis.com *.g.doubleclick.net *.ads-twitter.com *.googleadservices.com *.twitter.com cambridgeaudio.us8.list-manage.com js.braintreegateway.com script.hotjar.com static.hotjar.com *.payments-amazon.com vc.hotjar.io songbirdstag.cardinalcommerce.com *.paypal.com twitter.com *.bazaarvoice.com *.newrelic.com *.cloudflareinsights.com *.cloudfront.net *.nr-data.net *.atlassian.net *.cardinalcommerce.com *.google.se *.google.nl *.google.ca chimpstatic.com *.openstreetmap.org *.paypalobjects.com *.iesnare.com *.mavenoid.com; object-src 'self' 'unsafe-inline' *.bazaarvoice.com *.iesnare.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.bazaarvoice.com *.cloudfront.net sheet *.braintreegateway.com *.openstreetmap.org *.braintreegateway.com *.iesnare.com *.appcues.com; img-src *; frame-src *.vimeo.com *.facebook.com *.youtube.com *.youtube-nocookie.com vars.hotjar.com *.braintreegateway.com *.cardinalcommerce.com *.paypal.com *.kaptcha.com *.bazaarvoice.com *.amazon-adsystem.com *.cloudfront.net *.atlassian.net *.go2jump.org *.payments-amazon.com *.amazon.co.uk *.amazon.com *.cambridgeaudio.com *.doubleclick.net *.googletagmanager.com *.openstreetmap.org *.spotify.com *.iesnare.com; font-src 'self' *.gstatic.com data: *.bazaarvoice.com *.bugherd.com *.cloudfront.net *.openstreetmap.org *.iesnare.com *.mavenoid.com; connect-src 'self' *.g.doubleclick.net *.google.com *.google-analytics.com bat.bing.com *.facebook.com sockjs.pusher.com in.hotjar.com *.amazon.com *.amazon.co.uk vc.hotjar.io *.braintree-api.com *.braintree-gateway.com *.cardinalcommerce.com *.amazonaws.com *.bazaarvoice.com *.bugsnag.com *.pusher.com *.nr-data.net *.braintreegateway.com *.paypal.com  *.nr-data.net *.hotjar.com wss://* *.openstreetmap.org *.braintreegateway.com *.paypal.com *.iesnare.com *.mavenoid.com; report-uri /report-csp-violation 2
base-uri 'self'; frame-src 'self' cookiejar.mondly.com vars.hotjar.com www.facebook.com optimize.google.com bid.g.doubleclick.net secure.livechatinc.com www.googletagmanager.com; frame-ancestors 'self' *.mondly.com; font-src 'self' data: d37sy4vufic209.cloudfront.net fonts.gstatic.com; img-src 'self' data: https://*; media-src 'self' d37sy4vufic209.cloudfront.net mondly-languages-audio.azureedge.net; style-src 'self' 'unsafe-inline' d37sy4vufic209.cloudfront.net optimize.google.com fonts.googleapis.com tagmanager.google.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' d37sy4vufic209.cloudfront.net www.google.com script.hotjar.com static.hotjar.com connect.facebook.net cdn.livechatinc.com optimize.google.com tagmanager.google.com secure.livechatinc.com www.googletagmanager.com www.googleadservices.com www.google-analytics.com ssl.google-analytics.com googleads.g.doubleclick.net 2
font-src *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudflare.com *.typekit.net *.trustedshops.com *.gstatic.com *.bootstrapcdn.com https://display.ugc.bazaarvoice.com 'self' data: *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de api.bazaarvoice.com stg.api.bazaarvoice.com *.paypal.com https://www.facebook.com/tr/ *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com player.vimeo.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.dotdigital-pages.com *.dotdigital.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com https://w.soundcloud.com https://www.youtube.com https://www.google.com *.paypal.com https://vars.hotjar.com https://amc.demdex.net/ https://www.facebook.com/ *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.cloudflare.com https://cdn.klarna.com *.paypal.com https://s.ytimg.com *.usercentrics.eu *.googleapis.com https://www.google.com/ *.gstatic.com http://amcglobal.sc.omtrdc.net/ https://facebook.com/  https://cm.everesttech.net/ https://dpm.demdex.net/ https://www.facebook.com/ https://connect.facebook.net/ *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com *.vimeocdn.com www.vimeo.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com cdn.dnky.co api.comapi.com webchat.dotdigital.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cloudflare.com *.trustedshops.com *.usercentrics.eu https://chimpstatic.com *.zdassets.com *.googleapis.com https://www.google.com https://www.gstatic.com https://geoip.nekudo.com *.newrelic.com *.nr-data.net https://static.hotjar.com https://script.hotjar.com https://www.googletagmanager.com https://connect.facebook.net/ https://widget-mediator.zopim.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com display.ugc.bazaarvoice.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline *.cloudflare.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.bazaarvoice.com *.googleapis.com *.bootstrapcdn.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com api.comapi.com webchat.dotdigital.com www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cloudflare.com *.paypal.com *.zdassets.com *.zendesk.com wss://widget-mediator.zopim.com https://widget-mediator.zopim.com *.nr-data.net https://in.hotjar.com http://amcglobal.sc.omtrdc.net/ https://stats.g.doubleclick.net/ https://www.google-analytics.com/ https://dpm.demdex.net/ https://www.facebook.com/ https://vc.hotjar.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
frame-ancestors http://*.infomart.co.jp https://*.infomart.co.jp http://infomart.co.jp https://infomart.co.jp http://www.foods-ch.com https://www.foods-ch.com http://foods-ch.com https://foods-ch.com *.medicalinfomart.com *.beautyinfomart.com; report-uri https://es.infomart.co.jp/csp-report; 2
default-src 'none'; connect-src 'self' www.google.com https://cdncache-a.akamaihd.net wss wss://generatorhostels.com ws1.hotjar.com ws2.hotjar.com ws3.hotjar.com ws4.hotjar.com ws5.hotjar.com graylog.hotjar.com cdnjs.cloudflare.com ajax.googleapis.com www.google-analytics.com stats.g.doubleclick.net wss://ws2.hotjar.com wss://ws3.hotjar.com wss://ws4.hotjar.com insights.hotjar.com generatorweb.sihot.com; font-src data null generatorweb.sihot.com maxcdn.bootstrapcdn.com fonts.gstatic.com 'self'; manifest-src 'self' generatorhostels.com; object-src 'self' generatorhostels.com; frame-src 'self' service.securesrv12.com secure.liveshoppersmac.com 3dsecure.klikbca.com geschuetzteinkaufen.commerzbank.de acs.sia.eu vcas1.visa.com www.securesuite.net acs1.edb.com secure5.arcot.com aacsw.3ds.verifiedbyvisa.com tpc.googlesyndication.com sas.redsys.es cdncache-a.akamaihd.net mastercardsecurecode.secureacs.com acs1.swedbank.se analytics-google.net https://acs2-3dsecure.cic.fr https://braip.com.br www.securesuite.co.uk secure.edb.com tsys.arcot.com secure7.arcot.com www.googletagmanager.com mozbar.moz.com www.facebook.com acs.airplus.com connect.facebook.net saferpay.com www.saferpay.com generatorweb.sihot.com generatorhostels.com bid.g.doubleclick.net staticxx.facebook.com vars.hotjar.com www.google.com www.instagram.com www.youtube.com w.soundcloud.com; img-src googleads.g.doubleclick.net butstrap.space https://spedcheck.space www.gstatic.com www.google.ge www.google.pl www.google.ru www.google.cm www.google.com.eg www.google.co.kr www.google.com.np www.google.co.th www.google.dz www.google.no www.google.com.hk www.google.com.mm www.google.co.il www.google.az www.google.sk www.google.ie www.google.com.pe lh3.ggpht.com www.google.de www.google.cz www.google.co.za www.google.se www.google.dk www.google.gr www.google.lv www.google.com.tw https://gateway.zscalertwo.net www.google.com.ph www.google.com.uy www.google.fi www.google.com.ua www.google.com.cy www.google.com.jm www.google.im www.google.co.ve www.google.com.sg www.google.ca www.google.es www.google.kg www.google.be www.google.at www.google.pt www.google.fr www.google.it www.google.com.br www.google.com.ar https://gallery.mailchimp.com www.google.ch www.google.me www.google.com.ec www.google.ro www.google.kg www.google.nl www.google.com.mx https://canvaspl-a.akamaihd.net https://cdnstats-a.akamaihd.net www.google.com.lb www.google.com.co www.google.com.tr www.google.cl www.google.dk www.google.co.in www.google.hr www.gstatic.com generatorweb.sihot.com generatorstorage.blob.core.windows.net generatorhostels.com cbks0.googleapis.com csi.gstatic.com data: geo0.ggpht.com geo1.ggpht.com geo2.ggpht.com geo3.ggpht.com img.youtube.com khms0.googleapis.com khms1.googleapis.com maps.googleapis.com maps.gstatic.com 'self' generator.azureedge.net ssl.google-analytics.com stats.g.doubleclick.net web.facebook.com www.facebook.com www.google.co.uk www.google.com www.google-analytics.com ajax.googleapis.com; media-src 'self' data:; script-src 'self' data blob about asset tpc.googlesyndication.com cdnjs.cloudflare.com cdn.jsdelivr.net www.thehotelsnetwork.com cdn.scarabresearch.com fdz.octapi.net data1.iti-maps.fr data1.itineraire.info asset about spedcheck.space rules.similardeals.net tags.clickintext.net lb.apicit.net butstrap.space https://cdncache-a.akamaihd.net secure.liveshoppersmac.com generatorweb.sihot.com maxcdn.bootstrapcdn.com ajax.googleapis.com api.instagram.com connect.facebook.net eval: googleads.g.doubleclick.net inline: maps.googleapis.com platform.instagram.com s.ytimg.com script.hotjar.com 'self' ssl.google-analytics.com static.hotjar.com 'unsafe-eval' 'unsafe-inline' www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.instagram.com www.youtube.com; style-src ajax.googleapis.com fonts.googleapis.com inline: 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com generatorweb.sihot.com; report-uri https://crafted.report-uri.com/r/d/csp/reportOnly 2
default-src 'self' 'unsafe-inline'; img-src 'self' data: https://vkrabota.ru https://*.iconjob.co https://www.google-analytics.com http://r.mradx.net https://*.mail.ru https://hb.bizmrg.com https://stats.g.doubleclick.net https://www.google.com https://www.google.ru https://*.yandex.ru https://*.yandex.net https://*.doubleclick.net *.imgsmail.ru *.facebook.com *.mradx.net *.gstatic.com *.facebook.net *.googletagmanager.com; connect-src https://*.vkrabota.ru wss://*.vkrabota.ru https://api.iconjob.co/api/geo https://clickstream.vkrabota.ru *.mail.ru https://*.yandex.ru https://www.facebook.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.iconjob.co wss://*.iconjob.co; font-src 'self' https://r.mradx.net https://fonts.gstatic.com https://yastatic.net; child-src https://*.mail.ru https://*.imgsmail.ru https://*.doubleclick.net https://yastatic.net https://www.facebook.com; script-src 'self' https://*.iconjob.co https://*.vkrabota.ru *.mail.ru https://www.google-analytics.com https://ok.ru yandex.ru *.yandex.ru *.yandex.net yastatic.net https://www.googletagmanager.com https://connect.facebook.net *.imgsmail.ru 'unsafe-inline' 'unsafe-eval' 'report-sample'; report-uri https://sentry.iconjob.co/api/23/security/?sentry_key=9c4b42adca9e4df2b1c097aec815e0c1&sentry_environment=production; 2
default-src https:;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cc.cdn.civiccomputing.com https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://reports.hrmdirect.com https://*.etcconnect.com;style-src 'self' 'unsafe-inline' https://hello.myfonts.net https://reports.hrmdirect.com https://www.highend.com https://fonts.googleapis.com https://*.etcconnect.com;object-src 'none';img-src 'self' data: https://www.google-analytics.com https://www.facebook.com https://*.etcconnect.com;report-uri /Handlers/CspReports.ashx?type=REPORTONLY; 2
default-src 'self'; script-src 'self' 'unsafe-inline' *.googleadservices.com *.bing.com *.googleapis.com *.google-analytics.com *.gstatic.com *.googletagmanager.com *.zopim.com *.bizographics.com *.toutapp.com *.newrelic.com *.linkedin.com *.nr-data.net *.hubspot.com 'unsafe-eval' unpkg.com/feather-icons *.hs-scripts.com *.visualwebsiteoptimizer.com *.hs-analytics.net *.hscollectedforms.net *.hsadspixel.net *.js.usemessages.com *.bootstrapcdn.com *.doubleclick.net *.albacross.com js.usemessages.com/conversations-embed.js js.hsforms.net/forms/v2.js; object-src *; style-src 'self' 'unsafe-inline' *.googleapis.com ; img-src *; media-src *; frame-src 'self' *.hubspot.com *.doubleclick.net; child-src 'self'; font-src 'self' 'unsafe-inline' *.gstatic.com data: wss:; connect-src 'self' *.hubspot.com *.hubapi.com; report-uri /report-csp-violation 2
font-src *.klevu.com *.ksearchnet.com *.fontawesome.com *.cloudflare.com *.googleapis.com *.zopim.com https://www.gstatic.com *.tawk.to *.jsdelivr.net media.flixfacts.com 'unsafe-inline' data: https://fonts.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.nosto.com *.nos.to *.facebook.com webchat.jdg.co.za *.jdg.co.za 'self' 'unsafe-inline'; frame-ancestors *.hana.ondemand.com 'self'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.nosto.com *.nos.to https://www.google.com *.youtube.com *.issuu.com *.hotjar.com *.hotjar.io *.googletagmanager.com *.criteo.net *.criteo.com *.addthis.com *.facebook.com webchat.jdg.co.za *.jdg.co.za 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.klevu.com *.ksearchnet.com *.nosto.com *.nos.to *.cloudflare.com *.google.com *.google.lv *.google.co.za *.google.com.na *.google.na *.gstatic.com *.zopim.com *.hotjar.com *.hotjar.io *.googletagmanager.com *.zopim.io *.sfdr.co sfdr.co *.tawk.to tawk.link *.tawk.link *.addthis.com *.jsdelivr.net *.facebook.com *.youtube.com *.azurewebsites.net maps.googleapis.com app.mobicredwidget.co.za amcglobal.sc.omtrdc.net media.flixcar.com rt.flix360.com assets.secure.checkout.visa.com 'unsafe-inline' data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com *.klevu.com *.ksearchnet.com *.nosto.com *.nos.to *.zopim.com *.videoly.co sfdr.co *.cnetcontent.com *.cloudfront.net *.newrelic.com https://www.google.com *.google.lv *.google.co.za *.google.com.na *.google.na *.cloudflare.com *.cloudflareinsights.com *.hotjar.com *.googletagmanager.com *.criteo.net *.criteo.com *.sfdr.co *.tawk.to *.tawk.link *.jsdelivr.net *.addthis.com *.addthisedge.com *.moatads.com *.mouseflow.com *.nr-data.net *.facebook.com maps.googleapis.com www.googletagmanager.com commerce.adobedtm.com magento-recs-sdk.adobe.net static.zdassets.com app.mobicredwidget.co.za www.gstatic.com connect.facebook.net bam.nr-data.net googleads.g.doubleclick.net js.testfreaks.com media.flixfacts.com media.flixcar.com security-hub.vaimo.network https://www.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.klevu.com *.ksearchnet.com *.fontawesome.com *.nosto.com *.nos.to *.cloudflare.com *.googleapis.com *.jsdelivr.net www.gstatic.com media.flixcar.com 'unsafe-inline' data: 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.klevu.com *.ksearchnet.com *.nosto.com *.nos.to *.testfreaks.com *.google.com *.hotjar.io *.hotjar.com *.doubleclick.net *.zendesk.com *.paypal.com *.tawk.to wss://*.tawk.to *.tawk.link *.addthis.com *.addthisedge.com *.nr-data.net vsb111.tawk.to ekr.zdassets.com api.magento.com commerce.adobedc.net app.mobicredwidget.co.za www.google-analytics.com wss://widget-mediator.zopim.com bam.nr-data.net *.googletagmanager.com security-hub.vaimo.network 'unsafe-eval' data: 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' ikea.com *.ikea.com ikea.net *.ikea.net ingka.com *.ingka.com cdtapps.com *.cdtapps.com ctfassets.net *.ctfassets.net 8iire7wxfe.execute-api.eu-west-1.amazonaws.com akamaihd.net *.akamaihd.net akstat.io *.akstat.io appdynamics.com *.appdynamics.com eum-appdynamics.com *.eum-appdynamics.com contentsquare.net *.contentsquare.net go-mpulse.net *.go-mpulse.net optimizely.com *.optimizely.com sentry.io *.sentry.io techlab-cdn.com *.techlab-cdn.com google.com *.google.com googleapis.com *.googleapis.com gstatic.com *.gstatic.com google-analytics.com *.google-analytics.com googletagmanager.com *.googletagmanager.com youtube-nocookie.com *.youtube-nocookie.com oppwa.com *.oppwa.com iesnare.com *.iesnare.com recaptcha.net *.recaptcha.net blob: data: us-central1-ingka-ime-dmp-prod.cloudfunctions.net api.addressy.com ingka.dev *.ingka.dev seal.digicert.com liveshopping-widgets.firebaseapp.com us-central1-adaptive-growth.cloudfunctions.net bambuser.com *.bambuser.com taskrabbit.com *.taskrabbit.com pro.ip-api.com api.everythinglocation.com adform.net *.adform.net adnxs.com *.adnxs.com adsrvr.org *.adsrvr.org *.seoab.io bing.com *.bing.com doubleclick.net *.doubleclick.net facebook.com *.facebook.com facebook.net *.facebook.net googleadservices.com *.googleadservices.com tpc.googlesyndication.com jivox.com *.jivox.com krxd.net *.krxd.net cdn.pdst.fm pinterest.com *.pinterest.com pinimg.com *.pinimg.com api.pinpiaa.com seoab.io snapchat.com *.snapchat.com sc-static.net survicate.com *.survicate.com yimg.com *.yimg.com tiktok.com *.tiktok.com cookielaw.org *.cookielaw.org onetrust.com *.onetrust.com; img-src * blob: data:; frame-src *; report-uri https://reporting.go-mpulse.net/report/BY4BJ-VCVK6-JMEA5-T2M38-5FM5W 2
font-src fonts.googleapis.com fonts.gstatic.com data: *.typekit.net 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.googletagmanager.com *.gstatic.com cdn.jst.ai ajax.googleapis.com 'self' 'unsafe-inline'; frame-src https://*.online-metrix.net https://imgs.signifyd.com www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.google.com *.youtube.com *.vimeo.com *.hotjar.com *.doubleclick.net cdn.jst.ai *.paymetric.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src https://imgs.signifyd.com https://*.online-metrix.net www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com maps.googleapis.com maps.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es https://a.klaviyo.com data: via.placeholder.com *.cdninstagram.com *.klaviyo.com *.google.com *.facebook.com *.fls.doubleclick.net yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src https://cdn-scripts.signifyd.com https://imgs.signifyd.com test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com www.youtube.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es https://static.klaviyo.com https://fast.a.klaviyo.com api.airbud.io demo.airbud.io ajax.googleapis.com *.gstatic.com *.google.com *.klaviyo.com cdnjs.cloudflare.com js-agent.newrelic.com bam.nr-data.net player.vimeo.com *.typekit.net *.hotjar.com connect.facebook.net *.jst.ai *.kmail-lists.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com api.airbud.io demo.airbud.io *.klaviyo.com *.typekit.net yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src https://imgs.signifyd.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es https://static.klaviyo.com https://fast.a.klaviyo.com *.klaviyo.com prod.airbud.io bam.nr-data.net *.google-analytics.com *.doubleclick.net *.kmail-lists.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
script-src 'self' https://www.google-analytics.com https://www.buzzsprout.com https://connect.facebook.net https://static.ads-twitter.com; style-src 'self' 'unsafe-inline' https://use.typekit.net https://analytics.twitter.com; img-src 'self' data: https://craftassets.unraid.net https://t.co https://www.facebook.com https://www.google-analytics.com https://www.google.com; font-src 'self' data:; default-src 'self'; connect-src 'self' https://stats.g.doubleclick.net; frame-src 'self' https://www.youtube.com 2
worker-src blob: www.toolnut.com data: www.festoolproducts.com; font-src fonts.gstatic.com data: maxcdn.bootstrapcdn.com cdn.honey.io cdn.ivaws.com www.slant.co chrome-extension: static3.avast.com github.com *.affirm.com fonts.googleapis.com www.clearplay.com fast.fonts.net use.fontawesome.com ms-browser-extension: at.alicdn.com d3s8xk3etjyeyz.cloudfront.net themes.googleusercontent.com cdn.joinhoney.com cdn.getspeechify.com static2.sharepointonline.com pouch-global-font-assets.s3.eu-central-1.amazonaws.com cdn.rossintelligence.com api.couponmate.com assets.quadpay.com netdna.bootstrapcdn.com cdnjs.cloudflare.com sapling.ai cdn-assets.affirm.com cdn.scite.ai www.toolnut.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.facebook.com 10.40.0.3 www.toolnut.com session.socialware.com apps.stifel.com festoolusa.com www.festoolusa.com www.paypal.com bpb.opendns.com 199.46.251.173 172.18.0.14 co-cwsa06p.phsi.primehealthcare.com 7rl70013.ibosscloud.com www.block.si localhost 199.46.251.175 upload.facebook.com 31.13.93.35 mobile.netsparkmobile.com 10.249.32.23 google.com 172.26.82.54 10.27.40.72 10.34.243.132 rm40996.ibosscloud.com usncchfw.cqb.chiknet.com lsrelay-config-production.s3.amazonaws.com 10.249.35.55 199.46.249.164 lsrocket.wssd.org 159.83.110.199 7rx80265.ibosscloud.com lrcicf03 useast2-www.securly.com 31.13.66.35 157.240.18.35 'self' 'unsafe-inline'; frame-ancestors www.toolnut.com www.festoolproducts.com 'self'; frame-src https://*.online-metrix.net https://imgs.signifyd.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com www.youtube.com *.google.com/ *.youtube.com www.google.com www.facebook.com static.olark.com *.affirm.com t.pepperjamnetwork.com bid.g.doubleclick.net ssl.kaptcha.com www.googletagmanager.com nojscontainer.pepperjam.com pwm-image.trendmicro.com tpc.googlesyndication.com mozbar.moz.com app.viralsweep.com iamccepasv501.faa.gov accounts.google.com 10.40.0.3 cdncache-a.akamaihd.net block.opendns.com auth.iws-hybrid.trendmicro.com session.socialware.com apps.stifel.com player.vimeo.com 199.46.250.165 s.cmptch.com div.show gateway.zscloud.net mccproxy1.ad.menasha.com gateway.zscalertwo.net hobfpproxy02.nashville.org gateway.zscaler.net skytraf.xyz www.dideo.ir www.securly.com iamccepasv500.faa.gov r.srvtrck.com cdn.exchmapdata.com acestream.me 5c07e5a4a3e132a1094bfd556de2e017sync.pacrpc.uswest3.v1api.securly.com gateway.zscalerthree.net pitc.nube.53.com saltcdn2.googleapis.com bpb.opendns.com lsrelay-config-production.s3.amazonaws.com useast-www.securly.com 10.20.30.22 userprotect.us.stihl-dns.net cltfwdproxyf501 safe.menlosecurity.com d31b6i309j1ui2.cloudfront.net d3s8xk3etjyeyz.cloudfront.net 199.46.251.173 iactcepasv501.faa.gov blocked.ppg.com filter.techloq.com xen-media.com login.zscalertwo.net 10.67.167.71 purplestats.com partners.cmptch.com hns1362x zswpmanager.wip.mmc.com 7rl70013.ibosscloud.com www.zola.com www.block.si data: localhost 199.46.251.175 noop.style 199.46.251.164 upload.facebook.com 127.0.0.1 ls-policyvm-1-s.k12.wv.us 199.46.251.168 rest.exchmapdata.com 10.77.167.71 fiendgamers.com 199.46.249.170 notify.bluecoat.com 10.20.30.28 199.46.251.171 login.zscloud.net useast2-www.securly.com accessdenied.pnc.com mobile.netsparkmobile.com api.exchpackdata.com 10.249.32.23 199.46.249.171 ckr01.lpsb.org welcometocgw.fr.eu.airbus.corp login.microsoftonline.com ckr01.msdlt.k12.in.us 172.217.2.238 ssl-proxy-login.blackspider.com google.com 10.255.11.250 153.11.216.221 153.11.216.220 199.46.250.160 153.11.216.225 153.11.216.224 saltcdn2.facebook.com isbcpxsppr01.na.mmfg.net 153.11.216.223 10.34.243.132 rm40996.ibosscloud.com adcfwdproxyf503 adcfwdproxyf504 153.11.216.222 usncchfw.cqb.chiknet.com ff3bed1d158489e6cc0821e629cf0062sync.pacrpc.uswest2.v1api.securly.com cltfwdproxyf504 adfs.micron.com 10.10.1.120 ad000-ws002-wcg.dtc.local iprism.sffc.acres.com lsrocket.wssd.org 172.16.206.15 access.bcferries.com ckr01.rsdmo.org 199.46.251.169 www.myregistry.com 159.83.110.199 iactcepasv500.faa.gov ok.ru login.zscalerthree.net cdn.exchgmdata.com 7rx80265.ibosscloud.com cdn.exchmeddata.com www.staffmark.com login2.cpsserv.com 31.13.66.35 199.46.250.166 vk.com remove.video www.clipix.com veronline.me floatingplayer.com utp.ucweb.com saltcdn2.twitter.com saltcdn2.www.instagram.com sso.johndeere.com adcfwdproxyf501 10.4.200.211 blipznchitzcom-a.akamaihd.net 199.46.250.164 157.240.18.35 cdn.walkme.com api.exchprotdata.com chrome-error: object.center tool-bcg.bwe.io thetoolnut.sjv.io 167.150.254.140 www.milwaukeetool.com 'self' 'unsafe-inline'; img-src https://imgs.signifyd.com https://*.online-metrix.net www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com https://a.klaviyo.com https://www.magezon.com www.xtento.com cdn.xtento.com mediacdn.espssl.com cds.taboola.com www.facebook.com log.olark.com bat.bing.com www.google.com p.adsymptotic.com px.ads.linkedin.com www.linkedin.com s1.listrakbi.com www.google-analytics.com fp.listrakbi.com sca1.listrakbi.com www.google.com.ar data: media.toolnut.com www.google.ca www.googletagmanager.com csi.gstatic.com trc.taboola.com www.gstatic.com www.google.co.ug www.google.co.uk www.google.de www.toolnut.com i.ytimg.com www.bizrate.com googleads.g.doubleclick.net *.affirm.com www.google.co.in rd.connexity.net www.google.co.zw www.google.it bam.nr-data.net cdn.ivaws.com blob: www.google.co.jp gateway.zscloud.net www.google.fr www.google.com.ph eventping-a.akamaihd.net images.wikibuy.com www.google.ae www.google.by www.google.com.ua cdn.exchmapdata.com cilkonlay.com dozi-staging.zoominfo.com accounts.google.com translate.google.com hardyload.com mitarchive.info www.google.com.pe petercontry.net static.slickdealscdn.com ssl.google-analytics.com polinaryapp.com www.google.com.sg www.google.nl qalitygigant.com canvaspl-a.akamaihd.net www.google.co.za www.google.sk cdn.honey.io brounelink.com www.google.az www.google.com.bo www.google.fi www.tailwindapp.com www.google.jo partners.cmptch.com cdn.exchgmdata.com www.google.com.ng *.youtube.com www.google.com.mx s.cmptch.com tribedone.org store.paradoxlabs.com www.google.ie www.stabila.com translate.googleapis.com www.google.cz www.milwaukeetool.com connect.facebook.net www.google.co.vi img.shop.com www.google.be stats.g.doubleclick.net cosmeticsrc.com d2z2x9m6jf98op.cloudfront.net www.google.is www.google.com.au www.google.com.qa rest.exchmapdata.com 52.22.54.6 mc.yandex.ru autroliner.com www.google.ch www.google.at www.google.com.pr www.google.ru ciclonrox.com www.google.com.br www.google.gr log-papago.naver.com bitc-proxy-p06-mgmt www.google.com.tw www.wihatools.com a5.behance.net www.google.com.sa www.google.ro www.google.com.co www.google.iq www.dewalt.com gateway.zscalertwo.net www.google.com.ec www.google.co.ao 52.206.25.151 s2.listrakbi.com android-webview-video-poster: www.google.com.pk jaretsummer.com m.media-amazon.com blinkjork.com mstat.acestream.net www.google.co.kr bpb.opendns.com tracksmall.com toolsmagick.com loungesrc.net dogsamily.net www.google.com.af log.pinterest.com dakotaram.com craftprimes.com www.google.co.id www.google.pl smackbolt.com www.google.com.hk www.magentocommerce.com www.google.com.pa www.festoolproducts.com www.google.es hm.baidu.com 7rl70013.ibosscloud.com www.mageworx.com srdrvp.com pagead2.googlesyndication.com clt-v20k3-c.bbtnet.com www.google.se cermak-fpgin03p.honi.com trableflick.com nickletto.com fp1104.digitaloptout.com api.exchqzdata.com cdn.exchqzdata.com yastatic.net dimagesrc.com 31.13.93.35 hovastate.s3.amazonaws.com 10.248.8.49 www.google.com.tr singtraff.cool localhost gateway.zscaler.net play-lh.googleusercontent.com media.pepperjamnetwork.com proghage.com acountscr.cool mikkiload.com www.google.co.uz poligloteapp.org gfh-bcasg01-aggr www.google.bg canvasdp-a.akamaihd.net usvc-a.akamaihd.net s.pmddby.com static.gecirtnotification.com duckduckgo.com www.google.co.cr 52.86.201.79 fonts.gstatic.com cdn.makitatools.com nextextlink.com s3.amazonaws.com assets.syndigo.com saltjs.failplugin.ru www.google.gy cdn.joinhoney.com www.google.hu debugsinfo.com mirextpro.com saltjs.rkfnrkjfnrkfnkjh.xyz closiner.com m.facebook.com icelandsue.com www.securly.com extendcoreapiprodextendc-storelogosbucket03b65aac-1hzxdqraz84hj.s3.amazonaws.com bam-cell.nr-data.net clickmarketus.com cdn.exchpackdata.com www.google.co.il www.google.com.gt www.google.ge gateway.zscalerone.net accounts.unifiedcloudit.com www.google.cn redir.pricespider.com promlinkdev.com az.nmgplatform.com ssl.gstatic.com roxlock.com scrprime.com minisrclink.cool www.google.hn www.google.rs cdn.gethypervisual.com clicksapp.net www.google.com.my img.uflowx.com appprint.biz www.google.tt zeb-v20k1-c.bbtnet.com blinkloide.com festoolcdn.azureedge.net www.google.com.eg www.google.com.do www.google.com.vn www.woodpeck.com www.ojrq.net helloextend-static-assets.s3.amazonaws.com boxclone.com www.google.co.nz logs-01.loggly.com veronamile.com www.google.cl mabydick.com 10.129.6.13 westtank.net gifcdn.com www.googleadservices.com v2assets.zopim.io 'self' 'unsafe-inline'; script-src https://cdn-scripts.signifyd.com https://imgs.signifyd.com test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com https://static.klaviyo.com https://fast.a.klaviyo.com *.google.com/ www.xtento.com cdn.xtento.com container.pepperjam.com apis.google.com cdn.listrakbi.com s1.listrakbi.com *.affirm.com www.googletagmanager.com www.google.com www.gstatic.com www.googleadservices.com www.clickcease.com static.olark.com bat.bing.com connect.facebook.net googleads.g.doubleclick.net trc.taboola.com at1.listrakbi.com www.google-analytics.com js-agent.newrelic.com m1.listrakbi.com bam.nr-data.net api.olark.com cdn.taboola.com snap.licdn.com knrpc.olark.com ssl.kaptcha.com tpc.googlesyndication.com fillr.local app.viralsweep.com gateway.zscloud.net www.pagespeed-mod.com data: m59.prod2016.com cdncache-a.akamaihd.net static.sunnycoast.xyz qdatasales.com gateway.zscalertwo.net zuvofu.towaxubudo.com assets.olark.com cilkonlay.com siteprerender.com cache-check.net hardyload.com petercontry.net 3001.scriptcdn.net ssl.google-analytics.com polinaryapp.com qalitygigant.com m35.prod2016.com asrvvv-a.akamaihd.net protectsurf-a.akamaihd.net s.pmddby.com 10.18.6.54 rialto-gms.s3.amazonaws.com adr.mplore.com brounelink.com 172.18.54.216 tribedone.org translate.googleapis.com 10.246.7.22 10.18.6.92 10.95.4.165 ajax.googleapis.com abp.smartadcheck.de cosmeticsrc.com mstat.acestream.net pilaff-up.ru m98.prod2016.com autroliner.com ciclonrox.com localhost bitc-proxy-p06-mgmt saltcdn2.googleapis.com vuduxo.raxanixuru.com tcsls.tyrrell.k12.nc.us 10.10.4.162 s.yimg.com sp.analytics.yahoo.com mawisa.botateyime.com about: d31b6i309j1ui2.cloudfront.net siteblock.exeloncorp.com *.youtube.com searchprotectors.com jaretsummer.com nadenfpap02.cyracom.com www.glancecdn.net blinkjork.com bpb.opendns.com tracksmall.com toolsmagick.com ascend.pepperjam.com johamo.fexitafalu.com loungesrc.net translate.google.com dogsamily.net jamesbotscom-a.akamaihd.net s.cmptch.com dakotaram.com craftprimes.com crossydashcom-a.akamaihd.net partners.cmptch.com clicksapp.net files-js-ext.s3.us-east-2.amazonaws.com smackbolt.com 7rl70013.ibosscloud.com smigro.info umekana.ru captcha.gecirtnotification.com inspect2.gracead.com 10.95.4.38 10.18.6.55 10.95.4.162 m44.prod2016.com clt-v20k3-c.bbtnet.com www.googleapis.com data1.moiziq.com in.masterquizzes.com blocked.syd-1.linewize.net data1.iti-maps.fr 10.225.34.50 trableflick.com nickletto.com cdnjs.cloudflare.com data1.open-dog.com dimagesrc.com 31.13.66.19 jejoro.miyinokejo.com 10.248.8.49 milkpload.net fiendgamers.com singtraff.cool gateway.zscaler.net s3.amazonaws.com proghage.com 10.96.3.147 10.18.6.52 172.29.33.144 10.18.6.87 10.18.6.51 acountscr.cool visualsponline.azurewebsites.net mikkiload.com poligloteapp.org 10.48.61.53 appprint.biz accessdenied.pnc.com 31.13.65.7 m55.prod2016.com ruzozi.locixugoro.com higedev.cool secure.myshopcouponmac.com auctioneer.50million.club secure.mycouponsmartmac.com nextextlink.com fuhupo.lohuwomenu.com vezowi.rakiwoxori.com data1.bevuak.com www.amazon.com mirextpro.com icelandsue.com clipsold.com pulseadnetwork.com 10.10.4.168 bam-cell.nr-data.net sdk.helloextend.com s.dcbap.com a.apiywc.net cdn.optitc.com fidoapi.com minisrclink.cool 10.105.1.10 gateway.zscalerone.net closiner.com 7vnsr60001.ibosscloud.com promlinkdev.com 10.50.50.4 www.myregistry.com roxlock.com scrprime.com kifkofcom-a.akamaihd.net shopstorys.com s3-us-west-2.amazonaws.com www.clipix.com dowlextff.com cdn.mathjax.org floatingplayer.com payperclickadz.com image.uc.cn slothhangoutcom-a.akamaihd.net ads.creative-serving.com bible.logos.com 7896543.s3.amazonaws.com blipznchitzcom-a.akamaihd.net employeewebaccess.tempe.gov static.regsvcs.theknot.com zeb-v20k1-c.bbtnet.com blinkloide.com ccc-01-ws04 d.impactradius-event.com boxclone.com veronamile.com g.microsoft.com cdn-ads.google-analytics.com mabydick.com 10.129.6.12 westtank.net static.zdassets.com widget-mediator.zopim.com services.listrak.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com cdn.listrakbi.com static.olark.com maxcdn.bootstrapcdn.com cdn.honey.io pwm-image.trendmicro.com gateway.zscloud.net *.affirm.com www.gstatic.com translate.googleapis.com fast.fonts.net use.fontawesome.com gateway.zscalertwo.net s.cmptch.com hello.myfonts.net stackpath.bootstrapcdn.com data: www.toolnut.com logos.formetocoupon.com cdnjs.cloudflare.com tool-bcg.bwe.io 'self' 'unsafe-inline'; object-src div.show noop.style object.center partners.cmptch.com 'self' 'unsafe-inline'; media-src static.olark.com data: ssl.gstatic.com gateway.zscloud.net static.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src https://imgs.signifyd.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://static.klaviyo.com https://fast.a.klaviyo.com *.affirm.com knrpc.olark.com trc-events.taboola.com www.google-analytics.com stats.g.doubleclick.net bam.nr-data.net bat.bing.com www.google.com monitor.clickcease.com api.rollbar.com www.facebook.com subwayblaze.com ssl.kaptcha.com js.authorize.net trc.taboola.com api2.authorize.net m59.prod2016.com cdncache-a.akamaihd.net sovetnik.market.yandex.ru data: m35.prod2016.com dasfelynsaterr.webcam 1986635568.rsc.cdn77.org luxins.net localhost dealctr.com translate.googleapis.com m98.prod2016.com www.flipkart.com nf44a9pati.execute-api.us-west-2.amazonaws.com s.yimg.com 10.50.50.4 tm.filter fp1104.digitaloptout.com hm.baidu.com smigro.info m44.prod2016.com b.1p1eqpotato.com log.pinterest.com fiendgamers.com 127.0.0.1 p.extfun.com sf-helper.com dc.services.visualstudio.com 11637314617.rsc.cdn77.org m55.prod2016.com www.toolnut.com fp166.digitaloptout.com code.jquery.com catds.net saltoffer.google-analytics.com jsmeter.google-analytics.com randomgamezone.com cdn-ads.google-analytics.com bam-cell.nr-data.net api.helloextend.com www.nomoreads.pro www.festoolproducts.com savingsslider-a.akamaihd.net vimeo.com az.nmgplatform.com ajax.googleapis.com service.nservices.space floatingplayer.com uc.gre utp.ucweb.com track.uc.cn utp-dmp.ucweb.com stickyid-a.akamaihd.net 1637314617.rsc.cdn77.org polkadot.js.org sdk.helloextend.com steganos-api.ciuvo.com thetoolnut.sjv.io t1.taboola.com t2.taboola.com t3.taboola.com t4.taboola.com t5.taboola.com t6.taboola.com t7.taboola.com t8.taboola.com pips.taboola.com cds.taboola.com lawiersenadrey.webcam saltcdn2.facebook.com www.paypal.com ekr.zdassets.com toolnutcsd.zendesk.com widget-mediator.zopim.com adservice.google.com bt.signifyd.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri www.google.com fonts.googleapis.com 'self' 'unsafe-inline'; 2
font-src *.byredo.com *.cloudflare.com *.googleapis.com *.gstatic.com js.klevu.com *.trustedshops.com *.twimg.com *.twitter.com *.typekit.net *.fontawesome.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.facebook.com *.twitter.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.facebook.com *.hotjar.com *.twitter.com player.vimeo.com cdn.dnky.co webchat.dotdigital.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.adyen.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.bing.com *.byredo.com *.cloudflare.com 'self' data: *.facebook.com *.google.com *.google-analytics.com *.googleadservices.com *.google.fr www.googletagmanager.com *.klarna.com js.klevu.com *.lightemporium.com *.paypal.com *.teads.tv *.twimg.com *.twitter.com *.usercentrics.eu *.ytimg.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com *.vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com *.adyen.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.bing.com *.byredo.com *.cloudflare.com static.cloudflareinsights.com cdn.cookielaw.org *.doubleclick.net *.facebook.net *.fontawesome.com g1782759015.co g4754024040.co *.google.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.hotjar.com js.klevu.com js-agent.newrelic.com bam.nr-data.net geolocation.onetrust.com *.scarabresearch.com *.scaleflex.it *.teads.tv *.trustedshops.com *.twimg.com *.twitter.com *.usercentrics.eu *.zdassets.com *.widget-mediator.zopim.com *.cloudimg.io r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.byredo.com *.cloudflare.com *.fontawesome.com *.googleapis.com *.gstatic.com js.klevu.com *.trustedshops.com *.twimg.com *.twitter.com *.typekit.net *.usercentrics.eu cdn.dnky.co webchat.dotdigital.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.bing.com *.byredo.com *.cloudflare.com cdn.cookielaw.org *.doubleclick.net *.emarsys.net *.facebook.com *.google-analytics.com *.hotjar.com *.hotjar.io *.nr-data.net privacyportal-eu.onetrust.com *.paypal.com *.scarabresearch.com *.twimg.com *.twitter.com *.zdassets.com wss://widget-mediator.zopim.com/ *.zendesk.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self' www.gravatar.com player.vimeo.com *.vimeocdn.com packages.umbraco.org our.umbraco.org *.azurewebsites.net *.bazaarvoice.com;               frame-src 'self' www.gravatar.com player.vimeo.com *.vimeocdn.com packages.umbraco.org our.umbraco.org www.youtube.com www.bing.com *.azurewebsites.net  www.facebook.com www.linkedin.com platform.twitter.com www.youtube.com *.google.com *.doubleclick.net *.adsrvr.org www.youtube-nocookie.com  *.bazaarvoice.com *.hotjar.com *.force.com *.toyotires.com;               connect-src 'self' www.gravatar.com player.vimeo.com *.vimeocdn.com packages.umbraco.org our.umbraco.org  www.youtube.com  *.azurewebsites.net www.google-analytics.com stats.g.doubleclick.net www.bing.com dc.services.visualstudio.com analytics.google.com *.fontawesome.com cdn.cookielaw.org bat.bing.com *.hotjar.com *.onetrust.com wss://*.hotjar.com *.hotjar.io;               script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.aspnetcdn.com  www.googletagmanager.com www.google-analytics.com   connect.facebook.net snap.licdn.com *.twitter.com *.msecnd.net *.azurewebsites.net *.bing.com platform.instagram.com www.youtube.com www.instagram.com  *.google.com www.gstatic.com www.googleadservices.com googleads.g.doubleclick.net *.adsrvr.org *.fontawesome.com woobox.com *.googleapis.com cdn.cookielaw.org *.onetrust.com  *.bazaarvoice.com *.hotjar.com *.moatads.com;               style-src 'self' 'unsafe-inline' fonts.googleapis.com *.typekit.net  *.azurewebsites.net *.bing.com *.fontawesome.com www.toyotires.com cloud.typography.com fast.fonts.net  *.bazaarvoice.com ;         img-src 'self' data: www.gravatar.com umbraco.tv *.googleapis.com *.staticflickr.com www.facebook.com www.google-analytics.com px.ads.linkedin.com match.adsrvr.org t.co  www.google.com *.azurewebsites.net syndication.twitter.com connect.facebook.net bat.bing.com *.doubleclick.net  *.bazaarvoice.com *.toyotires.com rtd.tubemogul.com rtd-tm.everesttech.net *.gstatic.com *.youtube.com *.ytimg.com www.googletagmanager.com *.akamaihd.net *.moatads.com;         font-src 'self' fonts.gstatic.com use.typekit.net data: *.azurewebsites.net *.fontawesome.com ;        frame-ancestors 'self' www.linkedin.com ; 2
font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: fonts.gstatic.com www.mtnfeed.com use.typekit.net cdn.inbenta.io script.hotjar.com summer.mtnfeed.com; style-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.mtnfeed.com cookies.alterramtnco.com sdk.inbenta.io *.omtrdc.net use.typekit.net summer.mtnfeed.com p.typekit.net; img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: aa.agkn.com *.doubleclick.net bam-cell.nr-data.net www.google.com summer.mtnfeed.com www.google-analytics.com bat.bing.com px0.pbbl.co cm.everesttech.net www.pages08.net script.hotjar.com www.facebook.com match.adsrvr.org sp.analytics.yahoo.com www.mtnfeed.com maps.googleapis.com connect.facebook.net cookies.alterramtnco.com cams.winterparkresort.com tag.yieldoptimizer.com dpm.demdex.net cams.mtnfeed.com ik.imagekit.io aws-cdn.inntopia.com; frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.demdex.net api.trustyou.com my.matterport.com camstreamer.com *.doubleclick.net player.vimeo.com cdn.pbbl.co www.youtube.com match.adsrvr.org www.facebook.com insight.adsrvr.org; connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: bam-cell.nr-data.net api.letsway.com bat.bing.com www.google.com in.hotjar.com *.doubleclick.net www.inntopia.travel vc.hotjar.io rum-collector-2.pingdom.net cookies.alterramtnco.com dpm.demdex.net s.yimg.com fonts.gstatic.com api.mapbox.com snowreporting.herokuapp.com www.facebook.com www.google-analytics.com *.omtrdc.net; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: cookies.alterramtnco.com www.googletagmanager.com js.adsrvr.org script.hotjar.com www.youtube.com *.doubleclick.net maps.googleapis.com connect.facebook.net bam-cell.nr-data.net www.google.com tag.yieldoptimizer.com *.omtrdc.net sdk.inbenta.io *.hotjar.com cdn.pbbl.co code.createjs.com bat.bing.com www.google-analytics.com cdn.fuelx.com www.mtnfeed.com rum-static.pingdom.net player.vimeo.com summer.mtnfeed.com s.yimg.com; form-action  www.google.com www.facebook.com; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob:; report-uri /csp_report 2
default-src  https: http:            data:               wss://*.forter.com           'unsafe-inline' 'unsafe-eval';        connect-src  https: http:            wss://*.forter.com;        frame-ancestors 'self'            https: http:           *.czs.org             172.21.2.30            www.chasepaymentechhostedpay.com       object-src  'self';       img-src   'unsafe-eval' 'unsafe-inline'            data:           blob:           *;       font-src  'self'           data: https: http:           *.typekit.net;       script-src  'unsafe-eval' 'unsafe-inline'            blob:           data:           https: http:           'self'              emarketing.activenetwork.com             d8a4d633e88a.cdn0.forter.com d8a4d633e88a.cdn1.forter.com d8a4d633e88a.cdn2.forter.com d8a4d633e88a.cdn3.forter.com              d8a4d633e88a.cdn4.forter.com d8a4d633e88a.cdn5.forter.com d8a4d633e88a.cdn6.forter.com d8a4d633e88a.cdn7.forter.com              d8a4d633e88a.cdn8.forter.com d8a4d633e88a.cdn9.forter.com               kpstat.forter.com:7043               www.google.com              maps.google.com              maps.googleapis.com               ssl.google-analytics.com               www.google-analytics.com               www.gstatic.com                embed.idonate.com               use.typekit.net                               cdn-js.net                cdnjs.cloudflare.com             d35u1vg1q28b3w.cloudfront.net             partners.cmptch.com               static.cmptch.com                         scriptcdn.net                             auctioneer.50million.club                 m.addthis.com                s7.addthis.com                 m.addthisedge.com             lkysearchex3688-a.akamaihd.net                analyticspage.tools                apiurl.org                appsource.cool                countmake.cool                fp166.digitaloptout.com                eluxer.net                mirextpro.com                 z.moatads.com               secure.myshopcouponmac.com                payperclickadz.com               cdn.pmqzads.com                qdatasales.com            widget-prime.rafflecopter.com                srvvtrk.com               pwm-image.trendmicro.com              gateway.zscloud.net;       style-src  'unsafe-eval' 'unsafe-inline'            'self'                accessibility-bookmarklets.org                 emarketing.activenetwork.com                      cdnjs.cloudflare.com               use.fontawesome.com                fonts.googleapis.com                hello.myfonts.net               pwm-image.trendmicro.com;       report-uri   https://bzcsp.report-uri.com/r/d/csp/reportOnly 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: http://img.hirkereso.hu http://gahu.hit.gemius.pl/ http://ls.hit.gemius.pl http://www.idokep.hu https://adservice.google.com https://cse.google.com https://pagead2.googlesyndication.com https://partner.googleadservices.com https://tpc.googlesyndication.com https://www.google-analytics.com https:;report-uri /csp-violation-report-endpoint.php?v=1;report-to csp-endpoint 2
child-src js.stripe.com *.rfihub.com www.facebook.com; connect-src 'self' *.favorengineering.com *.pci-np.favor.dev *.favordelivery.com ct.pinterest.com stats.g.doubleclick.net www.google-analytics.com www.facebook.com api.askfavor.com; frame-src *.rfihub.com js.stripe.com bid.g.doubleclick.net www.facebook.com *.criteo.com *.criteo.net; img-src 'self' amplifypixel.outbrain.com *.favorengineering.com *.pci-np.favor.dev *.favordelivery.com cdn.askfavor.com ct.pinterest.com hexagon-analytics.com pinterest.adsymptotic.com stats.g.doubleclick.net tr.outbrain.com www.facebook.com www.google-analytics.com www.google.com googleads.g.doubleclick.net maps.googleapis.com maps.gstatic.com www.googletagmanager.com api.askfavor.com platform-lookaside.fbsbx.com *.criteo.net pingclock.net graph.facebook.com data:; script-src-elem 'self' 'unsafe-inline' *.pci.favor.dev *.favorengineering.com *.pci-np.favor.dev *.rfihub.com *.rfihub.net amplify.outbrain.com cdn.siftscience.com www.google.com web.btncdn.com connect.facebook.net googleads.g.doubleclick.net js.stripe.com maps.googleapis.com s.pinimg.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com *.criteo.com *.criteo.net app.link cdn.branch.io; script-src 'self' 'unsafe-eval' *.favorengineering.com *.pci.favor.dev *.pci-np.favor.dev cdn.siftscience.com js.stripe.com maps.googleapis.com www.google.com web.btncdn.com 'unsafe-inline' *.rfihub.com amplify.outbrain.com connect.facebook.net googleads.g.doubleclick.net s.pinimg.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com *.criteo.com *.criteo.net *.rfihub.net app.link; style-src-attr 'unsafe-inline' fonts.googleapis.com; style-src-elem 'unsafe-inline' cloud.typography.com web-assets.favordelivery.com 'self' fonts.googleapis.com; style-src 'unsafe-eval' 'unsafe-inline' cloud.typography.com 'self' web-assets.favordelivery.com fonts.googleapis.com; form-action www.facebook.com favordelivery.com; default-src 'self' 'unsafe-eval' 'unsafe-inline' *.rfihub.com amplify.outbrain.com amplifypixel.outbrain.com *.favordelivery.com *.favorengineering.com *.pci-np.favor.dev bid.g.doubleclick.net cdn.askfavor.com cdn.siftscience.com cloud.typography.com connect.facebook.net ct.pinterest.com googleads.g.doubleclick.net hexagon-analytics.com js.stripe.com maps.googleapis.com s.pinimg.com tr.outbrain.com www.facebook.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com fonts.gstatic.com; font-src 'self' data: fonts.gstatic.com; manifest-src 'self'; script-src-attr 'unsafe-inline'; report-uri https://favor.report-uri.com/r/t/csp/wizard 2
frame-ancestors 'none'; base-uri 'none'; default-src 'none'; object-src 'self'; media-src 'self'; connect-src 'self' https://www.google-analytics.com https://api-adresse.data.gouv.fr https://grenoblealpesmetropole.matomo.cloud; img-src https: data:; frame-src https:; form-action 'self' https://harpe.grenoble.fr; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'; font-src https: data:; report-uri /include/csp.php 2
font-src fonts.googleapis.com fonts.gstatic.com https://cdn.socialannex.com/ *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.sfdcstatic.com *.socialannex.com *.script.hotjar.com https://script.hotjar.com/font-hotjar_5.65042d.woff2 https://script.hotjar.com/font-hotjar_5.0ddfe2.ttf https://script.hotjar.com/font-hotjar_5.17b429.woff 'self' data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net *.twitter.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.googletagmanager.com *.twitter.com *.google.com https://service.force.com/ https://vars.hotjar.com/ https://www.chasepaymentechhostedpay-var.com/ https://directory.scouting.org/ http://directory.scouting.org/ 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' blob: data: maps.googleapis.com maps.gstatic.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.yotpo.com *.mediafiles.scoutshop.org *.cdn.socialannex.com *.widgets.magentocommerce.com https://cdnazure-socialannexinc.netdna-ssl.com https://mediafiles.scoutshop.org/ https://cdn.socialannex.com https://www.facebook.com http://cdn.socialannex.com/custom_images/9991741/UVGD7L_logo.png http://cdn.socialannex.com/custom_images/1122330/N5C7XG_VZW1WW_close.png *.google.com *.scoutshop.org *.google.co.in *.googletagmanager.com https://a.klaviyo.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com www.googletagmanager.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com http://s23.socialannex.com/ https://cdn.socialannex.com/ http://cdn.socialannex.com/ https://c1.socialannex.com/ *.cloudflare.com *.twitter.com *.google-analytics.com *.google.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.connect.facebook.net *.service.force.com *.cdn.nextopia.net *.cdn.socialannex.com *.salesforceliveagent.com *.code.jquery.com https://service.force.com https://service.force.com/embeddedservice/5.0/esw.min.js https://cdn.nextopia.net/nxt-app/fca482e10d6c3e13d7748571d09f15d2.js https://cdn.nextopia.net/nxt-app/2515ea380310e97ec5b1c6947a2a0670.js https://service.force.com/embeddedservice/5.0/client/liveagent.esw.min.js https://cdn.socialannex.com/partner/1122331/universal.js http://cdn.socialannex.com/partner/1122331/sas22CustomVC.js http://cdn.socialannex.com/s22/templatebase/s22-all.js http://cdn.socialannex.com/s22/templatebase/s22-vanilla-slider.js https://service.force.com/embeddedservice/5.0/client/invite.esw.min.js http://code.jquery.com/jquery-migrate-1.4.1.min.js https://cdn.socialannex.com/s22/s22-smarty-template-engine.js http://cdn.socialannex.com/s22/templatebase/s22-bxslider.js https://cdn.socialannex.com/s22/s22-acmc.js http://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net/en_US/fbevents.js *.s23.socialannex.com http://s23.socialannex.com/v4/js/s23-main-curl.js https://s23.socialannex.com/v4/js/s23-main-curl.js http://cdn.socialannex.com/s23/v4/mustache.js http://cdn.socialannex.com/s28/v2.0/s28-starrating-lib.js https://cdn.socialannex.com/s28/v2.0/s28-starrating-lib.js http://cdn.socialannex.com/partner/1122331/sas28CustomRAR.js https://cdn.socialannex.com/partner/1122331/sas28CustomRAR.js http://cdn.socialannex.com/s28/v2.0/s28-reviewrating.js *.static.hotjar.com/ https://script.hotjar.com/modules.901d255c60be478c0407.js *.googletagmanager.com https://stats.g.doubleclick.net/ https://www.googletagmanager.com/gtm.js https://script.hotjar.com/incoming-feedback.573ff3cea08d248d8964.js *.gtm.js *.googleoptimize.com *.newrelic.com/ bam-cell.nr-data.net https://static.klaviyo.com https://fast.a.klaviyo.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com https://cdn.socialannex.com/ *.cloudflare.com *.googleapis.com *.google.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.socialannex.com https://service.force.com *.nextopia.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.mediafiles.scoutshop.org https://mediafiles.scoutshop.org/Media/video_scouttalk_sbsa_1920x1080.mp4 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src https://s23.socialannex.com/ *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.socialannex.com *.analytics.js *.google-analytics.com *.stats.g.doubleclick.net https://stats.g.doubleclick.net https://script.hotjar.com/modules.901d255c60be478c0407.js bam-cell.nr-data.net in.hotjar.com https://fast.a.klaviyo.com https://static.klaviyo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'eval' https://www.google.com http://www.google-analytics.com https://cse.google.com https://translate.googleapis.com; script-src-elem 'self' 'unsafe-inline' http://www.google-analytics.com https://cse.google.com https://www.google.com https://connect.facebook.net; script-src-attr 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com; style-src-attr 'self' 'unsafe-inline'; img-src 'self' 'data' https:; font-src 'self' 'data' https://fonts.gstatic.com; connect-src 'self'; media-src 'self' 'data'; object-src 'self'; prefetch-src 'self'; child-src 'self'; frame-src 'self' https://www.fotw.info; worker-src 'self'; frame-ancestors 'self'; form-action 'self' https://www.google.com; base-uri 'self'; manifest-src 'self'; report-uri https://fotw.report-uri.com/r/d/csp/reportOnly 2
default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss:; media-src https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.db.no/csp 2
font-src fonts.googleapis.com fonts.gstatic.com https://cdn.checkout.com https://www.gstatic.com https://fonts.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.nosto.com *.nos.to 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com https://js.checkout.com *.klarna.com https://www.google.com *.nosto.com *.nos.to *.weltpixel.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com data: maps.googleapis.com maps.gstatic.com *.nosto.com *.nos.to *.gstatic.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com https://cdn.checkout.com *.klarnacdn.net https://www.google.com https://www.gstatic.com *.nosto.com *.nos.to https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com https://cdn.checkout.com *.nosto.com *.nos.to tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://js.checkout.com *.klarnaevt.com *.nosto.com *.nos.to https://www.google-analytics.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
script-src 'self' 'unsafe-eval' 'unsafe-inline' data: 'self' blob: www.google-analytics.com www.googletagmanager.com ajax.googleapis.com www.google.com js.klevu.com www.gstatic.com *.cloudmaestro.com www.googleadservices.com googleads.g.doubleclick.net r2-t.trackedlink.net static.hotjar.com dev.visualwebsiteoptimizer.com wchat.freshchat.com staticw2.yotpo.com browser-update.org script.hotjar.com dev.visualwebsiteoptimizer.com js-agent.newrelic.com bam-cell.nr-data.net connect.facebook.net; report-uri /.webscale/csp-report 2
font-src fonts.googleapis.com fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com *.sagepay.com *.fontawesome.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; form-action https://www.facebook.com/ https://*.realexpayments.com/ *.sagepay.com *.nosto.com *.nos.to 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src www.paypal.com www.sandbox.paypal.com https://lgpc.prismic.io https://vars.hotjar.com/ https://s7.addthis.com https://www.youtube.com https://www.facebook.com/ https://*.realexpayments.com/ cdn.dnky.co webchat.dotdigital.com *.sagepay.com account.fetchify.com *.nosto.com *.nos.to *.weltpixel.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com maps.googleapis.com maps.gstatic.com https://images.prismic.io/lgpc/ data: https://bat.bing.com/ https://www.facebook.com https://*.pinterest.com/ https://www.google-analytics.com https://www.google.com https://www.google.co.uk https://snapppt.com/ https://*.snapppt.com/ https://maps.googleapis.com/ https://images.prismic.io/ https://prismic-io.s3.amazonaws.com/ *.paypal.com *.sagepay.com *.nosto.com *.nos.to *.gstatic.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com https://static.cdn.prismic.io https://prismic.io https://cdnjs.cloudflare.com https://use.fontawesome.com https://*.hotjar.com/ https://connect.facebook.net/ https://s.pinimg.com/ https://bat.bing.com/ https://snapppt.com/ https://*.snapppt.com/ https://maps.googleapis.com/ https://js.intercomcdn.com/ https://s7.addthis.com https://api-public.addthis.com https://v1.addthisedge.com https://m.addthis.com https://z.moatads.com/ https://widget.intercom.io https://widgets.pinterest.com https://assets.pinterest.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.gstatic.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com *.sagepay.com *.nosto.com *.nos.to https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com/ https://cdnjs.cloudflare.com cdn.dnky.co webchat.dotdigital.com *.sagepay.com cc-cdn.com *.fontawesome.com maxcdn.bootstrapcdn.com *.nosto.com *.nos.to tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src https://*.hotjar.com/ https://*.pinterest.com/ https://www.google-analytics.com https://stats.g.doubleclick.net https://lg-gb.lgpcm2.ctidev https://snapppt.com/ https://*.snapppt.com/ https://maps.googleapis.com/ https://api-iam.intercom.io/ https://api.craftyclicks.co.uk/ https://*.addthis.com/ https://www.facebook.com/ wss://nexus-websocket-a.intercom.io r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com *.paypal.com *.sagepay.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk *.nosto.com *.nos.to 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
block-all-mixed-content; report-uri https://events.ocdn.eu/v2/csp-report?_ac=events&_fv=www.onet.pl::BPROD_3_0_REST 2
script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: cdnjs.cloudflare.com pi.pardot.com static.addtoany.com go.altusgroup.com bat.bing.com www.googleadservices.com maps.googleapis.com www.google-analytics.com app.purechat.com www.google.com altusgroup.com static.hotjar.com fast.wistia.com www.googletagmanager.com *.doubleclick.net www.altusgroup.com www.gstatic.com; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob:; frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: form.123formbuilder.com go.altusgroup.com vars.hotjar.com *.doubleclick.net static.addtoany.com www.google.com; style-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: altusgroup.com fonts.googleapis.com www.altusgroup.com; form-action  www.altusgroup.com; font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.altusgroup.com fonts.gstatic.com; object-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: embedwistia-a.akamaihd.net embed-fastly.wistia.com; img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: embedwistia-a.akamaihd.net www.google-analytics.com px.ads.linkedin.com www.altusgroup.com maps.gstatic.com altuscrm.agencypilot.com www.google.com api.purechat.com www.google.ca *.doubleclick.net embed-fastly.wistia.com fast.wistia.com maps.googleapis.com analytics.google.com bat.bing.com altusgroup.com; connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: in.hotjar.com www.google.ca embedwistia-a.akamaihd.net fg8vvsvnieiv3ej16jby.litix.io api.purechat.com www.google.com px.ads.linkedin.com analytics.google.com checkin.purechat.com bat.bing.com embed-fastly.wistia.com *.doubleclick.net; media-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: embed-fastly.wistia.com embedwistia-a.akamaihd.net; report-uri /csp_report 2
default-src https:; script-src 'unsafe-inline' https:; style-src 'unsafe-inline' https:; object-src 'none'; img-src 'self' data: https:; font-src data: https:; frame-ancestors 'none'; block-all-mixed-content; report-uri https://lingvist.report-uri.com/r/d/csp/reportOnly 2
frame-ancestors 'self';block-all-mixed-content;default-src 'self' https://78pcutwecmy.typeform.com;script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' data: https://maps.google.com https://maps.googleapis.com https://cdnjs.cloudflare.com https://78pcutwecmy.typeform.com https://apis.google.com;style-src 'self' 'report-sample' 'unsafe-inline' cdnjs.cloudflare.com secure.gravatar.com fonts.googleapis.com;object-src 'none';frame-src 'self' https://player.vimeo.com maps.googleapis.com maps.google.com https://78pcutwecmy.typeform.com *.vimeo.com www.googletagmanager.com;child-src 'self' vimeo.com *.vimeo.com www.googletagmanager.com;img-src 'self' data: blob: *.ggpht.com www.gstatic.com maps.gstatic.com maps.google.com *.googleapis.com cdnjs.cloudflare.com *.likewize.com analytics.google.com www.google.com ssl.google-analytics.com www.google-analytics.com likewize.com *.vimeo.com *.vimeocdn.com *.gravatar.com www.googletagmanager.com fonts.gstatic.com;font-src 'self' data: cdnjs.cloudflare.com fonts.googleapis.com fonts.gstatic.com;connect-src 'self' maps.google.com maps.googleapis.com cdnjs.cloudflare.com https://78pcutwecmy.typeform.com about: analytics.google.com ampcid.google.com stats.g.doubleclick.net www.google-analytics.com vimeo.com *.gravatar.com www.googletagmanager.com fonts.gstatic.com fonts.googleapis.com;manifest-src 'self';base-uri 'self';form-action 'self' https://78pcutwecmy.typeform.com;media-src 'self' vimeo.com *.vimeo.com;prefetch-src 'self';worker-src 'self';report-uri https://gate.rapidsec.net/g/r/csp/c312a515-0bfa-4943-b6d1-fd3854d1575e/0/21/-1?sdkv=1.2.8-beta_agent-wordpress&sct=f02cab6e-5f8c-4373-a5e6-43ab597dfb40&dpos=report; 2
font-src *.gstatic.com *.feefo.com *.klevu.com 'self' data: *.doubleclick.net *.googleapis.com *.google-analytics.com *.googleadservices.com *.sagepay.com https://test.sagepay.com https://live.sagepay.com pi-test.sagepay.com pi-live.sagepay.com *.newrelic.com *.data.net *.nr-data.net *.facebook.com *.bing.com *.googletagmanager.com *.ksearchnet.com *.google.co.in *.google.co.uk *.google.com *.myfonts.net *.yotpo.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.feefo.com *.doubleclick.net *.googleapis.com *.google-analytics.com *.googleadservices.com *.sagepay.com https://test.sagepay.com https://live.sagepay.com pi-test.sagepay.com pi-live.sagepay.com *.facebook.com *.bing.com *.googletagmanager.com *.ksearchnet.com *.google.co.in *.google.co.uk *.google.com https://store.plumrocket.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com player.vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.feefo.com *.issuu.com *.pcapredict.com *.addthis.com *.addthisedge.com *.moatads.com *.doubleclick.net *.googleapis.com *.google-analytics.com *.googleadservices.com *.paypal.com *.paypalobjects.com *.sagepay.com https://test.sagepay.com https://live.sagepay.com pi-test.sagepay.com pi-live.sagepay.com *.newrelic.com *.data.net *.nr-data.net *.dwin1.com *.awin1.com *.zenaps.com *.sciencebehindecommerce.com *.facebook.com *.bing.com *.googletagmanager.com *.ksearchnet.com *.google.co.in *.google.co.uk *.google.com r1.dotdigital-pages.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com https://store.plumrocket.com *.wesupply.xyz *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de 'self' data: *.feefo.com *.klevu.com *.postcodeanywhere.co.uk *.doubleclick.net *.googleapis.com *.google-analytics.com *.googleadservices.com *.paypal.com *.paypalobjects.com *.sagepay.com https://test.sagepay.com https://live.sagepay.com pi-test.sagepay.com pi-live.sagepay.com *.newrelic.com *.data.net *.nr-data.net *.dwin1.com *.awin1.com *.zenaps.com *.sciencebehindecommerce.com *.google.co.in *.google.co.uk *.google.com *.facebook.com *.bing.com *.googletagmanager.com *.ksearchnet.com *.traidcraftshop.co.uk *.t.co *.gstatic.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.googletagmanager.com *.feefo.com *.klevu.com *.issuu.com *.pcapredict.com *.addthis.com *.addthisedge.com *.moatads.com *.postcodeanywhere.co.uk *.doubleclick.net *.googleapis.com *.google-analytics.com *.googleadservices.com *.paypal.com *.paypalobjects.com *.sagepay.com https://test.sagepay.com https://live.sagepay.com pi-test.sagepay.com pi-live.sagepay.com *.dwin1.com *.newrelic.com *.data.net *.nr-data.net *.awin1.com *.zenaps.com *.sciencebehindecommerce.com *.facebook.com *.bing.com *.ksearchnet.com *.google.co.in *.google.co.uk *.google.com *.twitter.com *.ads-twitter.com r1.dotdigital-pages.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.feefo.com *.klevu.com *.postcodeanywhere.co.uk *.doubleclick.net *.googleapis.com *.google-analytics.com *.googleadservices.com *.paypal.com *.paypalobjects.com *.sagepay.com https://test.sagepay.com https://live.sagepay.com pi-test.sagepay.com pi-live.sagepay.com *.facebook.com *.bing.com *.googletagmanager.com *.ksearchnet.com *.google.co.in *.google.co.uk *.google.com *.myfonts.net cdn.dnky.co webchat.dotdigital.com tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.feefo.com *.addthis.com *.addthisedge.com *.moatads.com *.postcodeanywhere.co.uk *.doubleclick.net *.googleapis.com *.google-analytics.com *.googleadservices.com *.paypal.com *.paypalobjects.com *.sagepay.com https://test.sagepay.com https://live.sagepay.com pi-test.sagepay.com pi-live.sagepay.com *.newrelic.com *.data.net *.nr-data.net *.dwin1.com *.awin1.com *.zenaps.com *.sciencebehindecommerce.com *.facebook.com *.bing.com *.googletagmanager.com *.ksearchnet.com *.google.co.in *.google.co.uk *.google.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com https://www.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src js.playground.klarna.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://chat.finuslugi.ru https://connect.facebook.net https://www.facebook.com https://vk.com https://top-fwz1.mail.ru https://px.adhigh.net https://finuslugi.inguru.ru https://iframe.inguru.ru https://cdn.amplitude.com https://www.google-analytics.com https://optimize.google.com https://mc.yandex.ru https://mc.yandex.com https://mc.yandex.az https://mc.yandex.by https://mc.yandex.co.il https://mc.yandex.com.am https://mc.yandex.com.ge https://mc.yandex.com.tr https://mc.yandex.ee https://mc.yandex.fr https://mc.yandex.kg https://mc.yandex.kz https://mc.yandex.lt https://mc.yandex.lv https://mc.yandex.md https://mc.yandex.tj https://mc.yandex.tm https://mc.yandex.ua https://mc.yandex.uz https://yastatic.net https://mc.webvisor.com https://mc.webvisor.org https://www.gstatic.com https://www.googletagmanager.com https://tagmanager.google.com;connect-src 'self' https://chat.finuslugi.ru wss://chat.finuslugi.ru https://top-fwz1.mail.ru https://px.adhigh.net https://rexc.moex.com https://api.finuslugi.ru https://lk.finuslugi.ru https://assets.finuslugi.ru https://www.moex.com api.amplitude.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://mc.yandex.ru https://mc.yandex.com;img-src 'self' data: https://vk.com https://www.facebook.com https://11143639.fls.doubleclick.net https://assets.finuslugi.ru https://liknot.ru https://www.workle.ru https://www.google.ru https://www.google.com https://www.google-analytics.com www.google-analytics.com https://optimize.google.com https://stats.g.doubleclick.net https://mc.yandex.ru https://mc.yandex.com https://www.googletagmanager.com www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com;style-src 'self' 'unsafe-inline' https://chat.finuslugi.ru https://tagmanager.google.com https://optimize.google.com https://fonts.googleapis.com;font-src 'self' data: https://fonts.gstatic.com;media-src 'self';child-src 'self' blob: https://mc.yandex.ru https://mc.yandex.com https://mc.yandex.az https://mc.yandex.by https://mc.yandex.co.il https://mc.yandex.com.am https://mc.yandex.com.ge https://mc.yandex.com.tr https://mc.yandex.ee https://mc.yandex.fr https://mc.yandex.kg https://mc.yandex.kz https://mc.yandex.lt https://mc.yandex.lv https://mc.yandex.md https://mc.yandex.tj https://mc.yandex.tm https://mc.yandex.ua https://mc.yandex.uz;frame-src blob: https://11143639.fls.doubleclick.net https://finuslugi.inguru.ru https://iframe.inguru.ru https://optimize.google.com https://www.youtube.com https://mc.yandex.ru https://mc.yandex.com https://mc.yandex.az https://mc.yandex.by https://mc.yandex.co.il https://mc.yandex.com.am https://mc.yandex.com.ge https://mc.yandex.com.tr https://mc.yandex.ee https://mc.yandex.fr https://mc.yandex.kg https://mc.yandex.kz https://mc.yandex.lt https://mc.yandex.lv https://mc.yandex.md https://mc.yandex.tj https://mc.yandex.tm https://mc.yandex.ua https://mc.yandex.uz;base-uri 'self';form-action 'self';manifest-src 'self';worker-src 'self';report-uri https://rexc.moex.com; 2
default-src 'self'; script-src 'self' 'unsafe-inline' https://fast.wistia.com https://fast.wistia.net https://get.zerofox.com/js/forms2/js/forms2.min.js https://googleads.g.doubleclick.net/pagead/viewthroughconversion/990807316/ https://js.driftt.com/include/1634332500000/bwusbyac3fzw.js https://munchkin.marketo.net/munchkin-beta.js https://script.hotjar.com/modules.a781ddf321f3456bdb6f.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://static.hotjar.com/c/hotjar-423375.js https://www.google-analytics.com/analytics.js https://www.googleadservices.com/pagead/conversion_async.js https://www.googletagmanager.com/gtm.js; style-src 'self' 'unsafe-inline' https://get.zerofox.com https://p.typekit.net https://use.typekit.net; object-src 'none'; base-uri 'self'; connect-src 'self' https://143-dhv-007.mktoresp.com https://distillery.wistia.com https://embedwistia-a.akamaihd.net https://pipedream.wistia.com https://stats.g.doubleclick.net https://www.google-analytics.com; font-src 'self' data: https://fonts.gstatic.com https://use.typekit.net; frame-src 'self' https://get.zerofox.com https://js.driftt.com https://vars.hotjar.com; img-src 'self' data: https://d21y75miwcfqoq.cloudfront.net https://embed-fastly.wistia.com https://embedwistia-a.akamaihd.net https://fast.wistia.com https://fast.wistia.net https://px.ads.linkedin.com https://www.google.com; manifest-src 'self'; media-src 'self'; worker-src 'self'; 2
default-src 'self'; font-src 'self'; img-src 'self'; script-src 'self'; style-src 'self'; worker-src 'self'; child-src 'none'; frame-src 'none'; frame-ancestors 'none'; 2
frame-ancestors 'self'; report-uri https://api.mobilepay.dk/cspreporting/mobilepay-dk 2
font-src maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com https://a.klaviyo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com https://static.klaviyo.com https://fast.a.klaviyo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://static.klaviyo.com https://fast.a.klaviyo.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src fonts.gstatic.com use.typekit.net *.klevu.com *.ksearchnet.com *.fontawesome.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com *.gstatic.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adyen.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com *.trustpilot.com *.weltpixel.com www.xtento.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net p.typekit.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.adyen.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.klevu.com *.ksearchnet.com www.xtento.com cdn.xtento.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net unpkg.com commerce.adobedtm.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com *.adyen.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.klevu.com *.ksearchnet.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com *.trustpilot.com www.xtento.com cdn.xtento.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com getfirebug.com *.klevu.com *.ksearchnet.com *.fontawesome.com *.trustpilot.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net api.magento.com commerce.adobe.io commerce.adobedtm.com commerce.adobedc.net *.adobe.io performance.typekit.net www.sandbox.paypal.com commerce.adobe.net qa-api.magedevteam.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adyen.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de https://geoip-js.com *.klevu.com *.ksearchnet.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self' www.facebook.com web.facebook.com ; manifest-src 'self';  base-uri 'self';  form-action 'self';  font-src 'self' data: ;  frame-ancestors 'self';  object-src 'none'; media-src 'self' ; img-src 'self' blob: data: www.facebook.com cx.atdmt.com ; connect-src 'self' ; prefetch-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' connect.facebook.net www.googletagmanager.com ; style-src 'self' 'unsafe-inline' ; 2
font-src fonts.gstatic.com use.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.klevu.com *.yotpo.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.facebook.com https://store.plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com player.vimeo.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google.com/ *.doubleclick.net *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.trustpilot.com *.youtube.com *.paypal.com *.paypalobjects.com *.usehero.com *.braintreegateway.com *.cardinalcommerce.com *.cookiebot.com *.hotjar.com *.facebook.com *.kaptcha.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com https://store.plumrocket.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net p.typekit.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.trustpilot.com *.nosto.com *.amazonaws.com *.klevu.com *.finance-calculator.co.uk *.paypal.com *.gstatic.com *.google.co.uk *.usehero.com *.bing.com *.postcodeanywhere.co.uk *.googletagmanager.com *.yotpo.com https://www.magezon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net unpkg.com commerce.adobedtm.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com *.google.com/ *.googletagmanager.com *.facebook.net *.doubleclick.net *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.trustpilot.com *.nosto.com *.klevu.com polyfill.io *.finance-calculator.co.uk *.paypal.com *.gstatic.com *.usehero.com *.postcodeanywhere.co.uk *.pcapredict.com *.cardinalcommerce.com *.hotjar.com *.cookiebot.com *.bing.com https://analytics.tiktok.com *.zuko.io *.yotpo.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com getfirebug.com *.googleapis.com *.doubleclick.net cdn.dnky.co webchat.dotdigital.com *.trustpilot.com *.nosto.com *.klevu.com *.finance-calculator.co.uk *.usehero.com *.postcodeanywhere.co.uk *.yotpo.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.usehero.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net api.magento.com commerce.adobe.io commerce.adobedtm.com commerce.adobedc.net *.adobe.io performance.typekit.net commerce.adobe.net qa-api.magedevteam.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.finance-calculator.co.uk *.paypal.com *.nosto.com *.google.com *.braintree-api.com *.braintreegateway.com *.usehero.com *.postcodeanywhere.co.uk *.cardinalcommerce.com *.doubleclick.net *.zuko.io https://analytics.tiktok.com *.hotjar.io *.hotjar.com *.yotpo.com www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'none'; script-src * 'unsafe-inline'; object-src 'self' 'unsafe-inline'; style-src * 'unsafe-inline'; img-src * 'unsafe-inline'; media-src 'self' 'unsafe-inline'; frame-src 'self' 'unsafe-inline'; font-src *; connect-src 'self'; report-uri /report-csp-violation 2
default-src 'self' *.ondernemersplein.kvk.nl *.ondernemersplein.nl *.op.nl; connect-src 'self' *.ondernemersplein.kvk.nl *.flagship.io ariane.abtasty.com sentry.io vc.hotjar.io *.hotjar.com ampcid.google.com ajax.googleapis.com www.google-analytics.com; img-src 'self' data: *.ondernemersplein.kvk.nl *.rvo.nl opendata.nederlandwereldwijd.nl ariane.abtasty.com www.google-analytics.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com www.facebook.com i.ytimg.com; style-src 'self' 'unsafe-inline' *.ondernemersplein.kvk.nl www.gstatic.com fonts.googleapis.com tagmanager.google.com; frame-src 'self' *.ondernemersplein.kvk.nl *.ondernemersplein.nl opendata.ondernemersplein.nl www.youtube.com vars.hotjar.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.ondernemersplein.kvk.nl www.google-analytics.com www.googletagmanager.com www.gstatic.com *.flagship.io ariane.abtasty.com static.hotjar.com script.hotjar.com www.youtube.com s.ytimg.com; report-uri https://sentry.io/api/1234272/security/?sentry_key=f23f8584f25343e3baed391826c1e5ba&sentry_environment=productie 2
default-src 'self' 'unsafe-eval' https://*.sessioncam.com https://d2oh4tlt9mrke9.cloudfront.net ws://*.sessioncam.com wss://*.sessioncam.com; connect-src 'self' https://*.akamaihd.net https://*.akstat.io https://*.demdex.net https://*.go-mpulse.net https://*.sessioncam.com https://d2oh4tlt9mrke9.cloudfront.net https://api.fundpress.io https://api-rel.fundpress.io https://api-uk.kurtosys.app https://assets.adobedtm.com https://cdn.cookielaw.org https://cm.everesttech.net https://www.google-analytics.com https://privacyportal-de.onetrust.com https://search-api.swiftype.com https://smetrics.mandg.com https://stats.g.doubleclick.net; font-src 'self' data: https://api.fundpress.io https://fonts.gstatic.com; form-action 'self'; frame-ancestors 'self' https://www.mymandg.co.uk https://*.pru.co.uk; frame-src 'self' https://*.demdex.net https://www.brighttalk.com https://digitalsecure.mandg.com https://www.google.com https://irpages2.equitystory.com https://insight.adsrvr.org https://match.adsrvr.org https://mandg.fidainformatica.it https://mandg.videomarketingplatform.co https://recaptcha.google.com https://view.ceros.com https://www.youtube-nocookie.com https://www1.pru.co.uk; img-src 'self' data: https://*.akstat.io https://*.demdex.net https://*.sessioncam.com https://ad.doubleclick.net https://api.fundpress.io https://api-rel.fundpress.io https://api-uk.kurtosys.app https://adservice.google.com https://assets.adobedtm.com https://cm.everesttech.net https://www.google.com https://www.google.co.uk https://www.google-analytics.com https://i.ytimg.com https://smetrics.mandg.com https://ttcontacts.com https://797110.global.siteimproveanalytics.io; media-src blob: https://mandg.videomarketingplatform.co; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.demdex.net https://*.go-mpulse.net https://d2oh4tlt9mrke9.cloudfront.net https://assets.adobedtm.com https://api.fundpress.io https://cdn.cookielaw.org https://cm.everesttech.net https://geolocation.onetrust.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://js.adsrvr.org; script-src-elem 'self' 'unsafe-inline' https://*.demdex.net https://*.go-mpulse.net https://d2oh4tlt9mrke9.cloudfront.net https://api.fundpress.io https://api-rel.fundpress.io https://api-uk.kurtosys.app https://assets.adobedtm.com https://www.brighttalk.com https://cdn.cookielaw.org https://cm.everesttech.net https://geolocation.onetrust.com https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.gstatic.com https://js.adsrvr.org https://report.23video.com https://siteimproveanalytics.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com; base-uri 'self' 2
object-src 'none'; font-src https: data:; default-src https: 'unsafe-eval' 'unsafe-inline'; report-uri https://hfo1.report-uri.com/r/d/csp/enforce; 2
child-src 'self'; connect-src 'self' http://*.g.doubleclick.net http://*.google-analytics.com http://*.google.com http://*.hotjar.com http://*.prfct.co http://*.sqreen.io http://heapanalytics.com https://*.ads.linkedin.com https://*.akamaihd.net https://*.amplitude.com https://*.cloudflare.com https://*.contentful.com https://*.delighted.com https://*.facebook.com https://*.fullstory.com https://*.g.doubleclick.net https://*.getsentry.com https://*.githubusercontent.com https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.herokuapp.com https://*.hotjar.com https://*.hotjar.com:12443 https://*.intercom.io https://*.intercomcdn.com https://*.lever.co https://*.linkedin.com https://*.litix.io https://*.mktoresp.com https://*.prfct.co https://*.recurly.com https://*.reddit.com https://*.segment.io https://*.sqreen.com https://*.sqreen.io https://*.sumo.com https://*.timekit.io https://*.wistia.com https://github.com https://heapanalytics.com https://sumo.com https://twitter.com ws://*.hotjar.com wss://*.appcues.net wss://*.hotjar.com wss://*.intercom.io; default-src 'self'; font-src 'self' chrome-extension: data: http://*.sqreen.io https://*.cloudflare.com https://*.cloudfront.net https://*.googleapis.com https://*.gstatic.com https://*.intercomcdn.com https://*.sqreen.com https://*.sqreen.io https://*.twimg.com https://*.wistia.com https://github.com; frame-src 'self' 'unsafe-inline' http://*.appcues.com http://*.g.doubleclick.net http://*.hotjar.com https://*.akamaihd.net https://*.amazonaws.com https://*.appcues.com https://*.facebook.com https://*.g.doubleclick.net https://*.hotjar.com https://*.recurly.com https://*.sqreen.com https://*.twitter.com https://*.typeform.com https://*.wistia.com https://headway-widget.net ws://*.hotjar.com wss://*.hotjar.com; img-src 'self' data: http://*.adnxs.com http://*.facebook.net http://*.g.doubleclick.net http://*.google-analytics.com http://*.google.com http://*.googleadservices.com http://*.googletagmanager.com http://*.prfct.co http://*.sqreen.io http://heapanalytics.com http://t.co https://*.addthis.com https://*.adnxs.com https://*.ads.linkedin.com https://*.akamaihd.net https://*.amazonaws.com https://*.b-cdn.net https://*.clearbit.com https://*.cloudfront.net https://*.ctfassets.net https://*.facebook.com https://*.facebook.net https://*.fullstory.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.ae https://*.google.be https://*.google.ca https://*.google.ch https://*.google.co.il https://*.google.co.in https://*.google.co.jp https://*.google.co.uk https://*.google.com https://*.google.com.ar https://*.google.com.au https://*.google.com.br https://*.google.com.mx https://*.google.com.ph https://*.google.com.sg https://*.google.com.tw https://*.google.com.ua https://*.google.cz https://*.google.de https://*.google.es https://*.google.fr https://*.google.ie https://*.google.it https://*.google.nl https://*.google.no https://*.google.pl https://*.google.pt https://*.google.se https://*.googleadservices.com https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com https://*.intercomassets.com https://*.intercomcdn.com https://*.linkedin.com https://*.marinsm.com https://*.openx.net https://*.prfct.co https://*.reddit.com https://*.rubiconproject.com https://*.sqreen.com https://*.sqreen.io https://*.sumo.com https://*.twimg.com https://*.twitter.com https://*.univide.com https://*.wistia.com https://*.yahoo.com https://heapanalytics.com https://sqreen-assets.s3-eu-west-1.amazonaws.com https://sumo.com https://t.co https://twitter.com; manifest-src 'self' https://*.sqreen.com; media-src 'self' https://*.akamaihd.net https://*.cloudfront.net https://*.intercomcdn.com https://*.wistia.com; object-src 'self' https://*.akamaihd.net https://*.wistia.com; prefetch-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: http://*.ads-twitter.com http://*.appcues.com http://*.facebook.net http://*.g.doubleclick.net http://*.getdrip.com http://*.google-analytics.com http://*.googleadservices.com http://*.googletagmanager.com http://*.heapanalytics.com http://*.hotjar.com http://*.perfectaudience.com http://*.prfct.co http://*.segment.com http://*.sqreen.io http://heapanalytics.com https://*.ads-twitter.com https://*.ads.linkedin.com https://*.akamaihd.net https://*.amazonaws.com https://*.amplitude.com https://*.appcues.com https://*.b-cdn.net https://*.bufferapp.com https://*.cloudflare.com https://*.cloudfront.net https://*.facebook.net https://*.fullstory.com https://*.g.doubleclick.net https://*.getdrip.com https://*.google-analytics.com https://*.googleadservices.com https://*.googleapis.com https://*.googletagmanager.com https://*.headwayapp.co https://*.heapanalytics.com https://*.herokuapp.com https://*.hotjar.com https://*.intercom.io https://*.intercomcdn.com https://*.jquery.com https://*.licdn.com https://*.linkedin.com https://*.marketo.net https://*.perfectaudience.com https://*.pinterest.com https://*.prfct.co https://*.recurly.com https://*.reddit.com https://*.redditstatic.com https://*.segment.com https://*.sqreen.com https://*.sqreen.io https://*.sumo.com https://*.timekit.io https://*.twitter.com https://*.typeform.com https://*.wistia.com https://fullstory.com https://heapanalytics.com https://reddit.com https://twitter.com ws://*.hotjar.com wss://*.hotjar.com wss://*.intercom.io; style-src 'self' 'unsafe-inline' http://*.appcues.com http://*.sqreen.io http://heapanalytics.com https://*.amazonaws.com https://*.appcues.com https://*.b-cdn.net https://*.cloudflare.com https://*.cloudfront.net https://*.googleapis.com https://*.sqreen.com https://*.sqreen.io https://*.twitter.com https://heapanalytics.com; worker-src 'self'; report-uri https://reports-api.sqreen.io/browser/v0/csp-violations/f637ed5d-4ac6-441d-a0f5-04c3d7e976c4; 2
font-src *.yotpo.com *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.typekit.net *.klevu.com *.ksearchnet.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.yotpo.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adyen.com *.yotpo.com *.bounceexchange.com *.ada.support *.google.com *.google.com.mt *.google.co.uk *.google.fr *.google.it *.trustpilot.com *.facebook.com *.bulk.com *.studentbeans.com *.doubleclick.net *.zenaps.com *.criteo.net *.criteo.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.adyen.com *.yotpo.com bulk.com *.bulk.com *.google.com *.google.com.mt *.google.co.uk *.google.fr *.google.it *.google.co.in *.facebook.com *.facebook.net *.bouncex.net *.bounceexchange.com *.monetate.net bulkpowders.co.uk *.gstatic.com *.postcodeanywhere.co.uk *.klarnacdn.net *.klarna.com *.zenaps.com *.awin1.com *.atdmt.com *.doubleclick.net *.cooladata.com *.bing.com *.quantserve.com t.co *.klevu.com *.ksearchnet.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com *.adyen.com *.yotpo.com *.monetate.net *.dwin1.com *.facebook.net *.bounceexchange.com *.jetlore.com *.ada.support *.scarabsearch.com *.scarabresearch.com *.g.doubleclick.net *.trustpilot.com *.queue-it.net *.gstatic.com *.newrelic.com *.nr-data.net *.google.com *.pcapredict.com *.klarnacdn.net *.postcodeanywhere.co.uk *.co-buying.com *.studentbeans.com *.zenaps.com *.sciencebehindecommerce.com *.criteo.net *.criteo.com *.cooladata.com *.zendesk.com *.zdassets.com *.bing.com *.quantserve.com *.quantcount.com *.twitter.com *.klevu.com *.ksearchnet.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.yotpo.com *.googleapis.com *.typekit.net *.bounceexchange.com *.postcodeanywhere.co.uk *.klevu.com *.ksearchnet.com 'self' 'unsafe-inline'; object-src *.bulk.com 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adyen.com *.yotpo.com *.ada.support *.google-analytics.com *.g.doubleclick.net *.scarabresearch.com *.logs.datadoghq.com *.bouncex.net *.nr-data.net *.klarnaevt.com *.postcodeanywhere.co.uk *.bulk.com *.sciencebehindecommerce.com *.zdassets.com *.zendesk.com *.klevu.com *.ksearchnet.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de http://app.bronto.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.bronto.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com unsafe-inline *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
report-uri /es/Error/ReportCPS; 2
default-src https: 'unsafe-inline' 2
script-src https://www.endurasport.com https://m.endurasport.com 'unsafe-inline' 'unsafe-eval' data: https://s1.thcdn.com https://s2.thcdn.com https://s3.thcdn.com https://s4.thcdn.com https://static.thgcdn.cn https://tagging.thehut.net https://tag.hut.withcubed.com https://userexperience.thehut.net https://prf.audiencemanager.de https://bat.bing.com https://p.cpx.to https://sslwidget.criteo.com https://static.criteo.net https://widget.us.criteo.com https://widget.eu.criteo.com https://widget.as.criteo.com https://static.doubleclick.net https://www.dwin1.com https://connect.facebook.net https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagservices.com https://www.gstatic.com https://static.hotjar.com https://script.hotjar.com https://*.lpsnmedia.net https://rum-static.pingdom.net https://*.tvsquared.com https://analytics.twitter.com https://platform.twitter.com https://static.ads-twitter.com https://fp.zenaps.com https://seal.digicert.com https://*.liveperson.net https://server.lon.liveperson.net https://lo.v.liveperson.net https://s.pinimg.com https://load.sumome.com https://*.kxcdn.com https://*.trustpilot.com https://www.youtube.com https://s.ytimg.com https://pay.google.com https://googleads.g.doubleclick.net/ https://www.google.co.uk/ https://widget.trustpilot.com/; report-uri https://www.endurasport.com/cspReport.txt; 2
frame-ancestors 'self' account.elama.global new.elama.ru elama.global *.elama.global elama.ru *.elama.ru elama.com.br *.elama.com.br elama.kz *.elama.kz mc.yandex.ru mc.webvisor.com mc.webvisor.org yastatic.net webvisor.com http://webvisor.com metrika.yandex.ru yandex.com yandex.ru *.yandex.com *.yandex.net *.yandex.ru; report-uri https://sn.elama.global/api/26/security/?sentry_key=cf985e6d1e254161bef105622a6e28a4; 2
font-src www.searchanise.com https://cdn.checkout.com *.fontawesome.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.searchanise.com syndication.twitter.com platform.twitter.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com www.searchanise.com platform.twitter.com syndication.twitter.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://js.checkout.com *.klarna.com cdn.dnky.co webchat.dotdigital.com *.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com platform.twitter.com abs.twimg.com pbs.twimg.com ton.twimg.com syndication.twitter.com www.google.com www.google.ru www.searchanise.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com https://redchamps.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com js.authorize.net jstest.authorize.net cdn-scripts.signifyd.com www.youtube.com searchanise-ef84.kxcdn.com s3.amazonaws.com ajax.aspnetcdn.com www.searchanise.com static.searchanise.com api.amplitude.com platform.twitter.com cdn.syndication.twimg.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://cdn.checkout.com *.klarnacdn.net r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com www.searchanise.com searchanise-ef84.kxcdn.com s3.amazonaws.com platform.twitter.com ton.twimg.com https://cdn.checkout.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com api.amplitude.com stats.g.doubleclick.net www.google-analytics.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de https://js.checkout.com *.klarnaevt.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src https:; connect-src https: wss:; font-src https: data:; frame-src https:; img-src https: data:; media-src https:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob:; style-src 'unsafe-inline' https:; report-uri https://www.tarifcheck-partnerprogramm.de//csp-violation-ezmd9dpdxv7nb0ecejb9/ 2
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://ggj3qf05xeualpl0weo7xdrg.httpschecker.net/report 2
default-src 'self'; style-src 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; img-src 'self' data: *; media-src *; frame-src *; connect-src *; font-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes' *.anantara.com *.anantara.com.cn *.avanihotels.com *.avanihotels.com.cn *.minorhotels.com *.minorhotels.com.cn *.naladhu.com *.naladhu.com.cn *.nhcollection-dohavyra.com *.nhcollection-dohavyra.com.cn *.niyama.com *.niyama.com.cn *.oakshotels.com *.oakshotels.com.cn *.tivolihotels.com *.tivolihotels.com.cn world.nh-hotels.com world.nh-hotels.com.cn *.affilired.com *.bing.com *.chinesean.com *.doubleclick.net *.dwin1.com *.facebook.com *.facebook.net *.glopss.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.shareasale.com *.sojern.com *.thehotelsnetwork.com *.tradetracker.net *.trivago.com *.webgains.com *.yahoo.co.jp *.zdassets.com *.zenaps.com *.zendesk.com *.adform.net analytics.tiktok.com az416426.vo.msecnd.net cdn.brand-display.com d.line-scdn.net *.baidu.com fm.ipinyou.com linkcenterus.derbysoftca.com linkcenterus.derbysoftsec.com mc.yandex.ru s.yimg.jp sc-static.net snap.licdn.com stats.ipinyou.com t.2c2p.com t.skyscnr.com tag.yieldoptimizer.com tags.tiqcdn.cn tags.tiqcdn.com tr.brand-display.com widget-mediator.zopim.com www.googleoptimize.com www.tripadvisor.com js.sentry-cdn.com apps.elfsight.com static.tacdn.com cdn.denomatic.com *.bdstatic.com *.addthis.com; report-uri https://minorhotels.report-uri.com/r/t/csp/reportOnly 2
report-uri https://sjc1.qualtrics.com/csp-report 2
default-src 'self' pxlfsn.co www.google-analytics.com maps.googleapis.com ajax.googleapis.com www.google.com google.com gstatic.com www.gstatic.com connect.facebook.net facebook.com; 2
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: 2
default-src 'self';   script-src 'self' 'unsafe-eval' 'unsafe-inline' https://assets.adobedtm.com https://customer.cludo.com https://ds-aksb-a.akamaihd.net https://help.cybonline.co.uk https://googleservices.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://maps.googleapis.com https://www.google.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://fusiontables.google.com https://connect.facebook.net https://www.youtube.com https://s.ytimg.com https://cse.google.com https://www.advanced-web-analytics.com https://platform.twitter.com https://casper.tsbc.com https://healthcheck252.tsbc.com https://t.contentsquare.net https://contentsquare.com https://webapp.woosmap.com https://dispawsusva.inmoment.com https://intercept-client.inmoment.com;   style-src 'self' 'unsafe-inline' https://www.gstatic.com https://fonts.googleapis.com https://www.google.com https://platform.twitter.com https://casper.tsbc.com https://healthcheck252.tsbc.com;   img-src 'self' https: data: ;   font-src 'self' https: ;   connect-src 'self' https://clydesdalebank.tt.omtrdc.net https://clydesdalebank.d3.sc.omtrdc.net https://dpm.demdex.net https://ds-aksb-a.akamaihd.net https://api-eu1.cludo.com https://api.cludo.com https://www.google.com https://www.facebook.com https://www.twitter.com https://www.linkedin.com https://www.youtube.com https://my.cybservices.co.uk https://adservice.google.com https://casper.tsbc.com https://*.contentsquare.net https://api.woosmap.com https://webapp-conf.woosmap.com https://cybg.egain.cloud https://dispawsusva.inmoment.com;   media-src 'self';   object-src 'self';   worker-src 'self' blob:;   child-src 'self' blob:;  frame-src 'self' https://*.cybusinessonline.co.uk https://*.cbonline.co.uk https://*.ybonline.co.uk https://*.cybonline.co.uk https://clydesdalebankplc.demdex.net https://*.fls.doubleclick.net https://www.youtube.com https://bid.g.doubleclick.net https://www.google.com https://assets.adobedtm.com https://player.vimeo.com https://platform.twitter.com https://syndication.twitter.com https://www.youtube-nocookie.com https://healthcheck252.tsbc.com https://www.inmoment.com;   frame-ancestors 'self' https://*.cybusinessonline.co.uk https://*.cbonline.co.uk https://*.ybonline.co.uk https://*.cybonline.co.uk;   report-uri https://cyburi.report-uri.com/r/t/csp/reportOnly; 2
font-src https://stackpath.bootstrapcdn.com https://fonts.gstatic.com https://fonts.googleapis.com *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com accounts.google.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://*.criteo.com https://*.criteo.net *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com https://www.google.com https://googleads.g.doubleclick.net https://assets.braintreegateway.com https://*.kaptcha.com https://vars.hotjar.com https://c.paypal.com https://ez-prints.sjv.io https://target-prints.pxf.io *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de https://*.criteo.com https://c.bing.com https://pixel.rubiconproject.com https://cm.g.doubleclick.net https://secure.adnxs.com https://ads.yahoo.com/ https://*.analytics.yahoo.com https://eb2.3lift.com https://sync.outbrain.com https://r.casalemedia.com https://s.ad.smaato.net https://*.aralego.com https://rtb-csync.smartadserver.com https://simage2.pubmatic.com https://*.taboola.com https://pixel.advertising.com https://us-u.openx.net https://contextual.media.net https://match.sharethrough.com https://ad.360yield.com https://tg.socdm.com https://*.stickyadstv.com https://tags.bluekai.com https://cw.addthis.com https://trends.revcontent.com https://email.traversedlp.com https://idsync.rlcdn.com https://*.dotomi.com https://jadserve.postrelease.com https://match.adsrvr.org https://ade.clmbtech.com https://tapestry.tapad.com https://nep.advangelists.com https://ad.turn.com https://ums.acuityplatform.com https://ad.yieldlab.net https://sync.ad-stir.com https://matching.ivitrack.com https://ads.yieldmo.com https://stats.g.doubleclick.net https://www.google.com https://s3.amazonaws.com https://apps.ezprints.com https://maps.gstatic.com https://bat.bing.com https://maps.googleapis.com/ https://*.stats.paypal.com https://cdn.klarna.com https://c.paypal.com https://ez-prints.sjv.io https://target-prints.pxf.io https://www.ojrq.net https://logs-01.loggly.com https://www.googletagmanager.com https://sca1.listrakbi.com https://s1.listrakbi.com https://fp.listrakbi.com *.gstatic.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com apis.google.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://*.criteo.com https://*.criteo.net *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com https://www.google.com https://www.gstatic.com https://maps.googleapis.com https://www.googletagmanager.com https://bat.bing.com https://ajax.cloudflare.com https://www.googleadservices.com https://*.hotjar.com https://*.paypal.com https://*.braintreegateway.com/ https://d.impactradius-event.com https://cdn.listrakbi.com https://s1.listrakbi.com https://at1.listrakbi.com tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com https://stackpath.bootstrapcdn.com https://fonts.googleapis.com https://cdn.listrakbi.com tagmanager.google.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com https://www.google-analytics.com https://*.sandbox.braintree-api.com https://*.braintree-api.com https://client-analytics.braintreegateway.com https://stats.g.doubleclick.net/ https://*.hotjar.com wss://*.hotjar.com https://www.paypal.com https://ez-prints.sjv.io https://target-prints.pxf.io *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self' https://cdn.consentmanager.mgr.consensu.org https://www.google-analytics.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://cdn.consentmanager.mgr.consensu.org https://consentmanager.mgr.consensu.org https://www.google-analytics.com https://www.googletagmanager.com https://cdn.curator.io;style-src 'self' 'unsafe-inline' https://cdn.consentmanager.mgr.consensu.org https://consentmanager.mgr.consensu.org https://fonts.googleapis.com https://cdn.curator.io;img-src 'self' data: https://consentmanager.mgr.consensu.org https://cdn.consentmanager.mgr.consensu.org https://www.google-analytics.com https://www.google.com/ads/ga-audiences https://www.google.de/ads/ga-audiences https://www.googletagmanager.com https://curator-assets.b-cdn.net https://pbs.twimg.com https://media-exp1.licdn.com https://*.fbcdn.net https://yt3.ggpht.com https://i.ytimg.com;font-src 'self' https://fonts.gstatic.com https://cdn.curator.io;connect-src 'self' https://stats.g.doubleclick.net https://www.google-analytics.com *.cloudfront.net  https://api.curator.io;frame-src https://www.movingimage24.com https://videomanager.movingimage24.com https://irs.tools.investis.com https://e.video-cdn.net;media-src 'self' blob:;report-uri https://jeno.report-uri.com/r/d/csp/enforce 2
font-src fonts.gstatic.com *.fontawesome.com *.bootstrapcdn.com *.gstatic.com *.punchout2go.com 'self' data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.cenpos.net *.cenpos.com *.google.com *.gstatic.com *.cardinalcommerce.com *.salesforce.com 'self' 'unsafe-inline'; frame-ancestors *.schoolhealth.com mcstaging2.schoolhealth.com/ portal.punchout2go.com qa-portal.punchout2go.com dev-portal.punchout2go.com sapportal.ocps.net sapportalqap.ocps.net shop.equallevel.com *.punchout2go.com 'self'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.youtube.com *.cenpos.net *.cenpos.com *.google.com *.gstatic.com *.cardinalcommerce.com cdn.dnky.co webchat.dotdigital.com *.schoolhealth.com *.youtube.com *.punchout2go.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com img.youtube.com maps.googleapis.com maps.gstatic.com *.vimeocdn.com s.ytimg.com *.cenpos.net *.cenpos.com *.schoolhealth.com  *.chartbeat.com *.chartbeat.net *.pages03.net *.unbxdapi.com *.b0e8.com www.google.com *.punchout2go.com 'self' data: blob: 'self' 'unsafe-inline'; script-src assets.adobedtm.com js.authorize.net jstest.authorize.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com maps.googleapis.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.cenpos.com *.cenpos.net *.google.com *.gstatic.com *.cardinalcommerce.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com www.googletagmanager.com ssl.google-analytics.com *.cloudfront.net *.cloudflare.com *.pages03.net *.b0e8.com *.bc0a.com *.addtoany.com *.chartbeat.com *.punchout2go.com *.unbxdapi.com *.unbxd.com *.unbxd.io *.newrelic.com *.nr-data.net data: 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com getfirebug.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com *.bootstrapcdn.com *.punchout2go.com *.googleapis.com *.unbxdapi.com *.unbxd.com *.unbxd.io 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com vimeo.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com *.doubleclick.net www.google-analytics.com *.nr-data.net *.demdex.net *.punchout2go.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self'; block-all-mixed-content; connect-src 'self' wss://de20.zopim.com csi.gstatic.com maps.gstatic.com korrelatie.zendesk.com wss://widget-mediator.zopim.com ekr.zdassets.com veiligthuis.zendesk.com; font-src 'self' fonts.gstatic.com v2.zopim.com; form-action 'self'; img-src 'self' data: www.googletagmanager.com www.google-analytics.com analytics.connectholland.nl v2.zopim.com maps.gstatic.com maps.googleapis.com csi.gstatic.com; media-src static.zdassets.com; script-src 'self' www.googletagmanager.com www.google-analytics.com analytics.connectholland.nl v2.zopim.com maps.googleapis.com pg-ws-ggz.custhelp.com static.zdassets.com 'unsafe-inline' 'sha256-xUQcjHXkAfsqgYPp5eXPEjb+c/CcEfnvUxHuSLGcvrc=' 'sha256-bT1Ymq1WqmR/IVUk/bpwBj+OeadvKW6Z37bJhTu00oY='; style-src 'self' 'unsafe-inline' fonts.googleapis.com pg-ws-ggz.widget.custhelp.com; report-uri https://errors.connectholland.nl/api/228/security/?sentry_key=f6211e7fc77f4d179394bc8d5d4237c7 2
default-src https:; connect-src https: wss:; font-src https: data:; frame-src https:; img-src https: data:; media-src https:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob:; style-src 'unsafe-inline' https:; report-uri https://www.tarifcheck.de//csp-violation-ezmd9dpdxv7nb0ecejb9/ 2
script-src 'self' 'unsafe-eval' https://use.fontawesome.com https://www.googletagmanager.com https://cdn.jsdelivr.net https://static.ctctcdn.com https://translate.googleapis.com; script-src-elem 'self' 'unsafe-inline' translate.google.com www.google.com www.gstatic.com static.ctctcdn.com www.googletagmanager.com cdn.jsdelivr.net www.google-analytics.com translate.googleapis.com bam.nr-data.net js-agent.newrelic.com; style-src 'self' 'unsafe-inline' https://use.fontawesome.com; style-src-elem 'self' 'unsafe-inline' cdn.jsdelivr.net translate.googleapis.com static.ctctcdn.com www.gstatic.com https://use.fontawesome.com; frame-ancestors 'self' 2
default-src 'self'; script-src 'report-sample' 'self' https://js.hs-scripts.com/19644915.js https://rules.quantcount.com/rules-p--xkFm69TQBQDx.js http://ss.sharethis.com/loader.js http://ws.sharethis.com/button/buttons.js https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.16.0/umd/popper.min.js https://connect.facebook.net/en_US/fbevents.js https://diffuser-cdn.app-us1.com/diffuser/diffuser.js https://googleads.g.doubleclick.net/pagead/viewthroughconversion/669924774/ https://js.hs-analytics.net/analytics/1622252400000/19644915.js https://js.hs-banner.com/19644915.js https://js.hsadspixel.net/fb.js https://js.hscollectedforms.net/collectedforms.js https://lptag.liveperson.net/tag/tag.js https://maxcdn.bootstrapcdn.com/bootstrap/4.5.2/js/bootstrap.min.js https://prism.app-us1.com/ https://secure.quantserve.com/quant.js https://ws.sharethis.com/button/async-buttons.js https://www.google-analytics.com/analytics.js https://www.googleadservices.com/pagead/conversion_async.js https://www.googletagmanager.com/gtm.js ; style-src 'report-sample' 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://ws.sharethis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://api.hubapi.com https://forms.hubspot.com https://l.sharethis.com https://stats.g.doubleclick.net https://www.google-analytics.com; font-src 'self'; frame-src 'self' https://bid.g.doubleclick.net https://c.sharethis.mgr.consensu.org https://ws.sharethis.com; img-src 'self' data: https://pixel.quantserve.com https://forms.hsforms.com https://l.sharethis.com https://px.gumgum.com https://track.hubspot.com https://www.facebook.com https://www.google-analytics.com https://www.google.com; manifest-src 'self'; media-src 'self'; worker-src 'none'; 2
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/domain-registry 2
child-src 'self'; connect-src 'self' http://*.pinalove.com http://*.thaifriendly.com https://*.apple.com https://*.facebook.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.nr-data.net https://*.pinalove.com https://*.tenor.com https://*.thaifriendly.com https://*.trackjs.com wss: wss://*.pinalove.com wss://*.thaifriendly.com wss://*.vietnameselove.com; default-src 'self'; font-src 'self' chrome-extension: data: http://*.gstatic.com https://*.gstatic.com; frame-src 'self' https://*.apple.com https://*.facebook.com https://*.g.doubleclick.net https://*.google.com; img-src 'self' blob: data: http://*.gstatic.com http://*.pinalove.com http://*.thaifriendly.com https://*.facebook.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.at https://*.google.be https://*.google.ca https://*.google.ch https://*.google.co.id https://*.google.co.il https://*.google.co.in https://*.google.co.jp https://*.google.co.kr https://*.google.co.nz https://*.google.co.th https://*.google.co.uk https://*.google.com https://*.google.com.au https://*.google.com.my https://*.google.com.ph https://*.google.com.sg https://*.google.com.tr https://*.google.de https://*.google.dk https://*.google.dz https://*.google.es https://*.google.fi https://*.google.fr https://*.google.gr https://*.google.ie https://*.google.it https://*.google.nl https://*.google.no https://*.google.pl https://*.google.ru https://*.google.se https://*.google.si https://*.googleapis.com https://*.gstatic.com https://*.nr-data.net https://*.pinalove.com https://*.tenor.com https://*.thaifriendly.com https://*.trackjs.com https://pinalove.com https://thaifriendly.com https://vietnameselove.com wss://*.pinalove.com wss://*.thaifriendly.com; manifest-src 'self' http://*.thaifriendly.com https://*.thaifriendly.com wss://*.thaifriendly.com; media-src 'self' data:; object-src 'none'; 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.2checkout.com https://*.apple.com https://*.facebook.net https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.newrelic.com https://*.nr-data.net https://*.trackjs.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.yahooapis.com; worker-src 'self' blob:; prefetch-src 'self'; report-uri https://reports-api.sqreen.io/browser/v0/csp-violations/csp_136f6bd732b7462c9c5fd22fd24e9f47 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' ikea.com *.ikea.com ikea.net *.ikea.net ingka.com *.ingka.com cdtapps.com *.cdtapps.com ctfassets.net *.ctfassets.net 8iire7wxfe.execute-api.eu-west-1.amazonaws.com akamaihd.net *.akamaihd.net akstat.io *.akstat.io appdynamics.com *.appdynamics.com eum-appdynamics.com *.eum-appdynamics.com contentsquare.net *.contentsquare.net go-mpulse.net *.go-mpulse.net optimizely.com *.optimizely.com sentry.io *.sentry.io techlab-cdn.com *.techlab-cdn.com google.com *.google.com googleapis.com *.googleapis.com gstatic.com *.gstatic.com google-analytics.com *.google-analytics.com googletagmanager.com *.googletagmanager.com youtube-nocookie.com *.youtube-nocookie.com oppwa.com *.oppwa.com iesnare.com *.iesnare.com recaptcha.net *.recaptcha.net blob: data: europe-west1-ingka-ssom-infra-prod.cloudfunctions.net europe-west1-ingka-ime-dmp-prod.cloudfunctions.net asia-east2-ingka-ime-dmp-prod.cloudfunctions.net klarna.com *.klarna.com klarnacdn.net *.klarnacdn.net klarnaevt.com *.klarnaevt.com ikea.de *.ikea.de ikea-lsp.de *.ikea-lsp.de ikeaplanningcalendar.inwebs.com api.addressy.com parcellab.com *.parcellab.com taskrabbit.com *.taskrabbit.com code.jquery.com adform.net *.adform.net adsrvr.org *.adsrvr.org bing.com *.bing.com doubleclick.net *.doubleclick.net facebook.com *.facebook.com facebook.net *.facebook.net google.de *.google.de googleadservices.com *.googleadservices.com krxd.net *.krxd.net cloud80.realperson.de cookielaw.org *.cookielaw.org onetrust.com *.onetrust.com; img-src * blob: data:; frame-src *; report-uri https://reporting.go-mpulse.net/report/BY4BJ-VCVK6-JMEA5-T2M38-5FM5W 2
object-src 'none'; frame-ancestors 'none'; block-all-mixed-content; report-uri https://sentry.io/api/161479/security/?sentry_key=9c457471fc3c4ce0a248b295ec84cb32 2
default-src 'self' cdn.synthetix.com ssc.synthetix.com; img-src 'self' cdn.synthetix.com ssc.synthetix.com data: *.google-analytics.com *.google.co.uk *.google.com *.facebook.com *.googletagmanager.com *.hotjar.com; font-src *.gstatic.com *.hotjar.com;frame-src *.twitter.com *.hotjar.com *.google.com *.youtube.com https://wjecwebsitelive.blob.core.windows.net https://securelinks1.cmadvantage.co.uk/ https://wjec-cbac.leadfamly.com/; connect-src cdn.synthetix.com ssc.synthetix.com *.synthetix.com *.hotjar.io *.google-analytics.com *.hotjar.com *.fullstory.com *.doubleclick.net wss://ws12.hotjar.com; style-src 'self' 'unsafe-inline' cdn.synthetix.com ssc.synthetix.com *.synthetix.com *.googleapis.com *.cloudfront.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.synthetix.com ssc.synthetix.com *.synthetix.com *.googletagmanager.com googleapis.com *.hotjar.com *.gstatic.com *.fullstory.com *.google-analytics.com *.aspnetcdn.com *.googleadservices.com *.facebook.net *.doubleclick.net 2
font-src *.fontawesome.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
frame-src 'self' https://js.driftt.com; https://www.lacework.com; child-src 'self' https://js.driftt.com; https://www.lacework.com; script-src 'self' https://js.driftt.com; https://www.lacework.com; upgrade-insecure-requests 2
default-src 'unsafe-eval' 'unsafe-inline' blob: data: https: ws: wss:; img-src 'unsafe-inline' blob: data: *; report-uri https://csp.test.orlo.tech/report; 2
default-src 'self' https://*.googlesyndication.com https://*.curator.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://code.jquery.com https://www.googletagservices.com https://securepubads.g.doubleclick.net https://adservice.google.com https://adservice.google.co.uk https://adservice.google.es https://cdn.ampproject.org http://platform.twitter.com https://*.googlesyndication.com https://cdn.curator.io https://www.googleadservices.com https://www.googletagmanager.com https://survey.g.doubleclick.net https://cdnjs.cloudflare.com https://googleads.g.doubleclick.net https://connect.facebook.net https://js-agent.newrelic.com https://bam.nr-data.net https://www.google-analytics.com https://lib.selfcampaign.com https://securepubads.g.doubleclick.net https://api.mapbox.com; style-src 'self' 'unsafe-inline' https://cdn.curator.io https://cdnjs.cloudflare.com https://api.mapbox.com; img-src 'self' https://www.commercialmotor.com https://www.google.com https://www.google.co.uk https://www.google.es https://*.googlesyndication.com data: https://*.g.doubleclick.net https://www.facebook.com https://www.google-analytics.com https://lib.selfcampaign.com https://c1.adform.net https://match.adsrvr.org https://track2.selfcampaign.com https://track.selfcampaign.com https://syndication.twitter.com; frame-src 'self' https://www.youtube.com https://*.googlesyndication.com/ https://delivery.selfcampaign.com https://platform.twitter.com; connect-src 'self' https://*.g.doubleclick.net https://*.gstatic.com https://*.curator.io https://api.mapbox.com; report-uri https://rtmcommercialmotors.report-uri.com/a/d/g; upgrade-insecure-requests 2
sandbox allow-scripts allow-same-origin allow-popups allow-downloads allow-forms allow-modals 2
default-src 'self'; font-src 'self'; img-src 'self'; script-src 'self'; style-src 'self'; frame-ancestors 'self'; report-uri https://qtq417pr.uriports.com/reports/report; report-to default 2
default-src http: https:; script-src data: 'unsafe-inline' 'unsafe-eval' http: https: blob:; style-src 'unsafe-inline' http: https:; img-src data: http: https:; font-src data: http: https:; connect-src http: https: wss://ws3.hotjar.com; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.scoresense.com *.scoresensebasic.com *.freescoreonline.com *.nationalcreditreport.com https://img1.cdn180.net ; script-src 'self' 'unsafe-inline' 'unsafe-eval' seal-dallas.bbb.org seal.digicert.com www.google-analytics.com bat.bing.com *.siteintercept.qualtrics.com ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.facebook.com https://connect.facebook.net ; img-src 'self' data: https://www.googletagmanager.com cdn.ywxi.net seal.digicert.com www.google-analytics.com bat.bing.com stats.g.doubleclick.net ; connect-src 'self' ws: wss: cdn.decibelinsight.net https://www.facebook.com https://connect.facebook.net https://48d283h5o7.execute-api.us-east-1.amazonaws.com collection.decibelinsight.net stats.g.doubleclick.net *.siteintercept.qualtrics.com https://www.google.com ; font-src 'self' https://fonts.gstatic.com ; frame-src *.scoresense.com *.scoresensebasic.com *.freescoreonline.com *.nationalcreditreport.com ; report-to ot-reporter; report-uri https://xtvenwskmk.execute-api.us-east-1.amazonaws.com/infosec; 2
font-src fonts.googleapis.com fonts.gstatic.com *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de https://store.plumrocket.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com player.vimeo.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adyen.com *.dotdigital-pages.com *.dotdigital.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de cdn.dnky.co webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com hal9000.redintelligence.net https://store.plumrocket.com https://accounts.google.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.adyen.com maps.googleapis.com maps.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cloudfront.net www.google.com www.google.es www.googletagmanager.com stats.g.doubleclick.net *.onetrust.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com *.adyen.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.mczbf.com cdn.dnky.co api.comapi.com webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com www.gstatic.com sl.google-analytics.com js-agent.newrelic.com bam.nr-data.net cdn.connectif.cloud geoip-js.com *.onetrust.com https://accounts.google.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com fonts.gstatic.com https://accounts.google.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.mczbf.com api.comapi.com webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google-analytics.com stats.g.doubleclick.net *.paypal.com bam.nr-data.net geoip-js.com *.connectif.cloud *.onetrust.com https://accounts.google.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self' *; media-src 'self' * data: ; font-src 'self' * data: ; img-src 'self' data: blob: *; script-src * 'unsafe-inline' 'unsafe-eval' data: *; style-src 'self' 'unsafe-inline' *; worker-src 'self' * blob: ; report-uri /api/csp-violation 2
font-src *.fontawesome.com fonts.gstatic.com *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.googleapis.com *.bootstrapcdn.com *.hotjar.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.ogone.com *.ingenico.com *.v-psp.com *.epdq.co.uk *.postfinance.ch *.paypage.be *.payengine.de *.eupayglobe.com *.tpvecommerce.es *.twitter.com *.amazon.de *.cleverreach.com *.cleverreach.de 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.ogone.com *.ingenico.com *.v-psp.com *.epdq.co.uk *.postfinance.ch *.paypage.be *.payengine.de *.eupayglobe.com *.tpvecommerce.es https://www.googletagmanager.com/ *.twitter.com *.google.com *.addthis.com *.uptain.de *.hotjar.com *.facebook.com *.youtube.com *.amazon.de *.cleverreach.com *.cleverreach.de 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com data: d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ maps.gstatic.com/ *.cloudflare.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com 'self' data: app.usercentrics.eu *.cloudfront.net *.google.de *.maxcluster.net *.magecomp.com *.youtube.com *.ssl-amazon.com *.payments-amazon.com *.wimo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com polyfill.io *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es http://www.googletagmanager.com/ https://www.googletagmanager.com/ maps.googleapis.com *.cloudflare.com *.twitter.com *.google-analytics.com googletagmanager.com *.google.com *.gstatic.com *.trustedshops.com *.fontawesome.com *.addthis.com s7.addthis.com m.addthis.com z.moatads.com *.addthisedge.com *.googleapis.com graph.facebook.com widgets.pinterest.com app.usercentrics.eu app.uptain.de *.hotjar.com *.newrelic.com *.nr-data.net *.facebook.com *.facebook.net *.cloudflareinsights.com *.cleverreach.com *.cleverreach.de 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.fontawesome.com fonts.googleapis.com *.cloudflare.com *.googleapis.com *.twitter.com *.gstatic.com *.typekit.net *.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.algolia.net *.algolia.io *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.ogone.com *.ingenico.com *.v-psp.com *.epdq.co.uk *.postfinance.ch *.paypage.be *.payengine.de *.eupayglobe.com *.tpvecommerce.es http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.cloudflare.com *.twitter.com *.paypal.com *.usercentrics.eu *.uptain.de *.hotjar.com *.nr-data.net wss://ws15.hotjar.com *.amazon.de 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
script-src 'self' https://cdn.rawgit.com https://cdnjs.cloudflare.com https://maps.googleapis.com; script-src-attr 'self'; style-src 'self' https://cdn.rawgit.com https://cdnjs.cloudflare.com; style-src-attr 'self'; frame-ancestors 'self' 2
font-src *.fontawesome.com *.fonts.googleapis.com *.gstatic.com data: *.cloudflare.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.google.com *.addthis.com *.pinterest.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.cloudflare.com https://cdn.klarna.com data: https://s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.gstatic.com *.addthis.com *.pinterest.com *.cdninstagram.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.pinterest.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.cloudflare.com *.paypal.com *.googleapis.com *.addthis.com *.cardinalcommerce.com https://graph.instagram.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src *.sagepay.com *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.tawk.to fonts.gstatic.com *.yotpo.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.sagepay.com *.twitter.com https://plumrocket.com *.tawk.to *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.sagepay.com *.twitter.com https://plumrocket.com *.tawk.to *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.paypal.com *.sagepay.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu store.paradoxlabs.com *.tawk.to cdn.jsdelivr.net *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.sagepay.com *.youtube.com *.paypal.com *.sandbox.paypal.com *.google.com *.googletagmanager.com *.plumrocket.com *.tawk.to *.bam-cell.nr-data.net *.gstatic.com api.veritrans.co.jp *.authorize.net cdn.jsdelivr.net *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.sagepay.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com fonts.googleapis.com cdn.jsdelivr.net *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.paypal.com *.sagepay.com *.cloudflare.com *.twitter.com *.twimg.com api.veritrans.co.jp *.authorize.net *.tawk.to wss://*.tawk.to *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://mcstaging.mikimoto.com/; report-to report-endpoint; 2
default-src 'none';   manifest-src 'self';   script-src 'self' 'unsafe-inline' 'unsafe-eval'     *.hotjar.com     http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js     http://sparkbox.github.com     https://analytics.twitter.com     https://apply.workable.com     https://assets.codepen.io     https://bid.g.doubleclick.net     https://cdn.jsdelivr.net     https://connect.facebook.net     https://googleads.g.doubleclick.net     https://platform.twitter.com     https://production-assets.codepen.io     https://script.hotjar.com     https://snap.licdn.com     https://static.ads-twitter.com     https://static.codepen.io     https://static.hotjar.com     https://translate.googleapis.com     https://www.google-analytics.com     https://www.google.com     https://www.googleadservices.com     https://www.googletagmanager.com     https://www.workable.com     https://www.youtube.com;   connect-src 'self'     *.hotjar.com     https://stats.g.doubleclick.net     https://vc.hotjar.io     https://www.google-analytics.com     https://www.facebook.com/tr/;   font-src 'self' data:     https://fonts.gstatic.com;   img-src 'self' data:     http://t.co     https://lh6.googleusercontent.com     https://p.adsymptotic.com     https://px.ads.linkedin.com     https://stats.g.doubleclick.net/r/collect     https://t.co     https://www.facebook.com     https://www.google-analytics.com     https://www.google.com     https://www.googletagmanager.com     https://www.linkedin.com;   style-src 'self' 'unsafe-inline' data:     http://afeld.github.io/emoji-css/emoji.css     http://hello.myfonts.net/count/3ca576     https://cloud.typography.com/655912/6152352/css/fonts.css     https://fonts.googleapis.com     https://hello.myfonts.net     https://hello.myfonts.net/count/3ca576;   frame-src 'self'     https://bid.g.doubleclick.net     https://codepen.io     https://codesandbox.io     https://platform.twitter.com     https://syndication.twitter.com     https://vars.hotjar.com     https://www.facebook.com     https://www.google.com     https://www.googletagmanager.com     https://www.youtube.com;   media-src data:;   report-uri https://sparkbox.report-uri.com/r/d/csp/reportOnly 2
child-src 'self' https://screencast-o-matic.com https://teams.microsoft.com blob:; frame-ancestors 'self' https://screencast-o-matic.com https://teams.microsoft.com;  report-uri /api/v2/report/csp; 2
default-src https: wss:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; 2
script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: consentcdn.cookiebot.com; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: ; form-action 'none' data: blob: ; report-uri /csp_report 2
font-src fonts.gstatic.com use.typekit.net *.google.com www.google-analytics.com www.googleadservices.com *.googleapis.com *.googletagmanager.com *.google.com.ua 'self' data: data: *.gstatic.com *.magentocommerce.com *.zonos.com *.yotpo.com yotpo.com www.yotpo.com *.fontawesome.com *.authorize.net *.facebook.net *.facebook.com *.driftt.com *.bootstrapcdn.com *.hubspot.com *.mailchimp.com *.tinymce.com *.tiny.cloud cdn.iglobalstores.com *.licdn.com *.bing.com *.dwin1.com www.dwin1.com *.bounceexchange.com *.ads.linkedin.com *.adsymptotic.com p.adsymptotic.com *.cdnbasket.net *.cdnwidget.com *.iglobalstores.com *.quadpay.com xtento.com *.xtento.com *.cloudmaestro.com *.listrakbi.com *.listrak.com *.widgets.quadpay.com *.unpkg.com wss://widget-mediator.zopim.com *.widget-mediator.zopim.com *.sandbox.paypal.com *.paypal.com *.paypalobjects.com *.youtube.com *.apptrian.com www.apptrian.com *.vimeo.com wss://ws16.hotjar.com/api/v2/client/ws *.use.typekit.net *.cloudfront.net *.fls.doubleclick.net 11158761.fls.doubleclick.net js.authorize.net ssl.kaptcha.com *.kaptcha.com *.bouncex.net 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google.com *.iglobalstores.com *.authorize.net *.spreedly.com *.driftt.com *.hubspot.com *.getbread.com *.hotjar.com paypal.com *.braintree-api.com *.braintreegateway.com *.addthis.com *.youtube.com www.youtube.com *.online-metrix.net *.signifyd.com *.demdex.net *.tinymce.com *.tiny.cloud cdn.iglobalstores.com *.licdn.com *.bing.com dwin1.com www.dwin1.com *.bounceexchange.com *.ads.linkedin.com *.adsymptotic.com p.adsymptotic.com *.cdnbasket.net *.cdnwidget.com *.quadpay.com *.yotpo.com yotpo.com www.yotpo.com xtento.com *.xtento.com *.g.doubleclick.net *.cloudmaestro.com *.listrakbi.com *.listrak.com vimeo.com *.widgets.quadpay.com *.fls.doubleclick.net 11158761.fls.doubleclick.net js.authorize.net ssl.kaptcha.com *.kaptcha.com *.bouncex.net core.spreedly.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net p.typekit.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com www.apptrian.com www.facebook.com *.google.com *.googleapis.com *.googletagmanager.com *.google.com.ua 'self' data: *.gstatic.com *.magentocommerce.com *.zonos.com *.yotpo.com yotpo.com www.yotpo.com *.ytimg.com *.s3.amazonaws.com *.amazonaws.com *.driftt.com *.klaviyo.com *.g.doubleclick.net *.hubspot.com *.authorize.net *.bazaarvoice.org *.bazaarvoice.com display.ugc.bazaarvoice.com *.getbread.com *.signifyd.com *.e.aa.online-metrix.net *.bbb.org *.facebook.net *.facebook.com *.hotjar.com *.addthis.com *.collect.igodigital.com *.salesforceliveagent.com *.moatads.com *.addthisedge.com *.la1-c2-iad.salesforceliveagent.com *.la1-c2-ord.salesforceliveagent.com *.secure.force.com *.mailchimp.com *.demdex.net *.tinymce.com *.tiny.cloud cdn.iglobalstores.com *.licdn.com *.bing.com dwin1.com www.dwin1.com *.bounceexchange.com *.ads.linkedin.com *.adsymptotic.com p.adsymptotic.com *.cdnbasket.net *.cdnwidget.com *.iglobalstores.com *.quadpay.com www.xtento.com cdn.xtento.com px.ads.linkedin.com bat.bing.com pippio.com *.cloudmaestro.com *.listrakbi.com *.listrak.com www.sandbox.paypal.com *.subscribepro.com subscribepro.com *.widgets.quadpay.com *.events.bouncex.net *.d.adroll.com d.adroll.com *.fls.doubleclick.net 11158761.fls.doubleclick.net tr2.smarterhq.io *.smarterhq.io js.authorize.net ssl.kaptcha.com *.kaptcha.com *.bouncex.net 'self' 'unsafe-inline'; script-src *.adobedtm.com secure.authorize.net test.authorize.net commerce.adobedtm.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com assets.adobedtm.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com video.google.com vimeo.com www.vimeo.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com www.apptrian.com www.facebook.com connect.facebook.net graph.facebook.com *.google.com *.googleapis.com *.googletagmanager.com *.google.com.ua *.gstatic.com *.cloudflare.com *.jsdelivr.net *.trustedshops.com *.usercentrics.eu *.adroll.com s.adroll.com d.adroll.mgr.consensu.org *.cardinalcommerce.com *.ccdc02.com *.authorize.net *.spreedly.com *.zonos.com *.yotpo.com *.braintreegateway.com *.bootstrapcdn.com *.driftt.com *.newrelic.com bam.nr-data.net *.nr-data.net *.zopim.com *.facebook.net *.facebook.com *.zdassets.com *.klaviyo.com *.zendesk.com *.hs-scripts.com *.hs-analytics.net *.hs-banner.com fast.a.klaviyo.com *.hubspot.com wss://widget-mediator.zopim.com *.widget-mediator.zopim.com *.cookielaw.org *.bazaarvoice.org *.bazaarvoice.com display.ugc.bazaarvoice.com *.getbread.com *.onetrust.com paypal.com *.signifyd.com *.g.doubleclick.net *.hotjar.com *.hotjar.io *.addthis.com *.collect.igodigital.com *.salesforceliveagent.com *.moatads.com *.addthisedge.com *.la1-c2-iad.salesforceliveagent.com *.la1-c2-ord.salesforceliveagent.com *.braintree-api.com chimpstatic.com *.mailchimp.com mc.us18.list-manage.com *.tinymce.com *.tiny.cloud cdn.iglobalstores.com *.licdn.com *.bing.com dwin1.com www.dwin1.com *.bounceexchange.com *.ads.linkedin.com *.adsymptotic.com p.adsymptotic.com *.cdnbasket.net *.cdnwidget.com *.iglobalstores.com *.quadpay.com yotpo.com www.yotpo.com xtento.com *.xtento.com *.cloudmaestro.com *.listrakbi.com *.listrak.com undefined/api/v2/sites/74088/recordings/content unpkg.com *.unpkg.com *.subscribepro.com subscribepro.com *.cloudfront.net d1n00d49gkbray.cloudfront.net/wknd/wknd_cartridge.js tr2.smarterhq.io *.apptrian.com *.widgets.quadpay.com wss://ws16.hotjar.com/api/v2/client/ws wss://ws20.hotjar.com/api/v2/client/ws wss://ws21.hotjar.com/api/v2/client/ws wss://*.hotjar.com/api/v2/client/ws hello.zonos.com staticw2.yotpo.com brainmd.com stats.g.doubleclick.net in.hotjar.com js.authorize.net ssl.kaptcha.com *.kaptcha.com *.bouncex.net https://unpkg.com/@webcomponents/ https://widgets.quadpay.com core.spreedly.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com getfirebug.com *.googleapis.com *.gstatic.com *.magentocommerce.com *.zonos.com *.yotpo.com *.fontawesome.com *.klaviyo.com *.bootstrapcdn.com *.driftt.com *.authorize.net display.ugc.bazaarvoice.com *.signifyd.com *.facebook.net *.facebook.com *.mailchimp.com *.tinymce.com *.tiny.cloud cdn.iglobalstores.com *.licdn.com *.bing.com dwin1.com www.dwin1.com *.bounceexchange.com *.ads.linkedin.com *.adsymptotic.com p.adsymptotic.com *.cdnbasket.net *.cdnwidget.com *.iglobalstores.com *.quadpay.com yotpo.com www.yotpo.com xtento.com *.xtento.com *.cloudmaestro.com *.listrakbi.com *.listrak.com www.sandbox.paypal.com *.subscribepro.com subscribepro.com *.widgets.quadpay.com *.fls.doubleclick.net 11158761.fls.doubleclick.net tr2.smarterhq.io *.smarterhq.io js.authorize.net ssl.kaptcha.com *.kaptcha.com *.bouncex.net https://widgets.quadpay.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com www.facebook.com *.zdassets.com *.tinymce.com *.tiny.cloud cdn.iglobalstores.com *.licdn.com *.bing.com dwin1.com www.dwin1.com *.bounceexchange.com *.ads.linkedin.com *.adsymptotic.com p.adsymptotic.com *.cdnbasket.ne 2
font-src fonts.googleapis.com fonts.gstatic.com *.fontawesome.com data: static.curations.bazaarvoice.com maxcdn.bootstrapcdn.com cdn.dynamicyield.com x.klarnacdn.net *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com api.bazaarvoice.com stg.api.bazaarvoice.com www.facebook.com *.wahooligan.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com js.stripe.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com https://www.googletagmanager.com/ insight.adsrvr.org match.adsrvr.org www.affirm.com sandbox.affirm.com *.cloudfront.net consentag.eu track.cordial.io gum.criteo.com bid.g.doubleclick.net *.fls.doubleclick.net www.facebook.com script.google.com vars.hotjar.com *.klarnaservices.com *.online-metrix.net privacyportal-cdn.onetrust.com imgs.signifyd.com *.vimeo.com vimeo.com record.webeyez.com d.emails.wahoofitness.com wahoofitness.yonyx.com *.yotpo.com *.youtube.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com maps.googleapis.com maps.gstatic.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.adnxs.com data.adxcel-ec2.com insight.adsrvr.org match.adsrvr.org *.affirm.com *.atdmt.com *.bing.com *.bazaarvoice.com dis.criteo.com gum.criteo.com *.ctnsnet.com ad.doubleclick.net cm.g.doubleclick.net stats.g.doubleclick.net cdn.dynamicyield.com www.facebook.com *.google.com *.gstatic.com *.klarnaevt.com *.klarnaservices.com *.klarnauserservices.com *.ktxlytics.io www.lightboxcdn.com simage2.pubmatic.com alb.reddit.com imgs.signifyd.com t.co *.wahoofitness.com ads.yahoo.com *.analytics.yahoo.com *.yotpo.com https://imgs.signifyd.com https://*.online-metrix.net 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com js.stripe.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io *.adnxs.com js.adsrvr.org lightboxapi.azurewebsites.net bam-cell.nr-data.net *.bazaarvoice.com bat.bing.com *.affirm.com static.curations.bazaarvoice.com consentag.eu cdn.cookielaw.org track.cordial.io script.crazyegg.com static.criteo.net sslwidget.criteo.com *.ctnsnet.com cdn.dynamicyield.com st.dynamicyield.com connect.facebook.net *.google.com *.googleapis.com googleads.g.doubleclick.net www.gstatic.com static.hotjar.com script.hotjar.com *.ktxlytics.io www.lightboxcdn.com cdn.livesession.io js-agent.newrelic.com bam.nr-data.net code.jquery.com eu-library.klarnaservices.com eu-library.playground.klarnaservices.com oc-library.klarnaservices.com oc-library.playground.klarnaservices.com x.klarnacdn.net geolocation.onetrust.com cdn.optimizely.com www.redditstatic.com www.refersion.com assets.reflow.tv imgs.signifyd.com static.ads-twitter.com analytics.twitter.com d.emails.wahoofitness.com record.webeyez.com sec.webeyez.com resources.xg4ken.com *.yotpo.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com display.ugc.bazaarvoice.com *.fontawesome.com static.curations.bazaarvoice.com maxcdn.bootstrapcdn.com cdn.cookielaw.org cdn.dynamicyield.com www.lightboxcdn.com x.klarnacdn.net *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ *.bazaarvoice.com data: mpsnare.iesnare.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.affirm.com bam-cell.nr-data.net *.bing.com cdn.cookielaw.org track.cordial.io script.crazyegg.com i.ctnsnet.com stats.g.doubleclick.net *.dynamicyield.com www.facebook.com www.google-analytics.com analytics.google.com in.hotjar.com vc.hotjar.io mpsnare.iesnare.com wss: *.klarnaevt.com *.klarnaservices.com *.klarnauserservices.com *.ktxlytics.io rs.livesession.io bam.nr-data.net privacyportal.onetrust.com insight.reflow.tv imgs.signifyd.com bt.signifyd.com bt.signifyd.com:1103 bt.signifyd.com:11103 d.emails.wahoofitness.com vimeo.com record.webeyez.com send.webeyez.com *.yotpo.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self' https: blob:; script-src 'self' https: 'unsafe-eval' 'unsafe-inline' blob: http:; connect-src 'self' https: api.ecobnb.net hits-i.iubenda.com cdnjs.cloudflare.com ajax.googleapis.com code.jquery.com insights.hotjar.com links.services.disqus.com *.hotjar.com *.optimizely.com wss://*.hotjar.com wss://*.ecobnb.com wss://ecobnb.it wss://ecobnb.fr wss://ecobnb.de; font-src 'self' https: fonts.gstatic.com sb.ecobnb.net sxt.cdn.skype.com maxcdn.bootstrapcdn.com data:; img-src 'self' https: data:; media-src 'self' https:; object-src 'self' https: blob:; style-src 'self' https: 'unsafe-inline' http:; child-src *; frame-src *; report-uri https://2zkpbvapeqvwwp13110qnocb.httpschecker.net/report; 2
font-src fonts.gstatic.com *.fontawesome.com *.gstatic.com 'self' data: *.cdn-cnj.si *.emmezeta.rs *.emmezeta.hr *.emmezeta.si *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.emmezeta.hr *.emmezeta.rs *.emmezeta.si *.doubleclick.net *.cookiebot.com *.criteo.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.google.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.emmezeta.hr *.emmezeta.rs *.emmezeta.si *.twitter.com *.facebook.com *.doubleclick.net *.cookiebot.com *.criteo.com *.demdex.net *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com https://www.magezon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com 'self' data: *.emmezeta.hr *.emmezeta.rs *.emmezeta.si *.cdn-cnj.si syndication.twitter.com *.doubleclick.net *.midas-network.com *.facebook.com *.etrustmark.rs linker.hr *.bing.com *.google.com *.google.de *.tapad.com *.criteo.com *.outbrain.com *.yahoo.com *.addthis.com *.rubiconproject.com *.adnxs.com *.bidswitch.net ad.tpmn.co.kr *.pubmatic.com *.3lift.com *.yandex.ru *.casalemedia.com *.adtdp.com *.media.net *.teads.tv *.revcontent.com *.tabola.com *.kargo.com *.360yield.com *.rlcdn.com *.turn.com *.mediawallahscript.com *.smartadserver.com *.liadm.com *.smaato.net *.sharethrough.net *.postrelease.com *.advertising.com *.adscale.de *.adform.net *.rambler.ru *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com cdn.ampproject.org raw.githubusercontent.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com *.avada.io *.google.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.gstatic.com cpx.smind.hr *.facebook.net *.twitter.com tracking.channelsight.com *.emmezeta.hr *.emmezeta.rs *.emmezeta.si merchant.safe.shop *.youtube.com *.flixfacts.com *.flix360.io *.bing.com fullstory.com *.contentsquare.net *.doubleclick.net *.cookiebot.com *.criteo.com *.criteo.net *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com unsafe-inline *.googleapis.com *.gstatic.com *.emmezeta.hr *.emmezeta.rs *.emmezeta.si merchant.safe.shop *.yotpo.com blob: 'self' 'unsafe-inline'; object-src *.emmezeta.hr *.emmezeta.rs *.emmezeta.si 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src *.emmezeta.hr *.emmezeta.rs *.emmezeta.si 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com cdn.ampproject.org *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.google-analytics.com cpx.smind.hr merchant.safe.shop *.emmezeta.rs *.emmezeta.hr *.emmezeta.si *.google.com *.doubleclick.net *.cookiebot.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.twitter.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.twitter.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com 'self' data: *.lightemporium.com *.usercentrics.eu yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com www.googletagmanager.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.avada.io *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 2
font-src *.fontawesome.com https://fonts.gstatic.com https://use.fontawesome.com https://d6tizftlrpuof.cloudfront.net *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net https://secure-test.worldpay.com/shopper/3ds/ddc.html *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.googletagmanager.com https://pay.google.com https://secure-test.worldpay.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com data: www.googleadservices.com www.google-analytics.com *.ftcdn.net *.behance.net *.vimeocdn.com s.ytimg.com *.cloudflare.com *.gstatic.com https://www.google.com https://eu-west-1-wtb-tag-api.swaven.com https://*.usabilla.com https://d6tizftlrpuof.cloudfront.net *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com www.googleadservices.com www.google-analytics.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.googletagmanager.com www.youtube.com *.avada.io https://storage.googleapis.com/prshim/v1/payment-shim.js https://www.google.com/recaptcha/api.js *.gstatic.com *.cloudflare.com https://pay.google.com/gp/p/js/pay.js https://payments.worldpay.com/resources/cse/js/worldpay-cse-1.0.2.min.js https://www.google.com https://www.gstatic.com https://storage.googleapis.com https://www.googleoptimize.com https://www.googletagmanager.com https://*.blueconic.net https://jdeco11112.pcapredict.com https://*.swaven.com https://*.usabilla.com https://*.boost.ai *.yotpo.com https://js-agent.newrelic.com/ https://bam.eu01.nr-data.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.fontawesome.com *.cloudflare.com https://fonts.googleapis.com https://use.fontawesome.com https://*.blueconic.net https://d6tizftlrpuof.cloudfront.net *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://*.blueconic.net https://*.swaven.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.boost.ai *.yotpo.com https://bam.eu01.nr-data.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri https://d6tizftlrpuof.cloudfront.net https://*.boost.ai 'self' 'unsafe-inline'; 2
img-src https: data:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline' 2
font-src fonts.gstatic.com data: *.gstatic.com oct8necdneu.azureedge.net *.fontawesome.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com sis-t.redsys.es:* sis.redsys.es sis-t.sermepa.es:* sis.sermepa.es *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com www.youtube.com *.adyen.com *.youtube.com *.vimeo.com *.cookiebot.com *.oct8ne.com *.facebook.com *.mediquo.com *.hotjar.com *.criteo.com *.google.com *.clic2buy.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com img.youtube.com maps.googleapis.com maps.gstatic.com *.vimeocdn.com s.ytimg.com *.adyen.com data: *.googleapis.com *.google.com *.google.es *.google.com.br *.gstatic.com *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net i.ytimg.com oct8necdneu.azureedge.net eu1-doofinderuser.s3.amazonaws.com us1-doofinderuser.s3.amazonaws.com *.cloudfront.net *.amazonaws.com bat.bing.com *.facebook.com widget-mediator.zopim.com *.swogo.net *.criteo.com 'self' 'unsafe-inline'; script-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com maps.googleapis.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com *.adyen.com polyfill.io *.googleapis.com *.google.com *.google.es *.google.com.br *.gstatic.com *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net *.cookiebot.com *.oct8ne.com cdn.doofinder.com *.naturitas.com naturitas.slgnt.eu static.zdassets.com bat.bing.com connect.facebook.net *.swogo.net *.hotjar.com *.mediquo.com static.criteo.net *.criteo.com *.typeform.com *.clic2buy.com *.newrelic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com getfirebug.com *.googleapis.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com vimeo.com *.google.com *.google.es *.google.com.br *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net *.oct8ne.com *.adyen.com *.doofinder.com *.naturitas.com naturitas-atc.zendesk.com ekr.zdassets.com wss://widget-mediator.zopim.com *.swogo.net *.googlesyndication.com *.hotjar.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self' https://script.crazyegg.com/; script-src 'unsafe-eval' 'unsafe-inline' 'report-sample' 'self' https://www.googleadservices.com https://s7.addthis.com/ https://cdn.jsdelivr.net/jquery.cookie/1.3/jquery.cookie.js https://edge.fullstory.com/s/fs.js https://fast.wistia.com/ https://go.blueacornici.com/analytics https://j.6sc.co/6si.min.js https://m.addthis.com/live/red_lojson/300lo.json https://script.crazyegg.com/ https://pi.pardot.com/ https://s7.addthis.com/js/300/addthis_widget.js https://script.crazyegg.com/pages/scripts/0086/5481.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtm.js https://z.moatads.com/addthismoatframe568911941483/moatframe.js; style-src 'report-sample' 'unsafe-inline' 'self' https://cdn.jsdelivr.net https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://distillery.wistia.com https://*.google.com https://c.6sc.co/ https://*.tracking.crazyegg.com https://*.crazyegg.com https://secure.adnxs.com/ https://m.addthis.com https://rs.fullstory.com https://script.crazyegg.com https://www.google-analytics.com; font-src 'self' https://cdn.jsdelivr.net https://fonts.gstatic.com https://assets.quadpay.com; frame-src 'self' https://*.addthis.com https://www.googletagmanager.com https://tpc.googlesyndication.com; img-src 'self' https://*.wistia.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://secure.gravatar.com https://www.google.com https://p.adsymptotic.com https://b.6sc.co https://px.ads.linkedin.com https://*.linkedin.com https://www.google-analytics.com; manifest-src 'self'; media-src 'self' https://cdn.hiretual.com https://*.wistia.com https://cdn.hiretual.com; report-uri https://9370cc4740bad4d453bbdb51fc542c83.report-uri.com/r/d/csp/reportOnly; worker-src 'none'; 2
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.cloudmaestro.com acuityplatform.com ajax.googleapis.com cdn.onesignal.com dynamic.cannedbanners.com js-agent.newrelic.com nsg.symantec.com onesignal.com seal.godaddy.com *.freedommunitions.com www.google-analytics.com www.google.com www.googletagmanager.com www.gstatic.com acuityplatform.com bam.nr-data.net maps.google.com pixel.mathtag.com a2.adform.net 279-ct.c3tag.com maps.googleapis.com; report-uri /.webscale/csp-report 2
default-src 'none'; script-src 'self' consent.cookiebot.com consentcdn.cookiebot.com assets.adobedtm.com connect.facebook.net snap.licdn.com www.googletagmanager.com www.googleadservices.com ssl.google-analytics.com googleads.g.doubleclick.net munchkin.marketo.net www.google.com www2.techem.com https://app-nld102.marketo.com/js/forms2/js/forms2.min.js 'unsafe-inline'; style-src 'self' 'unsafe-inline' www2.techem.com; font-src 'self' data:; img-src 'self' data: https:; frame-src consentcdn.cookiebot.com www.youtube.com www.facebook.com bid.g.doubleclick.net www2.techem.com; manifest-src 'self'; connect-src 'self' https://784-bqv-997.mktoresp.com https://549-bho-641.mktoresp.com/ www.google.com www.facebook.com 549-bho-641.mktoutil.com 784-bqv-997.mktoutil.com googleads.g.doubleclick.net www2.techem.com https://www.google.com/pagead/landing https://googleads.g.doubleclick.net/ https://www2.techem.com/ https://adservice.google.com/pagead/regclk https://consentcdn.cookiebot.com/ https://tmd.sc.omtrdc.net/; report-uri https://4e57f0243286eb0ed979a1aef3232f6d.report-uri.com/r/d/csp/reportOnly 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.6sense.com *.addthisedge.com *.sc.omtrdc.net *.everesttech.net *.demdex.net *.adobedtm.com *.scene7.com *.tt.omtrdc.net *.akamaihd.net *.adnxs.com *.baidu.com *.prod.bidr.io *.btttag.com *.api.brightcove.com *.brightcove.com *.brightcove.net *.media.brightcove.com *.zencdn.net *.cloudflare.com *.contentsquare.net *.company-target.com *.demandbase.com *.g.doubleclick.net *.doubleclick.net *.fls.doubleclick.net *.adsymptotic.com *.d41.co *.bf.dynatrace.com *.dynatrace.com *.facebook.com *.facebook.net *.fontawesome.com *.fullstory.com *.google.co.in *.google.co.jp *.google.co.uk *.google.com *.google.com.hk *.google.fr *.gstatic.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.hs.llnwd.net *.ads.linkedin.com *.linkedin.com *.licdn.com *.i.lithium.com *.microsoftazuread-sso.com *.ni.com *.agkn.com *.newrelic.com *.nr-data.net *.moatads.com *.polyfill.io *.co1.qualtrics.com *.qualtrics.com *.siteintercept.qualtrics.com *.quantcount.com *.quantserve.com *.rlcdn.com *.rfihub.net *.force.com *.lightning.force.com *.my.salesforce.com *.pardot.com *.salesforce.com *.krxd.net *.la1-c1-ia4.salesforceliveagent.com *.rfihub.com *.serving-sys.com *.addthis.com *.adsrvr.org *.truste.com *.twitter.com *.ads-twitter.com t.co *.6sc.co *.rezync.com *.analytics.yahoo.com *.yimg.com *.force.com *.salesforceliveagent.com *.salesforce.com data: blob; object-src 'none'; 2
default-src 'self' appointments-production-f.squarecdn.com square.site squareup.com maxcdn.bootstrapcdn.com; connect-src 'self' appointments-production-f.squarecdn.com square.site squareup.com data-platform-staging.squarecloudservices.com data-platform.squarecloudservices.com api2.branch.io conversations-production-f.squarecdn.com conversations-production-c.squarecdn.com js.squareup.com cdn.optimizely.com logx.optimizely.com cdn.cookielaw.org rum-http-intake.logs.datadoghq.com; img-src 'self' data: api.mapbox.com *.tiles.mapbox.com square-go-production.s3.amazonaws.com/ s3.amazonaws.com/square-dashboard-production/ www.google-analytics.com api.squareup.com appointments-production.s3.amazonaws.com/ square-web-production-f.squarecdn.com appointments-production-f.squarecdn.com d1g145x70srn7h.cloudfront.net; script-src 'self' cdn.cookielaw.org 'unsafe-inline' 'unsafe-eval' appointments-production-f.squarecdn.com js-agent.newrelic.com/ bam.nr-data.net/ cdn.branch.io/ api2.branch.io/ app.link/ ajax.googleapis.com maxcdn.bootstrapcdn.com conversations-production-f.squarecdn.com conversations-production-c.squarecdn.com js.squareup.com; style-src 'self' blob: 'unsafe-inline' appointments-production-f.squarecdn.com maxcdn.bootstrapcdn.com; report-uri https://squareup.com/1.0/as-reporter/csp/E-g-3sEcG3-1DHsDEIhKGqOrreQ_KmM23fhp_JMWVt34xrVL 2
default-src https: data: 'unsafe-eval' 'unsafe-inline'; script-src-elem 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.abstractscorecard.com www.googletagmanager.com www.mycadmium.com; style-src-elem 'unsafe-eval' 'unsafe-inline' www.abstractscorecard.com www.mycadmium.com; report-uri /csp-violation-report-endpoint/ 2
default-src 'self' *.ctfassets.net;img-src 'self' *.ctfassets.net *.facebook.com *.facebook.net *.googletagmanager.com *.google-analytics.com data:;style-src 'self' 'unsafe-inline' fonts.googleapis.com;font-src 'self' fonts.gstatic.com;connect-src 'self' ws: *.contentful.com *.bugsnag.com *.google-analytics.com *.swish.nu *.facebook.com;object-src 'none';script-src 'self' 'unsafe-eval' *.facebook.net *.googletagmanager.com *.google-analytics.com 'sha256-EbIf/28oJqqS5jlA4F4cxAuQyBgLsbwNN3SaKD7SPG8=' 'sha256-fNl6dMU2ozNYP+OO/xe3UlSrQ/B7H/B5mYtcdLPGSWc=' 2
font-src fonts.gstatic.com use.typekit.net fonts.googleapis.com *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.klevu.com *.global-e.com *.yotpo.com www.google-analytics.com *.useinsider.com self unsafe-inline 'self' 'unsafe-inline'; form-action *.twitter.com *.pcipalstaging.cloud *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.twitter.com *.bglobale.com *.freshchat.com *.global-e.com www.google-analytics.com *.pcipalstaging.cloud *.adyen.com *.useinsider.com *.vimeo.com *.zenaps.com *.doubleclick.net *.facebook.com self 'self'; frame-src www.paypal.com www.sandbox.paypal.com *.adyen.com *.twitter.com *.bglobale.com *.freshchat.com *.global-e.com www.google-analytics.com *.pcipalstaging.cloud *.useinsider.com *.vimeo.com *.zenaps.com *.doubleclick.net *.facebook.com self unsafe-inline 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com p.typekit.net *.vimeocdn.com s.ytimg.com *.adyen.com maps.googleapis.com maps.gstatic.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com 'self' data: *.global-e.com *.klevu.com *.seasaltcornwall.com *.blucommerce.com *.yotpo.com yotpo-stool.s3.amazonaws.com *.contentsquare.net *.freshchat.com *.bing.com *.doubleclick.net *.google.com *.google.co.uk seasaltcornwall.com *.fbsbx.com *.kaltura.com *.pinterest.com *.securitymetrics.com *.zenaps.com *.awin1.com *.facebook.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com commerce.adobedtm.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net magento-recs-sdk.adobe.net s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com *.adyen.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.klevu.com *.bglobale.com *.yotpo.com js-agent.newrelic.com *.nr-data.net *.googletagmanager.com *.contentsquare.net *.freshchat.com *.bing.com *.doubleclick.net *.global-e.com *.google.com *.sub2tech.com *.cookielaw.org *.onetrust.com *.useinsider.com *.dwin1.com *.kaltura.com *.pinimg.com *.zenaps.com *.facebook.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com getfirebug.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.klevu.com *.yotpo.com t.contentsquare.net *.freshchat.com *.bing.com www.google-analytics.com *.useinsider.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.vimeo.com *.akamaized.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src api.magento.com commerce.adobe.io commerce.adobedtm.com commerce.adobedc.net performance.typekit.net commerce.adobe.net qa-api.magedevteam.com commerce-beta.adobe.io *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.brilliantcollector.com *.yotpo.com *.contentsquare.net *.freshchat.com *.bing.com *.nr-data.net *.klevu.com stats.g.doubleclick.net www.google-analytics.com *.edq.com wss://euwest1.pcipalstaging.cloud *.pcipalstaging.cloud *.cookielaw.org *.adyen.com *.useinsider.com *.pinterest.com *.onetrust.com 'self' 'unsafe-inline'; child-src blob: *.contentsquare.net *.seasaltcornwall.com 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.nosto.com *.nos.to *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com assets.braintreegateway.com player.vimeo.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de cdn.dnky.co webchat.dotdigital.com *.nosto.com *.nos.to *.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.nosto.com *.nos.to *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com cdn-scripts.signifyd.com www.youtube.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com *.nosto.com *.nos.to *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.nosto.com *.nos.to *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com payments.sandbox.braintree-api.com origin-analytics-sand.sandbox.braintree-api.com assets.braintreegateway.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com *.nosto.com *.nos.to *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src https: 'unsafe-inline' 'unsafe-eval'; report-uri https://csp.archant.co.uk/report 2
report-uri https://sentry.io/api/1479396/security/?sentry_key=ebff80a744024d8a8f5630df4ea55e5d&sentry_environment=PROD&sentry_release=2021-10-18-1; script-src 'self' static.dynamicsignal.com www.googletagmanager.com www.google-analytics.com ssl.google-analytics.com cdn.pendo.io data.pendo.io translate.google.com *.googleapis.com *.cloudfront.net cdnjs.cloudflare.com platform.twitter.com connect.facebook.net assets.adobedtm.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' static.dynamicsignal.com *.cloudfront.net *.googleapis.com maxcdn.bootstrapcdn.com 'unsafe-inline'; font-src * data: blob:; img-src * data: blob:; media-src * data: blob:; frame-src 'self' www.youtube.com platform.twitter.com www.facebook.com reg.voicestorm.com reg-eu.voicestorm.com reg.voicestorm.biz reg.dynamicsignal.com; manifest-src *; connect-src 'self' static.dynamicsignal.com api.dynamicsignal.com www.googletagmanager.com www.google-analytics.com ssl.google-analytics.com translate.google.com *.googleapis.com *.cloudfront.net *.doubleclick.net platform.twitter.com connect.facebook.net assets.adobedtm.com *.sentry.io sentry.io olivia.paradox.ai gateway.zscloud.net relay.voicestorm.com relay-eu.voicestorm.com relay.voicestorm.biz relay.dynamicsignal.com freq.voicestorm.com freq-eu.voicestorm.com freq.voicestorm.biz freq.dynamicsignal.com api.voicestorm.com api-eu.voicestorm.com api.voicestorm.biz api.dynamicsignal.com apigateway.voicestorm.com apigateway-eu.voicestorm.com apigateway.voicestorm.biz apigateway.dynamicsignal.com streaming.voicestorm.com:* streaming-eu.voicestorm.com:* streaming.voicestorm.biz:* streaming.dynamicsignal.com:* 2
font-src data: *.gstatic.com 'self' data: 'unsafe-inline' data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com api.bazaarvoice.com stg.api.bazaarvoice.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.facebook.com *.pmnts-sandbox.io *.doubleclick.net *.vimeo.com *.hotjar.com *.clickmeter.com wss://*.hotjar.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com https://static.afterpay.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com *.klarnacdn.net *.klarnaservices.com *.facebook.com *.pinterest.com *.facebook.com/tr *.google.com *.google.com.au *.roymorgan.com *.doubleclick.net data: *.facebook.net *.googleapis.com *.gstatic.com *.zipmoney.com.au *.imgix.net 'self' 'unsafe-inline'; script-src *.adobedtm.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com *.vimeo.com www.vimeo.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com js.braintreegateway.com https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com *.abtasty.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com *.facebook.net *.googletagmanager.com *.google.com *.google.com.au *.pmnts.io *.pmnts-sandbox.io *.afterpay.com *.doubleclick.net *.pinimg.com *.particularaudience.com *.cfjump.com *.roymorgan.com *.cloudfront.net *.forter.com *.usabilla.com wss://widget-mediator.zopim.com *.hotjar.com *.attraqt.io *.newrelic.com *.js-agent.newrelic.com *.nr-data.net *.klarnacdn.net *.braintreegateway.com *.cardinalcommerce.com *.ccdc02.com *.ytimg.com *.googleadservices.com *.google-analytics.com *.zipmoney.com.au *.gstatic.com *.googleapis.com *.paypal.com *.paypalobjects.com *.zdassets.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com static.afterpay.com/ display.ugc.bazaarvoice.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.zdassets.com *.static.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com static.afterpay.com *.abtasty.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.zdassets.com *.youtube.com *.facebook.com *.pinterest.com *.google.com *.google.com.au *.cardinalcommerce.com *.cloudfront.net/ *.luckyorange.net *.google-analytics.com *.forter.com wss://*.zopim.com *.doubleclick.net *.attraqt.io *.zipmoney.com.au *.hotjar.io wss://*.hotjar.com *.zip.co *.nr-data.net *.hotjar.com *.trurating.com *.analytics.tiktok.com wss://*.forter.com *.paypal.com *.zendesk.com 'self' 'unsafe-inline'; child-src blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
report-to webscaleCspEndpoint; report-uri https://xdymhcopnh.execute-api.us-east-1.amazonaws.com/default/cspReportingMonitor; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: 'self' blob: bat.bing.com cdn.callreports.com googleads.g.doubleclick.net js.callrail.com res.cloudinary.com s3.amazonaws.com secure.leadforensics.com www.google-analytics.com www.google.com www.googletagmanager.com googleads.g.doubleclick.net  secure.leadforensics.com www.woodlandmanufacturing.com www.googleadservices.com *.pinimg.com connect.facebook.net *.gstatic.com *.wistia.com *.olark.com *.nextopiasoftware.com *.flattr.com *.trustpilot.com g.microsoft.com 2
font-src fonts.gstatic.com use.typekit.net fonts.googleapis.com d1dwsi2ysdg1so.cloudfront.net d15ll0qrusyhmh.cloudfront.net *.fontawesome.com *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com tr.snapchat.com https://plumrocket.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.gomoxie.solutions *.braintreegateway.com tr.snapchat.com *.doubleclick.net *.paypal.com *.paypalobjects.com *.google.com *.kaptcha.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com https://plumrocket.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net p.typekit.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com maps.googleapis.com maps.gstatic.com *.doubleclick.net d1dwsi2ysdg1so.cloudfront.net us.coca-cola.com cocacola.scene7.com ct.pinterest.com *.facebook.com *.userway.org *.agkn.com *.google.com *.paypal.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net unpkg.com commerce.adobedtm.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.googletagmanager.com www.youtube.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com d1dwsi2ysdg1so.cloudfront.net d15ll0qrusyhmh.cloudfront.net rpxnow.com *.rpxnow.com forty11115.pcapredict.com *.gomoxie.solutions *.googleapis.com js-agent.newrelic.com *.google.com *.gstatic.com bam.nr-data.net *.coca-cola.com *.pricespider.com *.googletagmanager.com sc-static.net *.sc-static.net *.pinimg.com cdn.kxrd.net *.userway.org *.doubleclick.net connect.facebook.net cdn.krxd.net cdn.cookielaw.org api.addressy.com *.paypal.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.avada.io *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com getfirebug.com unsafe-inline d1dwsi2ysdg1so.cloudfront.net d15ll0qrusyhmh.cloudfront.net *.gomoxie.solutions p.typekit.net *.pricespider.com api.addressy.com cdn.cookielaw.org cdn.dnky.co webchat.dotdigital.com *.fontawesome.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net api.magento.com commerce.adobe.io commerce.adobedtm.com commerce.adobedc.net *.adobe.io performance.typekit.net www.sandbox.paypal.com commerce.adobe.net qa-api.magedevteam.com www.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com d1dwsi2ysdg1so.cloudfront.net d15ll0qrusyhmh.cloudfront.net *.shareacoke.com *.gomoxie.solutions bam.nr-data.net *.braintreegateway.com *.paypal.com *.google-analytics.com *.doubleclick.net *.coca-cola.com *.facebook.com ct.pinterest.com *.userway.org *.coke.com api.addressy.com *.ccnag.com *.paypalobjects.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src d1dwsi2ysdg1so.cloudfront.net d15ll0qrusyhmh.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://cokestore.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 2
default-src data: https: 'unsafe-inline' 'unsafe-eval'; report-uri https://biggreensmile.report-uri.io/r/default/csp/reportOnly 2
font-src *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.ogone.com *.ingenico.com *.v-psp.com *.epdq.co.uk *.postfinance.ch *.paypage.be *.payengine.de *.eupayglobe.com *.tpvecommerce.es *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.ogone.com *.ingenico.com *.v-psp.com *.epdq.co.uk *.postfinance.ch *.paypage.be *.payengine.de *.eupayglobe.com *.tpvecommerce.es www.facebook.com *.yotpo.com 'self' 'unsafe-inline'; img-src *.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com www.netreviews.eu cl.avis-verifies.com www.google.com www.google.fr *.facebook.com bat.bing.com *.linkedin.com *.avis-verifies.com *.netreviews.eu *.googletagmanager.com *.yotpo.com 'self' 'unsafe-inline'; script-src *.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.kameleoon.com *.kameleoon.eu cl.avis-verifies.com cdn.lefebvre-sarrut.be *.facebook.com *.facebook.net bat.bing.com snap.licdn.com sdk.privacy-center.org www.google.com www.gstatic.com *.avis-verifies.com *.pardot.com *.larcier-intersentia.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.kameleoon.com *.kameleoon.eu *.ogone.com *.ingenico.com *.v-psp.com *.epdq.co.uk *.postfinance.ch *.paypage.be *.payengine.de *.eupayglobe.com *.tpvecommerce.es www.google-analytics.com bat.bing.com *.doubleclick.net *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src *; script-src data: http: https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' data: 'unsafe-inline' https: *.bootstrapcdn.com; img-src * 'self' data: blob:; font-src *; connect-src https:; media-src *; object-src 'none'; frame-src *; report-uri https://www.hsag.com/_csp; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample'; style-src 'self' 'unsafe-inline' 'report-sample'; img-src 'self' data:; report-uri https://gate.rapidsec.net/g/r/csp/935437bd-15fd-48dc-ab1d-930a31146380/0/1/3?sct=4bd0bb63-fc90-40ff-bb6c-4baa452152ba&dpos=report 2
default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.linkedin.com snap.licdn.com js.hs-scripts.com js.hs-analytics.net js.usemessages.com connect.facebook.net https://googleads.g.doubleclick.net *.doubleclick.net www.google.com www.google.co.in www.googleadservices.com www.googletagmanager.com www.google-analytics.com ajax.googleapis.com www.gstatic.com www.verasafe.com *.hsforms.net *.hsforms.com js.hsleadflows.net www.recaptcha.net js.hs-banner.com ; object-src 'self'; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.youtube.com fonts.googleapis.com; img-src 'self' img.youtube.com i.ytimg.com track.hubspot.com www.google.com www.google.co.in www.google-analytics.com stats.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.cloudfront.net *.hsforms.com *.linkedin.com px.ads.linkedin.com p.adsymptotic.com; media-src 'self' *.youtube.com ; frame-src 'self' *.youtube.com staticxx.facebook.com forms.hsforms.com https://googleads.g.doubleclick.net *.doubleclick.net www.google.com www.google.co.in www.googleadservices.com www.googletagmanager.com www.google-analytics.com www.recaptcha.net; frame-ancestors 'self' *.youtube.com ; child-src 'self' *.youtube.com ; font-src 'self' fonts.gstatic.com; connect-src 'self' *.youtube.com *.googlevideo.com api.hubspot.com https://googleads.g.doubleclick.net *.doubleclick.net www.google.com www.google.co.in www.googleadservices.com www.googletagmanager.com www.google-analytics.com forms.hubspot.com; report-uri /report-csp-violation 2
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: https: 2
font-src fonts.gstatic.com use.typekit.net https://*.gstatic.com https://*.hotjar.com https://*.cloudfront.net *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com player.vimeo.com *.adyen.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com https://*.doubleclick.net https://www.google.com https://*.hotjar.com https://*.livechatinc.com https://*.reviews.co.uk *.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com p.typekit.net *.vimeocdn.com s.ytimg.com *.adyen.com data: d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.apptrian.com www.facebook.com https://*.doubleclick.net https://www.google.com https://www.google.co.uk https://*.cloudfront.net https://*.facebook.com https://*.yotpo.com https://*.heritagepartscenter.com https://a.klaviyo.com www.xtento.com cdn.xtento.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com js.authorize.net jstest.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com commerce.adobedtm.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net magento-recs-sdk.adobe.net s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com cdn-scripts.signifyd.com www.youtube.com js.braintreegateway.com *.adyen.com polyfill.io *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com www.facebook.com connect.facebook.net graph.facebook.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com https://*.pcapredict.com/js/sensor.js https://www.googletagmanager.com https://*.google.com https://www.gstatic.com https://*.hotjar.com https://*.doubleclick.net https://*.nr-data.net https://*.newrelic.net https://*.newrelic.com https://*.livechatinc.com https://*.facebook.net https://*.webgains.io https://*.chimpstatic.com https://*.yotpo.com https://*.reviews.co.uk https://*.trackedlink.net https://static.klaviyo.com https://fast.a.klaviyo.com www.xtento.com cdn.xtento.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com getfirebug.com cdn.dnky.co webchat.dotdigital.com https://*.googleapis.com https://*.yotpo.com https://*.cloudfront.net https://*.reviews.co.uk *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com www.facebook.com https://*.livechatinc.com https://*.heritagepartscenter.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src api.magento.com commerce.adobe.io geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com commerce.adobedtm.com commerce.adobedc.net *.adobe.io performance.typekit.net commerce.adobe.net qa-api.magedevteam.com *.algolia.net *.algolia.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.apptrian.com connect.facebook.net graph.facebook.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com https://*.hotjar.com https://*.adobedc.net https://*.nr-data.net https://*.reviews.co.uk https://static.klaviyo.com https://fast.a.klaviyo.com *.yotpo.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src fonts.gstatic.com use.typekit.net *.gstatic.com *.googleapis.com *.yotpo.com 'self' data: *.typekit.net 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.google.com *.mercadolibre.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com p.typekit.net *.vimeocdn.com s.ytimg.com *.yotpo.com *.google.com *.google.com.ar *.facebook.com *.doubleclick.net *.sparta.cl newbalance.cl 'self' data: www.xtento.com cdn.xtento.com *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com commerce.adobedtm.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net js.braintreegateway.com magento-recs-sdk.adobe.net s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com *.google.com *.googleoptimize.com *.gstatic.com *.googletagmanager.com *.googleapis.com *.fanplayr.com *.facebook.net *.yotpo.com *.newrelic.com *.nr-data.net *.doubleclick.net *.magentosite.cloud *.target2sell.com www.xtento.com cdn.xtento.com *.mlstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com getfirebug.com *.googleapis.com *.sparta.cl *.newbalance.cl *.yotpo.com *.fonts.net *.magentosite.cloud 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src api.magento.com commerce.adobe.io geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com commerce.adobedtm.com commerce.adobedc.net *.adobe.io performance.typekit.net commerce.adobe.net qa-api.magedevteam.com *.google-analytics.com *.yotpo.com *.nr-data.net *.target2sell.com *.mercadopago.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://spartacl.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 2
default-src 'self'; style-src 'self' 'unsafe-inline' 'self' criteo.net criteo.com *.doubleclick.net twitter.com ads-twitter.com *.trackedlink.net cloudfront.net xg4ken.com bing.com getcandid.com amazonaws.com *.googletagmanager.com shopbot.ca pinimg.com pinterest.com adnxs.com yimg.com ytimg.com hotjar.com amazon-adsystem.com *.addthis.com *.addthisedge.com *.googleapis.com *.google-analytics.com *.googleadservices.com adroll.com jsdelivr.net typekit.net adsrvr.org rubiconproject.com casalemedia.com openx.net pubmatic.com *.facebook.net *.facebook.com www.bmr.ca www.unimat.ca www.agrizone.ca www.lashop.com *.bootstrapcdn.com *.signifyd.com *.google.com *.google.ca *.youtube.com *.dotmailer.com *.dotmailer-surveys.com *.paypalobjects.com *.paypal.com *.newrelic.com *.algolianet.com polyfill.io *.algolia.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'self' criteo.net criteo.com *.doubleclick.net twitter.com ads-twitter.com *.trackedlink.net cloudfront.net xg4ken.com bing.com getcandid.com amazonaws.com *.googletagmanager.com shopbot.ca pinimg.com pinterest.com adnxs.com yimg.com ytimg.com hotjar.com amazon-adsystem.com *.addthis.com *.addthisedge.com *.googleapis.com *.google-analytics.com *.googleadservices.com adroll.com jsdelivr.net typekit.net adsrvr.org rubiconproject.com casalemedia.com openx.net pubmatic.com *.facebook.net *.facebook.com www.bmr.ca www.unimat.ca www.agrizone.ca www.lashop.com *.bootstrapcdn.com *.signifyd.com *.google.com *.google.ca *.youtube.com *.dotmailer.com *.dotmailer-surveys.com *.paypalobjects.com *.paypal.com *.newrelic.com *.algolianet.com polyfill.io *.algolia.net reebee.com www.reebee.com *.gstatic.com siteimproveanalytics.com bam-cell.nr-data.net r2.dotmailer-surveys.com *.hotjar.com bam-cell.nr-data.net z.moatads.com *.online-metrix.net s7.addthis.com; font-src 'self' 'self' criteo.net criteo.com *.doubleclick.net twitter.com ads-twitter.com *.trackedlink.net cloudfront.net xg4ken.com bing.com getcandid.com amazonaws.com *.googletagmanager.com shopbot.ca pinimg.com pinterest.com adnxs.com yimg.com ytimg.com hotjar.com amazon-adsystem.com *.addthis.com *.addthisedge.com *.googleapis.com *.google-analytics.com *.googleadservices.com adroll.com jsdelivr.net typekit.net adsrvr.org rubiconproject.com casalemedia.com openx.net pubmatic.com *.facebook.net *.facebook.com www.bmr.ca www.unimat.ca www.agrizone.ca www.lashop.com *.bootstrapcdn.com *.signifyd.com *.google.com *.google.ca *.youtube.com *.dotmailer.com *.dotmailer-surveys.com *.paypalobjects.com *.paypal.com *.newrelic.com *.algolianet.com polyfill.io *.algolia.net data: fonts.gstatic.com joinhoney.com cdn.joinhoney.com *.hotjar.com; img-src 'self' data: 'self' criteo.net criteo.com *.doubleclick.net twitter.com ads-twitter.com *.trackedlink.net cloudfront.net xg4ken.com bing.com getcandid.com amazonaws.com *.googletagmanager.com shopbot.ca pinimg.com pinterest.com adnxs.com yimg.com ytimg.com hotjar.com amazon-adsystem.com *.addthis.com *.addthisedge.com *.googleapis.com *.google-analytics.com *.googleadservices.com adroll.com jsdelivr.net typekit.net adsrvr.org rubiconproject.com casalemedia.com openx.net pubmatic.com *.facebook.net *.facebook.com www.bmr.ca www.unimat.ca www.agrizone.ca www.lashop.com *.bootstrapcdn.com *.signifyd.com *.google.com *.google.ca *.youtube.com *.dotmailer.com *.dotmailer-surveys.com *.paypalobjects.com *.paypal.com *.newrelic.com *.algolianet.com polyfill.io *.algolia.net  www.google.ro www.google.be www.google.co.in www.google.fr www.google.dz adserve.atedra.com *.gstatic.com *.siteimprove.com *.siteimproveanalytics.io *.online-metrix.net *.hotjar.com; frame-src 'self' 'self' criteo.net criteo.com *.doubleclick.net twitter.com ads-twitter.com *.trackedlink.net cloudfront.net xg4ken.com bing.com getcandid.com amazonaws.com *.googletagmanager.com shopbot.ca pinimg.com pinterest.com adnxs.com yimg.com ytimg.com hotjar.com amazon-adsystem.com *.addthis.com *.addthisedge.com *.googleapis.com *.google-analytics.com *.googleadservices.com adroll.com jsdelivr.net typekit.net adsrvr.org rubiconproject.com casalemedia.com openx.net pubmatic.com *.facebook.net *.facebook.com www.bmr.ca www.unimat.ca www.agrizone.ca www.lashop.com *.bootstrapcdn.com *.signifyd.com *.google.com *.google.ca *.youtube.com *.dotmailer.com *.dotmailer-surveys.com *.paypalobjects.com *.paypal.com *.newrelic.com *.algolianet.com polyfill.io *.algolia.net reebee.com www.reebee.com *.moneris.com h.online-metrix.net *.issuu.com *.hotjar.com; connect-src 'self' 'self' criteo.net criteo.com *.doubleclick.net twitter.com ads-twitter.com *.trackedlink.net cloudfront.net xg4ken.com bing.com getcandid.com amazonaws.com *.googletagmanager.com shopbot.ca pinimg.com pinterest.com adnxs.com yimg.com ytimg.com hotjar.com amazon-adsystem.com *.addthis.com *.addthisedge.com *.googleapis.com *.google-analytics.com *.googleadservices.com adroll.com jsdelivr.net typekit.net adsrvr.org rubiconproject.com casalemedia.com openx.net pubmatic.com *.facebook.net *.facebook.com www.bmr.ca www.unimat.ca www.agrizone.ca www.lashop.com *.bootstrapcdn.com *.signifyd.com *.google.com *.google.ca *.youtube.com *.dotmailer.com *.dotmailer-surveys.com *.paypalobjects.com *.paypal.com *.newrelic.com *.algolianet.com polyfill.io *.algolia.net ca.api4load.com bam-cell.nr-data.net *.hotjar.io *.hotjar.com; report-uri /csp-report.php; 2
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; report-uri https://csp.rcahms.gov.uk/ncap-live; 2
font-src *.klevu.com *.ksearchnet.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es cdn.dnky.co webchat.dotdigital.com *.wesupply.xyz *.weltpixel.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.klevu.com *.ksearchnet.com store.paradoxlabs.com *.cdninstagram.com *.fbcdn.net 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com *.klevu.com *.ksearchnet.com *.authorize.net *.cloudflare.com *.instagram.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src cdn.dnky.co webchat.dotdigital.com *.klevu.com *.ksearchnet.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com *.klevu.com *.ksearchnet.com *.authorize.net *.instagram.com *.googleusercontent.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com www.googletagmanager.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src *.typekit.net *.gstatic.com *.googleapis.com *.bazaarvoice.com *.xisecurenet.com data: acsbap.com acsbapp.com *.yotpo.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de api.bazaarvoice.com stg.api.bazaarvoice.com *.facebook.com *.takemefishing.org *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com assets.braintreegateway.com player.vimeo.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.magentocommerce.com *.adobedtm.com *.cardinalcommerce.com *.bazaarvoice.com *.google.com *.youtube.com *.facebook.com *.xisecurenet.com *.paymetric.com *.doubleclick.net *.fishbrain.com acsbap.com *.acsbap.com acsbapp.com *.acsbapp.com accessibe.com *.accessibe.com *.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com *.klaviyo.com *.googleadservices.com *.google-analytics.com *.paypal.com *.zebco.com *.magentocommerce.com *.adobedtm.com *.cardinalcommerce.com *.google.com *.doubleclick.net *.gstatic.com *.facebook.com insight.adsrvr.org *.xisecurenet.com *.bazaarvoice.com *.googletagmanager.com ib.adnxs.com pixel.advertising.com match.adsrvr.org *.yahoo.com pixel.rubiconproject.com *.bidswitch.net dsum-sec.casalemedia.com *.googleapis.com acsbap.com *.acsbap.com acsbapp.com *.acsbapp.com accessibe.com *.accessibe.com *.typekit.net/ *.yotpo.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com cdn-scripts.signifyd.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com https://static.klaviyo.com https://fast.a.klaviyo.com *.bazaarvoice.com *.google-analytics.com *.gstatic.com *.magentocommerce.com *.cardinalcommerce.com *.google.com *.googletagmanager.com *.googleapis.com acsbap.com *.acsbap.com acsbapp.com *.acsbapp.com accessibe.com *.accessibe.com *.facebook.net *.xisecurenet.com *.newrelic.com bam.nr-data.net *.experticity.com *.iesnare.com *.typekit.net/ *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com display.ugc.bazaarvoice.com *.typekit.net/ *.fonts.net *.googleapis.com *.gstatic.com *.bazaarvoice.com *.xisecurenet.com *.klaviyo.com *.myfonts.net *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com payments.sandbox.braintree-api.com origin-analytics-sand.sandbox.braintree-api.com assets.braintreegateway.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.klaviyo.com *.paypal.com *.magentocommerce.com *.adobedtm.com *.cardinalcommerce.com *.google.com *.google-analytics.com acsbap.com *.acsbap.com acsbapp.com *.acsbapp.com accessibe.com *.accessibe.com *.xisecurenet.com *.bazaarvoice.com *.experticity.com bam.nr-data.net *.facebook.net cdn.acsbap.com cdn.acsbapp.com google-analytics.com stats.g.doubleclick.net *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src fonts.gstatic.com maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.weltpixel.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de maps.googleapis.com *.gstatic.com *.cdninstagram.com *.fbcdn.net *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de maps.googleapis.com ajax.googleapis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com https://www.googletagmanager.com tagmanager.google.com *.instagram.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com maxcdn.bootstrapcdn.com tagmanager.google.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com https://www.google-analytics.com *.instagram.com *.googleusercontent.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src *.fontawesome.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.nosto.com *.nos.to 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es cdn.dnky.co webchat.dotdigital.com *.nosto.com *.nos.to 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.nosto.com *.nos.to 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com https://cdn.polyfill.io https://browser.sentry-cdn.com *.nosto.com *.nos.to *.sitesearch360.com *.semknox.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com *.nosto.com *.nos.to 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com https://*.ingest.sentry.io *.nosto.com *.nos.to *.sitesearch360.com *.semknox.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'unsafe-inline' 'unsafe-eval' data: https:; 2
font-src https://widgets.trustedshops.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com assets.braintreegateway.com tst.kaptcha.com c.paypal.com *.cardinalcommerce.com www.google.com *.klarna.com *.maps.googleapis.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com assets.braintreegateway.com checkout.paypal.com data: *.klarnacdn.net *.klarna.com *.klarnaevt.com www.w3.org https://widgets.trustedshops.com *.gstatic.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com www.googleadservices.com www.google-analytics.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com songbirdstag.cardinalcommerce.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.klarnacdn.net *.klarnaservices.com https://widgets.trustedshops.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com https://widgets.trustedshops.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com api.braintreegateway.com client-analytics.braintreegateway.com *.braintree-api.com api.sandbox.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.klarnaevt.com *.playground.klarnaevt.com *.trustedshops.com *.etrusted.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src https://www.gstatic.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adyen.com static.botsrv.com botsrv.com *.botsrv.com static.botsrv2.com botsrv2.com *.botsrv2.com *.bronto.com *.brontops.com *.doubleclick.net *.facebook.com maps.googleapis.com *.google-analytics.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.ladesk.com *.sensi2live.com *.sensi2stage.com *.snapchat.com *.slimjoy.pl *.slimjoy.cz vimeo.com *.vimeo.com *.youtube.com *.zopim.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com *.google.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.googletagmanager.com *.adyen.com http://app.bronto.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com secure.payu.com merch-prod.snd.payu.com *.antrk.tech *.atdmt.com static.botsrv.com botsrv.com *.botsrv.com static.botsrv2.com botsrv2.com *.botsrv2.com *.bronto.com *.brontops.com *.dotomi.com *.doubleclick.net *.dwin1.com *.facebook.com *.facebook.net *.google-analytics.com *.google.si maps.googleapis.com *.googleoptimize.com *.gstatic.com *.hotjar.com *.hotjar.io *.imedia.cz *.iprom.net cdn.ipromcloud.com *.kdukvh.com *.ladesk.com cdn.midas-network.com *.mxapis.com *.quora.com *.sensi2live.com *.sensi2stage.com *.sc-static.net sc-static.net *.seznam.cz *.shareasale.com *.slimjoy.pl *.snapchat.com *.taboola.com *.trustedshops.com vimeo.com *.vimeo.com *.zemanta.com *.zopim.com https://www.google.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com *.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.adyen.com ebizmarts-website.s3.amazonaws.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com static.payu.com *.antrk.tech *.atdmt.com static.botsrv.com botsrv.com *.botsrv.com static.botsrv2.com botsrv2.com *.botsrv2.com *.bronto.com *.brontops.com *.dotomi.com *.doubleclick.net *.dwin1.com *.facebook.com *.facebook.net *.google.com *.google.si maps.googleapis.com *.googleoptimize.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.imedia.cz *.iprom.net cdn.ipromcloud.com *.kdukvh.com *.kelkoogroup.net *.ladesk.com cdn.midas-network.com *.mxapis.com *.quora.com *.sensi2live.com *.sensi2stage.com *.sc-static.net sc-static.net *.seznam.cz *.shareasale.com *.slimjoy.pl *.snapchat.com *.taboola.com *.trustedshops.com vimeo.com *.vimeo.com *.youtube.com *.zemanta.com *.zopim.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com *.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.gstatic.com *.google.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.googletagmanager.com www.google-analytics.com *.adyen.com *.bronto.com *.chimpstatic.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com secure.payu.com secure.snd.payu.com *.adobedtm.com *.antrk.tech *.atdmt.com static.botsrv.com botsrv.com *.botsrv.com static.botsrv2.com botsrv2.com *.botsrv2.com *.brontops.com *.dotomi.com *.doubleclick.net *.dwin1.com *.facebook.com *.facebook.net *.google.si maps.googleapis.com *.googleoptimize.com *.hotjar.com *.hotjar.io *.imedia.cz *.iprom.net cdn.ipromcloud.com *.kdukvh.com *.kk-resources.com *.ladesk.com cdn.midas-network.com *.mxapis.com *.newrelic.com *.nr-data.net *.quora.com *.sensi2live.com *.sensi2stage.com *.sc-static.net sc-static.net *.seznam.cz *.shareasale.com *.slimjoy.pl *.snapchat.com *.taboola.com *.trustedshops.com *.vimeo.com *.youtube.com *.zemanta.com *.zopim.com https://www.google.com https://www.gstatic.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline botsrv.com *.botsrv.com botsrv2.com *.botsrv2.com *.zopim.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adyen.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com secure.payu.com merch-prod.snd.payu.com *.antrk.tech *.atdmt.com static.botsrv.com botsrv.com *.botsrv.com static.botsrv2.com botsrv2.com *.botsrv2.com *.bronto.com *.brontops.com *.dotomi.com *.doubleclick.net *.dwin1.com *.facebook.com maps.googleapis.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.imedia.cz *.iprom.net cdn.ipromcloud.com *.kdukvh.com *.kelkoogroup.net *.ladesk.com cdn.midas-network.com *.mxapis.com *.nr-data.net *.quora.com *.sensi2live.com *.sensi2stage.com *.seznam.cz *.sc-static.net sc-static.net *.shareasale.com *.slimjoy.pl *.snapchat.com *.taboola.com *.trustedshops.com vimeo.com *.vimeo.com *.youtube.com *.zemanta.com *.zopim.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data: blob: file:; frame-ancestors 'self' *.salesforce.com *.force.com *.visualforce.com *.documentforce.com; font-src https: data: blob: file:; connect-src 'self' https:; report-uri https://csp-report.force.com/_/ContentDomainCSPNoAuth?type=appserver 2
font-src 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com www.googleadservices.com www.google-analytics.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net cdn-scripts.signifyd.com *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com www.youtube.com js.braintreegateway.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com 'self' 'unsafe-inline'; manifest-src *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://www.youtube.com https://moneybird.disqus.com https://disqus.com https://c.disquscdn.com https://maps.googleapis.com https://bat.bing.com https://*.demio.com https://d3s4clg74dg0wr.cloudfront.net https://zapier.com https://plausible.io; style-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.gstatic.com https://c.disquscdn.com https://d3s4clg74dg0wr.cloudfront.net https://fonts.googleapis.com https://*.demio.com; img-src 'self' https://dl6oytjgv033w.cloudfront.net https://www.gstatic.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://referrer.disqus.com https://c.disquscdn.com https://www.google.nl https://www.google.com https://i.ytimg.com https://maps.gstatic.com https://csi.gstatic.com https://maps.googleapis.com https://bat.bing.com https://zapier.com https://cdn.zapier.com data:; object-src 'self' https://www.youtube-nocookie.com https://www.youtube.com; connect-src 'self' https://bat.bing.com https://www.google-analytics.com https://www.gstatic.com https://moneybird.com https://glitter.services.disqus.com https://homerun.co https://stats.g.doubleclick.net https://*.demio.com https://plausible.io/; frame-src 'self' https://www.googletagmanager.com https://www.google.com https://disqus.com https://www.youtube.com https://www.youtube-nocookie.com https://moneybird.clickwebinar.com https://w.soundcloud.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; report-uri https://moneybird.com/csp_report 2
font-src maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de https://images.unsplash.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com https://imgs.signifyd.com https://*.online-metrix.net 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.yotpo.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com maxcdn.bootstrapcdn.com unsafe-inline *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com www.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.yotpo.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src *.fontawesome.com *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com player.vimeo.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.authorize.net assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com getfirebug.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com unsafe-inline *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com 'self' 'unsafe-inline'; manifest-src *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.authorize.net www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://v.altos.re https://d3lvyvnpx5ojp0.cloudfront.net https://d2j5mmc5xd3gqs.cloudfront.net https://cdn.altos.re https://cdn.staging.altos.re https://d2iiunr5ws5ch1.cloudfront.net https://d2v26nvc3n2c51.cloudfront.net https://js.stripe.com https://checkout.stripe.com https://cdn.mxpnl.com https://api.mixpanel.com https://www.google-analytics.com https://code.jquery.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdn.ckeditor.com https://code.highcharts.com https://code.angularjs.org https://maxcdn.bootstrapcdn.com https://ssl.google-analytics.com https://connect.facebook.net https://www.bugherd.com; style-src 'self' 'unsafe-inline' https://v.altos.re https://d2j5mmc5xd3gqs.cloudfront.net https://d3lvyvnpx5ojp0.cloudfront.net https://d2iiunr5ws5ch1.cloudfront.net https://d2v26nvc3n2c51.cloudfront.net https://cdn.staging.altos.re https://cdn.ckeditor.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://fonts.googleapis.com; img-src 'self' data: https://v.altos.re https://d2j5mmc5xd3gqs.cloudfront.net https://d3lvyvnpx5ojp0.cloudfront.net https://cdn.altos.re https://cdn.staging.altos.re https://ssl.google-analytics.com https://www.google-analytics.com https://s-static.ak.facebook.com https://www.facebook.com https://altosimages-staging.s3.amazonaws.com https://altosimages.s3.amazonaws.com https://api.url2png.com https://cdn.ckeditor.com https://q.stripe.com https://maps.googleapis.com https://www.bugherd.com https://bugherd-attachments.s3.amazonaws.com https://d2iiunr5ws5ch1.cloudfront.net; font-src 'self' https://v.altos.re https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://themes.googleusercontent.com https://www.bugherd.com; connect-src 'self' https://charts.altosresearch.com https://cdn.staging.altos.re https://cdn.altos.re wss://ws.pusherapp.com/app/edf8b9a8b50d1c28bb17 https://api.mixpanel.com https://www.bugherd.com https://checkout.stripe.com; object-src 'self' ; child-src https://www.facebook.com https://s-static.ak.facebook.com https://www.filestackapi.com https://www.youtube.com https://checkout.stripe.com https://js.stripe.com https://dialog.filestackapi.com; block-all-mixed-content; reflected-xss block; report-uri https://altos.report-uri.io/r/default/csp/reportOnly; 2
default-src 'self' blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: omecare.com *.omecare.com *.google-analytics.com *.googletagmanager.com *.facebook.net https://*.authorize.net https://*.smartlook.com https://cdnjs.cloudflare.com/ajax/libs/Swiper/6.8.4/swiper-bundle.min.js https://cdn.jsdelivr.net/npm/vanilla-lazyload@17.4.0/dist/lazyload.min.js https://cdnjs.cloudflare.com/ajax/libs/jquery.maskedinput/1.4.1/jquery.maskedinput.min.js; connect-src 'self' omecare.com *.doubleclick.net *.google-analytics.com *.googletagmanager.com *.facebook.net *.facebook.com *.smartlook.com *.smartlook.cloud https://*.authorize.net *.google.com; frame-src *.facebook.com; style-src 'self' 'unsafe-inline' omecare.com *.omecare.com *.googleapis.com https://*.authorize.net https://cdnjs.cloudflare.com/ajax/libs/Swiper/6.8.4/swiper-bundle.min.css; font-src 'self' data: omecare.com *.omecare.com *.gstatic.com; img-src 'self' data: omecare.com *.omecare.com *.gravatar.com *.googletagmanager.com *.google-analytics.com *.google.ru *.google.com *.facebook.com *.facebook.net https://*.paypalobjects.com https://*.authorize.net; report-uri /_/csp 2
default-src 'self'; script-src 'self' 'sha256-MdC6fOvaO+dJENLQhOoRht9sHSJ++GoMxjtC5lOpUww=' 'strict-dynamic' https: 'unsafe-inline' 'report-sample'; style-src 'self' 'report-sample'; img-src *; base-uri 'none'; object-src 'none'; report-uri https://ryanseddon.report-uri.com/r/d/csp/reportOnly; report-to csp-endpoint; 2
font-src *.typekit.net *.fontawesome.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com static.hotjar.com www.google.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.paulandshark.com paulandshark.com *.typekit.net www.google.it www.google.com bat.bing.com www.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com polyfill.io *.typekit.net *.klarnaservices.com www.googletagmanager.com *.tradedoubler.com static.hotjar.com bat.bing.com script.crazyegg.com connect.facebook.net sdk-api.eyefitu.com eyefituwebsdk.blob.core.windows.net web-sdk.eyefitu.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.paulandshark.com paulandshark.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.algolia.net *.algolia.com *.klarnauserservices.com *.klarnaservices.com www.google-analytics.com analytics.google.com stats.g.doubleclick.net script.crazyegg.com notifier-configs.airbrake.io sdk-api.eyefitu.com https://geoip-js.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src https: wss:; report-uri https://almexx.report-uri.io/r/default/csp/reportOnly 2
font-src *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.cybersource.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de ebizmarts-website.s3.amazonaws.com store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com *.chimpstatic.com *.cardinalcommerce.com h.online-metrix.net *.authorize.net assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com unsafe-inline *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com *.cardinalcommerce.com h.online-metrix.net *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; object-src https:; style-src 'unsafe-inline' https:; img-src https:; media-src https:; frame-src https:; font-src https: data:; connect-src https:; report-uri //report-csp-violation 2
font-src 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es cdn.dnky.co webchat.dotdigital.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src *.sagepay.com https://js.klevu.com http://js.klevu.com https://fonts.gstatic.com http://fonts.gstatic.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.sagepay.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com *.sagepay.com https://widget.trustpilot.com http://widget.trustpilot.com https://lpcdn.lpsnmedia.net http://lpcdn.lpsnmedia.net 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.paypal.com *.sagepay.com https://cdn-images.mailchimp.com http://cdn-images.mailchimp.com https://connect.nosto.com http://connect.nosto.com https://js.klevu.com http://js.klevu.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net cdn-scripts.signifyd.com www.youtube.com *.sagepay.com https://www.fencestore.co.uk http://www.fencestore.co.uk https://www.shedstore.co.uk http://www.shedstore.co.uk https://www.buyfencingdirect.co.uk http://www.buyfencingdirect.co.uk https://www.buyshedsdirect.co.uk http://www.buyshedsdirect.co.uk https://www.buylogcabinsdirect.co.uk http://www.buylogcabinsdirect.co.uk https://www.greatlittlegarden.co.uk http://www.greatlittlegarden.co.uk https://www.bmgardenbuildings.co.uk http://www.bmgardenbuildings.co.uk https://js.klevu.com http://js.klevu.com https://accdn.lpsnmedia.net http://accdn.lpsnmedia.net https://lpcdn.lpsnmedia.net http://lpcdn.lpsnmedia.net https://lptag.liveperson.net http://lptag.liveperson.net https://lo.v.liveperson.net http://lo.v.liveperson.net https://connect.nosto.com http://connect.nosto.com https://widget.trustpilot.com http://widget.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.sagepay.com https://www.fencestore.co.uk http://www.fencestore.co.uk https://www.shedstore.co.uk http://www.shedstore.co.uk https://www.buyfencingdirect.co.uk http://www.buyfencingdirect.co.uk https://www.buyshedsdirect.co.uk http://www.buyshedsdirect.co.uk https://www.buylogcabinsdirect.co.uk http://www.buylogcabinsdirect.co.uk https://www.greatlittlegarden.co.uk http://www.greatlittlegarden.co.uk https://www.bmgardenbuildings.co.uk http://www.bmgardenbuildings.co.uk https://fonts.googleapis.com http://fonts.googleapis.com https://cdn.jsdelivr.net http://cdn.jsdelivr.net https://js.klevu.com http://js.klevu.com https://cdn-images.mailchimp.com http://cdn-images.mailchimp.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.paypal.com *.sagepay.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src self; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.googletagmanager.com *.google-analytics.com *.google.com *.google.co.uk apps.nestle.com apps.nestle.co.uk *.newrelic.com *.betrad.com bam-cell.nr-data.net *.addtoany.com cdnjs.cloudflare.com *.fusepump.com *.youtube.com s.ytimg.com *.evidon.com code.jquery.com  *.serving-sys.com *.igodigital.com connect.facebook.net *.krxd.net *.cloudfront.net *.pricespider.com s.pinimg.com js.adsrvr.org api.tiles.mapbox.com unpkg.com cdn.hypemarks.com *.gigya.com *.ads-twitter.com *.twitter.com cdn.az.ciam.nestle.com *.nestle.com www.gstatic.com www.googleadservices.com *.juicer.io googleads.g.doubleclick.net ds.serving-sys.com; style-src 'self' 'unsafe-inline' *.nestlepurelife.com *.acsitefactory.com fonts.googleapis.com fonts.gstatic.com *.cloudflare.com *.fusepump.com *.youtube.com cloud.typography.com  *.acsitefactory.com *.google.com *.nestlewaters.com *.nestlepurelife.com *.pricespider.com d6uvc6aer7eax.cloudfront.net api.tiles.mapbox.com maxcdn.bootstrapcdn.com apps.nestle.co.uk *.juicer.io; img-src 'self' blob: data: *.googleapis.com *.youtube.com *.gstatic.com *.googletagmanager.com *.cloudflare.com *.google-analytics.com *.doubleclick.net *.google.com *.google.co.uk *.doubleclick.net *.betrad.com *.amazonaws.com px.pump.to *.fusepump.com *.evidon.com  *.igodigital.com www.facebook.com *.krxd.net *.nestlewaters.com *.nestlewaters.com ct.pinterest.com d6uvc6aer7eax.cloudfront.net trz.neodatagroup.com insight.adsrvr.org *.pricespider.com kwptg.kantarworldpanel.fr di.rlcdn.com t.co apps.nestle.co.uk *.amazon-adsystem.com *.mookie1.com; frame-src 'self' *.addtoany.com *.youtube.com *.youtu.be *.evidon.com  *.doubleclick.net *.krxd.net *.fusepump.com www.facebook.com insight.adsrvr.org s.amazon-adsystem.com www.contattigrupposanpellegrino.it cdn.hypemarks.com *.gigya.com open.spotify.com www.google.com; frame-ancestors 'self'; child-src 'self' blob: data: *.addtoany.com *.youtube.com *.youtu.be *.evidon.com  *.doubleclick.net *.krxd.net; font-src 'self' data: fonts.gstatic.com fonts.googleapis.com cdnjs.cloudflare.com apps.nestle.co.uk static.juicer.io; connect-src 'self' data: *.fusepump.com www.facebook.com *.doubleclick.net *.google-analytics.com  collect.analyze.ly secure-ds.serving-sys.com bam-cell.nr-data.net ct.pinterest.com cdn.hypemarks.com *.mapbox.com apps.nestle.co.uk; report-uri /report-csp-violation 2
worker-src blob:; font-src *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.fontawesome.com *.hotjar.com *.reviews.io 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.twitter.com *.facebook.com *.ometria.com 'self' 'unsafe-inline'; frame-ancestors *.widget.reviews.co.uk https://widget.reviews.co.uk *.reviews.co.uk https://www.pingdom.com http://www.pingdom.com https://www.reviews.io https://www.reviews.co.uk *.pingdom.com *.wed2b.co.uk 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com *.adyen.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://widget.reviews.co.uk *.twitter.com *.hotjar.com *.doubleclick.net *.ladesk.com *.typeform.com *.facebook.com *.reviews.co.uk *.braintreegateway.com https://a.pgtb.me https://tpc.googlesyndication.com/ 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.adyen.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com 'self' data: *.lightemporium.com *.usercentrics.eu *.google.co.uk *.google.com *.facebook.com *.g.doubleclick.net *.pinterest.com *.maps.gstatic.com *.googleapis.com https://trk.ometria.com/ *.adalyser.com *.postcodeanywhere.co.uk *.googletagmanager.com https://c.contentsquare.net https://l.contentsquare.net *.reviews.io https://11164202.fls.doubleclick.net *.google.cz *.google.be *.google.nl *.google.de *.google.fr *.google.es *.google.gr *.reviews.co.uk *.gstatic.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.adyen.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.googletagmanager.com *.hotjar.com *.adnxs.com *.facebook.net *.ladesk.com *.adalyser.com *.g.doubleclick.net *.hotjar.io *.pinterest.com *.reviews.co.uk *.maps.googleapis.com https://maps.googleapis.com http://cdn.ometria.com https://cdn.ometria.com https://cdn.polyfill.io/ *.google.com *.pcapredict.com *.postcodeanywhere.co.uk *.ccdc02.com https://cdn.noibu.com/collect.js https://t.contentsquare.net https://d1m2uzvk8r2fcn.cloudfront.net/ https://d2xcq4qphg1ge9.cloudfront.net/ https://tpc.googlesyndication.com/ https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.postcodeanywhere.co.uk *.reviews.io data: tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://cdn.wed2b.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adyen.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.hotjar.com *.hotjar.io *.reviews.co.uk https://widget.reviews.co.uk https://www.pingdom.com https://api.reviews.co.uk https://www.google-analytics.com https://stats.g.doubleclick.net http://www.googletagmanager.com/ *.facebook.com *.braintree-api.com *.braintreegateway.com *.postcodeanywhere.co.uk *.cdn.noibu.com *.input.noibu.com/ wss://input.noibu.com/ https://input.noibu.com/pv https://input.noibu.com/metrics *.contentsquare.net/ https://api.reviews.io *.google.com 'self' 'unsafe-inline'; child-src blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.wed2b.com/; report-to report-endpoint; 2
default-src https: 'unsafe-eval' 'unsafe-inline'; img-src https: data:; report-uri /_/tools/cspr.php 2
frame-ancestors 'none'; block-all-mixed-content; object-src 'none'; report-uri https://sentry.io/api/148442/security/?sentry_key=48196e632bb14305ad3fe47c6570e363 2
font-src js.klevu.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.nosto.com *.nos.to 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com checkoutshopper-test.adyen.com checkoutshopper-live.adyen.com www.google.com *.nosto.com *.nos.to 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com https://static.afterpay.com *.nosto.com js.klevu.com checkoutshopper-test.adyen.com checkoutshopper-live.adyen.com www.crafterscompanion.co.uk www.crafterscompanion.com www.crafterscompanion.eu *.nos.to 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com polyfill.io https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://static.afterpay.com https://js.sandbox.afterpay.com https://js.afterpay.com *.nosto.com js.klevu.com www.dwin1.com www.google.com www.gstatic.com www.googletagmanager.com checkoutshopper-test.adyen.com checkoutshopper-live.adyen.com js-agent.newrelic.com bam.nr-data.net *.nos.to 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com static.afterpay.com/ js.sandbox.afterpay.com js.afterpay.com js.klevu.com *.nosto.com *.nos.to 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.algolia.net *.algolia.com static.afterpay.com js.sandbox.afterpay.com js.afterpay.com *.nosto.com js-agent.newrelic.com bam.nr-data.net *.nos.to 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self'; block-all-mixed-content; connect-src 'self' wss://de20.zopim.com csi.gstatic.com maps.gstatic.com korrelatie.zendesk.com wss://widget-mediator.zopim.com ekr.zdassets.com veiligthuis.zendesk.com; font-src 'self' fonts.gstatic.com v2.zopim.com; form-action 'self'; img-src 'self' data: www.googletagmanager.com www.google-analytics.com analytics.connectholland.nl v2.zopim.com maps.gstatic.com maps.googleapis.com csi.gstatic.com; media-src static.zdassets.com; script-src 'self' www.googletagmanager.com www.google-analytics.com analytics.connectholland.nl v2.zopim.com maps.googleapis.com pg-ws-ggz.custhelp.com static.zdassets.com 'unsafe-inline' 'sha256-xUQcjHXkAfsqgYPp5eXPEjb+c/CcEfnvUxHuSLGcvrc='; style-src 'self' 'unsafe-inline' fonts.googleapis.com pg-ws-ggz.widget.custhelp.com; report-uri https://errors.connectholland.nl/api/228/security/?sentry_key=f6211e7fc77f4d179394bc8d5d4237c7 2
font-src *.cloudflare.com *.bootstrapcdn.com *.googleapis.com *.gstatic.com *.fontawesome.com *.fonts.googleapis.com data: api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.dotdigital-pages.com *.dotdigital.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.youtube.com *.facebook.com cdn.dnky.co webchat.dotdigital.com *.google.com *.addthis.com *.pinterest.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.cloudflare.com *.ytimg.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.facebook.com https://cdn.klarna.com https://s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.addthis.com *.pinterest.com *.cdninstagram.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com www.googletagmanager.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.cloudflare.com *.twitter.com *.fontawesome.com *.vimeocdn.com *.youtube.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.google.com *.zdassets.com *.facebook.net cdn.dnky.co api.comapi.com webchat.dotdigital.com *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.pinterest.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com https://js-agent.newrelic.com https://bam.nr-data.net yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.cloudflare.com *.fontawesome.com *.bootstrapcdn.com *.googleapis.com *.gstatic.com cdn.dnky.co webchat.dotdigital.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.cloudflare.com *.google-analytics.com *.googletagmanager.com *.zendesk.com *.zopim.com *.zdassets.com *.gstatic.com api.comapi.com webchat.dotdigital.com *.paypal.com *.googleapis.com *.addthis.com *.cardinalcommerce.com https://graph.instagram.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com https://js-agent.newrelic.com https://bam.nr-data.net yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
worker-src blob:; font-src *.fontawesome.com *.narvar.com *.narvar.qa https://cdnjs.cloudflare.com *.cloudflare.com *.typekit.net *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.facebook.com *.twitter.com *.youtube.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.googletagmanager.com *.facebook.com *.hotjar.com *.twitter.com *.demdex.net *.doubleclick.net *.test.adyen.com *.live.adyen.com https://www.youtube.com *.youtube.com *.vimeo.com *.google.com *.fitanalytics.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.adyen.com *.narvar.com *.narvar.qa https://s.ytimg.com *.ytimg.com *.magentocommerce.com *.paypal.com *.cloudfront.net *.amazon.com *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.bigcontent.io *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.emdex.net *.everesttech.net data: *.avada.io *.visualwebsiteoptimizer.com *.bing.com *.facebook.com *.quantserve.com *.doubleclick.net *.google.com *.google.be *.google.co.in *.omtrdc.net *.demdex.net *.dickieslife.com *.amasty.com http://fulluat-vfc.cs87.force.com *.test.adyen.com *.live.adyen.com blob: *.googletagmanager.com *.googleapis.com *.gstatic.com *.contentsquare.net *.fitanalytics.com 'self' 'unsafe-inline'; script-src *.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com *.vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com *.adyen.com *.avada.io https://cdnjs.cloudflare.com *.google.com *.googletagmanager.com *.googleadservices.com *.hotjar.com *.cookielaw.org *.pingdom.net *.cardinalcommerce.com *.onetrust.com *.facebook.net *.bing.com *.visualwebsiteoptimizer.com *.authorize.net *.braintreegateway.com *.signifyd.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.avada-popup.min.js *.quantserve.com *.quantcount.com *.doubleclick.net *.webgains.io *.salesforceliveagent.com *.gstatic.com *.webgains.com https://w-it.m-t.io *.googleapis.com *.test.adyen.com *.live.adyen.com *.vimeocdn.com *.datadoghq-browser-agent.com *.datadoghq.eu *.contentsquare.net *.contentsquare.com *.fitanalytics.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com *.typekit.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.narvar.com *.narvar.qa 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.cookielaw.org *.pingdom.net *.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.com *.amazonpay.jp mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.avada-popup.min.js *.emdex.net *.everesttech.net *.doubleclick.net www.google-analytics.com *.avada.io *.visualwebsiteoptimizer.com *.hotjar.com *.paypal.com *.paypalobjects.com *.demdex.net *.hotjar.io *.bing.com *.adyen.com *.test.adyen.com *.live.adyen.com https://www.youtube.com *.youtube.com *.onetrust.com *.go-mpulse.net *.akstat.io/ *.datadoghq-browser-agent.com *.datadoghq.eu *.contentsquare.net *.fitanalytics.com 'self' 'unsafe-inline'; child-src blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self' data: reedexpo-service.com *.youtube-nocookie.com; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' reedexpo-service.com *.googletagmanager.com *.google-analytics.com www.gstatic.com/recaptcha/ www.youtube.com *.ytimg.com www.google.com *.googleapis.com *.google.com www.googleadservices.com www.googletagmanager.com *.cookielaw.org *.onetrust.com connect.facebook.net; style-src 'self' data: 'unsafe-inline'; img-src 'self' data: reedexpo-service.com www.barconvent.com *.cookielaw.org *.googletagmanager.com *.googleapis.com *.google-analytics.com *.facebook.com connect.facebook.net www.google.de www.google.com www.google.at *.gstatic.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gp *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.nf *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tk *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat; connect-src 'self' data: *.google-analytics.com reedexpo-service.com *.cookielaw.org *.onetrust.com *.g.doubleclick.net; font-src 'self' data: fonts.gstatic.com fast.fonts.net; media-src 'self' data:; object-src 'self' data:; child-src 'self' data: *.youtube-nocookie.com www.google.com reedexpo-service.com *.google.com; frame-ancestors 'self' data: 2
font-src fonts.googleapis.com fonts.gstatic.com *.typekit.net www.google-analytics.com *.trackedlink.net *.trackedweb.net *.yotpo.com *.vimeo.com *.player.vimeo.com *.vimeocdn.com *.authorize.net js.braintreegateway.com assets.adobedtm.com secure.authorize.net test.authorize.net *.dotdigital-pages.com webchat.dotdigital.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.fr *.payments-amazon.es geostag.cardinalcommerce.com *.nr-data.net bam.nr-data.net https://www.gstatic.com https://fonts.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com player.vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.dotdigital-pages.com *.dotdigital.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es https://www.google.com cdn.dnky.co webchat.dotdigital.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com maps.googleapis.com maps.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.paypal.com https://s.ytimg.com *.trackedlink.net *.trackedweb.net *.yotpo.com *.vimeo.com *.player.vimeo.com *.authorize.net js.braintreegateway.com assets.adobedtm.com secure.authorize.net test.authorize.net *.dotdigital-pages.com webchat.dotdigital.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.fr *.payments-amazon.es geostag.cardinalcommerce.com *.nr-data.net bam.nr-data.net store.paradoxlabs.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com *.vimeo.com www.vimeo.com *.vimeocdn.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com www.googletagmanager.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.yotpo.com *.player.vimeo.com *.authorize.net webchat.dotdigital.com *.newrelic.com *.nr-data.net bam.nr-data.net https://www.google.com https://www.gstatic.com cdn.dnky.co api.comapi.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com getfirebug.com fonts.googleapis.com www.google-analytics.com *.trackedlink.net *.trackedweb.net *.yotpo.com *.vimeo.com *.player.vimeo.com *.vimeocdn.com *.authorize.net js.braintreegateway.com assets.adobedtm.com secure.authorize.net test.authorize.net *.dotdigital-pages.com webchat.dotdigital.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.fr *.payments-amazon.es geostag.cardinalcommerce.com *.nr-data.net bam.nr-data.net cdn.dnky.co yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com 'self' 'unsafe-inline'; manifest-src *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com 'self' 'unsafe-inline'; connect-src *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.paypal.com www.google-analytics.com *.yotpo.com *.vimeo.com *.player.vimeo.com *.vimeocdn.com *.authorize.net js.braintreegateway.com assets.adobedtm.com secure.authorize.net test.authorize.net webchat.dotdigital.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.fr *.payments-amazon.es *.nr-data.net bam.nr-data.net api.comapi.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com player.vimeo.com https://player.vimeo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com jquery.sellxed.com *.googleapis.com *.google.com *.gstatic.com https://player.vimeo.com https://www.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com http://fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://fonts.googleapis.com https://fonts.gstatic.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src fonts.gstatic.com use.typekit.net https://www.gstatic.com https://fonts.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self' 'unsafe-inline'; frame-src https://*.online-metrix.net https://imgs.signifyd.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com www.youtube.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es cdn.dnky.co webchat.dotdigital.com https://www.google.com *.weltpixel.com 'self' 'unsafe-inline'; img-src https://imgs.signifyd.com https://*.online-metrix.net www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com img.youtube.com maps.googleapis.com maps.gstatic.com p.typekit.net *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es data: 'self' 'unsafe-inline'; script-src https://cdn-scripts.signifyd.com https://imgs.signifyd.com jstest.authorize.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com commerce.adobedtm.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com maps.googleapis.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net magento-recs-sdk.adobe.net s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com https://www.google.com https://www.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com getfirebug.com cdn.dnky.co webchat.dotdigital.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src https://imgs.signifyd.com commerce.adobe.io geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com commerce.adobedtm.com commerce.adobedc.net vimeo.com *.adobe.io performance.typekit.net commerce.adobe.net qa-api.magedevteam.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src maxcdn.bootstrapcdn.com fonts.gstatic.com tvape.com torontovaporizer.ca stonersguardian.com api.payengine.de payengine.de *.olark.com cdn.tvape.fr *.cloudflare.com cdnjs.cloudflare.com cloudflare.com js.klevu.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.google.com accounts.google.com hubspot.com forms.hubspot.com hsforms.net forms.hsforms.com hsforms.com js.hsforms.net stonersguardian.com api.payengine.de payengine.de signin.ebay.com auth.ebay.com ebay.com www.ebay.com *.cardinalcommerce.com tvape.de 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com *.dotdigital-pages.com *.dotdigital.com www.google.com accounts.google.com www.facebook.com platform.twitter.com static.olark.com tracking.sezzle.com online.fliphtml5.com r1.dotmailer-surveys.com pp.payengine.de hsforms.net forms.hsforms.com dpm.demdex.net demdex.net youtu.be youtube.com stonersguardian.com api.payengine.de payengine.de player.vimeo.com vimeo.com 20813811p.rfihub.com *.cardinalcommerce.com *.weltpixel.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com www.google.com accounts.google.com www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com amcglobal.sc.omtrdc.net torontovaporizer.ca cdn.torontovaporizer.ca tvape.com stats.g.doubleclick.net maps.gstatic.com d3svog4tlx445w.cloudfront.net static.olark.com log.olark.com data: media.sezzle.com i.ytimg.com www.googletagmanager.com maps.googleapis.com js.hsforms.net hsforms.net forms.hsforms.com forms.hubspot.com *.tvape.com dpm.demdex.net demdex.net chart.googleapis.com stonersguardian.com api.payengine.de payengine.de r1-t.trackedlink.net img.onesignal.com *.cardinalcommerce.com js.klevu.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com www.youtube.com jquery.sellxed.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com www.google.com accounts.google.com connect.facebook.net twitter.com platform.twitter.com embed.sendcloud.sc knrpc.olark.com static.cloudflareinsights.com maps.googleapis.com www.googletagmanager.com stats.g.doubleclick.net www.gstatic.com r1-t.trackedlink.net c1.rfihub.net a.rfihub.net pp.payengine.de static.olark.com assets.olark.com api.olark.com a.optnmstr.com widget.sezzle.com r1.dotmailer-surveys.com js.hsforms.net hsforms.net forms.hsforms.com *.vimeocdn.com dpm.demdex.net demdex.net stonersguardian.com ajax.cloudflare.com api.payengine.de payengine.de g594253005.co verify.bluecheck.me g1782759015.co.de g1782759015.co cdn.onesignal.com onesignal.com bam.nr-data.net *.cardinalcommerce.com script.crazyegg.com cdn.noibu.com cdn4.mxpnl.com *.mxpnl.com js.klevu.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com maxcdn.bootstrapcdn.com static.olark.com media.sezzle.com fonts.googleapis.com hsforms.net forms.hsforms.com dpm.demdex.net demdex.net stonersguardian.com api.payengine.de payengine.de accounts.google.com onesignal.com cdn.tvape.fr verify.bluecheck.me *.cloudflare.com cdnjs.cloudflare.com cloudflare.com js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src static.olark.com cdn.torontovaporizer.ca stonersguardian.com api.payengine.de payengine.de cdn.tvape.fr *.cardinalcommerce.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com www.google.com accounts.google.com knrpc.olark.com api.omappapi.com geoip.sezzle.com media.sezzle.com www.google-analytics.com stats.g.doubleclick.net developer.google.com hsforms.net forms.hsforms.com dpm.demdex.net demdex.net stonersguardian.com api.payengine.de payengine.de bam.nr-data.net onesignal.com *.cardinalcommerce.com cdn.noibu.com script.crazyegg.com input.noibu.com *.noibu.com wss://input.noibu.com/pv_part verify.bluecheck.me *.bluecheck.me cdn4.mxpnl.com *.mxpnl.com api-js.mixpanel.com *.mixpanel.com *.ksearchnet.com *.paypal.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
script-src 'self' 'unsafe-eval' 'unsafe-inline' www.marcelle.com *.cloudmaestro.com staticw2.yotpo.com widget-mediator.zopim.com *.cloudflare.com acuityplatform.com *.google.com chimpstatic.com www.googletagmanager.com *.google-analytics.com analytics.twitter.com *.facebook.net *.hotjar.com static.zdassets.com platform.instagram.com www.gstatic.com js-agent.newrelic.com bam.nr-data.net *.zendesk.com *.criteo.net www.youtube.com s.ytimg.com *.criteo.com ajax.googleapis.com api.instagram.com www.instagram.com app.purechat.com widget.surveymonkey.com secure-cdn.mplxtms.com snap.licdn.com *.annabelle.com www.lisewatier.com www.lisewatier.us www.salesgroupemarcelle.com www.googleadservices.com secure.adnxs.com ib.adnxs.com platform.twitter.com s.pinimg.com googleads.g.doubleclick.net static.ads-twitter.com *.queue-it.net marcelle.us5.list-manage.com tpc.googlesyndication.com ws1.postescanada-canadapost.ca static.zdassets.com; report-uri /.webscale/csp-report 2
default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri /csp_report; 2
script-src 'self'; style-src 'self'; frame-ancestors 'self' 2
font-src *.narvar.com *.narvar.qa *.sensefuel.com *.sensefuel.live https://cdnjs.cloudflare.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.ad-srv.net *.hotjar.com *.criteo.com gjigle.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.narvar.com *.narvar.qa *.cloudinary.com *.cloudfront.net *.dnd.fr data: *.eden-park.com *.nosto.com *.stylight.net *.google.com *.google.fr *.facebook.com *.advertising.com *.doubleclick.net *.mgid.com *.omnitagjs.com *.outbrain.com *.rubiconproject.com *.taboola.com *.3lift.com *.adnxs.com *.pubmatic.com *.smartadserver.com *.tremorhub.com *.bidswitch.net *.e-planning.net *.360yield.com *.openx.net *.casalemedia.com *.teads.tv *.yahoo.com *.smaato.net *.media.net *.criteo.com *.ivitrack.com *.adform.net *.cdninstagram.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.newrelic.com *.googletagmanager.com *.facebook.net *.sensefuel.com *.nosto.com *.sensefuel.live *.hotjar.com *.criteo.net *.eden-park.com *.amazonaws.com *.criteo.com *.kk-resources.com *.stylight.net *.marvellousmachine.net notifpush.com *.adform.net *.cnnx.link *.nr-data.net *.google.com *.gstatic.com *.socloz.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.sensefuel.com *.sensefuel.live https://fonts.googleapis.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.narvar.com *.narvar.qa *.cloudinary.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.sensefuel.com *.sensefuel.live *.instagram.com *.nosto.com *.doubleclick.net notifpush.com *.hotjar.com gjigle.com *.nr-data.net 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src *.fontawesome.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.weltpixel.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com data: www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.magezon.com *.gstatic.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com js.braintreegateway.com https://api.addressfinder.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com https://api.addressfinder.io *.fontawesome.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://api.addressfinder.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src *.fontawesome.com *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com www.google.com *.google.com *.doubleclick.net *.facebook.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.fontawesome.com *.googleapis.com *.doubleclick.net *.facebook.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com *.facebook.com *.facebook.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; connect-src https: ws: ;frame-ancestors 'self'; report-uri /csp-violation-report-endpoint/ 2
font-src fonts.gstatic.com use.typekit.net https://*.gstatic.com https://*.typekit.net *.klevu.com *.ksearchnet.com *.fontawesome.com *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com player.vimeo.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de cdn.dnky.co webchat.dotdigital.com https://*.doubleclick.net https://*.google.com https://*.hotjar.com *.wesupply.xyz *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com p.typekit.net *.vimeocdn.com s.ytimg.com data: d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de https://*.doubleclick.net https://*.google.com https://*.google.co.uk https://*.cloudfront.net *.klevu.com *.ksearchnet.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com js.authorize.net jstest.authorize.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com commerce.adobedtm.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net magento-recs-sdk.adobe.net s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com cdn-scripts.signifyd.com www.youtube.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com *.plugins.emarsys.net *.scarabresearch.com https://*.pcapredict.com/js/sensor.js https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://*.hotjar.com https://*.doubleclick.net https://secure.leadforensics.com https://*.googleapis.com *.klevu.com *.ksearchnet.com *.cloudflare.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com getfirebug.com cdn.dnky.co webchat.dotdigital.com https://*.googleapis.com https://*.typekit.net *.klevu.com *.ksearchnet.com *.fontawesome.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src api.magento.com commerce.adobe.io geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com commerce.adobedtm.com commerce.adobedc.net performance.typekit.net *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com *.scarabresearch.com *.eservice.emarsys.net https://*.hotjar.com https://*.adobedc.net https://*.nr-data.net *.klevu.com *.ksearchnet.com *.yotpo.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src *.gstatic.com data: *.olark.com *.fontawesome.com *.typekit.net 'self' data: fonts.googleapis.com fonts.gstatic.com *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.cybersource.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com *.olark.com *.google.com *.hubspot.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.cybersource.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.gstatic.com *.googleapis.com store.paradoxlabs.com *.olark.com *.webdamdb.com *.amazon.com *.amazonaws.com *.cloudfront.net *.linkedin.com *.google.com *.adsymptotic.com 'self' data: *.hubspot.com maps.googleapis.com maps.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.pingdom.net *.hsforms.net *.hsforms.com *.olark.com *.calendly.com *.cloudfront.net *.licdn.com *.newrelic.com *.nr-data.net *.googletagmanager.com *.hs-scripts.com *.hs-analytics.net *.usemessages.com *.hs-banner.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.cardinalcommerce.com h.online-metrix.net *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.google.com *.gstatic.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.pingdom.net *.olark.com *.calendly.com *.fontawesome.com *.typekit.net fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com unsafe-inline *.googleapis.com *.gstatic.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.olark.com data: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.pingdom.net *.olark.com *.hubspot.com *.nr-data.net *.google-analytics.com *.doubleclick.net *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.cardinalcommerce.com h.online-metrix.net *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src fonts.gstatic.com use.typekit.net data: *.fontawesome.com *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.dotdigital-pages.com *.dotdigital.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de cdn.dnky.co amc.demdex.net www.google.com www.facebook.com gum.criteo.com webchat.dotdigital.com *.mercadolibre.com mldp.mercadopago.com www.mercadolibre.com https://ibang-webviews.ibang.ai https://www.youtube.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net p.typekit.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de maps.gstatic.com maps.googleapis.com accounts.google.com www.google.com www.facebook.com imgmp.mlstatic.com *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar www.mercadolibre.com www.mercadolibre.com.mx www.mercadolibre.com.ar www.mercadolibre.com.br a248.e.akamai.net mercadolivre.com.br www.mercadolivre.com.br www.mercadolivre.com.mx www.mercadolivre.com.ar www.mercadopago.com secure.mlstatic.com https://ibangblob.blob.core.windows.net www.mercadolivre.com http://imgmp.mlstatic.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net commerce.adobedtm.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com video.google.com vimeo.com www.vimeo.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de cdn.dnky.co r1-t.trackedlink.net www.gstatic.com js-agent.newrelic.com bam.nr-data.net maps.googleapis.com connect.facebook.net dynamic.c static.criteo.net dynamic.criteo.com sslwidget.criteo.com fast.amc.demdex.net widget.eu.criteo.com api.comapi.com webchat.dotdigital.com *.mlstatic.com http2.mlstatic.com secure.mlstatic.com https://www.google.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com getfirebug.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net api.magento.com commerce.adobe.io commerce.adobedtm.com commerce.adobedc.net *.adobe.io performance.typekit.net commerce.adobe.net qa-api.magedevteam.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de api.comapi.com bam.nr-data.net webchat.dotdigital.com *.mercadopago.com api.mercadopago.com events.mercadopago.com www.mercadolibre.com https://stats.g.doubleclick.net https://www.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src *.gstatic.com 'self' data: *.doubleclick.net *.fontawesome.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com *.doubleclick.net *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com https://www.googletagmanager.com/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com *.googletagmanager.com *.facebook.net *.doubleclick.net *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com *.doubleclick.net cdn.dnky.co webchat.dotdigital.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.google-analytics.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ gethatch.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self' data:;                                         connect-src 'self' *.google-analytics.com *.gstatic.com *.addthis.com;                                        script-src 'self' *.google.com *.googleapis.com *.google-analytics.com *.gstatic.com www.googletagmanager.com                                 *.twitter.com *.twimg.com *.addthis.com *.addthisedge.com z.moatads.com *.jquery.com                                 *.facebook.net *.facebook.com                                 'unsafe-inline' 'unsafe-eval' 'report-sample';                      style-src 'self' *.googleapis.com *.google.com *.twitter.com *.twimg.com *.fontawesome.com 'unsafe-inline';                      img-src 'self' *.google.com *.google-analytics.com *.gstatic.com *.googleapis.com www.googletagmanager.com                              *.twitter.com *.twimg.com data: *.addthis.com *.facebook.com;                      font-src 'self' fonts.gstatic.com *.fontawesome.com;                      frame-src 'self' *.google.com *.addthis.com *.twitter.com *.youtube.com *.vimeo.com www.googletagmanager.com;                      form-action 'self' *.twitter.com;                      report-uri https://hciyork.report-uri.com/r/d/csp/enforce 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: www.googletagservices.com *.googlesyndication.com *.googleadservices.com googleads.g.doubleclick.net adservice.google.com adservice.google.ae adservice.google.al adservice.google.at adservice.google.be adservice.google.bg adservice.google.bs adservice.google.ca adservice.google.ch adservice.google.ci adservice.google.cl adservice.google.co.bw adservice.google.co.cr adservice.google.co.id adservice.google.co.il adservice.google.co.in adservice.google.co.jp adservice.google.co.ke adservice.google.co.kr adservice.google.co.mz adservice.google.co.nz adservice.google.co.th adservice.google.co.tz adservice.google.co.uk adservice.google.co.uz adservice.google.co.ve adservice.google.co.za adservice.google.co.zm adservice.google.co.zw adservice.google.com.ai adservice.google.com.ar adservice.google.com.au adservice.google.com.bd adservice.google.com.bh adservice.google.com.bn adservice.google.com.bo adservice.google.com.br adservice.google.com.co adservice.google.com.cy adservice.google.com.ec adservice.google.com.eg adservice.google.com.et adservice.google.com.fj adservice.google.com.gh adservice.google.com.gi adservice.google.com.gt adservice.google.com.hk adservice.google.com.jm adservice.google.com.kh adservice.google.com.kw adservice.google.com.lb adservice.google.com.mm adservice.google.com.mt adservice.google.com.mx adservice.google.com.my adservice.google.com.ng adservice.google.com.ni adservice.google.com.np adservice.google.com.om adservice.google.com.pa adservice.google.com.pe adservice.google.com.ph adservice.google.com.pk adservice.google.com.pr adservice.google.com.py adservice.google.com.qa adservice.google.com.sa adservice.google.com.sg adservice.google.com.sv adservice.google.com.tr adservice.google.com.tw adservice.google.com.ua adservice.google.com.uy adservice.google.com.vn adservice.google.cz adservice.google.de adservice.google.dk adservice.google.dz adservice.google.ee adservice.google.es adservice.google.fi adservice.google.fr adservice.google.ge adservice.google.gr adservice.google.gy adservice.google.hn adservice.google.hr adservice.google.hu adservice.google.ie adservice.google.im adservice.google.iq adservice.google.is adservice.google.it adservice.google.jo adservice.google.kz adservice.google.li adservice.google.lk adservice.google.lt adservice.google.lu adservice.google.lv adservice.google.md adservice.google.mk adservice.google.mu adservice.google.nl adservice.google.no adservice.google.pl adservice.google.pt adservice.google.ro adservice.google.rs adservice.google.ru adservice.google.se adservice.google.si adservice.google.sk adservice.google.so adservice.google.sr adservice.google.tl adservice.google.tn adservice.google.tt www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net ajax.googleapis.com maps.google.com maps.gstatic.com maps.googleapis.com translate.googleapis.com translate.google.com www.googletagmanager.com; style-src 'self' 'unsafe-inline' data: fonts.googleapis.com maps.googleapis.com translate.googleapis.com; img-src 'self' data: secure.gravatar.com www.gravatar.com *.googlesyndication.com stats.g.doubleclick.net www.google-analytics.com translate.googleapis.com translate.google.com www.google.com www.gstatic.com i.ytimg.com www.googletagmanager.com; connect-src 'self' *.googlesyndication.com googleads.g.doubleclick.net stats.g.doubleclick.net www.google-analytics.com translate.googleapis.com; font-src 'self' data: fonts.gstatic.com; frame-src 'self' data: *.googlesyndication.com googleads.g.doubleclick.net www.youtube.com; child-src 'self' data: www.youtube.com; block-all-mixed-content; report-uri https://orbitinfotech.in?gdsih-csp-report; 2
font-src *.fontawesome.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es cdn.dnky.co webchat.dotdigital.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src *;script-src 'unsafe-inline' 'unsafe-eval' *;style-src 'unsafe-inline' *;connect-src * blob:;report-uri https://cdn.eu.mywebsite-editor.com/app/reporting/policyviolation/submit 2
font-src *.fontawesome.com *.relaxdays.com *.gstatic.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com 'self' data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de https://www.sandbox.paypal.com www.facebook.com www.paypal.com ct.pinterest.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com player.vimeo.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://www.googletagmanager.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com www.google.com tpc.googlesyndication.com www.youtube.com www.youtube-nocookie.com www.facebook.com ct.pinterest.com www.pinterest.com www.pinterest.de *.sibforms.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com www.it-recht-kanzlei.de *.relaxdays.com i.pinimg.com log.pinterest.com www.pinterest.com ct.pinterest.com *.g.doubleclick.net www.google.com www.google.de www.google.at www.google.es www.google.it www.google.nl www.google.pl www.google.fr www.google.co.uk www.googletagmanager.com *.gstatic.com *.googleusercontent.com www.facebook.com connect.facebook.com *.cloudfront.net bat.bing.com analytics.tiktok.com 'self' data: 'self' 'unsafe-inline'; script-src secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de http://www.googletagmanager.com/ https://www.googletagmanager.com/ assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.relaxdays.com assets.pinterest.com widgets.pinterest.com s.pinimg.com www.googletagmanager.com tagmanager.google.com www.google.com www.gstatic.com www.google.de connect.facebook.net googleads.g.doubleclick.net tpc.googlesyndication.com bat.bing.com analytics.tiktok.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com *.google.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.fontawesome.com unsafe-inline *.relaxdays.com tagmanager.google.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src *.relaxdays.com 'self' 'unsafe-inline'; media-src http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ *.relaxdays.com 'self' 'unsafe-inline'; manifest-src *.relaxdays.com 'self' 'unsafe-inline'; connect-src *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.relaxdays.com www.google-analytics.com www.google.com *.g.doubleclick.net www.facebook.com log.pinterest.com ct.pinterest.com www.paypalobjects.com bat.bing.com analytics.tiktok.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri https://www.paypalobjects.com 'self' 'unsafe-inline'; report-uri https://relaxdays.com/_csp_report_; report-to report-endpoint; 2
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: archive-it.org wayback.archive-it.org partner.archive-it.org ; report-uri https://partner.archive-it.org/csp-report 2
default-src 'none'; font-src 'self' https:; img-src 'self' https: data: blob:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; connect-src 'self' https:; frame-src 'self' https:; media-src 'self' https:; object-src 'self' https: blob:; worker-src 'self' https: blob:; report-uri /csp_violation_report 2
script-src 'nonce-44759656d02adc3aaa5a4ab4693d30e7' 'strict-dynamic' 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'unsafe-inline'; report-uri /_/_/csp_report/?reportonly , script-src 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'unsafe-inline'; default-src 'self' 'unsafe-inline' blob: data: *.pinimg.com *.pinterest.com accounts.google.com fonts.gstatic.com fonts.googleapis.com use.typekit.net; frame-src *; img-src * data: blob:; connect-src *; worker-src * blob:; report-uri /_/_/csp_report/?reportonly 1
default-src https: data: wss: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval';script-src https: data: wss: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' *.facebook.com *.fbcdn.net https://*.facebook.net;style-src https: data: wss: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://fonts.googleapis.com *;connect-src https: data: wss: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://*.whatsapp.com;font-src https: data: wss: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' https://*.fbcdn.net;img-src https: data: wss: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' *;frame-src https: data: wss: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' whatsapp:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?minimize=0; 1
default-src 'self' i5.walmartimages.com; script-src 'self' 'strict-dynamic' drfdisvc.walmart.com cdn.quantummetric.com collector-pxu6b0qd2s.px-cloud.net *.wal.co beacon.developer.walmart.com beacon.walmart.com i5.walmartimages.com www.recaptcha.net connect.facebook.net *.paypal.com 'nonce-nwzLyTldhEbCDoXV'; style-src 'self' 'unsafe-inline' *.walmartimages.com *.wal.co; font-src 'self' i5.walmartimages.com *.wal.co fonts.gstatic.com fonts.googleapis.com; img-src 'self' i5.walmartimages.com *.zeekit.me i5-qa.walmartimages.com *.online-metrix.net drfdisvc.walmart.com tpc.googlesyndication.com crs.midas.stg.prod.us.walmart.net wrd.walmart.com receipts-query.edge.walmart.com data: *.wal.co www.facebook.com cyborg-wm-auth-service-v2.jet.com maps.googleapis.com maps.gstatic.com securepubads.g.doubleclick.net ad.doubleclick.net cdn-assets.affirm.com tps.doubleverify.com static.adsafeprotected.com pixel.adsafeprotected.com secure-gl.imrworldwide.com ir.surveywall-api.survata.com cdn.doubleverify.com s0.2mdn.net www.gstatic.com *.px-cloud.net collector-pxu6b0qd2s.px-cdn.net beacon.walmart.com *.paypal.com; connect-src 'self' i5.walmartimages.com maps.googleapis.com maps.gstatic.com beacon.walmart.com beacon.developer.walmart.com collector-pxu6b0qd2s.px-cloud.net collector-pxu6b0qd2s.px-cdn.net collector-pxu6b0qd2s.pxchk.net collector-pxu6b0qd2s.perimeterx.net drfdisvc.walmart.com *.quantummetric.com walmart-sync.quantummetric.com quimby.mobile.walmart.com csp.walmart.com *.wal.co www.facebook.com directline.botframework.com wss://directline.botframework.com chat-qa.walmart.com walmart-sync.quantummetric.com identity.walmart.com tps.doubleverify.com i.liadm.com i6.liadm.com dw.wmt.co idsync.rlcdn.com secure.adnxs.com azmatch.adsrvr.org api.waiting-room.walmart.com stats.g.doubleclick.net *.paypal.com *.acculynk.net *.affirm.com; object-src drfdisvc.walmart.com; frame-src 'self' i5.walmartimages.com adclick.g.doubleclick.net drfdisvc.walmart.com *.quantummetric.com tap.walmart.com identity.walmart.com www.facebook.com www.recaptcha.net wallet.walmart.com *.affirm.com *.paypal.com *.paypalobjects.com *.acculynk.net tpc.googlesyndication.com *.online-metrix.net www.google.com; report-uri https://csp.walmart.com/c/r/gl 1
default-src https: data: blob: android-webview-video-poster: wss: 'unsafe-inline' 'unsafe-eval'; report-uri /csp-reports/; 1
report-uri https://www.yelp.com/csp_report_only?id=fd10a45afd6d51a4&page=csp_report_frame_directives%2Cfull_site_ssl_csp_report_directives&policy_hash=3275ba4c5b0741fb6e8d1b21e9975e80&site=www&timestamp=1635125451; frame-ancestors 'self' https://*.yelp.com; default-src https:; img-src https: data: https://*.adsrvr.org; script-src https: data: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline' data:; connect-src https:; font-src data: 'self' https://*.yelp.com https://*.yelpcdn.com https://fonts.gstatic.com https://connect.facebook.net https://cdnjs.cloudflare.com https://apis.google.com https://www.google-analytics.com https://use.typekit.net https://player.ooyala.com https://use.fontawesome.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; frame-src https: yelp-webview://* yelp://* data:; child-src https: yelp-webview://* yelp://*; media-src https:; object-src 'self'; worker-src blob: https:; base-uri 'self' https://*.yelpcdn.com https://*.adsrvr.org https://6372968.fls.doubleclick.net; form-action https: 'self' 1
script-src 'nonce-LNcbzzzapEViSPKmUFUyJA' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.com&source%5Bsection%5D=brochure&source%5Buuid%5D=a12b89c386df6ec83ff07c10665ee184 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' 1003891.track.convertexperiments.com app.hubspot.com cdn-3.convertexperiments.com cdn.pdst.fm connect.facebook.net js.hs-analytics.net js.hs-banner.com js.hsforms.net js.hsleadflows.net js.hubspotfeedback.com js.usemessages.com play.vidyard.com script.hotjar.com snap.licdn.com static.hotjar.com static.hsappstatic.net www.google-analytics.com www.googletagmanager.com www.recaptcha.net code.highcharts.com www.youtube.com 'strict-dynamic' 'nonce-MzkyNTAyMjI4LDUxMjQ2MjEzMg=='; report-uri https://exceptions.hubspot.com/csp/report?version=test; 1
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/webmaster/android 1
script-src 'nonce-0a6f26e1980456f9dc07f1e327a0f809' 'strict-dynamic' 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'unsafe-inline'; report-uri /_/_/csp_report/?reportonly , script-src 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'unsafe-inline'; default-src 'self' 'unsafe-inline' blob: data: *.pinimg.com *.pinterest.com accounts.google.com fonts.gstatic.com fonts.googleapis.com use.typekit.net; frame-src *; img-src * data: blob:; connect-src *; worker-src * blob:; report-uri /_/_/csp_report/?reportonly 1
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts 1
default-src https:; img-src https: data:; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; object-src 'self'; font-src https: data:; style-src https: 'unsafe-inline'; script-src 'nonce-9916bb48-d958-4264-b293-2925b2a4e9cd' 'self' https://*.wellsfargo.com https://*.wfinterface.com;report-uri https://ort.wellsfargo.com/reporting/csp 1
script-src 'nonce-4036a0dd2aa48f3e1b39dfe4a58a7912' 'strict-dynamic' 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'unsafe-inline'; report-uri /_/_/csp_report/?reportonly , script-src 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'unsafe-inline'; default-src 'self' 'unsafe-inline' blob: data: *.pinimg.com *.pinterest.com accounts.google.com fonts.gstatic.com fonts.googleapis.com use.typekit.net; frame-src *; img-src * data: blob:; connect-src *; worker-src * blob:; report-uri /_/_/csp_report/?reportonly 1
default-src https: data: wss: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval';script-src https: data: wss: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' *.whatsapp.com *.whatsapp.net *.twitter.com *.facebook.com *.facebook.net;style-src https: data: wss: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' *.whatsapp.com *.whatsapp.net *.facebook.com;connect-src https: data: wss: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' *.whatsapp.com *.whatsapp.net wss://*.facebook.com:* *.fbcdn.net;font-src https: data: wss: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' *.whatsapp.com *.whatsapp.net *.facebook.com static.xx.fbcdn.net fonts.gstatic.com;img-src https: data: wss: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' *.whatsapp.com *.whatsapp.net *.facebook.com *.fbcdn.net static.xx.fbcdn.net *.ytimg.com *.twitter.com;media-src https: data: wss: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' *.fbcdn.net;frame-src https: data: wss: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' *.twitter.com *.facebook.com *.youtube-nocookie.com *.youtube.com *.whatsapp.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?minimize=0; 1
default-src 'self'; base-uri 'self'; font-src cdn.jsdelivr.net; frame-src 'self' cse.google.com; img-src 'self' *.amazonaws.com  www.google.com cdn.jsdelivr.net clients1.google.com www.googleapis.com *.gstatic.com pbs.twimg.com *.hypemarks.com *.tintup.com www.google-analytics.com stats.g.doubleclick.net cdn.webcomponents.ucla.edu data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com *.googletagmanager.com www.youtube.com cse.google.com cdn.jsdelivr.net *.ytimg.com cdnjs.cloudflare.com www.google-analytics.com *.amazonaws.com cdn.webcomponents.ucla.edu data:; style-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net cdn.webcomponents.ucla.edu cdnjs.cloudflare.com www.google.com; connect-src 'self' weather.atmos.ucla.edu; report-uri /csp-hotline.php 1
default-src https: 'self' data: blob:; script-src https: 'self' data: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'self' 'unsafe-inline' blob:; report-uri https://services.fandom.com/csp-logger/csp/upstream 1
object-src 'none'; block-all-mixed-content; frame-ancestors 'none'; report-uri https://sentry.io/api/148442/security/?sentry_key=48196e632bb14305ad3fe47c6570e363 1
block-all-mixed-content; report-uri https://events.ocdn.eu/v2/csp-report?_ac=events&_fv=www.onet.pl::BPROD_3_0_B 1
script-src 'self' 'unsafe-inline' 'nonce-aewM0nW5AWChi3r0DKYMMqUq9TAdZbuT' http://www.google-analytics.com https://*.uservoice.com https://dap.digitalgov.gov https://designsystem.digital.gov https://maps.googleapis.com https://standards.usa.gov https://www.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com 'unsafe-eval' https://optimize.google.com https://gateway.foresee.com https://resources.digital-cloud-gov.voice.medallia.com https://resource.digital.voice.va.gov https://prod-va-gov-assets.s3-us-gov-west-1.amazonaws.com https://www.youtube.com https://*.ytimg.com https://cdn.botframework.com 'strict-dynamic' nonce-aewM0nW5AWChi3r0DKYMMqUq9TAdZbuT; img-src 'self' data: blob: https://*.gstatic.com https://api.mapbox.com https://www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://*.va.gov https://optimize.google.com https://gateway.foresee.com https://static.foresee.com https://cdn-prod.kampyle.com https://prod-va-gov-assets.s3-us-gov-west-1.amazonaws.com https://s3-us-gov-west-1.amazonaws.com https://ok6static.oktacdn.com https://dvp-oauth-application-directory-logos.s3-us-gov-west-1.amazonaws.com https://i.ytimg.com ; frame-ancestors 'none' ; manifest-src 'none' ; default-src 'self' ; frame-src https://dap.digitalgov.gov https://resource.digital.voice.va.gov https://www.googletagmanager.com https://prod-va-gov-assets.s3-us-gov-west-1.amazonaws.com https://www.youtube.com ; child-src https://*.uservoice.com https://www.googletagmanager.com https://www.youtube.com https://optimize.google.com https://resources.digital-cloud-gov.voice.medallia.com ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://tagmanager.google.com https://optimize.google.com https://fonts.googleapis.com https://gateway.foresee.com https://medallia.s3.amazonaws.com https://prod-va-gov-assets.s3-us-gov-west-1.amazonaws.com https://s3-us-gov-west-1.amazonaws.com ; connect-src 'self' http://localhost:4000 https://*.va.gov https://api.mapbox.com https://events.mapbox.com https://www.google-analytics.com https://stats.g.doubleclick.net http://*.vetsgov-internal https://prod-va-gov-assets.s3-us-gov-west-1.amazonaws.com https://prod-va-gov-maintenance-windows.s3-us-gov-west-1.amazonaws.com https://analytics.foresee.com https://brain.foresee.com https://survey.foreseeresults.com https://device.4seeresults.com https://health.foresee.com https://gateway.foresee.com https://feedback.digital-cloud-gov.voice.medallia.com https://raw.githubusercontent.com wss://northamerica.directline.botframework.com https://northamerica.directline.botframework.com https://search.usa.gov ; object-src 'self' blob: ; media-src 'none' ; font-src 'self' data: https://fonts.gstatic.com https://gateway.foresee.com https://medallia.s3.amazonaws.com https://prod-va-gov-assets.s3-us-gov-west-1.amazonaws.com ; block-all-mixed-content  ; form-action 'self' https://vicbdc.vba.va.gov https://vaww.vicbdc.ppd.vba.va.gov https://feedback.digital-cloud-gov.voice.medallia.com ; base-uri http://*.vetsgov-internal https://*.va.gov https://optimize.google.com ; 1
default-src https: 'unsafe-inline' 'unsafe-eval' wss: ;img-src https: data: blob: ; font-src https: data:; form-action https: http://www.last.fm; report-uri https://cbsi.report-uri.io/r/default/csp/enforce 1
script-src 'nonce-Myqg0BWP5quLguvo6PH-Xg' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1
default-src https: 'unsafe-inline' 'unsafe-eval'; report-uri https://irishtimes.report-uri.io/r/default/csp/reportOnly 1
frame-ancestors 'self' https://*.filimo.com/; block-all-mixed-content; default-src 'self' https://*.filimo.com/; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://connect.facebook.net/ https://static.cloudflareinsights.com/ https://script.hotjar.com/ https://static.hotjar.com/ https://mc.yandex.com/ https://recaptcha.net/ https://cdn.ampproject.org/ https://*.filimo.com/ https://www.gstatic.com/ https://client.crisp.chat/ https://www.google-analytics.com/ https://mc.yandex.ru/ https://d31qbv1cthcecs.cloudfront.net/ https://www.googletagmanager.com/; style-src 'self' 'report-sample' 'unsafe-inline' data: https://fonts.googleapis.com/ https://*.filimo.com/ https://client.crisp.chat/; object-src 'self'; frame-src *; child-src blob: https://*.filimo.com/; img-src data: blob: * file: android-webview-video-poster:; font-src 'self' data: wss: https:; connect-src *; manifest-src https://*.filimo.com/; base-uri 'self'; form-action data: https://www.facebook.com/ https://*.filimo.com/ https://*.shaparak.ir/; media-src data: blob: *; worker-src blob: https://*.filimo.com/; report-uri https://gate.rapidsec.net/g/r/csp/65d48d31-dc15-445b-9c79-23d886ab7c98/0/6/3?sct=565e133b-d067-4878-9f1a-6412ff3bb3db&dpos=report 1
block-all-mixed-content ; report-uri /csp-report 1
default-src 'self' *.depositphotos.com; script-src 'unsafe-inline' *; style-src 'unsafe-inline' *; img-src *; font-src *; connect-src *; child-src *; 1
script-src 'nonce-906d8284125e8970d9b87409a72213f4' 'strict-dynamic' 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'unsafe-inline'; report-uri /_/_/csp_report/?reportonly , script-src 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'unsafe-inline'; default-src 'self' 'unsafe-inline' blob: data: *.pinimg.com *.pinterest.com accounts.google.com fonts.gstatic.com fonts.googleapis.com use.typekit.net; frame-src *; img-src * data: blob:; connect-src *; worker-src * blob:; report-uri /_/_/csp_report/?reportonly 1
object-src *.leboncoin.fr *.leboncoin.io *.leboncoin.ci; frame-ancestors *.leboncoin.fr *.leboncoin.io *.leboncoin.ci; report-uri https://api.leboncoin.fr/api/csp-report/v1/report/; 1
script-src 'self' https://ajax.aspnetcdn.com https://ajax.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://unpkg.com https://www.google.com https://www.osha.gov; script-src-attr 'self'; style-src 'self' https://cdnjs.cloudflare.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com; frame-ancestors 'self' 1
frame-src 'self' *.google.com snapwidget.com *.consensu.org *.sharethis.com *.doubleclick.net *.greenhouse.io *.payoneer.com *.trustpilot.com *.oraclecloud.com *.driftt.com *.ubembed.com *.youtube.com *.github.io *.userway.org v.qq.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googletagmanager.com *.cookielaw.org *.convertexperiments.com *.marketo.net *.googleadservices.com *.bing.com *.licdn.com *.facebook.net *.taboola.com *.yimg.jp *.yahoo.co.jp *.doubleclick.net *.sharethis.com *.consensu.org snapwidget.com *.onetrust.com *.greenhouse.io *.payoneer.com *.mouseflow.com *.salesloft.com *.trendemon.com *.trustpilot.com *.ubembed.com *.google.com *.dynatrace.com *.oraclecloud.com *.baidu.com *.driftt.com *.youtube.com *.daumcdn.net unpkg.com *.yandex.ru *.cloudflare.com *.strattic.com *.6sc.co *.jsdelivr.net *.bootstrapcdn.com *.twitter.com *.ads-twitter.com *.highcharts.com *.github.io *.qualtrics.com *.microsoft.com  *.userway.org *.tiktok.com *.googleoptimize.com accessibilityserver.org *.adnxs.com; 1
default-src * 'unsafe-eval' 'unsafe-inline' blob: data:;frame-src 'self' sinaweibo: weibo.com *.weibo.com weibo.cn *.weibo.cn sina.com.cn *.sina.com.cn sina.cn *.sina.cn *.sinaimg.cn sinanews: sinanewslite: intent: se5bed38c567feb2a: sb5750862870e1cc2: sdc77698a60e45368: sb2623a3919ed77d3: s3d4cfbed31875e1c: sc876cbd9ae34e814: sdf08f19582289581: sc640c3792845ba3e: se8525a4dbfaa192b: sb5261983836bde16: sinablog: sinanewapmwebview: sinanewsdirect: sinafinance:; script-src 'self' 'unsafe-inline' 'unsafe-eval' weibo.com *.weibo.com weibo.cn *.weibo.cn sina.com.cn *.sina.com.cn sina.cn *.sina.cn *.sinaimg.cn *.qchannel03.cn *.qihucdn.com *.qhres.com *.sinajs.cn *.leju.com *.qq.com qzonestyle.gtimg.cn; report-uri https://logger.sina.cn/report; 1
script-src 'nonce-be8cd0933cc2cb307e62cd4930b8c53f' 'strict-dynamic' 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'unsafe-inline'; report-uri /_/_/csp_report/?reportonly , script-src 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'unsafe-inline'; default-src 'self' 'unsafe-inline' blob: data: *.pinimg.com *.pinterest.com accounts.google.com fonts.gstatic.com fonts.googleapis.com use.typekit.net; frame-src *; img-src * data: blob:; connect-src *; worker-src * blob:; report-uri /_/_/csp_report/?reportonly 1
script-src 'unsafe-eval' blob: 'self' meta.wikimedia.org *.wikimedia.org *.wikipedia.org *.wikinews.org *.wiktionary.org *.wikibooks.org *.wikiversity.org *.wikisource.org wikisource.org *.wikiquote.org *.wikidata.org *.wikivoyage.org *.mediawiki.org 'unsafe-inline' login.wikimedia.org; default-src 'self' data: blob: upload.wikimedia.org https://commons.wikimedia.org meta.wikimedia.org *.wikimedia.org *.wikipedia.org *.wikinews.org *.wiktionary.org *.wikibooks.org *.wikiversity.org *.wikisource.org wikisource.org *.wikiquote.org *.wikidata.org *.wikivoyage.org *.mediawiki.org wikimedia.org en.wikipedia.org en.wiktionary.org en.wikibooks.org en.wikiquote.org en.wikisource.org commons.wikimedia.org en.wikinews.org en.wikiversity.org www.wikidata.org species.wikimedia.org incubator.wikimedia.org en.wikivoyage.org api.wikimedia.org wikimania.wikimedia.org login.wikimedia.org; style-src 'self' data: blob: upload.wikimedia.org https://commons.wikimedia.org meta.wikimedia.org *.wikimedia.org *.wikipedia.org *.wikinews.org *.wiktionary.org *.wikibooks.org *.wikiversity.org *.wikisource.org wikisource.org *.wikiquote.org *.wikidata.org *.wikivoyage.org *.mediawiki.org wikimedia.org 'unsafe-inline'; object-src 'none'; report-uri /w/api.php?action=cspreport&format=json&reportonly=1 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' 1003891.track.convertexperiments.com app.hubspot.com cdn-3.convertexperiments.com cdn.pdst.fm connect.facebook.net js.hs-analytics.net js.hs-banner.com js.hsforms.net js.hsleadflows.net js.hubspotfeedback.com js.usemessages.com play.vidyard.com script.hotjar.com snap.licdn.com static.hotjar.com static.hsappstatic.net www.google-analytics.com www.googletagmanager.com www.recaptcha.net code.highcharts.com www.youtube.com 'strict-dynamic' 'nonce-MjQyMjE0MzM3LDI5MjE3NjA1NjA='; report-uri https://exceptions.hubspot.com/csp/report?version=test; 1
script-src 'nonce-ebaa623d11728ad6b908f67a7d4e1cc3' 'strict-dynamic' 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'unsafe-inline'; report-uri /_/_/csp_report/?reportonly , script-src 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'unsafe-inline'; default-src 'self' 'unsafe-inline' blob: data: *.pinimg.com *.pinterest.com accounts.google.com fonts.gstatic.com fonts.googleapis.com use.typekit.net; frame-src *; img-src * data: blob:; connect-src *; worker-src * blob:; report-uri /_/_/csp_report/?reportonly 1
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/webmaster/about_google 1
block-all-mixed-content; frame-ancestors 'self' https://*.rte.ie https://*.rtegroup.ie; report-uri https://rte.report-uri.com/r/t/csp/reportOnly 1
connect-src 'self' 'unsafe-eval'  *.facebook.com *.facebook.net connect.facebook.net *.geistm.com *.blackfire.pro  *.googleapis.com *.googleadservices.com *.google.com *.googletagmanager.com www.google-analytics.com *.google-analytics.com *.gstatic.com *.googleusercontent.com *.google.com *.doubleclick.net *.jazz.co *.sentry.io https://sentry.io report-sample;  default-src 'self' blob: data: *.facebook.com *.facebook.net connect.facebook.net *.geistm.com *.blackfire.pro  *.googleapis.com *.googleadservices.com *.google.com *.googletagmanager.com www.google-analytics.com *.google-analytics.com *.gstatic.com *.googleusercontent.com *.google.com *.doubleclick.net optimize.google.com *.google.com *.googleoptimize.com *.googletagmanager.com *.sentry.io https://sentry.io report-sample;  font-src 'self' 'unsafe-eval' data: *.typekit.net *.fontawesome.com *.geistm.com *.blackfire.pro  *.googleapis.com *.googleadservices.com *.google.com *.googletagmanager.com www.google-analytics.com *.google-analytics.com *.gstatic.com *.googleusercontent.com *.google.com *.doubleclick.net fonts.googleapis.com fonts.gstatic.com report-sample;  frame-src 'self'  *.facebook.com *.facebook.net connect.facebook.net *.geistm.com *.blackfire.pro  optimize.google.com *.google.com *.googleoptimize.com *.googletagmanager.com *.twimg.com *.twitter.com *.youtube.com report-sample;  img-src 'self' data: blob: 'unsafe-inline' *; media-src 'self' data: blob: 'unsafe-inline' *; script-src 'self' 'unsafe-inline' 'unsafe-eval'  *.typekit.net *.facebook.com *.facebook.net connect.facebook.net *.fontawesome.com *.geistm.com *.blackfire.pro  *.googleapis.com *.googleadservices.com *.google.com *.googletagmanager.com www.google-analytics.com *.google-analytics.com *.gstatic.com *.googleusercontent.com *.google.com *.doubleclick.net optimize.google.com *.google.com *.googleoptimize.com *.sentry.io https://sentry.io *.twimg.com *.twitter.com report-sample;  script-src-elem 'self' 'unsafe-inline' 'unsafe-eval'  *.typekit.net *.facebook.com *.facebook.net connect.facebook.net *.facebook.com *.facebook.net connect.facebook.net *.fontawesome.com *.geistm.com *.blackfire.pro  *.googleapis.com *.googleadservices.com *.google.com *.googletagmanager.com www.google-analytics.com *.google-analytics.com *.gstatic.com *.googleusercontent.com *.google.com *.doubleclick.net optimize.google.com *.google.com *.googleoptimize.com *.sentry.io https://sentry.io *.twimg.com *.twitter.com report-sample;  style-src 'self' 'unsafe-eval' 'unsafe-inline'  *.typekit.net *.fontawesome.com *.geistm.com *.blackfire.pro  *.googleapis.com *.googleadservices.com *.google.com *.googletagmanager.com www.google-analytics.com *.google-analytics.com *.gstatic.com *.googleusercontent.com *.google.com *.doubleclick.net fonts.googleapis.com fonts.gstatic.com optimize.google.com *.google.com *.googleoptimize.com *.twimg.com *.twitter.com report-sample;  style-src-elem 'self' 'unsafe-eval' 'unsafe-inline'  *.typekit.net *.fontawesome.com *.geistm.com *.blackfire.pro  *.googleapis.com *.googleadservices.com *.google.com *.googletagmanager.com www.google-analytics.com *.google-analytics.com *.gstatic.com *.googleusercontent.com *.google.com *.doubleclick.net fonts.googleapis.com fonts.gstatic.com optimize.google.com *.google.com *.googleoptimize.com *.twimg.com *.twitter.com report-sample;  block-all-mixed-content; report-uri https://sentry.io/api/2983595/security/?sentry_key=21fae161c11a42bb965ab8ccf544f1fd 1
script-src 'nonce-ZfITKwLLbV+yUKwubBoMJqRSFsc=' https: 'unsafe-eval' 'report-sample'; report-uri https://5efa142cf6ac1962affe1cca.endpoint.csper.io; 1
base-uri 'self';connect-src 'self' https: wss:;default-src 'self' https: wss: blob: data:;form-action 'self' https:;img-src 'self' https: http://iea.imgix.net https://iea.imgix.net data:;media-src 'self' https: data: http://iea.imgix.net https://iea.imgix.net;object-src 'none';script-src 'self' https://www.google.com https://www.googletagmanager.com https://www.youtube.com https://www.google-analytics.com https://snap.licdn.com https://www.gstatic.com https://stats.g.doubleclick.net https://p.adsymptotic.com https://px.ads.linkedin.com 'nonce-6aFhKT5HsRCCx49E2RNF1XHc06Kw1BIO';style-src 'self' https: 'unsafe-inline';frame-ancestors 'self' 1
default-src https: wss: data: blob: 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self'; report-uri /_/csp-reports 1
script-src 'nonce-8f37f14c8550e36c670c60f0399277b7' 'strict-dynamic' 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'unsafe-inline'; report-uri /_/_/csp_report/?reportonly , script-src 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'unsafe-inline'; default-src 'self' 'unsafe-inline' blob: data: *.pinimg.com *.pinterest.com accounts.google.com fonts.gstatic.com fonts.googleapis.com use.typekit.net; frame-src *; img-src * data: blob:; connect-src *; worker-src * blob:; report-uri /_/_/csp_report/?reportonly 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.indiewire.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
default-src https: data:; script-src https: data: 'unsafe-inline' 'unsafe-eval'; style-src https: data: 'unsafe-inline'; report-uri /csp-report 1
child-src https:; connect-src https: wss:; font-src data: https:; frame-src https:; img-src blob: data: https:; media-src blob: data: https:; object-src 'self' https://*.app-eu.wrike.com https://*.wrike.com https://*.www.wrike.com https://d10b6odojqpx09.cloudfront.net https://d1c5qktmphn2d.cloudfront.net https://d1foz7ea1n9ap6.cloudfront.net https://d28rj2ujhq2ikj.cloudfront.net https://d3tvpxjako9ywy.cloudfront.net https://youtube.com; script-src 'unsafe-eval' 'unsafe-inline' data: https://*.6sc.co https://*.app-eu.wrike.com https://*.bizographics.com https://*.google-analytics.com https://*.linkedin.com https://*.marketo.com https://*.marketo.net https://*.twitter.com https://*.wrike.com https://*.www.wrike.com https://*.yandex.ru https://api.greenhouse.io https://api.pinterest.com https://apis.google.com https://assets.adobedtm.com https://bat.bing.com https://c.disquscdn.com https://cdn.onesignal.com https://cdn.ravenjs.com https://cdn.syndication.twimg.com https://commondatastorage.googleapis.com/code.snapengage.com/js/ https://connect.facebook.net https://d.adroll.com https://d10b6odojqpx09.cloudfront.net https://d1c5qktmphn2d.cloudfront.net https://d1foz7ea1n9ap6.cloudfront.net https://d28rj2ujhq2ikj.cloudfront.net https://d3rnld1uo6kgq2.cloudfront.net https://d3tvpxjako9ywy.cloudfront.net https://disqus.com https://fast.wistia.com https://fast.wistia.net https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1056104813/ https://i.simpli.fi https://munchkin.brightfunnel.com/js/build/bf-munchkin.min.js https://onesignal.com https://pixel.mathtag.com https://px.airpr.com/airpr.js https://s.adroll.com https://s3.amazonaws.com/r.kissinsights.com/ https://secure.adnxs.com https://snap.licdn.com https://src.litix.io/core/2/mux.js https://sslwidget.criteo.com https://static.ads-twitter.com https://static.criteo.net https://track-mv.com https://turbo.qualaroo.com https://vidassets.terminus.services https://vk.com https://wrike.disqus.com https://wrike.influitive.com https://www.google.com https://www.google.ru https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://www.snapengage.com/; style-src 'unsafe-inline' data: https:; default-src 'self'; report-uri https://csp-global.wrike.com/csp-report?website 1
default-src 'self' *.hangseng.com 'unsafe-inline' *.appdynamics.com *.eum-appdynamics.com *.demdex.net *.liveperson.net *.lpsnmedia.net business.virtualassistant.hangseng.com *.gstatic.com manifest.prod.boltdns.net *.googleusercontent.com *.amazonaws.com *.brightcove.net *.brightcove.com product.givingassist.org www.clearplay.com; script-src 'self' *.hangseng.com 'unsafe-eval' 'unsafe-inline' *.appdynamics.com *.eum-appdynamics.com *.demdex.net *.liveperson.net *.lpsnmedia.net *.sc.omtrdc.net *.tiqcdn.com *.googletagmanager.com bat.bing.com *.facebook.net *.doubleclick.net *.googleadservices.com www.google.com *.gstatic.com www.recaptcha.net *.tt.omtrdc.net *.tealiumiq.com *.amazonaws.com *.walkme.com *.liverperson.com *.akamaihd.net *.twitter.com *.amap.com *.brightcove.com *.ndscognitivelabs.com vjs.zencdn.net; img-src 'self' *.hangseng.com *.appdynamics.com *.eum-appdynamics.com *.demdex.net *.liveperson.net data: *.doubleclick.net *.tealiumiq.com *.sc.omtrdc.net *.google.com www.facebook.com bat.bing.com *.twitter.com *.linkedin.com s.amazon-adsystem.com *.analytics.yahoo.com t.co *.googleadservices.com tr.outbrain.com *.googletagmanager.com *.lpsnmedia.net p.adsymptotic.com branch.explorer.hase.hk.hsbc home.global.hsbc home.tw.hsbc intranet-hase.hk.hsbc *.googleusercontent.com *.amazonaws.com *.walkme.com *.amap.com *.gstatic.com pixel.quantserve.com *.googleapis.com; connect-src 'self' *.hangseng.com *.appdynamics.com *.eum-appdynamics.com *.demdex.net *.liveperson.net bat.bing.com *.tt.omtrdc.net *.sc.omtrdc.net *.tealiumiq.com *.siteintercept.qualtrics.com jsonip.com *.tiqcdn.com *.doubleclick.net manifest.prod.boltdns.net *.amazonaws.com *.google.com *.walkme.com *.amap.com *.brightcove.com *.ndscognitivelabs.com; script-src-elem 'self' *.hangseng.com 'unsafe-eval' 'unsafe-inline' *.appdynamics.com *.eum-appdynamics.com *.demdex.net *.liveperson.net *.sc.omtrdc.net *.lpsnmedia.net *.tiqcdn.com *.googletagmanager.com bat.bing.com *.facebook.net *.doubleclick.net *.googleadservices.com *.google.com *.gstatic.com *.gstatic.cn www.recaptcha.net *.tt.omtrdc.net *.tealiumiq.com *.amazonaws.com *.liverperson.com *.akamaihd.net *.twitter.com *.walkme.com *.amap.com *.brightcove.com *.ndscognitivelabs.com vjs.zencdn.net; report-uri https://csp.prod.ap.dynp.cloud1.vv1865.com/; child-src 'self' *.appdynamics.com *.eum-appdynamics.com *.demdex.net *.liveperson.net comshub-msb.marksandspencer.com dev.comshub-msb.marksandspencer.com uat.comshub-msb.marksandspencer.com mcmdev.hsbc.co.uk mcmperf.hsbc.co.uk mcmprod.hsbc.co.uk *.lpsnmedia.net *.doubleclick.net *.google.com www.recaptcha.net *.tealiumiq.com *.tiqcdn.com; frame-src 'self' *.appdynamics.com *.eum-appdynamics.com *.demdex.net *.liveperson.net comshub-msb.marksandspencer.com dev.comshub-msb.marksandspencer.com uat.comshub-msb.marksandspencer.com mcmdev.hsbc.co.uk mcmperf.hsbc.co.uk mcmprod.hsbc.co.uk *.doubleclick.net *.tealiumiq.com www.google.com *.tiqcdn.com *.lpsnmedia.net www.recaptcha.net *.id.opendns.com google.com hkmwg001.asia.intl.cigna.com hkmwg002.asia.intl.cigna.com notify.bluecoat.com www.facebook.com *.ibosscloud.com *.google.com gateway.zscaler.net gateway.zscalertwo.net gateway.zscalerthree.net gatway.zscloud.net *.googleapis.com www.bessemertrust.com; frame-ancestors 'self'; upgrade-insecure-requests ; 1
font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: fonts.gstatic.com; style-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: fast.fonts.net www.artnet.com; img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google.it www.google.fr news.artnet.com www.google.co.uk pixel.quantserve.com images.artnet.com www.google.com px.ads.linkedin.com www.google.ch *.googlesyndication.com www.google.co.jp www.google.co.in www.google.co.nz www.google.de *.facebook.com secure.adnxs.com s2.adform.net www.linkedin.com *.doubleclick.net www.google-analytics.com www.google.be www.googletagmanager.com px4.ads.linkedin.com pixel-geo.prfct.co www.google.dk *.doubleverify.com www.google.pl www.google.com.ph www.instagram.com ib.adnxs.com www.artnet.com www.google.com.ua; frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.doubleverify.com *.doubleclick.net www.googletagmanager.com s7.addthis.com www.google.com *.googlesyndication.com; connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: vc.hotjar.io csi.gstatic.com *.doubleverify.com *.googlesyndication.com m.addthis.com api.sail-personalize.com www.google-analytics.com report.artnet.glassboxdigital.io *.hotjar.com *.doubleclick.net www.googletagmanager.com; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.googlesyndication.com adservice.google.co.uk cdn.gbqofs.com m.addthis.com tag.marinsm.com adservice.google.se pixel-geo.prfct.co adservice.google.com.ph snap.licdn.com www.artnet.com s7.addthis.com *.facebook.net www.googletagmanager.com adservice.google.nl seal.verisign.com cdn.segment.com *.doubleverify.com *.doubleclick.net v1.addthisedge.com rules.quantcount.com z.moatads.com s2.adform.net ak.sail-horizon.com edge.quantserve.com *.hotjar.com www.googletagservices.com secure.quantserve.com www.google-analytics.com adservice.google.com; form-action  www.artnet.com; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob:; report-uri /csp_report 1
object-src 'none'; frame-ancestors 'none'; block-all-mixed-content; report-uri https://sentry.io/api/148442/security/?sentry_key=48196e632bb14305ad3fe47c6570e363 1
script-src 'self' *.concur.com *.concursolutions.com *.concurcdc.cn *.sap.com *.concurmessaging.com *.akamaihd.net *.akamaitechnologies.com *.deploy.akamaitechnologies.com *.deploy.static.akamaitechnologies.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.stats.g.doubleclick.net *.trustarc.com *.prefmgr-cookie.truste-svc.net *.walkme.com *.glancecdn.net *.glance.net *.s3.amazonaws.com s3.amazonaws.com *.salesforceliveagent.com *.cloud.sap *.ondemand.com *.ridecharge.com *.newrelic.com *.nr-data.net 'unsafe-inline' 'unsafe-eval';report-uri /nui/signin/report-violation 1
script-src 'nonce-ebcce743850aad8759d84049e6a6a344' 'strict-dynamic' 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'unsafe-inline'; report-uri /_/_/csp_report/?reportonly , script-src 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'unsafe-inline'; default-src 'self' 'unsafe-inline' blob: data: *.pinimg.com *.pinterest.com accounts.google.com fonts.gstatic.com fonts.googleapis.com use.typekit.net; frame-src *; img-src * data: blob:; connect-src *; worker-src * blob:; report-uri /_/_/csp_report/?reportonly 1
script-src 'nonce-a1559177adc396cd5988f768a337e480' 'strict-dynamic' 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'unsafe-inline'; report-uri /_/_/csp_report/?reportonly , script-src 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'unsafe-inline'; default-src 'self' 'unsafe-inline' blob: data: *.pinimg.com *.pinterest.com accounts.google.com fonts.gstatic.com fonts.googleapis.com use.typekit.net; frame-src *; img-src * data: blob:; connect-src *; worker-src * blob:; report-uri /_/_/csp_report/?reportonly 1
default-src https: data: blob: wss: 'unsafe-inline' 'unsafe-eval' 'self'; report-uri https://o106081.ingest.sentry.io/api/5541142/security/?sentry_key=30c01d0dc5d14625866292725a90101a 1
font-src use.typekit.net script.hotjar.com *.gstatic.com 'self' data: fonts.gstatic.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.facebook.com payflowlink.paypal.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.dotdigital-pages.com *.dotdigital.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com vars.hotjar.com www.facebook.com payflowlink.paypal.com *.weltpixel.com *.wesupply.xyz *.yotpo.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com px.ads.linkedin.com p.adsymptotic.com www.facebook.com www.google.com www.linkedin.com script.hotjar.com fonts.gstatic.com 'self' data: *.yotpo.com https://imgs.signifyd.com https://*.online-metrix.net 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de cdn.dnky.co api.comapi.com webchat.dotdigital.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com legacy.pantone.com connect.facebook.net script.hotjar.com snap.licdn.com static.hotjar.com js-agent.newrelic.com bam.nr-data.net cdn.jsdelivr.net go.xrite.com *.google.com *.gstatic.com *.cloudflare.com *.yotpo.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com unsafe-inline *.googleapis.com *.gstatic.com fonts.googleapis.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de api.comapi.com webchat.dotdigital.com www.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com stats.g.doubleclick.net www.google-analytics.com in.hotjar.com bam.nr-data.net bt.signifyd.com www.facebook.com bt.signifyd.com:11103 *.google-analytics.com *.yotpo.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/panoramio 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri /1/apitun/security/csp-report; 1
default-src 'self' https: data: blob:; script-src 'unsafe-inline' 'unsafe-eval' https: http: 'self'; worker-src blob: 'unsafe-inline' 'unsafe-eval' https: http: 'self';connect-src * data: 'self';frame-src http://*.pitchbook.local http://*.wistia.com http://*.jobvite.com http://*.ceros.com http://www.facebook.com https: mailto: tel: ms-appx-web: blob: 'self'; img-src * data: blob: 'self' android-webview-video-poster:; media-src * blob: 'self'; style-src http://*.pitchbook.com http://*.googleapis.com http://*.webspellchecker.net http://*.dynamicyield.com https: 'unsafe-inline' 'self'; font-src http://*.dynamicyield.com http://*.webspellchecker.net http://fonts.gstatic.com https: data: blob: 'self' http://themes.googleusercontent.com chrome-extension: localhost:3000;report-uri /csp/submit 1
default-src https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.newworld.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://d2lchq0n03yu65.cloudfront.net; script-src 'nonce-c6c495d40ae34540a489e749d2e7d67b'  https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.newworld.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://d2lchq0n03yu65.cloudfront.net; style-src 'self' 'nonce-c6c495d40ae34540a489e749d2e7d67b'  https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.newworld.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://d2lchq0n03yu65.cloudfront.net; img-src 'self' data:  https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.newworld.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://d2lchq0n03yu65.cloudfront.net https://*.twimg.com https://player.twitch.tv/ https://*.ytimg.com; media-src 'self' data:  https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.newworld.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://d2lchq0n03yu65.cloudfront.net https://*.twimg.com https://player.twitch.tv/ https://www.youtube.com https://youtube.com https://*.googlevideo.com; frame-src https://www.youtube.com https://youtube.com https://*.googlevideo.com https://*.twimg.com https://player.twitch.tv/  https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.newworld.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://d2lchq0n03yu65.cloudfront.net; report-uri https://www.amazon.com/1/batch/2/OE/mid=ATVPDKIKX0DER:sid=141-5840108-4183134:rid=ED090A45C32B4BC28280:sn=www.newworld.com 1
base-uri 'self'; script-src 'unsafe-eval' 'unsafe-inline' cdn.us-east-1.pipedriveassets.com *.pipedrive.com cdn.segment.com snap.licdn.com *.optimizely.com optimizely.s3.amazonaws.com snippet.growsumo.com cdn.cookielaw.org geolocation.onetrust.com www.google-analytics.com www.googletagmanager.com connect.facebook.net *.hotjar.com *.outbrain.com www.redditstatic.com www.youtube.com play.vidyard.com *.doubleclick.net vitals.vercel-insights.com zapier.com a.omappapi.com; style-src 'unsafe-inline' cdn.us-east-1.pipedriveassets.com fonts.googleapis.com a.omappapi.com; frame-src *.cdn.optimizely.com *.cdn-pci.optimizely.com www.facebook.com www.youtube.com play.vidyard.com *.doubleclick.net *.hotjar.com; img-src 'self' data: https://*; object-src 'none'; report-uri https://www.pipedrive.com/api/csp-reports 1
default-src 'self' *.hsbc.com.hk 'unsafe-inline' *.appdynamics.com *.eum-appdynamics.com *.demdex.net *.liveperson.net *.lpsnmedia.net business.virtualassistant.hangseng.com *.gstatic.com manifest.prod.boltdns.net *.googleusercontent.com *.amazonaws.com *.brightcove.net *.brightcove.com product.givingassist.org www.clearplay.com; script-src 'self' *.hsbc.com.hk 'unsafe-eval' 'unsafe-inline' *.appdynamics.com *.eum-appdynamics.com *.demdex.net *.liveperson.net *.lpsnmedia.net *.sc.omtrdc.net *.tiqcdn.com *.googletagmanager.com bat.bing.com *.facebook.net *.doubleclick.net *.googleadservices.com www.google.com *.gstatic.com www.recaptcha.net *.tt.omtrdc.net *.tealiumiq.com *.amazonaws.com *.walkme.com *.liverperson.com *.akamaihd.net *.twitter.com *.amap.com *.brightcove.com *.ndscognitivelabs.com vjs.zencdn.net; img-src 'self' *.hsbc.com.hk *.appdynamics.com *.eum-appdynamics.com *.demdex.net *.liveperson.net data: *.doubleclick.net *.tealiumiq.com *.sc.omtrdc.net *.google.com www.facebook.com bat.bing.com *.twitter.com *.linkedin.com s.amazon-adsystem.com *.analytics.yahoo.com t.co *.googleadservices.com tr.outbrain.com *.googletagmanager.com *.lpsnmedia.net p.adsymptotic.com branch.explorer.hase.hk.hsbc home.global.hsbc home.tw.hsbc intranet-hase.hk.hsbc *.googleusercontent.com *.amazonaws.com *.walkme.com *.amap.com *.gstatic.com pixel.quantserve.com *.googleapis.com; connect-src 'self' *.hsbc.com.hk *.appdynamics.com *.eum-appdynamics.com *.demdex.net *.liveperson.net bat.bing.com *.tt.omtrdc.net *.sc.omtrdc.net *.tealiumiq.com *.siteintercept.qualtrics.com jsonip.com *.tiqcdn.com *.doubleclick.net manifest.prod.boltdns.net *.amazonaws.com *.google.com *.walkme.com *.amap.com *.brightcove.com *.ndscognitivelabs.com; script-src-elem 'self' *.hsbc.com.hk 'unsafe-eval' 'unsafe-inline' *.appdynamics.com *.eum-appdynamics.com *.demdex.net *.liveperson.net *.sc.omtrdc.net *.lpsnmedia.net *.tiqcdn.com *.googletagmanager.com bat.bing.com *.facebook.net *.doubleclick.net *.googleadservices.com *.google.com *.gstatic.com *.gstatic.cn www.recaptcha.net *.tt.omtrdc.net *.tealiumiq.com *.amazonaws.com *.liverperson.com *.akamaihd.net *.twitter.com *.walkme.com *.amap.com *.brightcove.com *.ndscognitivelabs.com vjs.zencdn.net; report-uri https://csp.prod.ap.dynp.cloud1.vv1865.com/; child-src 'self' *.appdynamics.com *.eum-appdynamics.com *.demdex.net *.liveperson.net comshub-msb.marksandspencer.com dev.comshub-msb.marksandspencer.com uat.comshub-msb.marksandspencer.com mcmdev.hsbc.co.uk mcmperf.hsbc.co.uk mcmprod.hsbc.co.uk *.lpsnmedia.net *.doubleclick.net *.google.com www.recaptcha.net *.tealiumiq.com *.tiqcdn.com; frame-src 'self' *.appdynamics.com *.eum-appdynamics.com *.demdex.net *.liveperson.net comshub-msb.marksandspencer.com dev.comshub-msb.marksandspencer.com uat.comshub-msb.marksandspencer.com mcmdev.hsbc.co.uk mcmperf.hsbc.co.uk mcmprod.hsbc.co.uk *.doubleclick.net *.tealiumiq.com www.google.com *.tiqcdn.com *.lpsnmedia.net www.recaptcha.net *.id.opendns.com google.com hkmwg001.asia.intl.cigna.com hkmwg002.asia.intl.cigna.com notify.bluecoat.com www.facebook.com *.ibosscloud.com *.google.com gateway.zscaler.net gateway.zscalertwo.net gateway.zscalerthree.net gatway.zscloud.net *.googleapis.com www.bessemertrust.com; frame-ancestors 'self'; upgrade-insecure-requests ; 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.sheknows.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
default-src 'self';style-src 'self' 'unsafe-inline' dev.g.alicdn.com g.alicdn.com at.alicdn.com *.test.youku.com *.taobao.net webapi.amap.com;script-src 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' *.dingtalk.com *.cnzz.com *.alicdn.com market.wapa.taobao.com g.alicdn.com dev.g.alicdn.com ynuf.alipay.com log.mmstat.com s.tbcdn.cn vip.laiwang.com wswukong.laiwang.com local.alipcsec.com:6691 *.taobao.net cfd.aliyun.com restapi.amap.com webapi.amap.com retcode.alicdn.com cfall.aliyun.com gw.alipayobjects.com ynuf.aliapp.org;connect-src 'self' *.dingtalk.com wss://*.dingtalk.com ynuf.alipay.com dev.g.alicdn.com g.alicdn.com retcode.taobao.com dingtalk-cspase-sh.oss-cn-shanghai.aliyuncs.com dingtalk-cspase-sz.oss-cn-shenzhen.aliyuncs.com arms-retcode.aliyuncs.com arms-retcode.aliyuncs.com ynuf.aliapp.org px-intl.ucweb.com px.ucweb.com gm.mmstat.com preview-lippi-space-zjk.oss-accelerate.aliyuncs.com wgo.mmstat.com wss://alidocs-body.oss-accelerate.aliyuncs.com wss://pre-collab.dingtalk.com;frame-src 'self' h5.m.taobao.com qiye.aliyun.com log.laiwang.com dev.g.alicdn.com g.alicdn.com login.dingtalk.com login2.dingtalk.com *.dingtalk.com mailsso.mxhichina.com wvjbscheme: alipaybridge: alipaymonitor: mmstat.alicdn.com res.mmstat.com ynuf.aliapp.org alidocs.oss-cn-zhangjiakou.aliyuncs.com;font-src 'self' at.alicdn.com dev.g.alicdn.com g.alicdn.com data: *.taobao.net i.alicdn.com;img-src 'self' data: *.dingtalk.com *.aliimg.com *.alicdn.com *.mmstat.com ynuf.alipay.com arms-retcode.aliyuncs.com pin.aliyun.com fourier.alibaba.com retcode.taobao.com *.cnzz.com dingtalk-cspase-sh.oss-cn-shanghai.aliyuncs.com dingtalk-cspase-sz.oss-cn-shenzhen.aliyuncs.com restapi.amap.com kcart.alipay.com preview-lippi-space-zjk.oss-cn-zhangjiakou.aliyuncs.com px-intl.ucweb.com px.ucweb.com alidocs.oss-cn-zhangjiakou.aliyuncs.com;media-src 'self' *.dingtalk.com cloud.video.taobao.com videocdn.taobao.com tbm-auth.alicdn.com dev.g.alicdn.com g.alicdn.com;report-uri https://csp.dingtalk.com/csp; 1
default-src https:; base-uri 'self'; script-src 'unsafe-inline' https: 'nonce-NkpNWBQ+Pzt+tQ==' 'strict-dynamic' 'unsafe-eval' *.zulily.com 'report-sample'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; media-src https: blob:; object-src 'none'; block-all-mixed-content; frame-ancestors 'self' *.zulily.com; report-uri https://productreviews-ext.prod.store.aws.z8s.io/csp-report-violations-report-only; 1
script-src 'nonce-c7f63b7de9376186779d8620124c7968' 'strict-dynamic' 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'unsafe-inline'; report-uri /_/_/csp_report/?reportonly , script-src 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'unsafe-inline'; default-src 'self' 'unsafe-inline' blob: data: *.pinimg.com *.pinterest.com accounts.google.com fonts.gstatic.com fonts.googleapis.com use.typekit.net; frame-src *; img-src * data: blob:; connect-src *; worker-src * blob:; report-uri /_/_/csp_report/?reportonly 1
default-src https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com; script-src https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com 'unsafe-inline' 'unsafe-eval'; style-src https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com 'unsafe-inline'; report-uri /1/batch/2/OE/mid=AF2M0KC94RCEA:sid=136-4242358-9770253:rid=R1QAVWYCDVVGF8F2ZAS0:sn=www.acx.com 1
script-src 'self' https://d3sq5bmi4w5uj1.cloudfront.net ajax.googleapis.com https://ie7-js.googlecode.com https://cdnjs.cloudflare.com connect.facebook.net uhf.microsoft.com c.microsoft.com cs.microsoft.com c.s-microsoft.com wcpstatic.microsoft.com platform.twitter.com 'sha256-l9ZHmyP+aSQUbzDsO0Z5mU5KmeKTw7h+LYWUCcvjK/o=' 'sha256-PaS0gCgkEvlXwzUjXAo0jysAvDXOc3iIttQamgrvXk0=' 'sha256-LJOONddNtIMPVfcLsFATXyL4P23f3znxXz4FxYemkxI=' 'sha256-9iOvn7LxDLljYZpLeETJMw2obbWSDMr5bD4EvVwobT8=' 'sha256-0E0vDUBHZEKS2e6EIVqnrTnKVNyC9EkRVPrg1eYPjfk=' 'sha256-qKAjO5ncQUIDDV6E+i9Ki0B02qMSMSYn7Qz3CCeUadA=' 'sha256-e+Muvfq9cFCKaGyU2s/dw33x7jyiRjzSxMMWigxtces=' 'sha256-X13pZMYtfc8rLgpPU27DRu9ogdGOie2/WSSRXrvb4qw=' 'sha256-qBq7Yi1crTUnQMu1SOv+OLIkSbFYKoUR5uEZmtGdr18=' 'sha256-3lrmNAZ6kNZZTLuCfq9dwAOOuM3LB25Zw3lZQb6u5mA=' 'sha256-4yQMvgCymLvSmnCJ3fBR7j5ULSCezuYQiYkcA5JNVEY=' 'sha256-ktmU5paXGPR9mdN2uSWY55YcgQeImJRGVoRPrUQgASY=' 'sha256-MA2y0MDJ4KekIetpCUKmHXxHGlTrzqzVnitomCSNO14=' 'sha256-SeFjbS0LfxHLZ4dSTKm3BJQLbYE7L30x+Dieoa6QQwM=' 'sha256-SCdeHAIyndSsvnKndC84UH7e8hWXZfGZi1sXICbMEfM=' 'sha256-H/0P7dZMBnkxNkAxjKwW4ZkIbOu+jUatI5iXj220Mzw=' 'sha256-K2eMQjiqAXlEEKU1OI//ND8SNuV5nMOGNBQxtt0fK+g=' 'sha256-teb0gd16eHO96p+TWUf4Qk9ED1HJmiBTon8ooUoBh00=' 'sha256-Kdb1cN+XVz5wzuxh0LQlnyRgRjSv4+NQJ0c57mBi0pc=' 'sha256-dc0kLiLbea/nrL24ZXilOuRrs2VzRffX05RSQdgHUsU=' 'sha256-LjreJQqJjPxAIN/hThhUIWTziFE4758qAZp8fvAjruM=' 'sha256-o62lg6aR4njGCW/O+wQfymrm7gCZOXINNMAQNuD1VGM=' 'sha256-j3H8aCmyA0faDUoXS4euhLBRHBatCYqsLfaeZoZ86RQ='; style-src 'self' 'unsafe-inline' d3sq5bmi4w5uj1.cloudfront.net uhf.microsoft.com c.s-microsoft.com; img-src 'self' syndication.twitter.com analytics.twitter.com t.co uhf.microsoft.com c.microsoft.com *.facebook.com d3sq5bmi4w5uj1.cloudfront.net images.mxpnl.com wdgcdn.azureedge.net asgcdn.azureedge.net; frame-src *.facebook.com platform.twitter.com c1.microsoft.com c.bing.com; font-src 'self' data:; report-uri https://csp.skype.com 1
default-src 'self' image.spreadshirtmedia.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *.go-mpulse.net apis.google.com assets.adobedtm.com *.cloudfront.net nxtck.com ssl.gstatic.com ws.sessioncam.com *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com adtm.spreadshirts.net *.spreadshirt.com ; img-src 'self' data: https: image.spreadshirtmedia.net image.spreadshirtmedia.net *.gstatic.com rtb-csync.smartadserver.com pixel.rubiconproject.com pixel.advertising.com dsum-sec.casalemedia.com cotads.adscale.de www.google-analytics.com eu-u.openx.net ih.adscale.de *.akstat.io www.facebook.com dsum-sec.casalemedia.com ad.yieldlab.net secure.adnxs.com mapping.nxtck.com stats.g.doubleclick.net www.google.com www.google.de cm.g.doubleclick.net ads.yahoo.com sync.ligadx.com eb2.3lift.com s.sspqns.com x.bidswitch.net image2.pubmatic.com sync.outbrain.com nxtck.com sanalytics.spreadshirt.com *.spreadshirt.com ; connect-src 'self' https: *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com *.go-mpulse.net *.akstat.io/ *.spreadshirt.com ; font-src 'self' https: data: *.spreadshirt.com ; style-src 'self' data: 'unsafe-inline' https: *.spreadshirt.com ; object-src 'none' ; media-src image.spreadshirtmedia.com ; frame-src 'self' https: www.google.com accounts.google.com *.spreadshirt.com ; report-uri https://csp.spreadshirts.net/csp/reportOnly ; 1
default-src: 'self' https://c.disquscdn.com https://disqus.com script-src: 'self' https://c.disquscdn.com/next/embed/alfie_v4.63f1ab6d6b9d5807dc0c94ef3fe0b851.js https://cdn-prod.opendemocracy.net/assets/js/core.min.js https://cdn.datatables.net/1.10.20/js/jquery.dataTables.js https://cdn.syndication.twimg.com/moments/ https://cdn.webpushr.com/app.min.js https://code.jquery.com/jquery-3.4.1.min.js https://comment-talk.comment.opendemocracy.net/assets/js/embed.js https://fast.a.klaviyo.com/media/js/analytics/klaviyo_analytics.js https://matomo.hactar.is/piwik.js https://mc.yandex.ru/metrika/tag.js https://opendemocracy.disqus.com/embed.js https://opendemocracy.disqus.com/combination_widget.js https://platform.twitter.com/widgets.js https://script.hotjar.com/modules.0607bc475b5a3c4f001b.js https://static.hotjar.com/c/hotjar-1946277.js https://static.klaviyo.com/onsite/js/profiling.76e929c1972a7b78f0c4.js https://support.opendemocracy.net/petitions/app.js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtm.js https://surveys-static.survicate.com/widget_core-8.0.5.js https://surveys-static.survicate.com/widget_core-8.0.4.js https://survey.survicate.com/workspaces/fc4c2b19a0dff663c2bee6a5137a3710/web_surveys.js https://cdn-prod.opendemocracy.net/assets/js/share.min.js?d41d8cd9 https://static.klaviyo.com/onsite/js/klaviyo.js?company_id=YjCYwm https://cdn-prod.opendemocracy.net/assets/js/share.min.js?d41d8cd9 https://script.hotjar.com/modules.5d1cad31427a09b055ed.js https://script.hotjar.com/modules.f2a0c48472fc3a6a1664.js https://script.hotjar.com/modules.9dd23155c7d4a9746d0b.js; style-src: 'self' https://c.disquscdn.com https://cdn-prod.opendemocracy.net https://cdn.datatables.net https://platform.twitter.com https://ton.twimg.com; object-src: 'none'; base-uri: 'self'; connect-src: 'self' https://analytics.webpushr.com https://bot.webpushr.com https://fast.a.klaviyo.com https://links.services.disqus.com https://mc.yandex.ru https://stats.g.doubleclick.net https://support.opendemocracy.net https://telemetrics.klaviyo.com https://www.google-analytics.com https://in.hotjar.com https://vc.hotjar.io https://ws9.hotjar.com wss://ws9.hotjar.com; font-src: 'self' https://cdn-prod.opendemocracy.net; frame-src: 'self' https://5050.carto.com https://comment-talk.comment.opendemocracy.net https://desmog.co.uk https://disqus.com https://docs.google.com https://mc.yandex.md https://platform.twitter.com https://syndication.twitter.com https://vars.hotjar.com https://w.soundcloud.com https://www.youtube.com; img-src: 'self' https://a.disquscdn.com https://c.disquscdn.com https://cdn-prod.opendemocracy.net https://cdn.datatables.net https://cdn.viglink.com https://cdn.webpushr.com https://links.services.disqus.com https://matomo.hactar.is https://mc.yandex.com https://mc.yandex.ru https://pbs.twimg.com https://platform.twitter.com https://syndication.twitter.com https://ton.twimg.com https://www.google.co.uk https://www.google.com; manifest-src: 'self'; media-src: 'self'; worker-src: 'self'; report-uri /csp/report/; 1
default-src https: 'unsafe-inline'; img-src blob: data: https:; report-uri /csp-violation-report 1
default-src data: https: 'unsafe-inline' 'unsafe-eval'; report-uri https://track.buyma.com/csp/report.json 1
script-src 'self' 'unsafe-eval' app.hubspot.com cdn-3.convertexperiments.com cdnjs.cloudflare.com connect.facebook.net cta-service-cms2.hubspot.com js.hsforms.net js.hs-analytics.net js.hs-banner.com js.hsleadflows.net js.hubspotfeedback.com js.usemessages.com platform.twitter.com play.vidyard.com run.pstmn.io script.crazyegg.com script.hotjar.com static.hotjar.com static.hsappstatic.net use.typekit.net www.googletagmanager.com www.google-analytics.com www.hubspot.com 'strict-dynamic' 'nonce-NjkyNjMwMTE4LDQ3Njc2NDUyNg=='; report-uri https://exceptions.hubspot.com/csp/report?version=test; 1
script-src 'nonce-1ca128313605013b97d25dcc9c4d6be8' 'strict-dynamic' 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'unsafe-inline'; report-uri /_/_/csp_report/?reportonly , script-src 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'unsafe-inline'; default-src 'self' 'unsafe-inline' blob: data: *.pinimg.com *.pinterest.com accounts.google.com fonts.gstatic.com fonts.googleapis.com use.typekit.net; frame-src *; img-src * data: blob:; connect-src *; worker-src * blob:; report-uri /_/_/csp_report/?reportonly 1
script-src 'nonce-6c93c98744b8436818207631dcf02d55' 'strict-dynamic' 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'unsafe-inline'; report-uri /_/_/csp_report/?reportonly , script-src 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'unsafe-inline'; default-src 'self' 'unsafe-inline' blob: data: *.pinimg.com *.pinterest.com accounts.google.com fonts.gstatic.com fonts.googleapis.com use.typekit.net; frame-src *; img-src * data: blob:; connect-src *; worker-src * blob:; report-uri /_/_/csp_report/?reportonly 1
script-src 'nonce-26fcdca87c3b9d38487cdee81ef74b23' 'strict-dynamic' 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'unsafe-inline'; report-uri /_/_/csp_report/?reportonly , script-src 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'unsafe-inline'; default-src 'self' 'unsafe-inline' blob: data: *.pinimg.com *.pinterest.com accounts.google.com fonts.gstatic.com fonts.googleapis.com use.typekit.net; frame-src *; img-src * data: blob:; connect-src *; worker-src * blob:; report-uri /_/_/csp_report/?reportonly 1
default-src 'self' tpc.googlesyndication.com; frame-ancestors 'self'; frame-src 'self' https://staticcdn.co.nz www.youtube.com www.facebook.com connect.facebook.net gsa://onpageload https://d2rf51x5ga9gxp.cloudfront.net https://api.trademe.co.nz/ https://auth.trademe.co.nz https://vimeo.com https://cdn.diakrit.com https://livetour.istaging.com https://vtc.virtualtourscreator.com.au https://app.cloudpano.com https://storage.googleapis.com https://www.google.com https://www.google.co.nz *.googlesyndication.com *.doubleclick.net *.imrworldwide.com trademe.wufoo.com my.matterport.com *.trademepayments.co.nz *.pingauth.trademe.co.nz https://vars.hotjar.com; font-src 'self' data: *.tmcdn.co.nz fonts.googleapis.com fonts.gstatic.com http://static.hotjar.com https://static.hotjar.com; img-src 'self' data: blob: www.google-analytics.com www.googletagmanager.com *.googleapis.com *.gstatic.com *.ggpht.com i.ytimg.com www.facebook.com https://api.trademe.co.nz/ *.tmcdn.co.nz *.google.com *.google.co.nz *.google.com.au *.google.cn *.google.com.sg *.google.com.hk *.google.co.za *.google.ca *.google.co.kr *.google.de *.google.com.br *.google.co.id *.google.fr *.google.com.mm *.google.co.ck *.google.com.fj *.google.co.jp *.google.com.vn *.google.co.in *.google.co.ie *.google.cl *.google.com.co *.google.cz *.google.it *.google.co.uk *.google.es *.google.se *.google.lk *.google.mk *.google.com.qa *.google.fi *.google.com.pk *.google.com.sa *.google.ru *.google.ro *.google.ge *.google.com.my *.google.tt *.google.nl *.google.hu *.google.ua *.google.be *.google.sb *.google.lu *.google.tw *.google.sk *.google.co.th *.google.co.zw *.google.pt *.google.co.zm *.google.com.jm *.google.co.il *.google.gr *.google.pl *.google.si *.google.com.ph *.google.to *.google.com.ar *.google.bs *.google.com.eg *.google.hr *.google.mn *.google.dk *.google.lv *.google.com.ng *.google.ae *.google.ch *.google.com.pe *.google.com.tr *.google.com.bo *.google.ws *.google.vg *.google.com.gh *.google.no *.google.at *.google.com.mt *.google.ee *.google.com.mx *.google.com.ec *.google.com.bn *.google.co.tz *.google.vu *.google.com.ag *.google.co.cr *.google.rs *.google.la *.google.is *.google.tn *.google.pg *.google.np *.google.by *.google.im *.google.gg *.google.md *.google.lt *.google.com.pg *.google.mv *.google.com.tw *.google.co.ke *.google.com.kh *.google.com.ni *.google.com.uy *.google.com.pg *.google.com.bd *.google.ie *.googlesyndication.com *.imrworldwide.com *.doubleclick.net *.googleusercontent.com https://insights.hotjar.com http://static.hotjar.com https://static.hotjar.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://staticcdn.co.nz connect.facebook.net www.google-analytics.com www.googletagmanager.com www.googletagservices.com dnn506yrbagrg.cloudfront.net *.googleapis.com www.youtube.com s.ytimg.com script.crazyegg.com *.google.com *.google.co.nz *.google.com.au *.google.cn *.google.com.sg *.google.com.hk *.google.co.za *.google.ca *.google.co.kr *.google.de *.google.com.br *.google.co.id *.google.fr *.google.com.mm *.google.co.ck *.google.com.fj *.google.co.jp *.google.com.vn *.google.co.in *.google.co.ie *.google.cl *.google.com.co *.google.cz *.google.it *.google.co.uk *.google.es *.google.se *.google.lk *.google.mk *.google.com.qa *.google.fi *.google.com.pk *.google.com.sa *.google.ru *.google.ro *.google.ge *.google.com.my *.google.tt *.google.nl *.google.hu *.google.ua *.google.be *.google.sb *.google.lu *.google.tw *.google.sk *.google.co.th *.google.co.zw *.google.pt *.google.co.zm *.google.com.jm *.google.co.il *.google.gr *.google.pl *.google.si *.google.com.ph *.google.to *.google.com.ar *.google.bs *.google.com.eg *.google.hr *.google.mn *.google.dk *.google.lv *.google.com.ng *.google.ae *.google.ch *.google.com.pe *.google.com.tr *.google.com.bo *.google.ws *.google.vg *.google.com.gh *.google.no *.google.at *.google.com.mt *.google.ee *.google.com.mx *.google.com.ec *.google.com.bn *.google.co.tz *.google.vu *.google.com.ag *.google.co.cr *.google.rs *.google.la *.google.is *.google.tn *.google.pg *.google.np *.google.by *.google.im *.google.gg *.google.md *.google.lt *.google.com.pg *.google.mv *.google.com.tw *.google.co.ke *.google.com.kh *.google.com.ni *.google.com.uy *.google.com.pg *.google.com.bd *.google.ie www.googleadservices.com *.doubleclick.net *.imrworldwide.com *.googlesyndication.com cdn.ampproject.org http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com https://*.afterpay.com https://*.newrelic.com https://*.nr-data.net https://frend-assets.freetls.fastly.net/; form-action 'self' trademe.wufoo.com www.facebook.com connect.facebook.net d3f5l8ze0o4j2m.cloudfront.net https://api.trademe.co.nz/; connect-src 'self' https://api.trademe.co.nz/ https://auth.trademe.co.nz *.tmcdn.co.nz sentry.io www.facebook.com www.google-analytics.com *.gstatic.com *.googleapis.com *.google.com *.google.co.nz *.google.com.au *.google.cn *.google.com.sg *.google.com.hk *.google.co.za *.google.ca *.google.co.kr *.google.de *.google.com.br *.google.co.id *.google.fr *.google.com.mm *.google.co.ck *.google.com.fj *.google.co.jp *.google.com.vn *.google.co.in *.google.co.ie *.google.cl *.google.com.co *.google.cz *.google.it *.google.co.uk *.google.es *.google.se *.google.lk *.google.mk *.google.com.qa *.google.fi *.google.com.pk *.google.com.sa *.google.ru *.google.ro *.google.ge *.google.com.my *.google.tt *.google.nl *.google.hu *.google.ua *.google.be *.google.sb *.google.lu *.google.tw *.google.sk *.google.co.th *.google.co.zw *.google.pt *.google.co.zm *.google.com.jm *.google.co.il *.google.gr *.google.pl *.google.si *.google.com.ph *.google.to *.google.com.ar *.google.bs *.google.com.eg *.google.hr *.google.mn *.google.dk *.google.lv *.google.com.ng *.google.ae *.google.ch *.google.com.pe *.google.com.tr *.google.com.bo *.google.ws *.google.vg *.google.com.gh *.google.no *.google.at *.google.com.mt *.google.ee *.google.com.mx *.google.com.ec *.google.com.bn *.google.co.tz *.google.vu *.google.com.ag *.google.co.cr *.google.rs *.google.la *.google.is *.google.tn *.google.pg *.google.np *.google.by *.google.im *.google.gg *.google.md *.google.lt *.google.com.pg *.google.mv *.google.com.tw *.google.co.ke *.google.com.kh *.google.com.ni *.google.com.uy *.google.com.pg *.google.com.bd *.google.ie *.doubleclick.net *.googlesyndication.com http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com https://*.afterpay.com https://*.nr-data.net; child-src 'self' https://vars.hotjar.com; worker-src 'self' https://vars.hotjar.com; report-uri https://sentry.io/api/1279183/security/?sentry_key=990566bb4d5d4445ae67eba309f51cfd 1
default-src 'self' https://bath.ac.uk https://*.bath.ac.uk;                   connect-src 'self' https://bath.ac.uk https://*.bath.ac.uk https://*.crazyegg.com https://www.google-analytics.com https://prod-discoveruni.azure-api.net https://*.flickr.com https://*.ttl.ai;                   font-src 'self' fonts.gstatic.com https://semantic-ui.com data:;                   frame-src 'self' https://*.vimeo.com https://vimeo.com https://www.openstreetmap.org https://youtube.com https://www.youtube.com https://www.youtube-nocookie.com https://*.google.com https://www.flickr.com https://app.geckoform.com https://forms.office.com https://sway.office.com https://*.soundcloud.com https://anchor.fm https://*.openstreetmap.fr https://bath.topdesk.net https://www.sensusaccess.com https://www.facebook.com https://web.microsoftstream.com https://unibuddy.co https://*.unibuddy.co https://spark.adobe.com https://bathreg.onlinesurveys.ac.uk;                   img-src 'self' https:;                   script-src 'self' https://*.bath.ac.uk https://static.addtoany.com https://*.gstatic.com https://vimeo.com https://*.vimeo.com https://extend.vimeocdn.com https://*.flickr.com https://*.staticflickr.com https://platform.twitter.com https://spark.adobe.com https://cdn.unibuddy.co https://code.jquery.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://connect.facebook.net https://discoveruni.gov.uk https://*.discoveruni.gov.uk https://*.crazyegg.com https://static.ttlagency.uk https://*.ttl.ai https://*.ipinyou.com https://*.quantserve.com https://*.quantcount.com 'nonce-WVhZdjV6b3BBdm5zV3BfTjVzQ1ZmQUFBQUFZ';                   style-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com https://*.ttl.ai https://semantic-ui.com;                   frame-ancestors 'self' https://bath.ac.uk https://*.bath.ac.uk;                   upgrade-insecure-requests;                   report-uri https://bathweb.report-uri.com/r/d/csp/reportOnly 1
default-src 'self' 'unsafe-inline' *.atbar.org *.issuu.com ddfbm2kt5ml6l.cloudfront.net cdn.soton.ac.uk cdn.southampton.ac.uk corporate.wordpress.soton.ac.uk blog.soton.ac.uk; script-src 'self' 'unsafe-inline' 'unsafe-eval' code.jquery.com www.googleadservices.com www.googletagmanager.com *.google-analytics.com connect.facebook.net static.ads-twitter.com j.flxpxl.com hj.flxpxl.com d2hlpp31teaww3.cloudfront.net d1d7fjtb6d4i2m.cloudfront.net analytics.twitter.com ib.adnxs.com www.intelliworkschat.com access.ecs.soton.ac.uk *.atbar.org www.youtube.com s.ytimg.com *.issuu.com ddfbm2kt5ml6l.cloudfront.net cdn.soton.ac.uk cdn.southampton.ac.uk stats.wp.com soton.disqus.com stats.wp.com corporate.wordpress.soton.ac.uk blog.soton.ac.uk s0.wp.com use.typekit.net connect.facebook.com platform.twitter.com; font-src 'self' data: ddfbm2kt5ml6l.cloudfront.net cdn.soton.ac.uk cdn.southampton.ac.uk use.typekit.net; img-src data: 'self' www.southampton.ac.uk cdn.soton.ac.uk cdn.southampton.ac.uk t.co mpp2.vindicosuite.com *.google-analytics.com *.facebook.com pixel.adsafeprotected.com *.doubleclick.net www.google.com www.google.co.uk *.atbar.org *.issuu.com image.isu.pub www.intelliworkschat.com pixel.wp.com blog.soton.ac.uk platform.twitter.com pbs.twimg.com syndication.twitter.com p.typekit.net d1d7fjtb6d4i2m.cloudfront.net; frame-src 'self' www.google.com www.google.co.uk www.youtube.com *.issuu.com ddfbm2kt5ml6l.cloudfront.net cdn.soton.ac.uk cdn.southampton.ac.uk; child-src 'self' www.google.com www.google.co.uk www.youtube.com *.issuu.com ddfbm2kt5ml6l.cloudfront.net cdn.soton.ac.uk cdn.southampton.ac.uk; 1
require-trusted-types-for 'script'; trusted-types angular angular#bundler angular#unsafe-bypass aio#analytics google#safe; report-uri https://csp.withgoogle.com/csp/angular.io 1
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/webmaster/googleorg 1
default-src 'self' data: blob: https://067-umd-991.mktoresp.com https://analytics.twitter.com https://bam.nr-data.net https://bi-beta.pst.tech https://bi.pst.tech https://blog.postman.com https://cdn.cookielaw.org https://cdn.jsdelivr.net https://cdn.polyfill.io https://dl.pstmn.io https://fast.wistia.net https://fonts.googleapis.com https://fonts.gstatic.com https://geolocation.onetrust.com https://in.hotjar.com https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://js-agent.newrelic.com https://ms1frkqnsp7r.statuspage.io https://munchkin.marketo.net https://pages.getpostman.com https://privacyportal.onetrust.com https://public.slidesharecdn.com https://px.ads.linkedin.com https://script.hotjar.com https://skills-assets.pstmn.io https://www.slideshare.net https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://stats.g.doubleclick.net https://t.co https://vars.hotjar.com https://www.youtube.com https://p.adsymptotic.com https://assets.getpostman.com https://www.linkedin.com https://pixel.mathtag.com https://js.driftt.com https://www.googleleadservices.com https://google.g.doubleclick.net https://web.postman.com https://manifest.webmanifest https://www.googleadservices.com https://googleads.g.doubleclick.net https://px4.ads.linkedin.com https://i.ytimg.com https://api.mapbox.com https://events.mapbox.com https://identity.getpostman-beta.com https://identity.getpostman.com https://www.youtube-nocookie.com https://run.pstmn.io https://t7vhfmsv15.execute-api.us-east-1.amazonaws.com https://player.twitch.tv https://conversation.api.drift.com https://st-ar.cdn.postman.com 'unsafe-inline'; form-action 'self'; base-uri 'self';  block-all-mixed-content; report-uri https://sentry.postmanlabs.com/api/738/security/?sentry_key=9f4634749cc5431981a67baf042d0e9e; 1
default-src 'self' *.roche.com *.roche.net *.gene.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.roche.com *.roche.net *.gene.com cdn.walkme.com apis.google.com tpc.googlesyndication.com api.html5media.info workdevapp.com cdn-js.net gdata.youtube.com twitter.com geolocation.onetrust.com api.flickr.com graph.facebook.com sharecdn.social9.com maps.googleapis.com use.typekit.com munchkin.marketo.net img.en25.com w.likebtn.com cdn.mathjax.org sadmin.brightcove.com cdnjs.cloudflare.com releases.flowplayer.org script.crazyegg.com wi.likebtn.com pepperglobal.com analytics.twitter.com cdn.blueconic.net connect.facebook.net fullstory.com script.hotjar.com gnntch.blueconic.net rules.quantcount.com secure.quantserve.com static.hotjar.com www.youtube.com www.googletagmanager.com www.google-analytics.com google-analytics.com *.gstatic.com static.ads-twitter.com sjs.bizographics.com *.linkedin.com www.google.com w.soundcloud.com s.ytimg.com *.cloudflareaccess.com *.salesforceliveagent.com https://*.roche.com:8080 https://cdnjs.org https://service.force.com/* cdn.cookielaw.org static.cloudflareinsights.com googleads.g.doubleclick.net 7232514.collect.igodigital.com; style-src * 'self' 'unsafe-inline'; img-src * 'self' data:; font-src * 'self' data:; connect-src * 'self'; media-src * 'self' data:; object-src 'self'; child-src 'self' *.roche.com *.roche.net *.gene.com *.facebook.net qpcr.probefinder.com *.force.com *.hotjar.com www.facebook.com www.google.com www.googletagmanager.com www.youtube.com; frame-src 'self' *.roche.com *.roche.net *.gene.com www.youtube.com sites.google.com *.cloudfront.net *.facebook.net *.arcot.com live.sagepay.com player.vimeo.com tpc.googlesyndication.com players.brightcove.net qpcr.probefinder.com *.eloqua.com *.hotjar.com *.soundcloud.com *.facebook.com *.google.com *.googletagmanager.com *.youtube-nocookie.com *.youtube.com *.mendeley.com *.force.com https://cdn.walkme.com/*; worker-src 'self' *.roche.com *.roche.net *.gene.com; frame-ancestors 'self' *.roche.com *.roche.net *.gene.com datastudio.google.com sites.google.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com *.cloudflareworkers.com; form-action 'self' *.roche.com *.roche.net *.gene.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com; base-uri 'self' *.roche.com *.roche.net *.gene.com *.secure.roche.com; plugin-types application/pdf; report-uri https://ayba8dhs.uriports.com/reports/report; report-to default 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://robbreport.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
default-src 'self' *.wargaming.net https://*.wgcdn.co https://*.gcdn.co https://www.youtube.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.tvsquared.com *.wargaming.net https://*.teads.tv https://*.taboola.com https://*.adform.net https://partner.worldoftanks.com https://*.wgcdn.co https://*.gcdn.co https://www.googletagmanager.com https://*.google-analytics.com https://www.googleadservices.com https://*.yandex.ru https://*.yandex.net https://*.yandex.ua https://*.yandex.by https://*.yandex.kz https://*.yandex.com.tr http://*.yandex.ru http://*.yandex.net http://*.yandex.ua http://*.yandex.by http://*.yandex.kz http://*.yandex.com.tr https://*.yandex.st https://*.yandex.com https://*.yandex.fr https://yandex.st https://u360.d-bi.fr https://bat.bing.com https://connect.facebook.net https://connect.ok.ru https://*.vk.com https://googleads.g.doubleclick.net https://*.adroll.com https://*.addthis.com https://*.addthisedge.com https://tag.marinsm.com https://pixel-geo.prfct.co https://static.criteo.net https://*.creative-serving.com 	 https://*.criteo.com https://*.vihub.ru https://*.cloudfront.net https://js.gleam.io https://a1.adform.net https://ajax.googleapis.com https://www.youtube.com https://animate.adobe.com https://*.stackadapt.com ; style-src 'self' 'unsafe-inline' *.wargaming.net https://fonts.googleapis.com https://*.wgcdn.co https://*.gcdn.co ; img-src 'self' data: android-webview-video-poster: * ; connect-src 'self' *.wargaming.net *.tvsquared.com *.taboola.com wss://worldoftanks.ru wss://worldoftanks.eu wss://worldoftanks.asia wss://worldoftanks.com https://stats.g.doubleclick.net https://*.yandex.ru https://*.yandex.net https://*.yandex.ua https://*.yandex.by https://*.yandex.kz https://*.yandex.com.tr http://*.yandex.ru http://*.yandex.net http://*.yandex.ua http://*.yandex.by http://*.yandex.kz http://*.yandex.com.tr https://*.yandex.st https://*.yandex.com https://*.yandex.fr https://graph.facebook.com https://*.addthis.com https://*.google-analytics.com https://ymetrica1.com https://*.cloudfront.net https://google.com https://google.ru https://google.com.ua https://google.by https://google.pl https://*.googleapis.com https://stackadapt.com https://*.doubleclick.net *.yimg.com ; font-src 'self' *.wargaming.net https://fonts.gstatic.com https://*.wgcdn.co https://*.gcdn.co ; media-src 'self' *.wargaming.net https://*.wgcdn.co https://*.gcdn.co ; frame-src 'self' *.wargaming.net https://*.adform.net https://*.facebook.com https://ad3.adfarm1.adition.com https://connect.facebook.net https://www.youtube.com https://bid.g.doubleclick.net https://*.criteo.com https://yastatic.net https://*.addthis.com https://gleam.io https://*.gcdn.co https://*.wgcdn.co https://aax-eu.amazon-adsystem.com ; object-src 'self' *.wargaming.net https://*.gcdn.co https://www.youtube.com ; report-uri https://cspreport.wargaming.net/cspreport 1
font-src 'self' d3jbm9h03wxzi9.cloudfront.net fonts.googleapis.com data: https:; img-src 'self' d3jbm9h03wxzi9.cloudfront.net s3.amazonaws.com/revue imgix.revue.co revue-direct.imgix.net data: https:; object-src 'none'; script-src 'self' d3jbm9h03wxzi9.cloudfront.net cdn.mxpnl.com checkout.stripe.com connect.facebook.net www.google-analytics.com js.stripe.com use.typekit.net *.intercomcdn.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ 'unsafe-eval' https: 'nonce-ySnaMFIEBMqUSAqmbDa5LQ=='; frame-src www.google.com/recaptcha/ recaptcha.google.com/recaptcha/ https:; style-src 'self' d3jbm9h03wxzi9.cloudfront.net 'unsafe-inline' https:; connect-src 'self' wss://*.intercom.io *.intercom.io *.intercomcdn.com wss://*.pusher.com https:; report-uri /csp-report 1
script-src 'nonce-9de8fd855d825f33df73e449629a6a14' 'strict-dynamic' 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'unsafe-inline'; report-uri /_/_/csp_report/?reportonly , script-src 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'unsafe-inline'; default-src 'self' 'unsafe-inline' blob: data: *.pinimg.com *.pinterest.com accounts.google.com fonts.gstatic.com fonts.googleapis.com use.typekit.net; frame-src *; img-src * data: blob:; connect-src *; worker-src * blob:; report-uri /_/_/csp_report/?reportonly 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' s.ytimg.com gfmcharity.wpengine.com *.gofundme.com *.crowdrise.com unpkg.com unpkg.com/react-dom@16.12.0/umd/react-dom.production.min.js unpkg.com/react@16.12.0/umd/react.production.min.js *.hs-growth-metrics.com *.hsadspixel.net *.hubapi.com seal.verisign.com cdn.datatables.net js.hscta.net forms.hsforms.com code.jquery.com *.greenhouse.io *.googletagmanager.com www.google.com www.googletagmanager.com/gtm.js?id=GTM-TDTFTZ ssl.google-analytics.com/ga.js *charity.gofundme.com  *.newrelic.com *.nr-data.net *.swiftype.com *.outbrain.com *.digicert.com *.polyfill.io *.swiftypecdn.com *.typekit.net  *.bootstrapcdn.com *.jsdelivr.net *.hsforms.net *.youtube-nocookie.com *.youtube.com  *.optimizely.com *.mxpnl.com *.cloudflare.com *.hsforms.net *.gstatic.com *.googleapis.com *.amazonaws.com *.mixpanel.com *.hs-scripts.com www.googleadservices.com *.adroll.com *.google.com *.gigya.com *.twitter.com *.ziggeo.com *.hubspot.com *.doubleclick.net *.facebook.com *.facebook.net static.ads-twitter.com bat.bing.com *.hsleadflows.net *.hs-analytics.net *.linkedin.com *.yahoo.com *.google-analytics.com *.alooma.com *.bizographics.com *.crowdrise.com *.licdn.com cdn.amplitude.com/libs/amplitude-5.2.2-min.gz.js twitter.com; default-src 'self' 'unsafe-eval' 'unsafe-inline' * data:; connect-src 'self' google.com googletagmanager.com bat.bing.com *.crowdrise.com api.amplitude.com *.facebook.com analytics.google.com assets-charity.gofundme.com *.mixpanel.com *.hubapi.com *.hubspot.com *.alooma.com *.nr-data.net *.ziggeo.com *.twitter.com *.optimizely.com *.doubleclick.net *.google-analytics.com *.typekit.net api.amplitude.com *.facebook.com analytics.google.com; img-src 'self' https: data:;  report-uri https://28rqy7ini0.execute-api.us-west-1.amazonaws.com/prod 1
default-src 'self' https: data:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri https://investorplace.com/wp-content/plugins/mixed-content-logging/report-uri/mcl-uri.php 1
frame-ancestors 'self'; default-src 'self' https://tpc.googlesyndication.com/safeframe/; connect-src 'self' https://*.abcya.com https://*.playwire.com https://assets-abcya-com.netlify.app https://csi.gstatic.com https://dt.clnmde.com https://kinesis.us-east-1.amazonaws.com https://www.google-analytics.com https://*.media.net https://*.googlesyndication.com https://*.doubleclick.net https://*.arcademics.com wss://*.arcademics.com; font-src 'self' https://*.media.net https://d33wubrfki0l68.cloudfront.net https://fonts.gstatic.com https://*.arcademics.com; frame-src 'self' blob: https://cdn.intergi.com https://*.playwire.com https://*.stripe.com https://*.abcya.com https://assets-abcya-com.netlify.app https://pxlclnmdecom-a.akamaihd.net https://*.googlesyndication.com https://*.doubleclick.net https://www.google.com; img-src 'self' data: https://*.arcademics.com https://*.net https://*.abcya.com https://assets-abcya-com.netlify.app https://cdn.intergi.com https://*.playwire.com https://*.media.net https://d33wubrfki0l68.cloudfront.net https://dt.clnmde.com https://www.googletagmanager.com https://*.doubleclick.net https://intergi-phoenix.s3.amazonaws.com https://px.moatads.com https://*.googlesyndication.com https://www.google-analytics.com https://www.google.com https://ssl.gstatic.com https://www.gstatic.com https://www.kidsafeseal.com https://s02mdn.net/; media-src 'self' https://assets-abcya-com.netlify.app; object-src https://*.abcya.com https://assets-abcya-com.netlify.app; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://adservice.google.com https://cdn.ampproject.org https://cdn.intergi.com https://cdn.intergient.com https://*.playwire.com https://*.media.net https://d33wubrfki0l68.cloudfront.net https://*.stripe.com https://mb.moatads.com https://pxlclnmdecom-a.akamaihd.net https://*.doubleclick.net https://*.arcademics.com https://*.googlesyndication.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.google.com https://www.googletagmanager.com https://tagmanager.google.com https://www.googletagservices.com https://www.gstatic.com https://z.moatads.com; style-src 'self' 'unsafe-inline' https://cdn.intergi.com https://d33wubrfki0l68.cloudfront.net https://fonts.googleapis.com https://tagmanager.google.com; report-uri https://www.ixl.com/actions/csp/report-abcya; report-to csp-endpoint; 1
report-uri https://csp.rz.uni-kiel.de/report; report-to csp; 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.in&source%5Bsection%5D=brochure&source%5Buuid%5D=35c0794ba08dc4174aa0bf72807b66be 1
script-src 'strict-dynamic' 'nonce-MTg4NzQyNDY2MywxMzcwNDkzNzc3'; 1
report-uri https://www.yelp.com/csp_report_only?id=b914b96003a217b1&page=csp_report_frame_directives%2Cfull_site_ssl_csp_report_directives&policy_hash=3275ba4c5b0741fb6e8d1b21e9975e80&site=www&timestamp=1635126820; frame-ancestors 'self' https://*.yelp.com; default-src https:; img-src https: data: https://*.adsrvr.org; script-src https: data: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline' data:; connect-src https:; font-src data: 'self' https://*.yelp.com https://*.yelpcdn.com https://fonts.gstatic.com https://connect.facebook.net https://cdnjs.cloudflare.com https://apis.google.com https://www.google-analytics.com https://use.typekit.net https://player.ooyala.com https://use.fontawesome.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; frame-src https: yelp-webview://* yelp://* data:; child-src https: yelp-webview://* yelp://*; media-src https:; object-src 'self'; worker-src blob: https:; base-uri 'self' https://*.yelpcdn.com https://*.adsrvr.org https://6372968.fls.doubleclick.net; form-action https: 'self' 1
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/webmaster/safety_google 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com player.vimeo.com *.adyen.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com *.doubleclick.net *.facebook.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com accounts.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.adyen.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net www.apptrian.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://redchamps.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com *.adyen.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net www.apptrian.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com accounts.google.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com *.doubleclick.net *.facebook.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com accounts.google.com maxcdn.bootstrapcdn.com unsafe-inline *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.google-analytics.com *.facebook.com *.facebook.net www.apptrian.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com accounts.google.com www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
block-all-mixed-content; style-src 'self' 'unsafe-inline' *.uni-wuerzburg.de www.google.com; img-src 'self' data: *.uni-wuerzburg.de *.gstatic.com *.google.com www.googleapis.com; object-src 'self' *.uni-wuerzburg.de; frame-src 'self' *.uni-wuerzburg.de *.youtube-nocookie.com cse.google.com; frame-ancestors 'self' *.uni-wuerzburg.de; base-uri 'self' www.uni-wuerzburg.de; form-action 'self' *.bibliothek.uni-wuerzburg.de www.uni-wuerzburg.de; media-src 'self' data: *.uni-wuerzburg.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.uni-wuerzburg.de *.google.com; report-uri https://www2.uni-wuerzburg.de/rz/csp-report-uri/ 1
default-src 'self' https://themes.googleusercontent.com/ https://apps.geodan.nl https://acc.apps.geodan.nl https://platform.twitter.com/ https://syndication.twitter.com/ http://www.rovid.nl https://geodata.rivm.nl https://statistiek.rijksoverheid.nl https://mebi.rivm.nl; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://statistiek.rijksoverheid.nl http://platform.twitter.com/ https://cdn.syndication.twimg.com https://mebi.rivm.nl https://cdnjs.cloudflare.com https://cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' https://platform.twitter.com/ https://ton.twimg.com/ https://mebi.rivm.nl https://cdnjs.cloudflare.com https://cdn.jsdelivr.net; img-src 'self' https://rivm.nl/ https://*.rivm.nl/ https://statistiek.rijksoverheid.nl/ https://geodata.nationaalgeoregister.nl/ https://syndication.twitter.com/ https://pbs.twimg.com/ https://ton.twimg.com/ https://abs.twimg.com/ https://platform.twitter.com/ http://abs.twimg.com/ data:  http://www.rovid.nl https://cdnjs.cloudflare.com https://cdn.jsdelivr.net; font-src 'self' https://rivm.nl/ https://*.rivm.nl/ https://themes.googleusercontent.com/ data:; connect-src 'self' https://mebi.rivm.nl/* https://statistiek.rijksoverheid.nl/ https://statistiek.rijksoverheid.nl/*; report-uri /report-csp-violation 1
script-src 'nonce-f65a001bae19c3d4885d349306c33df9' 'strict-dynamic' 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'unsafe-inline'; report-uri /_/_/csp_report/?reportonly , script-src 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'unsafe-inline'; default-src 'self' 'unsafe-inline' blob: data: *.pinimg.com *.pinterest.com accounts.google.com fonts.gstatic.com fonts.googleapis.com use.typekit.net; frame-src *; img-src * data: blob:; connect-src *; worker-src * blob:; report-uri /_/_/csp_report/?reportonly 1
script-src 'self' *.edpuzzle.com 'unsafe-inline' 'unsafe-eval' latex.codecogs.com service.mtcaptcha.com service2.mtcaptcha.com *.google.com *.googleapis.com *.google-analytics.com *.youtube.com *.ytimg.com *.soundcloud.com *.zendesk.com cdnjs.cloudflare.com *.mxpnl.com *.newrelic.com *.nr-data.net d1htrclywvryi1.cloudfront.net js.stripe.com *.twitter.com; style-src 'self' *.edpuzzle.com 'unsafe-inline' maxcdn.bootstrapcdn.com latex.codecogs.com d1htrclywvryi1.cloudfront.net fonts.googleapis.com; report-uri /api/v3/violations/csp 1
script-src 'none'; report-uri /cdn-cgi/script_monitor/report?m=2wyxELwieoZ7GNIqjAuFNlSscmaJ7FIOWanSYNFX2Uo-1635132193-0-ARLqTyivE1XAPPADZFT0cm7iwYA_2xtrEAE1kQEC7DswLYwrloWI8lS6WPMvxeIJDQ 1
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/webmaster/admob_google_com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.dynamicyield.com www.googletagmanager.com www.google-analytics.com connect.facebook.net ajax.cloudflare.com *.wistia.com blob: static.cloudflareinsights.com s.go-mpulse.net *.hotjar.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://static.addtoany.com mdbootstrap.com stackpath.bootstrapcdn.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' *.dynamicyield.com www.googletagmanager.com www.google-analytics.com connect.facebook.net ajax.cloudflare.com *.wistia.com blob: static.cloudflareinsights.com s.go-mpulse.net *.hotjar.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://static.addtoany.com mdbootstrap.com stackpath.bootstrapcdn.com; style-src 'self' 'unsafe-inline' *.dynamicyield.com fonts.googleapis.com https://cdn.jsdelivr.net https://use.fontawesome.com mdbootstrap.com stackpath.bootstrapcdn.com use.fontawesome.com; style-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self' 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.blogher.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.adobedtm.com *.amazon-adsystem.com *.appdemostore.com *.atdmt.com *.avocet.io *.blubrry.com *.clicktale.net *.craftyclicks.co.uk *.doubleclick.net *.everesttech.net *.facebook.com *.facebook.net *.fca.org.uk *.google.co.uk *.google.com *.googleadservices.com *.jwpcdn.com *.liveperson.net *.linkedin.com *.lpsnmedia.net *.natwest.com *.neolane.net *.nwolb.com *.omguk.com *.omtrdc.net *.pinimg.com *.pinterest.com *.raptmedia.com *.snapchat.com *.userzoom.com *.youtube.com *.ytimg.com analytics.twitter.com api.swiftype.com dcs.demdex.net dpm.demdex.net fast.demdex.net fast.rbs.demdex.net jwpltx.com rbs.demdex.net sc-static.net static.ads-twitter.com t.co www.brightedge.com *.google.ae *.google.al *.google.am *.google.at *.google.az *.google.ba *.google.be *.google.bg *.google.bs *.google.by *.google.ca *.google.cd *.google.ch *.google.cl *.google.cm *.google.co.ao *.google.co.bw *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ma *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uz *.google.co.ve *.google.co.za *.google.co.zm *.google.co.zw *.google.com.af *.google.com.ag *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.de *.google.dk *.google.dm *.google.dz *.google.es *.google.fi *.google.fr *.google.ge *.google.gg *.google.gm *.google.gp *.google.gr *.google.gy *.google.hr *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kz *.google.la *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.mv *.google.mw *.google.nl *.google.no *.google.pl *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.sc*.google.se *.google.sh *.google.si *.google.sk *.google.sn *.google.so *.google.tg *.google.tm *.google.tn *.google.tt adservice.google.ro *.googleapis.com *.live.hdexternal.co.uk *.hdddirectsolutions.co.uk fonts.gstatic.com *.everesttech.net *.everestjs.net cdn.cookielaw.org; upgrade-insecure-requests; report-uri https://natwestpersonal.report-uri.com/r/t/csp/reportOnly; cdn-apple.com 1
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: 'self' data:; font-src https: 'self' data:; 1
form-action  gateway.zscalerone.net www.kmart.com.au www.pinterest.com www.facebook.com ct.pinterest.com; style-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: cdn.truefitcorp.com cdn.honey.io *.googleapis.com www.kmart.com.au staticw2.yotpo.com gateway.zscalerone.net embed.salefinder.com.au pwm-image.trendmicro.com; child-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.doubleclick.net; img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.pinterest.com www.google.com.au dc.oracleinfinity.io www.kmart.co.nz translate.google.com www.google.ie www.google.com.ph yotpo-editor-production.s3.amazonaws.com maps.gstatic.com maps.googleapis.com *.snapchat.com *.doubleclick.net www.google-analytics.com ssl.google-analytics.com www.kmart.com.au bam-cell.nr-data.net cdn-yotpo-images-production.yotpo.com pixboost.com images.kmart.com.au blinkjork.com www.googletagmanager.com dduhxx0oznf63.cloudfront.net gateway.zscalerone.net www.google.co.jp www.google.com.sg cdn.honey.io www.facebook.com salefinder.com.au datacloud.tealiumiq.com bat.bing.com kmartau.mo.cloudinary.net www.google.co.nz email.kmart.com.au analytics.tiktok.com www.google.com 50.xg4ken.com embed.salefinder.co.nz *.pinterest.com *.optimizely.com ct.pinterest.com mc.yandex.ru p.yotpo.com embed.salefinder.com.au cdn.truefitcorp.com; connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.googletagmanager.com consumer.truefitcorp.com *.pinterest.com manager.eu.smartlook.cloud mc.yandex.ru translate.google.com ct.pinterest.com www.google-analytics.com gateway.zscalerone.net *.doubleclick.net staticw2.yotpo.com web-writer.eu.smartlook.cloud assets-proxy.smartlook.cloud graphql.contentful.com www.kmart.com.au bam-cell.nr-data.net quick-ar.threedy.ai www.facebook.com api.yotpo.com web-writer.sg.smartlook.cloud ac.cnstrc.com analytics.tiktok.com web-writer.us.smartlook.cloud *.qas.com events-writer.smartlook.com *.optimizely.com tapi.optimizely.com bam.nr-data.net collect-ap-southeast-2.tealiumiq.com www.kmart.co.nz www.google.com adservice.google.com api.pinpiaa.com ssl.google-analytics.com seoab.io; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: translate.google.com s.pinimg.com consumer.truefitcorp.com www.youtube.com gateway.zscalerone.net pwm-image.trendmicro.com cnstrc.com bam-cell.nr-data.net www.kmart.com.au embed.salefinder.com.au cdn.truefitcorp.com *.pinterest.com maps.googleapis.com assets.queue-it.net staticw2.yotpo.com analytics.tiktok.com dc.oracleinfinity.io unpkg.com *.facebook.net tags.tiqcdn.com cdnjs.cloudflare.com cdn-quick-ar.threedy.ai www.google.com waitingroom.kmart.com.au *.optimizely.com sc-static.net blinkjork.com static.queue-it.net webservice.salefinder.com.au kma-cdn.truefitcorp.com ssl.google-analytics.com www.google-analytics.com bam.nr-data.net surveys-static.survicate.com visitor-service.tealiumiq.com seoab.io *.googleadservices.com www.googletagmanager.com survey.survicate.com rec.smartlook.com c.oracleinfinity.io; frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: accounts.google.com www.kmart.com.au cdn.truefitcorp.com *.doubleclick.net ct.pinterest.com *.optimizely.com www.google.com apis.google.com www.googletagmanager.com survey.survicate.com www.facebook.com secure.ippayments.com gateway.zscalerone.net pwm-image.trendmicro.com www.pinterest.com.au *.pinterest.com www.pinterest.com tags.tiqcdn.com; font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: pixboost.com www.slant.co cdn.honey.io images.kmart.com.au cdn.truefitcorp.com gateway.zscalerone.net fonts.gstatic.com staticw2.yotpo.com www.kmart.com.au; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob:; report-uri /csp_report 1
default-src 'none'; base-uri 'self' docs.helpscout.net; block-all-mixed-content; child-src 'self' assets.braintreegateway.com c.paypal.com www.youtube.com player.vimeo.com fast.wistia.net moz-extension://* chrome-extension://*; connect-src 'self' api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.sandbox.braintreegateway.com client-analytics.braintreegateway.com *.braintree-api.com *.paypal.com www.google-analytics.com connect.facebook.net www.facebook.com ysxtsrzt2b4s.statuspage.io rescuetime.helpscoutdocs.com secure.helpscout.net api.ipify.org beaconapi.helpscout.net chatapi.helpscout.net d3hb14vkzrxvla.cloudfront.net *.sumologic.com sentry.io *.ingest.sentry.io *.sentry-cdn.com wss: wss://*.pusher.com slack.com github.com *.google.com exist.io *.visualwebsiteoptimizer.com app.vwo.com logo.clearbit.com *.ubembed.com *.userleap.com *.sprig.com *.usersnap.com; font-src 'self' data: fonts.gstatic.com app.vwo.com *.ubembed.com *.userleap.com *.sprig.com *.usersnap.com; form-action 'self' *.welltory.com slack.com github.com *.github.com google.com *.google.com *.microsoftonline.com twitter.com *.twitter.com facebook.com *.facebook.com linkedin.com *.linkedin.com; frame-ancestors moz-extension://* chrome-extension://*; frame-src 'self' assets.braintreegateway.com *.paypal.com djtflbt20bdde.cloudfront.net beacon-v2.helpscout.net platform.twitter.com www.googletagmanager.com www.google.com tst.kaptcha.com ssl.kaptcha.com www.youtube.com moz-extension://* chrome-extension://* ifttt.com *.vimeo.com app.vwo.com *.ubembed.com *.userleap.com *.sprig.com *.usersnap.com; img-src 'self' data: assets.braintreegateway.com *.paypal.com platform.twitter.com pbs.twimg.com www.google-analytics.com connect.facebook.net *.facebook.com d33v4339jhl8k0.cloudfront.net moz-extension://* chrome-extension://* via.placeholder.com ifttt.com api.producthunt.com zapier.com cdn.zapier.com *.visualwebsiteoptimizer.com app.vwo.com track.customer.io secure.gravatar.com logo.clearbit.com *.ubembed.com *.userleap.com *.sprig.com *.usersnap.com; manifest-src 'self'; media-src 'self' beacon-v2.helpscout.net support-media-storage.s3.amazonaws.com; navigate-to slack.com github.com *.github.com google.com *.google.com *.microsoftonline.com twitter.com *.twitter.com facebook.com *.facebook.com linkedin.com *.linkedin.com; object-src 'self' djtflbt20bdde.cloudfront.net beacon-v2.helpscout.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' js.braintreegateway.com assets.braintreegateway.com www.paypalobjects.com *.paypal.com d12wqas9hcki3z.cloudfront.net d33v4339jhl8k0.cloudfront.net djtflbt20bdde.cloudfront.net beacon-v2.helpscout.net cdn.ravenjs.com platform.twitter.com www.google-analytics.com www.googletagmanager.com www.google.com www.gstatic.com zapier.com connect.facebook.net dev.visualwebsiteoptimizer.com app.vwo.com cdn.rawgit.com player.vimeo.com assets.customer.io *.ubembed.com *.userleap.com *.sprig.com *.usersnap.com *.sentry-cdn.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com beacon-v2.helpscout.net d12wqas9hcki3z.cloudfront.net djtflbt20bdde.cloudfront.net app.vwo.com *.ubembed.com *.userleap.com *.sprig.com *.usersnap.com; worker-src blob:; report-uri https://www.rescuetime.com/csp-report 1
object-src 'none';base-uri 'self';script-src 'nonce-Js+LcKbufc3mHjI/7LQn' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http: 'report-sample';report-uri https://csp.withgoogle.com/csp/scfe 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.ca&source%5Bsection%5D=brochure&source%5Buuid%5D=573de5d3a29d23d8f56279686fe53970 1
default-src 'self'; connect-src 'self' analytics.init.de; base-uri 'self'; style-src 'self' 'unsafe-inline' *.openlayers.org openlayers.org *.openstreetmap.org *.twitter.com *.twimg.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.openlayers.org openlayers.org *.init.de *.openstreetmap.org *.twitter.com *.twimg.com *.bundesfinanzministerium.de; object-src 'self'; media-src 'self' *.youtube.com *.bundesfinanzministerium.de; child-src *.google.com *.gstatic.com *.youtube.com *.init.de *.twitter.com *.twimg.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.openlayers.org openlayers.org *.openstreetmap.org *.init.de *.twitter.com *.twimg.com *.bundesfinanzministerium.de; frame-ancestors 'self'; report-uri /site/servlet/csp-report; 1
default-src 'self' 'unsafe-inline' https: ; img-src 'self' 'unsafe-inline' data: https: ; font-src 'self' data: https: ; connect-src 'self' *.usni.org *.google.com *.gstatic.com *.google-analytics.com *.disqus.com *.authorize.net *.facebook.com sentry.utdev.com ; media-src https: ; object-src 'self' ; child-src 'self' *.usni.org *.googlesyndication.com *.google.com disqus.com *.disqus.com *.googletagmanager.com *.addtoany.com *.scribd.com *.facebook.com *.g.doubleclick.net ; form-action 'self' *.usni.org *.facebook.com *.salesforce.com; upgrade-insecure-requests; 1
block-all-mixed-content; report-uri https://events.ocdn.eu/v2/csp-report?_ac=events&_fv=www.onet.pl::BPROD_3_0_dynamization2 1
script-src 'unsafe-inline' 'unsafe-eval' https:; object-src data: https://d1785e74lyxkqq.cloudfront.net https://h.online-metrix.net; base-uri 'none'; report-uri https://tvlk.report-uri.com/r/d/csp/reportOnly 1
frame-ancestors 'self'; connect-src 'self' https:; font-src 'self' data: https://*.cloudfront.net *.googleapis.com https://fonts.gstatic.com; media-src 'self'; child-src https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https:; img-src 'self' data: https:; style-src 'self' 'unsafe-inline' https:; object-src 'self' blob:; default-src 'self' 1
block-all-mixed-content; default-src 'self'; img-src 'self' https://images.opencollective.com https://next-images.opencollective.com data: *.paypal.com opencollective.com blob: opencollective-production.s3.us-west-1.amazonaws.com opencollective-production.s3-us-west-1.amazonaws.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com; connect-src 'self' https://api.opencollective.com https://pdf.opencollective.com https://rest.opencollective.com wtfismyip.com *.paypal.com *.paypalobjects.com sentry.io *.sentry.io country-service.shopifycloud.com https://transferwise.com https://sandbox.transferwise.tech https://hcaptcha.com https://*.hcaptcha.com https://www.google.com https://api.cryptonator.com; script-src 'self' 'unsafe-inline' 'nonce-af28bb97-8f6a-4ae3-8302-7b3cf21d40d1' maps.googleapis.com js.stripe.com *.paypal.com *.paypalobjects.com https://hcaptcha.com https://*.hcaptcha.com https://www.google.com; frame-src www.youtube.com www.youtube-nocookie.com opencollective.com anchor.fm js.stripe.com *.paypal.com *.openstreetmap.org https://transferwise.com https://sandbox.transferwise.tech https://hcaptcha.com https://*.hcaptcha.com https://www.google.com; object-src opencollective.com 1
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https://res.cloudinary.com https://user-content.algolia.com data:; font-src 'self' https://maxcdn.bootstrapcdn.com https://d33wubrfki0l68.cloudfront.net data: https://fonts.gstatic.com ; connect-src https://*.algolia.com https://*.algolia.net https://*.algolianet.com https://insights.algolia.io https://sentry.io https://*.ingest.sentry.io https://*.getbeamer.com wss://*.getbeamer.com https://fonts.gstatic.com https://vimeo.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com wss://ws.pusherapp.com https://*.hotjar.com wss://*.hotjar.com https://*.pingdom.net https://api.segment.io https://api.amplitude.com https://*.mktoresp.com https://d.adroll.com https://snap.licdn.com https://static.ads-twitter.com https://user-data.mutinycdn.com https://api-v2.mutinyhq.io https://d33wubrfki0l68.cloudfront.net ; report-uri https://algolia.report-uri.io/r/default/csp/reportOnly 1
default-src https://www.spamhaus.org https: 'unsafe-inline' 'unsafe-eval' 1
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/webmaster/abc_xyz 1
default-src 'self' https:; base-uri https://www.elysee.fr; block-all-mixed-content; child-src *; font-src 'self' data: https://fonts.gstatic.com; form-action 'self'; frame-ancestors 'none'; img-src https://tarteaucitron.io https://ssl.google-analytics.com https://stats.g.doubleclick.net data: https://www.elysee.fr https://admin.elysee.fr https://static.elysee.fr; plugin-types video/*; script-src https://tarteaucitron.io https://www.google-analytics.com 'unsafe-inline' https://www.elysee.fr https://admin.elysee.fr https://static.elysee.fr; style-src https://cdn.jsdelivr.net https://tarteaucitron.io https://fonts.googleapis.com 'unsafe-inline' https://www.elysee.fr https://admin.elysee.fr https://static.elysee.fr; report-uri /csp/report 1
img-src https: data:; connect-src https:; report-uri https://csp-reports.yesware.com/new 1
script-src *.alicdn.com *.alipayobjects.com *.alipay.com *.cnzz.com 'nonce-T5gGnhIQRkC4PquiIjS0' 'unsafe-eval' 'self' res.wx.qq.com 'report-sample'; report-uri /r/csp/report 1
default-src 'self'; script-src 'self' 'unsafe-eval'; connect-src 'self'; img-src 'self' data: www.pkobp.pl; style-src 'self' 'unsafe-inline'; font-src 'self'; report-uri /ikd_img/skins/ipko/grcv; 1
default-src blob: data: https: 'self' wss:; script-src blob: data: https: 'self' wss: 'unsafe-eval' 'unsafe-inline'; style-src blob: data: https: 'self' wss: 'unsafe-inline'; report-uri https://everlane.report-uri.com/r/d/csp/reportOnly 1
default-src 'self' * data: filesystem: about: blob: ws: wss:; script-src 'self' * 'unsafe-eval' 'unsafe-inline'; img-src 'self' * data: filesystem: about: blob:; font-src 'self' *; style-src 'self' * 'unsafe-inline' 'unsafe-eval'; connect-src 'self' * ws: wss: 1
default-src https: 'unsafe-eval' 'unsafe-inline'; 1
object-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: deviceauth.moneygram.com; style-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: moneygram.force.com use.fontawesome.com www.googletagmanager.com *.googleapis.com asset.gomoxie.solutions cdn.honey.io; font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: moneygram.force.com *.googleapis.com use.fontawesome.com cdn.honey.io consent.trustarc.com fonts.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.googleadservices.com analytics.tiktok.com www.google.com www.google.co.uk intljs.rmtag.com js.smct.co smct.co deviceauth.moneygram.com six.cdn-net.com sc-static.net maps.googleapis.com moneygram.force.com bat.bing.com connect.facebook.net *.salesforceliveagent.com config1.veinteractive.com js-agent.newrelic.com *.yahoo.com asset.gomoxie.solutions d.turn.com d3rr3d0n31t48m.cloudfront.net s.yimg.com www.google-analytics.com includes.ccdc02.com songbird.cardinalcommerce.com www.google.ca ads.nextdoor.com *.doubleclick.net www.gstatic.com bam.nr-data.net consent.trustarc.com www.woopra.com js.smct.io up.pixel.ad shop.pe www.googletagmanager.com shopper.shop.pe; connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: moneygram.force.com ipl.smct.co events-moneygram.gomoxie.solutions ipl.smct.io location.gomoxie.solutions shop.pe asset.gomoxie.solutions s.yimg.com webv2cmsprod.aws.moneygram.com centinelapi.cardinalcommerce.com adservice.google.com consumerapi.moneygram.com writer.cardinalcommerce.com www.google.com www.instagram.com www.facebook.com bat.bing.com sessionapi.veinteractive.com js.smct.co js.smct.io ipb.smct.co bam.nr-data.net *.doubleclick.net www.google-analytics.com smct.co analytics.tiktok.com collector.tealeaf.ibmcloud.com app.shop.pe tr.snapchat.com *.amazonaws.com; form-action  *.salesforceliveagent.com www.facebook.com connect.facebook.net tr.snapchat.com deviceauth.moneygram.com; frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: consent.trustarc.com smct.co asset.gomoxie.solutions paywithmybank.com *.dotomi.com *.wlp-acs.com d2d7do8qaecbru.cloudfront.net www.emjcd.com config1.veinteractive.com www.googletagmanager.com tags.rd.linksynergy.com www.facebook.com tr.snapchat.com deviceauth.moneygram.com geo.cardinalcommerce.com www.google.com nytrng.com moneygram.force.com *.googlesyndication.com connect.facebook.net *.doubleclick.net centinelapi.cardinalcommerce.com; img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: flask.nextdoor.com www.google.co.ma cdn.smct.io analytics.tiktok.com cdn.honey.io consent-pref.trustarc.com fonts.gstatic.com www.google.com bat.bing.com events.smct.co maps.googleapis.com moneygram.force.com www.facebook.com www.google.com.au consumerapi.moneygram.com www.google.co.uk maps.gstatic.com *.yahoo.com www.googletagmanager.com *.facebook.com tr.snapchat.com www.google.ca *.doubleclick.net www.google.de connect.facebook.net www.instagram.com sync.graph.bluecava.com bam.nr-data.net consent.trustarc.com www.google.com.ng www.google.it *.sitescout.com *.googleapis.com www.google.fr www.google-analytics.com shopper.shop.pe webv2cmsprod.aws.moneygram.com; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: deviceauth.moneygram.com; report-uri /csp_report 1
script-src 'nonce-3b7d2ff4deaf89229c6dc08510b39f4c' 'strict-dynamic' 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'unsafe-inline'; report-uri /_/_/csp_report/?reportonly , script-src 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'unsafe-inline'; default-src 'self' 'unsafe-inline' blob: data: *.pinimg.com *.pinterest.com accounts.google.com fonts.gstatic.com fonts.googleapis.com use.typekit.net; frame-src *; img-src * data: blob:; connect-src *; worker-src * blob:; report-uri /_/_/csp_report/?reportonly 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://footwearnews.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
default-src https: 'unsafe-inline' 'unsafe-eval'; report-uri https://teacup.report-uri.com/r/t/csp/reportOnly 1
connect-src 'self' *.bazaarvoice.com *.crazyegg.com *.demdex.net *.doubleclick.net *.forter.com *.perimeterx.net *.px-cdn.net *.px-cloud.net *.pxchk.net *.taboola.com *.tt.omtrdc.net about adservice.google.com assets.adobedtm.com b.px-cdn.net bam-cell.nr-data.net bam.nr-data.net bat.bing.com cdn.cookielaw.org cdn0.forter.com cdn3.forter.com cdn9.forter.com collector-pxff0j69t5.px-client.net ct.pinterest.com d2o5idwacg3gyw.cloudfront.net dpm.demdex.net dpm.demdex.net gc.kis.v2.scr.kaspersky-labs.com in.visitors.live in.visitors.live ipapi.co pagead2.googlesyndication.com privacyportal.onetrust.com pubsub.googleapis.com recs.richrelevance.com schema.milestoneinternet.com settings.luckyorange.net siteintercept.qualtrics.com smetrics.totalwine.com t.co totalwine-sites.secure.force.com totalwine.tt.omtrdc.net tracking.crazyegg.com translate.googleapis.com us-central1-adaptive-growth.cloudfunctions.net vimeo.com wss://cdn0.forter.com wss://in.visitors.live wss://visitors.live www.facebook.com www.google-analytics.com www.google.com www.instagram.com www.totalwine.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.bazaarvoice.com *.forter.com *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.totalwine.siteintercept.qualtrics.com 1c63ac2bb1db.cdn4.forter.com 3qkwyj7.x3hn2p.com 7rl70018.ibosscloud.com analytics.twitter.com api.microsofttranslator.com assets.acdn.no assets.adobedtm.com assets.photo-ac.com bam-cell.nr-data.net bam.nr-data.net bat.bing.com blipznchitzcom-a.akamaihd.net blob: bpb.opendns.com brounelink.com c2op6nqb.micpn.com cdn.brcdn.com cdn.cookielaw.org cdn.pdst.fm cdn.tt.omtrdc.net cdncache-a.akamaihd.net cdnjs.cloudflare.com cms.totalwine.bloomreach.cloud connect.facebook.net container.pepperjam.com core.conversant.mgr.consensu.org cti.w55c.net d.la1-c2-ia5.salesforceliveagent.com d35u1vg1q28b3w.cloudfront.net dakotaram.com data docs.paymentjs.firstdata.com doda.jp filterprem.org gateway.zscaler.net gateway.zscalerthree.net gateway.zscalertwo.net gateway.zscalertwo.net gateway.zscloud.net geolocation.onetrust.com gl9l2.x3hn2p.com googleads.g.doubleclick.net hublosk.com jonypractic.net js-agent.newrelic.com js.adsrvr.org jullyambery.net linksource.cool live.rezync.com localhost:49506 login-ds.dotomi.com loungesrc.net mpsnare.iesnare.com p9gd.k99zdb.com partners.cmptch.com platewolf.com player.vimeo.com promlinkdev.com proxy.doe.gov qdatasales.com rialto-gms.s3.amazonaws.com rules.quantcount.com s.cmptch.com s3.amazonaws.com schema.milestoneinternet.com script.crazyegg.com secure.mycouponsmartmac.com secure.myshopcouponmac.com secure.myshopmatemac.com secure.quantserve.com secure.shoptimizelymac.com service.securesrv12.com siteintercept.qualtrics.com static.ads-twitter.com static.lightning.force.com static.tacdn.com su8kw.x3hn2p.com subwayclanscom-a.akamaihd.net totalwine-sites.secure.force.com totalwine.my.salesforce.com tpc.googlesyndication.com twitter.com ucads-cdn.ucweb.com unpkg.com visualsponline.azurewebsites.net wsv3cdn.audioeye.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com www.pagespeed-mod.com www.todyl.com www.totalwine.com www.upsellit.com www.youtube.com xc9ay.a6rm7n.com zne8jbwf0djz2vvnd-totalwine.siteintercept.qualtrics.com zswpmanager.wip.mmc.com; report-uri https://csp.px-cloud.net/report?report=1&id=9d63367ce3b6ecf267193556e6386fc3&app_id=PXFF0j69T5 1
default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.zijieimg.com *.helo-app.com *.toutiaopage.com *.zjurl.cn *.pstatp.com *.bytecdn.cn *.isnssdk.com *.byteoversea.com *.365yg.com *.ks-cdn.com *.ipstatp.com *.amemv.com *.ibytedtos.com *.ixigua.com *.ixiguavideo.com *.hypstarcdn.com *.tiktokcdn.com *.topbuzzcdn.com *.lemocamcdn.com *.musical.ly *.muscdn.com *.ulikecam.mobi *.faceu.mobi *.wukongwenda.com *.wukongwenda.cn *.toutiao13.com *.toutiaoribao.cn *.ribaoapi.com *.dongchediapp.com *.huoshanzhibo.com *.huoshanxiaoshipin.cn *.huoshanxiaoshipin.net *.huoshanvideo.cn *.huoshanvideo.net *.ieshuodong.cn *.ieshuodong.net *.byteoversea.com *.topbuzz.com *.hypstar.com *.tiktokv.com *.byted.org *.bytedance.net *.bytedance.com *.bytedance.cn *.toutiaocloud.com *.snssdk.com *.toutiao.com *.neihanshequ.com *.wukong.com *.huoshan.com *.douyin.com *.everphoto.cn *.jinritemai.com *.tuchong.com *.stock.tuchong.com *.luckycalendar.cn *.bcy.net *.feishu.cn *.dcdapp.com *.oceanengine.com *.chengzijianzhan.com *.byteimg.com *.google-analytics.com 1
default-src 'self'; script-src 'report-sample' 'self' 'sha256-BiNyGbGZEG1ZcMWhdKvmZ1DwYSpvZ8xcAxRrIag59sQ=' 'sha256-p96cet82gMKBOah5xqTlTC1NImfgmfwp9xhnLYsv45Q=' 'sha256-K7F5t+0jCUOcvI0w5XCLORVrRe6Cl7fcvsyOhpNlvRA=' 'sha256-osJOIDsvZzKR6jjDkmJzOK/lCl+6P59lwiMwf2WwwX0=' 'sha256-ech7dK56PGMmo3zLhyCe9XpUu/4+pGU11bUeBEpq56o=' 'sha256-5aTBNtoMSFGD0AJ9+0YPRibd5APCDzFjjKtA16wQik8=' 'sha256-hV1mihBfiWqmXQxPNANChEuUWIOIlte4D1DUOfqSY2Y=' 'sha256-DHkQzQeawSI3bMDJPOulIinzX/ih38goNk2cvBZsgPM=' 'sha256-LjOYZt74qQlHixQckZ1K+NyxwGO8jPc/zUDhd43i7qY=' 'sha256-C6r1Uv+2BkE8Qjrq+iYLyfsjck3nrA/PhDEE1u7CHtk=' 'sha256-hV1mihBfiWqmXQxPNANChEuUWIOIlte4D1DUOfqSY2Y=' 'sha256-BxUWVs1+UwaUImPFWmLpOCjBDGTFuFcwcXgQwKyVSYU=' https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.google-analytics.com/analytics.js https://www.googleadservices.com/pagead/conversion_async.js https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/ https://googleads.g.doubleclick.net/pagead/viewthroughconversion/976618339/ https://a.clickcertain.com/px/smart/a/ https://a.remarketstats.com/px/smart/; style-src 'report-sample' 'self' 'unsafe-inline'; object-src 'none'; base-uri 'self'; connect-src 'self' https://stats.g.doubleclick.net https://www.google-analytics.com; font-src 'self'; frame-src 'self' https://www.google.com https://a.clickcertain.com/; img-src 'self' https://www.google-analytics.com https://www.google.com https://www.google.pl; manifest-src 'self'; media-src 'self'; worker-src 'none'; 1
base-uri 'self';default-src 'self' https: blob:;font-src https: data:;img-src https: data: android-webview-video-poster:;media-src blob: https:;object-src 'none';script-src 'report-sample' 'nonce-6u3/TNVRaUUQVG0fV/8IOA' 'unsafe-inline' 'strict-dynamic' https: http:;style-src https: 'unsafe-inline';report-uri /cspreport 1
default-src 'self' *.wargaming.net https://*.wgcdn.co https://*.gcdn.co https://www.youtube.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.wargaming.net *.tvsquared.com *.soloway.ru https://*.adform.net https://partner.worldoftanks.com https://*.wgcdn.co https://*.gcdn.co https://www.googletagmanager.com https://*.google-analytics.com https://www.googleadservices.com https://*.yandex.ru https://*.yandex.net https://*.yandex.ua https://*.yandex.by https://*.yandex.kz https://*.yandex.com.tr http://*.yandex.ru http://*.yandex.net http://*.yandex.ua http://*.yandex.by http://*.yandex.kz http://*.yandex.com.tr https://*.yandex.st https://*.yandex.com https://*.yandex.fr https://yandex.st https://u360.d-bi.fr https://bat.bing.com https://connect.facebook.net https://connect.ok.ru https://*.vk.com https://googleads.g.doubleclick.net https://*.adroll.com https://*.addthis.com https://*.addthisedge.com https://tag.marinsm.com https://pixel-geo.prfct.co https://static.criteo.net https://stackadapt.com https://*.creative-serving.com 	 https://*.criteo.com https://*.vihub.ru https://*.cloudfront.net https://js.gleam.io https://a1.adform.net https://ajax.googleapis.com https://www.youtube.com https://animate.adobe.com https://inv-dmp.admixer.net ; style-src 'self' 'unsafe-inline' *.wargaming.net https://fonts.googleapis.com https://*.wgcdn.co https://*.gcdn.co ; img-src 'self' data: android-webview-video-poster: * ; connect-src 'self' *.wargaming.net wss://worldoftanks.ru wss://worldoftanks.eu wss://worldoftanks.asia wss://worldoftanks.com https://stats.g.doubleclick.net https://*.yandex.ru https://*.yandex.net https://*.yandex.ua https://*.yandex.by https://*.yandex.kz https://*.yandex.com.tr http://*.yandex.ru http://*.yandex.net http://*.yandex.ua http://*.yandex.by http://*.yandex.kz http://*.yandex.com.tr https://*.yandex.st https://*.yandex.com https://*.yandex.fr https://graph.facebook.com https://*.addthis.com https://*.google-analytics.com https://ymetrica1.com https://*.cloudfront.net https://google.com https://google.ru https://google.com.ua https://google.by https://google.pl https://*.doubleclick.net https://*.googleapis.com ; font-src 'self' *.wargaming.net https://fonts.gstatic.com https://*.wgcdn.co https://*.gcdn.co ; media-src 'self' *.wargaming.net https://*.wgcdn.co https://*.gcdn.co ; frame-src 'self' *.wargaming.net https://*.adform.net https://*.facebook.com https://ad3.adfarm1.adition.com https://connect.facebook.net https://www.youtube.com https://bid.g.doubleclick.net https://*.criteo.com https://yastatic.net https://*.addthis.com https://gleam.io https://*.gcdn.co https://*.wgcdn.co https://aax-eu.amazon-adsystem.com ; object-src 'self' *.wargaming.net https://*.gcdn.co https://www.youtube.com ; report-uri https://cspreport.wargaming.net/cspreport 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; report-uri https://us-central1-shinesumoplus.cloudfunctions.net/report-uri 1
frame-ancestors 'self' http://*.oriflame.com https://*.oriflame.com http://*.online.ori https://*.online.ori http://*.ori.local https://*.ori.local http://*.oriflame.cc https://*.oriflame.cc http://*.oriflame.ru https://*.oriflame.ru http://*.oriflame.cn https://*.oriflame.cn; report-uri /CspReport?policyRequestId=f0d326fe8c855947 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://connect.facebook.net/ https://js.stripe.com/v3/ https://script.hotjar.com/ https://static.hotjar.com/ https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: https://assets.bwbx.io https://developer.apple.com https://images.ctfassets.net https://images.unsplash.com/ https://lh3.googleusercontent.com https://nftgimagebucket.s3-us-west-1.amazonaws.com https://pixel.nymag.com https://res.cloudinary.com https://media.niftygateway.com https://s3-us-west-1.amazonaws.com https://www.facebook.com/tr/ https://www.google-analytics.com/; connect-src https://api.niftygateway.com https://host-vdgrw7.api.swiftype.com https://notify.bugsnag.com https://sessions.bugsnag.com https://stats.g.doubleclick.net https://www.facebook.com/tr/ https://www.google-analytics.com; font-src https://fonts.gstatic.com 'self'; object-src 'self'; media-src https://res.cloudinary.com/nifty-gateway/ https://media.niftygateway.com; frame-src https://vars.hotjar.com https://js.stripe.com/v3/; frame-ancestors 'self' 1
default-src 'self' givingassistant.org *.givingassistant.org; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' givingassistant.org *.givingassistant.org https://*.googlesyndication.com https://*.algolia.io https://*.hotjar.io https://*.hotjar.com https://www.gstatic.com https://*.google.com https://intljs.rmtag.com https://intljs.rmtag.com https://quantcast.mgr.consensu.org https://cdn.segment.com https://cdn.sift.com https://cdn.userleap.com https://connect.facebook.net https://googleads.g.doubleclick.net https://js.intercomcdn.com https://my.hellobar.com https://widget.intercom.io https://www.google-analytics.com https://www.googleadservices.com https://use2-cdn.vocohub.com https://pro-use2-app.vocohub.com; style-src 'report-sample' 'unsafe-inline' 'self' data: givingassistant.org *.givingassistant.org https://fonts.googleapis.com https://pro-use2-app.vocohub.com; object-src 'none'; base-uri 'self'; connect-src 'self' givingassistant.org *.givingassistant.org https://api.userleap.com https://pro.ip-api.com https://*.hotjar.io https://*.hotjar.com https://*.algolia.io https://api-iam.intercom.io https://api.givingassistant.org https://api.segment.io https://api.sprig.com https://bd.givingassistant.org https://cdn.segment.com https://i2r62ri4vu-dsn.algolia.net https://stats.g.doubleclick.net wss://nexus-websocket-a.intercom.io https://www.facebook.com https://pro-use2-app.vocohub.com; font-src 'self' givingassistant.org *.givingassistant.org data: https://fonts.gstatic.com https://use.fontawesome.com; frame-src 'self' givingassistant.org *.givingassistant.org https://*.google.com https://*.hotjar.io https://*.hotjar.com; img-src 'self' givingassistant.org *.givingassistant.org data: blob: https:; report-uri https://613a32b578cecbf9e772a60f.endpoint.csper.io; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' 1003891.track.convertexperiments.com app.hubspot.com cdn-3.convertexperiments.com cdn.pdst.fm connect.facebook.net js.hs-analytics.net js.hs-banner.com js.hsforms.net js.hsleadflows.net js.hubspotfeedback.com js.usemessages.com play.vidyard.com script.hotjar.com snap.licdn.com static.hotjar.com static.hsappstatic.net www.google-analytics.com www.googletagmanager.com www.recaptcha.net code.highcharts.com www.youtube.com 'strict-dynamic' 'nonce-MTE5MjkyNTIzNCwyNzkzODI3MTkx'; report-uri https://exceptions.hubspot.com/csp/report?version=test; 1
connect-src 'self' https://ee.15gifts.com https://*.ads-twitter.com https://*.akamaihd.net https://ee-dtp-static.s3.amazonaws.com https://ee-outage.s3.amazonaws.com https://ee-tagging.s3.amazonaws.com https://bat.bing.com https://btbsecure.business.bt.com https://*.cloudfront.net https://*.ee.co.uk https://ee.co.uk https://myaccount.ee.co.uk https://*.criteo.com https://*.criteo.net https://cdn.decibelinsight.net https://collection.decibelinsight.net wss://cdn.decibelinsight.net https://*.demdex.net https://dpm.demdex.net https://*.doubleclick.net wss://collection.decibelinsight.net https://*.facebook.com https://*.facebook.net https://wmstatic.global.ssl.fastly.net https://*.google.com https://*.google-analytics.com https://*.googleadservices.com https://ajax.googleapis.com https://translate.googleapis.com https://www.googleapis.com https://www.googletagmanager.com https://*.gstatic.com https://decibelinsight.net https://t.co https://code.jquery.com https://*.liveperson.net https://*.lpsnmedia.net https://resources.digital-cloud-uk.medallia.eu https://imp2.nowinteract.com https://*.tt.omtrdc.net https://btbusiness.d1.sc.omtrdc.net https://everythingeverywhere.tt.omtrdc.net https://*.online-metrix.net https://api.opmnstr.com https://a.optmnstr.com https://static.queue-it.net https://*.reevoo.com https://skynet.reevoo.com https://i.salecycle.com https://ws.sessioncam.com https://tr.snapchat.com https://*.tags.tiqcdn.com https://*.twitter.com https://consent.trustarc.com https://api.uniqodo.com https://insights.uniqodo.com https://analytics.tiktok.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ee.15gifts.com https://track.adform.net https://*.adobedtm.com https://static.ads-twitter.com https://*.akamaihd.net https://ee-dtp-static.s3.amazonaws.com https://ee-tagging.s3.amazonaws.com https://rialto-gms.s3.amazonaws.com https://ads.avocet.io https://bat.bing.com https://p294588.clksite.com https://ee.cloud-iq.com https://cdnjs.cloudflare.com https://*.cloudfront.net https://d2oh4tlt9mrke9.cloudfront.net https://c.cnzz.com https://*.ee.co.uk https://ee.co.uk https://smetrics.ee.co.uk https://*.criteo.com https://*.criteo.net https://cdn.decibelinsight.net https://*.doubleclick.net https://googleads.g.doubleclick.net https://www.dwin1.com https://cm.everesttech.net https://*.facebook.net https://connect.facebook.net https://*.google.com https://*.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://*.googleapis.com https://tpc.googlesyndication.com https://www.googletagmanager.com https://*.gstatic.com https://adobedtm.com https://decibelinsight.net https://medallia.eu https://sc-static.net https://twitter.com https://vimeo.com https://nebula-cdn.kampyle.com https://snap.licdn.com https://px.ads.linkedin.com https://www.linkedin.com https://*.liveperson.net https://lptag.liveperson.net https://*.lpsnmedia.net https://resources.digital-cloud-uk.medallia.eu https://plugin.monotote.com https://beta.mybetterdl.com https://p0.mycdn.co https://cdn.nowinteract.com https://*.tt.omtrdc.net https://btbusiness.d1.sc.omtrdc.net https://a.optmnstr.com https://ct.pinterest.com https://rules.quantcount.com https://secure.quantserve.com https://static.queue-it.net https://eeuk.queueit.net https://mark.reevoo.com https://assets.revlifter.io https://ws.sessioncam.com https://vip.timezonedb.com https://*.tags.tiqcdn.com https://tags.tiqcdn.com https://cdn.syndication.twimg.com https://*.twitter.com https://consent.trustarc.com https://analytics.twitter.com https://platform.twitter.com https://track.uniqodo.com https://cdn.walkme.com https://gdata.youtube.com https://www.youtube.com https://s.ytimg.com https://www.zenaps.com https://analytics.tiktok.com; frame-src 'self' https://*.akamaihd.net https://ee.cloud-iq.com https://d16fk4ms6rqz1v.cloudfront.net https://*.ee.co.uk https://ee.co.uk https://ee.real-digital.co.uk https://*.criteo.com https://*.criteo.net https://*.demdex.net https://*.doubleclick.net https://3796688.fls.doubleclick.net https://eeretailapp.co.uk https://*.facebook.com https://*.facebook.net https://*.google.com https://saltcdn2.googleapis.com https://tpc.googlesyndication.com https://social.hotukdeals.com https://www.hotukdeals.com https://noop.style https://saltcdn2.instagram.com https://lo.tokenizer.liveperson.net https://lo.v.liveperson.net https://server.lon.liveperson.net https://*.lpsnmedia.net https://resources.digital-cloud-uk.medallia.eu https://plugin.monotote.com https://ee-embedded.myunidays.com https://www.myunidays.com https://authorize.omniture.com https://sitecatalyst.omniture.com https://prod-browsext.pricesearcher.com https://tr.snapchat.com https://consent-pref.trustarc.com https://consent.trustarc.com https://platform.twitter.com https://syndication.twitter.com https://insights.uniqodo.com https://app.wizdom.ai http://ee-uk-ppf.wm-staging.com https://www.youtube.com https://gateway.zscalerone.net; style-src 'self' 'unsafe-inline' https:; media-src 'self' https:; img-src 'self' https:; font-src 'self' https:; default-src 'self' https://*.ee.co.uk https://ee.co.uk; object-src 'self' https://*.ee.co.uk https://ee.co.uk; report-uri https://example.com ; report-to csp-endpoint 1
default-src qoe-1.yottaa.net self https:; report-uri https://qoe-1.yottaa.net/_/csp-reports?siteKey=a244R10OWtLFnA 1
default-src https: data: 'unsafe-eval' 'unsafe-inline'; report-uri /csp_reports 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri https://www.search.ch/api/mixedcontent.json 1
script-src 'nonce-0e98186f623d98c568b8bcf6b1502f68' 'strict-dynamic' 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'unsafe-inline'; report-uri /_/_/csp_report/?reportonly , script-src 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'unsafe-inline'; default-src 'self' 'unsafe-inline' blob: data: *.pinimg.com *.pinterest.com accounts.google.com fonts.gstatic.com fonts.googleapis.com use.typekit.net; frame-src *; img-src * data: blob:; connect-src *; worker-src * blob:; report-uri /_/_/csp_report/?reportonly 1
default-src https:; img-src https: data:; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; object-src 'self'; font-src https: data:; style-src https: 'unsafe-inline'; script-src 'nonce-a10d275f-8dcd-4500-ad67-138433002b90' 'self' https://*.wellsfargo.com https://*.wfinterface.com;report-uri https://ort.wellsfargo.com/reporting/csp 1
script-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' *.2mdn.net *.33across.com *.acexchange.co.kr *.ad-generation.jp *.adagio.io *.addthis.com *.addthisedge.com *.adform.com *.adiiix.com *.adingo.jp *.admanmedia.com *.admixer.com *.admixer.net *.adtech.com *.adtiming.com *.advangelists.com *.advertising.com *.adyoulike.com *.amazon-adsystem.com *.amazon.com *.ampproject.org *.amxrtb.com *.aniview.com *.aol.com *.appnexus.com *.aps.amazon.com *.aralego.com *.avantisvideo.com *.axonix.com *.beachfront.com *.behave.com *.betweendigital.com *.bidmachine.io *.bidstreammedia.com *.bidtellect.com *.bing.com *.blis.com *.braintreegateway.com *.brightcove.com *.brightcove.net *.chocolateplatform.com *.cloudflare.com *.cloudfront.net *.consumable.com *.contextweb.com *.conversantmedia.com *.crazyegg.com *.criteo.com *.districtm.io *.doubleclick.net *.e-planning.net *.e-volution.ai *.emxdgt.com *.engagebdr.com *.eskimi.com *.exponential.com *.facebook.com *.facebook.net *.freewheel.tv *.google-analytics.com *.google.ad *.google.ae *.google.al *.google.am *.google.as *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cat *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com *.google.com.af *.google.com.ag *.google.com.ai *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gr *.google.gy *.google.hn *.google.hr *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kg *.google.ki *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.ms *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.pn *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vg *.google.vu *.google.ws *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.gstatic.com *.gumgum.com *.improvedigital.com *.indexexchange.com *.infolinks.com *.inmobi.com *.inskinmedia.com *.instagram.com *.insticator.com *.jquery.com *.kargo.com *.launchdarkly.com *.lemmatechnologies.com *.lijit.com *.lkqd.com *.lkqd.net *.logan.ai *.loopme.com *.marketo.net *.media.net *.mediago.io *.mediatradecraft.com *.moatads.com *.mobfox.com *.mobileadtrading.com *.my.com *.my6sense.com *.narrativ.com *.nativo.com *.newrelic.com *.nr-data.net *.ogury.com *.onetag.com *.openexchangerates.org *.openx.com *.outbrain.com *.playbuzz.com *.pokkt.com *.prodooh.com *.proper.io *.pubmatic.com *.pubnative.net *.px-cdn.net *.realself.com *.revcontent.com *.rhythmone.com *.richaudience.com *.risecodes.com *.rsdev.co *.rubiconproject.com *.sharethrough.com *.smaato.com *.smartadserver.com *.smartclip.net *.smartyads.com *.snapengage.com *.somoaudience.com *.sonobi.com *.sovrn.com *.spotx.tv *.spotxchange.com *.springserve.com *.ssp.e-volution.ai *.ssp.logan.ai *.synacor.com *.target.my.com *.teads.tv *.telaria.com *.themediagrid.com *.tremorhub.com *.tribalfusion.com *.triplelift.com *.typekit.net *.ucfunnel.com *.undertone.com *.unrulymedia.com *.vdopia.com *.velismedia.com *.verve.com *.video.unrulymedia.com *.vidoomy.com *.yahoo.com *.yieldmo.com *.zencdn.net openexchangerates.org blob:; worker-src 'self' blob:; frame-ancestors *; form-action *; report-uri https://api.realself.com/v1/rs-csp-sc/csp-info; report-to security-report 1
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; report-uri https://tools.oxygem.it/csp-violation-report-endpoint/index.php 1
default-src * data: blob: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' data: blob: https: 'unsafe-inline' 'unsafe-eval' *.eurostar.com scripts.eurostar.tech analytics.twitter.com bat.bing.com beacon.krxd.net cdn.kommunicate.io cdn.applozic.com cdn.krxd.net connect.facebook.net consumer.krxd.net eus.cdn-v3.conductrics.com googleads.g.doubleclick.net polyfill.io rules.quantcount.com s.yimg.com sc-static.net secure.quantserve.com sp.analytics.yahoo.com static.ads-twitter.com tag.yieldoptimizer.com tags.tiqcdn.com visitor-service-eu-west-1.tealiumiq.com w.usabilla.com widget.kommunicate.io www.google-analytics.com www.googletagmanager.com pagead2.googlesyndication.com www.googletagservices.com ad.doubleclick.net www.paypal.com www.googleadservices.com maps.googleapis.com apply.workable.com snap.licdn.com; connect-src 'self' https: *.eurostar.com bat.bing.com collect-eu-west-1.tealiumiq.com c.contentsquare.net www.google-analytics.com cdn.kommunicate.io api.kommunicate.io chat.kommunicate.io www.paypal.com googleads4.g.doubleclick.net api.rollbar.com www.facebook.com r.contentsquare.net bots.applozic.com stats.g.doubleclick.net wss://socket5.applozic.com wss://socket.applozic.com:80 adservice.google.com pagead2.googlesyndication.com jslog.krxd.net t.co beacon.krxd.net www.bing.com pubads.g.doubleclick.net; report-uri https://endpoint1.collection.eu.sumologic.com/receiver/v1/http/ZaVnC4dhaV2FbC9Ij83SGE3iTXUOUwHd6irC7dEd3crCFxWV0sz34YKvdRhl7b2Pwk5pss2m6jkp8P_KsP_DDMThVLr-k4csrE-WmpY1fji3919gGLcEhQ== 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: logger.scot.nhs.uk *.google-analytics.com www.googletagmanager.com *.fontawesome.com use.typekit.net *.google.com *.google.co.uk *.googleapis.com themes.googleusercontent.com *.gstatic.com code.jquery.com yui.yahooapis.com *.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net unpkg.com *.amazonaws.com *.addthis.com *.addthisedge.com *.twitter.com *.twimg.com *.facebook.com *.facebook.net static.xx.fbcdn.net *.youtube.com youtu.be *.ytimg.com www.youtube-nocookie.com player.vimeo.com i.vimeocdn.com cdn.jwplayer.com content.jwplatform.com prd.jwpltx.com *.jwpcdn.com *.jwpsrv.com *.civiccomputing.com cc.cdn.civiccomputing.com secure.gravatar.com public.tableau.com www.openstreetmap.org browser-update.org s.w.org www.geoplugin.net www.careopinion.org.uk static.addtoany.com *.wp.com www.patientopinion.org.uk hcaptcha.com *.hcaptcha.com assets.nhs.uk www.travelinescotland.com c7.avaamo.com c7avaamo.s3-us-west-2.amazonaws.com; worker-src 'self' www.google.com; frame-ancestors 'self'; base-uri 'self'; report-uri https://web-reports.scot.nhs.uk/api/v1/csp-report; report-to csp-endpoint 1
default-src https: 'unsafe-inline' 'unsafe-eval' data: ; connect-src 'self'   https://csi.gstatic.com https://securepubads.g.doubleclick.net https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://stats.g.doubleclick.net https://ssl.google-analytics.com https://capture.trackjs.com https://www.google.com https://*.hotjar.com:* wss://*.hotjar.com https://bam.nr-data.net 'report-sample'; font-src 'self' https://inassets1-internationsgmbh.netdna-ssl.com/ https://fonts.gstatic.com https://static.hotjar.com https://*.zuora.com 'report-sample'; frame-src https: appsflyerevent: fbrpc: 'report-sample'; img-src https: blob: data:; manifest-src 'self' 'report-sample'; media-src 'none'; object-src 'none'; script-src https: 'unsafe-inline' 'unsafe-eval' https://ssl.google-analytics.com https://www.googletagservices.com https://www.googletagmanager.com https://static.hotjar.com https://script.hotjar.com https://*.zuora.com 'report-sample'; style-src 'unsafe-inline' https://inassets1-internationsgmbh.netdna-ssl.com/  https://fonts.googleapis.com https://www.gstatic.com https://eu.gcsip.nl 'report-sample'; report-uri https://internations.report-uri.com/r/t/csp/reportOnly 1
script-src 'nonce-e3f0dd6ca523c9bf840fd9b1468b7478' 'strict-dynamic' 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'unsafe-inline'; report-uri /_/_/csp_report/?reportonly , script-src 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'unsafe-inline'; default-src 'self' 'unsafe-inline' blob: data: *.pinimg.com *.pinterest.com accounts.google.com fonts.gstatic.com fonts.googleapis.com use.typekit.net; frame-src *; img-src * data: blob:; connect-src *; worker-src * blob:; report-uri /_/_/csp_report/?reportonly 1
default-src 'self'; script-src cdn.report-uri.com api.stripe.com js.stripe.com 'nonce-MzcyNjU1MDA1Myw3ODczMDQ3NDc=' static.cloudflareinsights.com; style-src 'self' 'unsafe-inline' cdn.report-uri.com; img-src 'self' data: cdn.report-uri.com; font-src 'self' cdn.report-uri.com; connect-src 'self' api.stripe.com; frame-ancestors *.cloudflareworkers.com *.cloudflare.com; form-action 'self' hooks.stripe.com; frame-src js.stripe.com; child-src js.stripe.com; report-uri https://scotthelme.report-uri.com/r/d/csp/reportOnly; report-to default 1
frame-ancestors 'self'; report-uri https://mizar.unive.it/alvise.rabitti/cspreport/report.php; 1
frame-ancestors 'self'; report-uri https://exceptions.hubspot.com/csp/report?resource=website-grader-ui/static-1.874/html/public-en.html&cfRay=6a383c43ab0924dc-IAD 1
default-src 'self' image.spreadshirtmedia.net ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *.go-mpulse.net apis.google.com assets.adobedtm.com *.cloudfront.net nxtck.com ssl.gstatic.com ws.sessioncam.com *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com adtm.spreadshirts.net *.spreadshirt.de ; img-src 'self' data: https: image.spreadshirtmedia.net *.gstatic.com rtb-csync.smartadserver.com pixel.rubiconproject.com pixel.advertising.com dsum-sec.casalemedia.com cotads.adscale.de www.google-analytics.com eu-u.openx.net ih.adscale.de *.akstat.io www.facebook.com dsum-sec.casalemedia.com ad.yieldlab.net secure.adnxs.com mapping.nxtck.com stats.g.doubleclick.net www.google.com www.google.de cm.g.doubleclick.net ads.yahoo.com sync.ligadx.com eb2.3lift.com s.sspqns.com x.bidswitch.net image2.pubmatic.com sync.outbrain.com nxtck.com sanalytics.spreadshirt.de *.spreadshirt.de ; connect-src 'self' https: *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com *.go-mpulse.net *.akstat.io/ dpm.demdex.net *.spreadshirt.de ; font-src 'self' https: data: *.spreadshirt.de ; style-src 'self' data: 'unsafe-inline' https: *.spreadshirt.de ; object-src 'none' ; media-src image.spreadshirtmedia.net ; frame-src 'self' https: www.google.com accounts.google.com *.spreadshirt.de ; report-uri https://csp.spreadshirts.net/csp/reportOnly ; 1
default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' https://app.shopify.com/ https://atlas.shopifycloud.com/ https://monorail-edge.shopifysvc.com/ https://hcaptcha.com https://*.hcaptcha.com; font-src 'self' shopify-assets.shopifycdn.com fonts.gstatic.com; form-action 'self' https://app.shopify.com/; frame-ancestors 'none'; frame-src https://www.google.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://hcaptcha.com https://*.hcaptcha.com; img-src 'self' proxy.shopifycdn.com data: notify.bugsnag.com shopify-assets.shopifycdn.com shopify-assets.shopifycdn.net www.gstatic.com; media-src 'none'; object-src 'self'; script-src 'self' 'unsafe-eval' 'sha256-6k4WOAfvSl7DOwpWH52bnc0hmtQQjXVf5jv/uDuT7D0=' https://shopify-assets.shopifycdn.com https://shopify-assets.shopifycdn.net https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://hcaptcha.com https://*.hcaptcha.com 'nonce-poawQEnALdIZmOhEupoWb1wGdlypcgdSDRuto3VflJ8=' 'unsafe-inline'; style-src 'unsafe-inline' 'self' shopify-assets.shopifycdn.com shopify-assets.shopifycdn.net fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=new&source%5Bapp%5D=identity&source%5Bcontroller%5D=account_lookup&source%5Buuid%5D=6cc20f8ec9af52f0e547926e402f97f1 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: dvngeac8rg9mb.cloudfront.net d34s7xanp5e5sf.cloudfront.net www.gstatic.com js.stripe.com *.googleapis.com www.google.com compilers.widgets.sphere-engine.com; connect-src 'self' wss://push.piazza.com api.stripe.com; img-src 'self' data: http: https:; object-src 'none'; font-src 'self' data: *.typekit.net *.gstatic.com; style-src 'self' 'unsafe-inline' blob: *.typekit.net *.gstatic.com *.googleapis.com dvngeac8rg9mb.cloudfront.net; frame-src 'self' www.youtube.com www.youtube-nocookie.com www.vimeo.com player.vimeo.com www.facebook.com youtu.be gfycat.com www.google.com giphy.com docs.google.com calendar.google.com www.desmos.com www.geogebra.org; report-uri /security/csp_report 1
default-src data: blob: https: gap: gap-iab: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://dailyvoice.report-uri.com/r/d/csp/reportOnly 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri https://dev-ssl.loseit.com/_ops/csp-report 1
font-src 'unsafe-inline' data: *.gstatic.com *.bootstrapcdn.com *.cloudfront.net *.fontawesome.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.doubleclick.net *.affirm.com *.stripe.com *.weltpixel.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com *.cloudfront.net *.bing.com *.google.com *.pinterest.com *.facebook.com *.facebook.net *.amazonaws.com *.amazon-adsystem.com *.shareasale-analytics.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.gstatic.com 'self' 'unsafe-inline'; script-src secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.cricut.com *.cloudfront.net *.googletagmanager.com *.slgnt.us *.stripe.com *.affirm.com *.zdassets.com *.facebook.com *.facebook.net *.crazyegg.com *.google.com *.bing.com *.pinimg.com *.windows.net *.doubleclick.net *.polyfill.io *.cloudflare.com *.googleapis.com *.jsdelivr.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.cloudfront.net *.bootstrapcdn.com *.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.sandbox.paypal.com *.slgnt.us *.affirm.com *.zdassets.com *.zendesk.com *.zopim.com *.pinterest.com *.doubleclick.net *.google-analytics.com *.facebook.com *.facebook.net *.crazyegg.com *.cloudfront.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'self' https://www.google-analytics.com pagecdn.io; script-src-attr 'self'; style-src 'self' https://fonts.googleapis.com https://use.fontawesome.com; style-src-attr 'self'; frame-ancestors 'self' 1
frame-ancestors 'self'; 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.com.au&source%5Bsection%5D=brochure&source%5Buuid%5D=01c4c5c835f494fbf1eabc30b0367046 1
default-src https: data: wss: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval';script-src https: data: wss: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' *.teststagram.com *.instagram.com;style-src https: data: wss: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' *.teststagram.com *.instagram.com;connect-src https: data: wss: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' *.teststagram.com *.instagram.com;font-src https: data: wss: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' *.teststagram.com *.instagram.com *.fbcdn.net *.intern.facebook.com *.facebook.com;img-src https: data: wss: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' *.teststagram.com *.instagram.com *.facebook.com *.fbcdn.net *.igsonar.com *.cdninstagram.com *.google-analytics.com www.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?minimize=0; 1
default-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; media-src https: blob:; object-src https: blob:; report-uri https://csp-report.magicseaweed.com/api/csp-report/ 1
font-src *.cloudflare.com *.bootstrapcdn.com data: *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com js.stripe.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.trustpilot.com *.youtube.com *.paypal.com *.hotjar.com *.livechatinc.com *.doubleclick.net *.facebook.com *.addthis.com giphy.com gfycat.com *.google.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.cloudflare.com *.paypal.com *.ytimg.com *.adsymptotic.com *.googleadservices.com *.bing.com *.linkedin.com *.facebook.com *.facebook.net *.google.com *.google.co.in *.slideteam.net *.googletagmanager.com *.livechatinc.com *.pinterest.com *.doubleclick.net *.gravatar.com *.resultspage.com *.resultsdemo.com *.giphy.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com js.stripe.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.cloudflare.com *.scarabresearch.com *.trustpilot.com *.googletagmanager.com *.bing.com *.googleadservices.com *.licdn.com *.resultspage.com *.googleoptimize.com *.hotjar.com *.facebook.net *.doubleclick.net *.livechatinc.com *.addthis.com *.addthisedge.com *.formisimo.com *.moatads.com *.2checkout.com *.pinterest.com *.newrelic.com *.nr-data.net *.gravatar.com *.google.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.cloudflare.com *.bootstrapcdn.com *.resultspage.com *.resultsdemo.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.livechatinc.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.cloudflare.com *.paypal.com *.scarabresearch.com *.emarsys.net www.google-analytics.com *.doubleclick.net *.addthis.com *.addthisedge.com *.livechatinc.com *.2checkout.com *.trustpilot.com *.hotjar.com *.nr-data.net *.bing.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'nonce-db733bcfed509a3213574542f3966f3c' 'strict-dynamic' 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'unsafe-inline'; report-uri /_/_/csp_report/?reportonly , script-src 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'unsafe-inline'; default-src 'self' 'unsafe-inline' blob: data: *.pinimg.com *.pinterest.com accounts.google.com fonts.gstatic.com fonts.googleapis.com use.typekit.net; frame-src *; img-src * data: blob:; connect-src *; worker-src * blob:; report-uri /_/_/csp_report/?reportonly 1
script-src 'nonce-45dd31fd8030c60f0364c77c55290bdc' 'strict-dynamic' 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'unsafe-inline'; report-uri /_/_/csp_report/?reportonly , script-src 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'unsafe-inline'; default-src 'self' 'unsafe-inline' blob: data: *.pinimg.com *.pinterest.com accounts.google.com fonts.gstatic.com fonts.googleapis.com use.typekit.net; frame-src *; img-src * data: blob:; connect-src *; worker-src * blob:; report-uri /_/_/csp_report/?reportonly 1
img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google.com analytics.tiktok.com t.co f1.media.brightcove.com gce-sc.bidswitch.net dmx.us-west-15.districtm.io syndication.twitter.com dmx.districtm.io secure.adnxs.com www.pinterest.com insight.adsrvr.org us-east-sync.bidswitch.net dmx.us-east-33.districtm.io ade.googlesyndication.com www.googletagmanager.com iad-usadmm.dotomi.com gce-or.bidswitch.net media.baselineresearch.com cf-images.us-east-1.prod.boltdns.net x.bidswitch.net *.doubleclick.net *.amazonaws.com *.googleusercontent.com www.facebook.com sjc-usadmm.dotomi.com maps.googleapis.com dpm.demdex.net metrics.brightcove.com csi.gstatic.com *.doubleverify.com s.update.sharethru.com dmx.us-east-34.districtm.io b.sharethrough.com pagead2.googlesyndication.com dmx.us-east-31.districtm.io us-west-sync.bidswitch.net cdn.acuityplatform.com tpc.googlesyndication.com somni.cineplex.com choices.trustarc.com dmx.districtm.ca cineplex.cpxstoreimages.com mediafiles.cineplex.com px.moatads.com dmx.us-east-32.districtm.io ct.pinterest.com www.google-analytics.com *.adsafeprotected.com www.instagram.com storemedia.cineplex.com www.google.ca pre.glotgrx.com; media-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.googlevideo.com secure.brightcove.com bcbolt446c5271-a.akamaihd.net f1.media.brightcove.com *.gvt1.com mediafiles.cineplex.com redirector.gvt1.com manifest.prod.boltdns.net; form-action  tr.snapchat.com cineplex.com *.snapchat.com www.cineplex.com ct.pinterest.com www.facebook.com; object-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: pagead2.googlesyndication.com mediafiles.cineplex.com; style-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.googletagmanager.com prestage.cineplex.com cpx-next-gen-static.azureedge.net mediafiles.cineplex.com cineplex.com connect.cineplex.com fonts.googleapis.com; font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: cpx-next-gen-static.azureedge.net connect.cineplex.com mediafiles.cineplex.com *.amazonaws.com tpc.googlesyndication.com maxcdn.bootstrapcdn.com fonts.gstatic.com vjs.zencdn.net cineplex.com; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob:; connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: csi.gstatic.com metrics.brightcove.com analytics.tiktok.com f1.media.brightcove.com cpx-next-gen-static.azureedge.net fonts.gstatic.com www.google.com eastus-3.in.applicationinsights.azure.com ade.googlesyndication.com search.cineplex.com api.pinpiaa.com apis.cineplex.com mediafiles.cineplex.com *.snapchat.com dmx.districtm.io adservice.google.com iad-usadmm.dotomi.com pagead2.googlesyndication.com tpc.googlesyndication.com somni.cineplex.com *.doubleverify.com connect.cineplex.com *.doubleclick.net dc.services.visualstudio.com ct.pinterest.com redirector.gvt1.com canadacentral-0.in.applicationinsights.azure.com cdn.ampproject.org bcbolt446c5271-a.akamaihd.net attestation.android.com *.omtrdc.net sjc-usadmm.dotomi.com secure.brightcove.com www.facebook.com manifest.prod.boltdns.net dpm.demdex.net s.update.sharethru.com; frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: imasdk.googleapis.com www.google.com *.googlesyndication.com gce-sc.bidswitch.net nym1-ib.adnxs.com onlineticketing.cineplex.com assets.adobedtm.com www.pinterest.com tpc.googlesyndication.com *.doubleverify.com ads.avct.cloud players.brightcove.net *.amazonaws.com www.youtube.com *.doubleclick.net *.casalemedia.com cineplex.com www.googletagmanager.com tr.snapchat.com cdn.districtm.io gce-or.bidswitch.net www.facebook.com connect.cineplex.com *.snapchat.com platform.twitter.com ct.pinterest.com www.pinterest.ca; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.facebook.com az416426.vo.msecnd.net cdn.jsdelivr.net *.doubleclick.net players.brightcove.net s.pinimg.com connect.facebook.net z.moatads.com *.doubleverify.com dev.virtualearth.net dpm.demdex.net s.update.sharethru.com sadmin.brightcove.com adservice.google.ca *.facebook.net www.google.com urls.api.twitter.com sc-static.net *.ads-twitter.com cdn.ampproject.org assets.adobedtm.com analytics.twitter.com *.googleapis.com www.google-analytics.com as-sec.casalemedia.com *.2mdn.net maps.googleapis.com browser-update.org sjc-usadmm.dotomi.com connect.cineplex.com vjs.zencdn.net pagead2.googlesyndication.com adservice.google.com cpx-next-gen-static.azureedge.net analytics.tiktok.com *.amazonaws.com cineplex-cors.groupbycloud.com cdnjs.cloudflare.com choices.trustarc.com platform.twitter.com www.gstatic.com secure.adnxs.com cdn.districtm.ca www.googletagservices.com choices.truste.com mediafiles.cineplex.com www.googletagmanager.com iad-usadmm.dotomi.com tpc.googlesyndication.com; report-uri /csp_report 1
frame-ancestors 'self' *.salesforce.com *.force.com; report-uri https://sentry.io/api/2704353/security/?sentry_key=81bd7f20e40c44acba15bc87de66fecf 1
frame-ancestors 'self'; frame-src 'self' *.debate.com.mx *.google.com *.google.com.mx *.twitter.com *.youtube.com *.vimeo.com *.facebook.com *.instagram.com *.ampproject.org *.doubleclick.net *.googleapis.com *.retargetly.com *.googlesyndication.com *.ampproject.net *.admanmedia.com *.vidible.tv *.cxense.com *.googletagmanager.com *.adnxs.com *.rubiconproject.com *.indexww.com *.openx.net *.doubleverify.com *.tiktok.com *.pubmatic.com *.adxyield.com *.facebook.net giphy.com *.memeate.com *.windy.com *.taboola.com *.liveleak.com *.pinterest.com *.hotjar.com *.teads.tv debates.cocinaycomparte.com *.spotify.com *.criteo.com ecdn.firstimpression.io *.forexprostools.com tenor.com ytkids.app.goo.g www.nytimes.com www.vlive.tv streamable.com *.seedtag.com battlefy.com *.imonomy.com *.lijit.com; report-uri https://debate.report-uri.com/r/d/csp/reportOnly 1
default-src 'none'; font-src https://d22739b8qd5enr.cloudfront.net https://a.okfn.org 'self' data: https://use.typekit.net https://themes.googleusercontent.com; style-src https://d22739b8qd5enr.cloudfront.net https://a.okfn.org 'self' 'unsafe-inline' https://use.typekit.net; script-src https://d22739b8qd5enr.cloudfront.net https://a.okfn.org 'self' 'unsafe-inline' https://js-agent.newrelic.com https://www.google-analytics.com https://use.typekit.net https://bam.nr-data.net https://downloads.mailchimp.com https://s3.amazonaws.com/downloads.mailchimp.com *.list-manage.com; form-action 'self' https://okfn.us9.list-manage.com; img-src https://d22739b8qd5enr.cloudfront.net https://a.okfn.org 'self' data: https://gravatar.com https://1.gravatar.com https://2.gravatar.com https://secure.gravatar.com https://p.typekit.net https://ping.typekit.net https://www.google-analytics.com; report-uri https://report-uri.io/report/3b3ae25e9e4ccf5f28ea8bef8e70fc63/reportOnly 1
default-src 'none'; base-uri 'none' ; frame-src 'self' *.unidays.world *.facebook.com *.twitter.com *.doubleclick.net *.youtube.com *.google.com *.snapchat.com; connect-src 'self' *.myunidays.com *.myunidays.com *.adzerk.net https://api.segment.io https://cdn.segment.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.facebook.com https://www.google.com https://servedby.flashtalking.com https://ad.doubleclick.net ; font-src 'self' data: https: ; img-src 'self' data: https: ; media-src 'self' *.unidays.world *.googleapis.com ;script-src 'self' https: 'strict-dynamic' 'unsafe-inline' 'nonce-OMzlaQttKkqFqyWxPqivxg==' 'sha256-JaJnzDFt7nhixFwT6OGtcVsmCt5j0JhDTL/mOR+yeLc=' 'sha256-swnYD2S3+mg5eUG+ZrxxAe2x8z+BPFsrZJ1loRNz+Nc=' 'sha256-DQwqYB8/sqCTVOZWfXmwexUV+wjyosAzcAcRY2fdDiU=' 'sha256-XnjryMtIT+X+NpzUtC4lM/ycRGFho9cTdJsO+QZ/hBE=' 'sha256-SiSpQtoSm3gYHCiSdO7bIdwk6nuhuKyKx6I638RpVMs=' ; style-src 'self' 'unsafe-inline' https: ; 1
script-src 'nonce-12bc064aacdf82b8328a53ce264e2514' 'strict-dynamic' 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'unsafe-inline'; report-uri /_/_/csp_report/?reportonly , script-src 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'unsafe-inline'; default-src 'self' 'unsafe-inline' blob: data: *.pinimg.com *.pinterest.com accounts.google.com fonts.gstatic.com fonts.googleapis.com use.typekit.net; frame-src *; img-src * data: blob:; connect-src *; worker-src * blob:; report-uri /_/_/csp_report/?reportonly 1
default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.adobedtm.com *.amazon-adsystem.com *.appdemostore.com *.atdmt.com *.avocet.io *.blubrry.com *.clicktale.net *.craftyclicks.co.uk *.doubleclick.net *.everesttech.net *.facebook.com *.facebook.net *.fca.org.uk *.google.co.uk *.google.com *.googleadservices.com *.jwpcdn.com *.liveperson.net *.linkedin.com *.lpsnmedia.net *.neolane.net *.omguk.com *.omtrdc.net *.pinimg.com *.pinterest.com *.raptmedia.com *.rbos.com *.rbs.co.uk *.rbs.com *.rbsdigital.com *.supportcentre-rbs.co.uk *.snapchat.com *.userzoom.com *.youtube.com *.ytimg.com analytics.twitter.com api.swiftype.com dcs.demdex.net dpm.demdex.net fast.demdex.net fast.rbs.demdex.net jwpltx.com rbs.demdex.net sc-static.net search-rbs.co.uk static.ads-twitter.com t.co www.brightedge.com *.everesttech.net *.everestjs.net cdn.cookielaw.org; upgrade-insecure-requests; report-uri https://rbspersonal.report-uri.com/r/t/csp/reportOnly 1
default-src 'self' *.twimg.com *.vimeo.com www.youtube.com *.cdninstagram.com; connect-src 'self' *.facebook.com www.google-analytics.com; script-src 'self' *.facebook.com *.facebook.net www.googletagmanager.com *.google-analytics.com *.netdna-ssl.com 'unsafe-eval' 'unsafe-inline'; style-src 'self' *.typekit.net *.netdna-ssl.com fonts.googleapis.com 'unsafe-inline'; img-src 'self' data: *.facebook.com s.w.org secure.gravatar.com *.twimg.com *.google-analytics.com *.cdninstagram.com *.netdna-ssl.com; font-src data: 'self' fonts.gstatic.com use.typekit.net *.netdna-ssl.com; frame-src www.facebook.com player.vimeo.com www.youtube.com; report-uri https://browser-listener-10c8e3692d0a.cloudapps.digital/csp-reports; report-to csp-endpoint 1
default-src * 'unsafe-eval' 'unsafe-inline' data: blob:; plugin-types application/x-shockwave-flash; script-src * 'unsafe-inline' blob:; report-uri https://content-security-policy.jobteaser.com/report 1
default-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.tool.lu *.baidu.com *.bdstatic.com; object-src 'none'; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.tool.lu *.baidu.com; img-src 'self' data: *.tool.lu *.href.lu *.baidu.com; media-src 'none'; child-src 'self' *.tool.lu; font-src *.tool.lu *.alicdn.com; connect-src 'self' *.tool.lu *.baidu.com *.alicdn.com; report-uri //a.tool.lu/csp 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri https://www.adelphi.edu/_logger/csp.php?host=www.adelphi.edu 1
default-src 'self' 'unsafe-inline' data: blob: ssl.kaptcha.com *.vimeo.com *.bluesnap.com *.ccdc02.com *.google-analytics.com *.google.com *.yahoo.com *.pinimg.com *.redditstatic.com *.taboola.com *.pinterest.com *.googleapis.com *.g.doubleclick.net *.googleadservices.com *.guardiosecurity.com *.facebook.net *.facebook.com *.googlesyndication.com *.googletagmanager.com *.bing.com secure.adnxs.com *.cardinalcommerce.com fullstory.com *.fullstory.com *.typekit.net *.quora.com *.guard.io *.paypal.com *.gstatic.com *.fixel.ai *.youtube.com *.twitter.com *.ads-twitter.com *.outbrain.com *.stripe.com s.yimg.com o435118.ingest.sentry.io; img-src * data: blob:; report-uri https://guard.io/v2/api/csp 1
default-src 'self' *.roche.com *.roche.net *.gene.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.roche.com *.roche.net *.gene.com snap.licdn.com cdn.walkme.com apis.google.com tpc.googlesyndication.com api.html5media.info workdevapp.com cdn-js.net gdata.youtube.com twitter.com geolocation.onetrust.com api.flickr.com graph.facebook.com sharecdn.social9.com maps.googleapis.com use.typekit.com munchkin.marketo.net img.en25.com w.likebtn.com cdn.mathjax.org sadmin.brightcove.com cdnjs.cloudflare.com releases.flowplayer.org script.crazyegg.com wi.likebtn.com pepperglobal.com analytics.twitter.com cdn.blueconic.net connect.facebook.net fullstory.com script.hotjar.com gnntch.blueconic.net rules.quantcount.com secure.quantserve.com static.hotjar.com www.youtube.com www.googletagmanager.com www.google-analytics.com google-analytics.com *.gstatic.com static.ads-twitter.com sjs.bizographics.com *.linkedin.com www.google.com w.soundcloud.com s.ytimg.com *.cloudflareaccess.com *.salesforceliveagent.com https://*.roche.com:8080 https://cdnjs.org https://service.force.com/* cdn.cookielaw.org static.cloudflareinsights.com googleads.g.doubleclick.net 7232514.collect.igodigital.com; style-src * 'self' 'unsafe-inline'; img-src * 'self' data:; font-src * 'self' data:; connect-src * 'self'; media-src * 'self' data:; object-src 'self'; child-src 'self' *.roche.com *.roche.net *.gene.com *.facebook.net qpcr.probefinder.com *.force.com *.hotjar.com www.facebook.com www.google.com www.googletagmanager.com www.youtube.com; frame-src 'self' *.roche.com *.roche.net *.gene.com www.youtube.com sites.google.com *.cloudfront.net *.facebook.net *.arcot.com live.sagepay.com player.vimeo.com tpc.googlesyndication.com players.brightcove.net qpcr.probefinder.com *.eloqua.com *.hotjar.com *.soundcloud.com *.facebook.com *.google.com *.googletagmanager.com *.youtube-nocookie.com *.youtube.com *.mendeley.com *.force.com https://cdn.walkme.com/*; worker-src 'self' *.roche.com *.roche.net *.gene.com; frame-ancestors 'self' *.roche.com *.roche.net *.gene.com datastudio.google.com sites.google.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com *.cloudflareworkers.com; form-action 'self' *.roche.com *.roche.net *.gene.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com; base-uri 'self' *.roche.com *.roche.net *.gene.com *.secure.roche.com; plugin-types application/pdf; report-uri https://ayba8dhs.uriports.com/reports/report; report-to default 1
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' data: https://fonts.gstatic.com https://themes.googleusercontent.com https://script.hotjar.com/; object-src 'self'; frame-ancestors 'self'; form-action 'self' https://www.facebook.com https://connect.facebook.net https://ct.pinterest.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://*.facebook.net https://*.sascdn.com https://*.smartadserver.com https://*.addthis.com https://*.pinterest.com https://*.designconnected.com https://maps.googleapis.com https://www.gstatic.com https://www.linkedin.com https://*.addthisedge.com https://*.doubleclick.net https://www.googleadservices.com https://*.facebook.com https://*.adform.net https://code.createjs.com https://d31qbv1cthcecs.cloudfront.net https://assets.adsttc.com/insights/ https://s.pinimg.com/ct/ https://www.googleoptimize.com https://*.hotjar.com https://z.moatads.com https://cdn.pushalert.co https://ced-ns.sascdn.com https://www.google.es https://www.google.it https://www.google.fr https://www.google.ch; connect-src 'self' https://*.smartadserver.com https://*.addthis.com https://www.google-analytics.com https://*.doubleclick.net https://*.addthis.com https://www.facebook.com https://*.adform.net https://www.google.com https://www.instagram.com https://ct.pinterest.com https://*.hotjar.com https://*.hotjar.io https://architonic82.pushalert.co https://api.pushalert.co; img-src data: https://*; child-src data: https://www.facebook.com https://connect.facebook.net https://*.addthis.com https://www.designconnected.com https://www.googletagmanager.com https://www.google.com https://www.youtube-nocookie.com https://*.doubleclick.net https://assets.pinterest.com  https://*.smartadserver.com https://player.vimeo.com https://creatives.sascdn.com https://*.hotjar.com https://ct.pinterest.com; worker-src blob: https://s.ads.smartadserver.com https://www.architonic.com; report-uri https://8bccfb85f92743dccb8ce984043b12e3.report-uri.com/r/d/csp/reportOnly 1
default-src 'self' *.wargaming.net https://*.wgcdn.co https://*.gcdn.co https://www.youtube.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.wargaming.net *.tvsquared.com https://*.adform.net https://partner.worldoftanks.com https://*.wgcdn.co https://*.gcdn.co https://www.googletagmanager.com https://*.google-analytics.com https://www.googleadservices.com https://*.yandex.ru https://*.yandex.net https://*.yandex.ua https://*.yandex.by https://*.yandex.kz https://*.yandex.com.tr http://*.yandex.ru http://*.yandex.net http://*.yandex.ua http://*.yandex.by http://*.yandex.kz http://*.yandex.com.tr https://*.yandex.st https://*.yandex.com https://*.yandex.fr https://yandex.st https://u360.d-bi.fr https://bat.bing.com https://connect.facebook.net https://connect.ok.ru https://*.vk.com https://googleads.g.doubleclick.net https://*.adroll.com https://*.addthis.com https://*.addthisedge.com https://tag.marinsm.com https://pixel-geo.prfct.co https://static.criteo.net 	 https://stackadapt.com https://*.creative-serving.com https://*.criteo.com https://*.vihub.ru https://*.cloudfront.net https://js.gleam.io https://a1.adform.net https://ajax.googleapis.com https://www.youtube.com https://animate.adobe.com https://*.stackadapt.com ; style-src 'self' 'unsafe-inline' *.wargaming.net https://fonts.googleapis.com https://tags.srv.stackadapt.com https://*.wgcdn.co https://*.gcdn.co ; img-src 'self' data: android-webview-video-poster: * ; connect-src 'self' *.wargaming.net wss://worldoftanks.ru wss://worldoftanks.eu wss://worldoftanks.asia wss://worldoftanks.com https://stats.g.doubleclick.net https://*.stackadapt.com https://*.yandex.ru https://*.yandex.net https://*.yandex.ua https://*.yandex.by https://*.yandex.kz https://*.yandex.com.tr http://*.yandex.ru http://*.yandex.net http://*.yandex.ua http://*.yandex.by http://*.yandex.kz http://*.yandex.com.tr https://*.yandex.st https://*.yandex.com https://*.yandex.fr https://graph.facebook.com https://*.addthis.com https://*.google-analytics.com https://ymetrica1.com https://*.cloudfront.net https://google.com https://google.ru https://google.com.ua https://google.by https://google.pl https://*.doubleclick.net https://*.googleapis.com ; font-src 'self' *.wargaming.net https://fonts.gstatic.com https://*.wgcdn.co https://*.gcdn.co ; media-src 'self' *.wargaming.net https://*.wgcdn.co https://*.gcdn.co ; frame-src 'self' *.wargaming.net https://*.adform.net https://*.facebook.com https://ad3.adfarm1.adition.com https://connect.facebook.net https://www.youtube.com https://bid.g.doubleclick.net https://*.criteo.com https://yastatic.net https://*.addthis.com https://gleam.io https://*.gcdn.co https://*.wgcdn.co https://aax-eu.amazon-adsystem.com ; object-src 'self' *.wargaming.net https://*.gcdn.co https://www.youtube.com ; report-uri https://cspreport.wargaming.net/cspreport 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data:; img-src 'self' gstatic.com bluecore.com affirm.com avmws.com appspot.com youtube.com evo.com powerreviews.com cloudflare.com quiq-api.com quiq-cdn.com googleapis.com google.com google.bg cloudflareinsights.com googletagmanager.com googleadservices.com ipify.org criteo.net criteo.com btttag.com bing.com s3.amazonaws.com cloudfront.net goquiq.com da.us.criteo.net bikerentalmanager.com facebook.net google-analytics.com facebook.com g.doubleclick.net google.com.ar google.com.au google.com.tw google.am google.com.do google.ge google.com.lb google.hu google.pl google.fr google.es google.co.in google.co.vi google.ca google.co.th google.com.hk google.nl google.co.uk google.co.za google.hn trailforks.com google.com.gt vimeo.com dlx.addthis.com rd.linksynergy.com braintreegateway.com chrome-extension snapchat.com vimeocdn.com avantlink.com google.si google.by google.lt google.cz google.is google.lv google.rs google.co.ke google.co.ma pinkbike.org google.co.jp va.us.criteo.net googlesyndication.com google.cn google.ru google.de google.be google.ie google.ch google.co.il google.com.mx ytimg.com braintree-api.com google.pt jotform.com square.site squareup.com cloudinary.com justuno.com linkedin.com paypal.com paypalobjects.com google.ae google.it google.dk google.com.pk google.com.ec google.gr google.com.ua google.com.eg google.ro google.no shopperapproved.com google.com.sg google.se google.com.br google.at google.co.id google.fi google.com.ph google.co.nz google.com.my google.com.tr google.cl google.co.kr hotjar.io hotjar.com data:; font-src 'self' gstatic.com bluecore.com affirm.com avmws.com appspot.com youtube.com evo.com powerreviews.com cloudflare.com quiq-api.com quiq-cdn.com googleapis.com google.com google.bg cloudflareinsights.com googletagmanager.com googleadservices.com ipify.org criteo.net criteo.com btttag.com bing.com s3.amazonaws.com cloudfront.net goquiq.com da.us.criteo.net bikerentalmanager.com facebook.net google-analytics.com facebook.com g.doubleclick.net google.com.ar google.com.au google.com.tw google.am google.com.do google.ge google.com.lb google.hu google.pl google.fr google.es google.co.in google.co.vi google.ca google.co.th google.com.hk google.nl google.co.uk google.co.za google.hn trailforks.com google.com.gt vimeo.com dlx.addthis.com rd.linksynergy.com braintreegateway.com chrome-extension snapchat.com vimeocdn.com avantlink.com google.si google.by google.lt google.cz google.is google.lv google.rs google.co.ke google.co.ma pinkbike.org google.co.jp va.us.criteo.net googlesyndication.com google.cn google.ru google.de google.be google.ie google.ch google.co.il google.com.mx ytimg.com braintree-api.com google.pt jotform.com square.site squareup.com cloudinary.com justuno.com linkedin.com paypal.com paypalobjects.com google.ae google.it google.dk google.com.pk google.com.ec google.gr google.com.ua google.com.eg google.ro google.no shopperapproved.com google.com.sg google.se google.com.br google.at google.co.id google.fi google.com.ph google.co.nz google.com.my google.com.tr google.cl google.co.kr hotjar.io hotjar.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' gstatic.com bluecore.com affirm.com avmws.com appspot.com youtube.com evo.com powerreviews.com cloudflare.com quiq-api.com quiq-cdn.com googleapis.com google.com google.bg cloudflareinsights.com googletagmanager.com googleadservices.com ipify.org criteo.net criteo.com btttag.com bing.com s3.amazonaws.com cloudfront.net goquiq.com da.us.criteo.net bikerentalmanager.com facebook.net google-analytics.com facebook.com g.doubleclick.net google.com.ar google.com.au google.com.tw google.am google.com.do google.ge google.com.lb google.hu google.pl google.fr google.es google.co.in google.co.vi google.ca google.co.th google.com.hk google.nl google.co.uk google.co.za google.hn trailforks.com google.com.gt vimeo.com dlx.addthis.com rd.linksynergy.com braintreegateway.com chrome-extension snapchat.com vimeocdn.com avantlink.com google.si google.by google.lt google.cz google.is google.lv google.rs google.co.ke google.co.ma pinkbike.org google.co.jp va.us.criteo.net googlesyndication.com google.cn google.ru google.de google.be google.ie google.ch google.co.il google.com.mx ytimg.com braintree-api.com google.pt jotform.com square.site squareup.com cloudinary.com justuno.com linkedin.com paypal.com paypalobjects.com google.ae google.it google.dk google.com.pk google.com.ec google.gr google.com.ua google.com.eg google.ro google.no shopperapproved.com google.com.sg google.se google.com.br google.at google.co.id google.fi google.com.ph google.co.nz google.com.my google.com.tr google.cl google.co.kr hotjar.io hotjar.com data:; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' gstatic.com bluecore.com affirm.com avmws.com appspot.com youtube.com evo.com powerreviews.com cloudflare.com quiq-api.com quiq-cdn.com googleapis.com google.com google.bg cloudflareinsights.com googletagmanager.com googleadservices.com ipify.org criteo.net criteo.com btttag.com bing.com s3.amazonaws.com cloudfront.net goquiq.com da.us.criteo.net bikerentalmanager.com facebook.net google-analytics.com facebook.com g.doubleclick.net google.com.ar google.com.au google.com.tw google.am google.com.do google.ge google.com.lb google.hu google.pl google.fr google.es google.co.in google.co.vi google.ca google.co.th google.com.hk google.nl google.co.uk google.co.za google.hn trailforks.com google.com.gt vimeo.com dlx.addthis.com rd.linksynergy.com braintreegateway.com chrome-extension snapchat.com vimeocdn.com avantlink.com google.si google.by google.lt google.cz google.is google.lv google.rs google.co.ke google.co.ma pinkbike.org google.co.jp va.us.criteo.net googlesyndication.com google.cn google.ru google.de google.be google.ie google.ch google.co.il google.com.mx ytimg.com braintree-api.com google.pt jotform.com square.site squareup.com cloudinary.com justuno.com linkedin.com paypal.com paypalobjects.com google.ae google.it google.dk google.com.pk google.com.ec google.gr google.com.ua google.com.eg google.ro google.no shopperapproved.com google.com.sg google.se google.com.br google.at google.co.id google.fi google.com.ph google.co.nz google.com.my google.com.tr google.cl google.co.kr hotjar.io hotjar.com data:; style-src 'self' 'unsafe-inline' gstatic.com bluecore.com affirm.com avmws.com appspot.com youtube.com evo.com powerreviews.com cloudflare.com quiq-api.com quiq-cdn.com googleapis.com google.com google.bg cloudflareinsights.com googletagmanager.com googleadservices.com ipify.org criteo.net criteo.com btttag.com bing.com s3.amazonaws.com cloudfront.net goquiq.com da.us.criteo.net bikerentalmanager.com facebook.net google-analytics.com facebook.com g.doubleclick.net google.com.ar google.com.au google.com.tw google.am google.com.do google.ge google.com.lb google.hu google.pl google.fr google.es google.co.in google.co.vi google.ca google.co.th google.com.hk google.nl google.co.uk google.co.za google.hn trailforks.com google.com.gt vimeo.com dlx.addthis.com rd.linksynergy.com braintreegateway.com chrome-extension snapchat.com vimeocdn.com avantlink.com google.si google.by google.lt google.cz google.is google.lv google.rs google.co.ke google.co.ma pinkbike.org google.co.jp va.us.criteo.net googlesyndication.com google.cn google.ru google.de google.be google.ie google.ch google.co.il google.com.mx ytimg.com braintree-api.com google.pt jotform.com square.site squareup.com cloudinary.com justuno.com linkedin.com paypal.com paypalobjects.com google.ae google.it google.dk google.com.pk google.com.ec google.gr google.com.ua google.com.eg google.ro google.no shopperapproved.com google.com.sg google.se google.com.br google.at google.co.id google.fi google.com.ph google.co.nz google.com.my google.com.tr google.cl google.co.kr hotjar.io hotjar.com data:; style-src-elem 'self' 'unsafe-inline' gstatic.com bluecore.com affirm.com avmws.com appspot.com youtube.com evo.com powerreviews.com cloudflare.com quiq-api.com quiq-cdn.com googleapis.com google.com google.bg cloudflareinsights.com googletagmanager.com googleadservices.com ipify.org criteo.net criteo.com btttag.com bing.com s3.amazonaws.com cloudfront.net goquiq.com da.us.criteo.net bikerentalmanager.com facebook.net google-analytics.com facebook.com g.doubleclick.net google.com.ar google.com.au google.com.tw google.am google.com.do google.ge google.com.lb google.hu google.pl google.fr google.es google.co.in google.co.vi google.ca google.co.th google.com.hk google.nl google.co.uk google.co.za google.hn trailforks.com google.com.gt vimeo.com dlx.addthis.com rd.linksynergy.com braintreegateway.com chrome-extension snapchat.com vimeocdn.com avantlink.com google.si google.by google.lt google.cz google.is google.lv google.rs google.co.ke google.co.ma pinkbike.org google.co.jp va.us.criteo.net googlesyndication.com google.cn google.ru google.de google.be google.ie google.ch google.co.il google.com.mx ytimg.com braintree-api.com google.pt jotform.com square.site squareup.com cloudinary.com justuno.com linkedin.com paypal.com paypalobjects.com google.ae google.it google.dk google.com.pk google.com.ec google.gr google.com.ua google.com.eg google.ro google.no shopperapproved.com google.com.sg google.se google.com.br google.at google.co.id google.fi google.com.ph google.co.nz google.com.my google.com.tr google.cl google.co.kr hotjar.io hotjar.com data:; 1
frame-ancestors 'self' http://stage01-osl4-prod.lovdata.c.bitbit.net:* http://smia.lovdata.no:8080/ 1
default-src  'self'; script-src  'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' 7203076.collect.igodigital.com 7203076.recs.igodigital.com *.bazaarvoice.com analytics.twitter.com bat.bing.com *.krxd.net cdn.optimizely.com cnstrc.com connect.facebook.net googleads.g.doubleclick.net h.online-metrix.net maps.googleapis.com mpsnare.iesnare.com platform.twitter.com portal.afterpay.com s.go-mpulse.net s.pinimg.com sc-static.net script.hotjar.com static.atgsvcs.com static.demoup.com static.hotjar.com *.useinsider.com targetaustralia.custhelp.com targetaustralia.widget.custhelp.com vsvipsy01.rightnowtech.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com www.secure-afterpay.com.au cdn.evgnet.com tags.tiqcdn.com prod.accdab.net *.cdn-net.com static.ads-twitter.com vsvipsd01.rightnowtech.com www.paypalobjects.com www.paypal.com rules.atgsvcs.com nexuspublications.com.au media.flixcar.com media.flixfacts.com s.pinimg.com pinterest www.google.com *.flixgvid.flix360.io twitter.com www.target.com.au; style-src  'report-sample' 'self' 'unsafe-inline' display.ugc.bazaarvoice.com fonts.googleapis.com targetaustralia.custhelp.com *.useinsider.com media.flixcar.com apps.bazaarvoice.com www.target.com.au; object-src  h.online-metrix.net; base-uri  'self'; connect-src  'self' ac.cnstrc.com *.bazaarvoice.com api.target.com.au app.target.com.au bat.bing.com bf74468mhd.bf.dynatrace.com c.go-mpulse.net cdn.optimizely.com ct.pinterest.com events.demoup.com h.online-metrix.net *.useinsider.com logx.optimizely.com rules.atgsvcs.com static.demoup.com stats.g.doubleclick.net vc.hotjar.io www.google-analytics.com *.akstat.io *.akamaihd.net prod.accdab.net www.paypal.com rum.optimizely.com www.facebook.com in.hotjar.com errors.client.optimizely.com jslog.krxd.net www.google.com adservice.google.com s.go-mpulse.net beacon.krxd.net *.zipmoney.com.au t.zip.co media.flixcar.com www.target.com.au targetaustralia.australia-3.evergage.com; font-src  'self' data: fonts.gstatic.com media.flixcar.com *.useinsider.com media.flixfacts.com cdn.honey.io; frame-src  'self' 5781858.fls.doubleclick.net a17024231970.cdn.optimizely.com api.bazaarvoice.com cdn.krxd.net display.ugc.bazaarvoice.com h.online-metrix.net secure.ippayments.com *.useinsider.com *.snapchat.com vars.hotjar.com www.facebook.com targetaustralia.custhelp.com www.cdn-net.com prod.accdab.net bid.g.doubleclick.net www.paypal.com www.paypalobjects.com media.flixcar.com nexuspublications.com.au www.pinterest.com ct.pinterest.com www.youtube.com pub.s7.exacttarget.com www.googletagmanager.com tags.tiqcdn.com d3nkfb7815bs43.cloudfront.net www.target.com.au mc64kq3-bxswph019ltnzyy450g4.pub.sfmc-content.com www.pinterest.com.au; img-src  'self' data: bat.bing.com beacon.krxd.net ct.pinterest.com *.bazaarvoice.com googleads.g.doubleclick.net h.online-metrix.net maps.googleapis.com *.gstatic.com stack8.collect.igodigital.com t.co www.facebook.com www.google-analytics.com www.google.com www.google.com.au 5781858.fls.doubleclick.net www.pinterest.com *.d.aa.online-metrix.net t.paypal.com www.googletagmanager.com *.useinsider.com media.flixcar.com videos.demoup.com rt.flix360.com jslog.krxd.net prf.hn apiservices.krxd.net adservice.google.com googleads.g.doubleclick.net www.paypalobjects.com 5781858.fls.doubleclick.net media.flixfacts.com static.zipmoney.com.au zip.co www.google.co.in www.google.ru www.google.co.uk www.google.ca www.google.com.sg www.google.co.nz connect.facebook.net www.google.com.sa www.google.com.pg www.google.co.id www.google.com.fj www.google.com.ph www.google.com.hk www.google.com.pk www.google.com.tw www.google.de www.google.ae www.google.to www.google.com.np www.google.co.jp www.google.it www.google.com.kh www.google.pl www.google.fi www.google.com.my www.google.com.qa www.google.com.ec www.google.co.th www.google.nr www.google.nl www.google.cn www.google.co.il www.google.vu www.google.no www.google.co.kr www.google.lk www.google.mu www.google.com.vn www.google.at www.google.cl www.google.com.gt www.google.com.bd www.google.com.eg www.google.co.tz www.google.com.pr www.google.fr www.google.mn www.google.com.lb www.google.be www.google.ws www.google.gr www.google.ch www.google.vg www.google.co.ck www.google.ie d3np41mctoibfu.cloudfront.net www.target.com.au www.google.pt www.google.com.jm www.google.am www.google.com.do www.google.com.cy www.google.com.ar www.google.co.za www.google.ge www.google.com.br www.google.so www.google.com.tr www.google.com.kw www.google.se www.google.bg www.google.com.sv www.google.hn www.google.iq i.ytimg.com img.youtube.com network.bazaarvoice.com; manifest-src  'self'; media-src  'self' videos.demoup.com; worker-src  'self'; report-uri  /csp-report-only 1
default-src 'self'; frame-ancestors 'self'; form-action 'self'; img-src 'self' img.youtube.com https:; object-src 'none'; 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.goldderby.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
default-src https://*.hawkhost.com:443 data: 'unsafe-inline'; script-src 'self' ajax.cloudflare.com ajax.cloudflare.com static.cloudflareinsights.com https://*.google-analytics.com https://www.googletagmanager.com https://*.livechatinc.com https://*.hawkhost.com https://www.google.com https://www.gstatic.com 'unsafe-inline'; connect-src https://*.doubleclick.net https://*.livechatinc.com https://*.google-analytics.com; frame-src https://*.doubleclick.net https://*.google.com https://*.livechatinc.com; media-src https://*.hawkhost.com:443 https://*.livechatinc.com; img-src https://*.hawkhost.com https://*.livechatinc.com https://*.google.com https://*.google-analytics.com; script-src-elem https://*.google-analytics.com https://*.googletagmanager.com https://*.googleadservices.com https://*.doubleclick.net https://*.hawkhost.com https://*.livechatinc.com 'unsafe-inline' 1
script-src 'nonce-ac2ebd794d94d22b8f6aaa1ab47fd16e' 'strict-dynamic' 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'unsafe-inline'; report-uri /_/_/csp_report/?reportonly , script-src 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'unsafe-inline'; default-src 'self' 'unsafe-inline' blob: data: *.pinimg.com *.pinterest.com accounts.google.com fonts.gstatic.com fonts.googleapis.com use.typekit.net; frame-src *; img-src * data: blob:; connect-src *; worker-src * blob:; report-uri /_/_/csp_report/?reportonly 1
child-src 'self'; connect-src 'self' data: http://*.eyeka.com http://*.google-analytics.com http://*.google.com https://*.adnxs.com https://*.cedexis.com https://*.eyeka.com https://*.facebook.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.kameleoon.com https://*.pusher.com https://slaask.com; default-src 'self' data:; font-src 'self' data: http://*.eyeka.com https://*.embedly.com https://*.eyeka.com https://*.gstatic.com https://*.slaask.com; frame-src 'self' data: http://*.google.com http://*.youtube.com https://*.embedly.com https://*.facebook.com https://*.g.doubleclick.net https://*.google.com https://*.kameleoon.com https://*.kameleoon.eu https://*.uservoice.com https://*.youtube.com; img-src 'self' data: http://*.eyeka.com http://*.google-analytics.com http://*.google.com http://*.s3.amazonaws.com http://*.youtube.com https://*.adnxs.com https://*.ads.linkedin.com https://*.amazonaws.com https://*.cdnetworks.net https://*.eyeka.com https://*.facebook.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.ae https://*.google.am https://*.google.at https://*.google.be https://*.google.bg https://*.google.bj https://*.google.by https://*.google.ca https://*.google.ch https://*.google.cl https://*.google.cm https://*.google.co.ao https://*.google.co.cr https://*.google.co.id https://*.google.co.in https://*.google.co.jp https://*.google.co.ke https://*.google.co.kr https://*.google.co.ma https://*.google.co.mz https://*.google.co.nz https://*.google.co.th https://*.google.co.ug https://*.google.co.uk https://*.google.co.uz https://*.google.co.ve https://*.google.co.vi https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.com https://*.google.com.ar https://*.google.com.au https://*.google.com.bd https://*.google.com.br https://*.google.com.co https://*.google.com.do https://*.google.com.ec https://*.google.com.eg https://*.google.com.et https://*.google.com.gt https://*.google.com.hk https://*.google.com.jm https://*.google.com.lb https://*.google.com.mx https://*.google.com.my https://*.google.com.ng https://*.google.com.np https://*.google.com.pa https://*.google.com.pe https://*.google.com.ph https://*.google.com.pk https://*.google.com.py https://*.google.com.qa https://*.google.com.sa https://*.google.com.sg https://*.google.com.tr https://*.google.com.tw https://*.google.com.ua https://*.google.com.vn https://*.google.cz https://*.google.de https://*.google.dk https://*.google.dz https://*.google.ee https://*.google.es https://*.google.fr https://*.google.ge https://*.google.gr https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.it https://*.google.kg https://*.google.kz https://*.google.lu https://*.google.me https://*.google.mu https://*.google.ne https://*.google.nl https://*.google.no https://*.google.pl https://*.google.pt https://*.google.ro https://*.google.rs https://*.google.ru https://*.google.sc https://*.google.se https://*.google.sn https://*.google.tn https://*.googleapis.com https://*.gravatar.com https://*.gstatic.com https://*.kameleoon.com https://*.licdn.com https://*.linkedin.com https://*.s3.amazonaws.com https://*.slaask.com https://*.twitter.com https://*.uservoice.com https://*.youtube.com https://t.co; manifest-src 'self'; media-src 'self' http://*.eyeka.com http://*.google.com http://*.s3.amazonaws.com https://*.amazonaws.com https://*.eyeka.com https://*.google.com https://*.gstatic.com https://*.s3.amazonaws.com https://*.slaask.com; object-src 'self' data: http://*.eyeka.com https://*.eyeka.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: http://*.eyeka.com http://*.google-analytics.com http://*.google.com https://*.adnxs.com https://*.ads-twitter.com https://*.ads.linkedin.com https://*.cedexis.com https://*.embedly.com https://*.eyeka.com https://*.facebook.net https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.co.id https://*.google.com https://*.google.fr https://*.google.ru https://*.googleadservices.com https://*.googleapis.com https://*.gstatic.com https://*.kameleoon.com https://*.licdn.com https://*.linkedin.com https://*.mouseflow.com https://*.mxpnl.com https://*.newrelic.com https://*.nr-data.net https://*.pusher.com https://*.slaask.com https://*.twitter.com https://*.uservoice.com https://twitter.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' data: http://*.eyeka.com https://*.embedly.com https://*.eyeka.com https://*.googleapis.com https://*.slaask.com; worker-src 'self'; prefetch-src 'self'; report-uri https://reports-api.sqreen.io/browser/v0/csp-violations/csp_5839e7e0b36b4ff3bd538670ea663265 1
report-uri https://o38422.ingest.sentry.io/api/1381643/security/?sentry_key=035194ae1605493c99dd66c2a7b2ca98; default-src * data: blob: wss: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' 1
default-src 'none';upgrade-insecure-requests;style-src https: 'unsafe-inline';font-src https: data:;img-src https: data:;connect-src 'self' https://browser.pipe.aria.microsoft.com https://web.vortex.data.microsoft.com;frame-src https://login.windows-ppe.net https://login.live.com https://login.live-int.com;worker-src 'self' blob:;child-src 'self' blob:;report-uri /api/csp-report?page=Unauth&reportOnly=True;script-src 'nonce-wqlvCW+q8BdKzDhlkUYUJw==' 'unsafe-inline' 'unsafe-eval' https: 'strict-dynamic'; 1
default-src sir.rediris.es www.rediris.es 'self' abs.twimg.com cdn.syndication.twimg.com pbs.twimg.com platform.twitter.com self syndication.twitter.com ton.twimg.com www.google-analytics.com www.google.com www.googletagmanager.com www.gstatic.com www.youtube-nocookie.com; connect-src www.google-analytics.com; form-action syndication.twitter.com platform.twitter.com; img-src 'self' www.rediris.es abs.twimg.com data: file ton.twimg.com pbs.twimg.com platform.twitter.com; script-src-elem 'self' www.google.com www.googletagmanager.com 'unsafe-inline' www.rediris.es cdn.syndication.twimg.com platform.twitter.com; script-src www.google.com www.gstatic.com 'unsafe-inline'; style-src-elem 'self' www.rediris.es platform.twitter.com ton.twimg.com; style-src 'self'; frame-src 'self' platform.twitter.com syndication.twitter.com www.youtube-nocookie.com; object-src 'self'; report-uri https://27ee058862b5cab81e8d2c18685f28d5.report-uri.com/r/d/csp/wizard 1
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval' ; report-uri https://events.ocdn.eu/v2/csp-report?_ac=events&_fv=www.newsweek.pl::PROD 1
base-uri 'self';connect-src 'self' https://www.google-analytics.com https://*.googleapis.com https://api.rudderlabs.com https://hosted.rudderlabs.com https://rudderstack.taskade.cloud https://api.stripe.com https://checkout.stripe.com https://sentry.taskade.cloud wss: https://vimeo.com http://*.wistia.com https://*.wistia.com https://*.loom.com https://companion.taskade.com;default-src 'self';form-action 'self';media-src 'self' https://js.driftqa.com https://files.taskade.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' https://ajax.cloudflare.com https://js.driftt.com https://widget.drift.com https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://checkout.stripe.com https://js.stripe.com https://www.youtube.com https://player.vimeo.com;object-src 'none';img-src 'self' data: https://www.googletagmanager.com https://www.google-analytics.com https://*.stripe.com https://files.taskade.com https://unpkg.com https://i.ytimg.com https://*.sndcdn.com https://i.vimeocdn.com http://embed.wistia.com https://*.wistia.com https://cdn.loom.com https://*.figma.com https://images.typeform.com https://*.whimsical.com https://companion.taskade.com;style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com;font-src 'self';frame-src https://js.driftt.com https://widget.drift.com https://checkout.stripe.com https://hooks.stripe.com https://js.stripe.com https://call.taskade.com https://*.youtube.com https://*.soundcloud.com https://player.vimeo.com https://*.loom.com https://*.figma.com https://*.invisionapp.com https://*.typeform.com https://*.whimsical.com;report-uri /webhooks/csp-report;report-to /webhooks/csp-report;frame-ancestors 'none' 1
default-src 'self' image.spreadshirtmedia.net ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *.go-mpulse.net apis.google.com assets.adobedtm.com *.cloudfront.net nxtck.com ssl.gstatic.com ws.sessioncam.com *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com adtm.spreadshirts.net *.spreadshirt.net ; img-src 'self' data: https: image.spreadshirtmedia.net *.gstatic.com rtb-csync.smartadserver.com pixel.rubiconproject.com pixel.advertising.com dsum-sec.casalemedia.com cotads.adscale.de www.google-analytics.com eu-u.openx.net ih.adscale.de *.akstat.io www.facebook.com dsum-sec.casalemedia.com ad.yieldlab.net secure.adnxs.com mapping.nxtck.com stats.g.doubleclick.net www.google.com www.google.de cm.g.doubleclick.net ads.yahoo.com sync.ligadx.com eb2.3lift.com s.sspqns.com x.bidswitch.net image2.pubmatic.com sync.outbrain.com nxtck.com sanalytics.spreadshirt.net *.spreadshirt.net ; connect-src 'self' https: *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com *.go-mpulse.net *.akstat.io/ dpm.demdex.net *.spreadshirt.net ; font-src 'self' https: data: *.spreadshirt.net ; style-src 'self' data: 'unsafe-inline' https: *.spreadshirt.net ; object-src 'none' ; media-src image.spreadshirtmedia.net ; frame-src 'self' https: www.google.com accounts.google.com *.spreadshirt.net ; report-uri https://csp.spreadshirts.net/csp/reportOnly ; 1
default-src 'self'; img-src data: blob: https://*.nykaa.com https://*.nykaafashion.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.google.co.in https://ct.pinterest.com https://googleads.g.doubleclick.net https://fsnecommerce.sc.omtrdc.net https://www.googletagmanager.com https://adservice.google.com https://*.netcoresmartech.com https://d2z6mnjt6dr4j3.cloudfront.net https://www.gstatic.com https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com; script-src 'unsafe-inline' 'unsafe-eval' https://assets.adobedtm.com https://www.googleadservices.com https://www.gstatic.com https://www.googletagmanager.com https://*.netcoresmartech.com https://*.verloop.io https://*.nykaafashion.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://cdn-sdk.hansel.io https://*.googlesyndication.com https://connect.facebook.net https://www.google.com https://www.google.co.in https://unpkg.com; style-src 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://*.g.doubleclick.net https://cdn-sdk.hansel.io https://cdn-ops.verloop.io; font-src data: https://*.nykaafashion.com https://fonts.gstatic.com https://cdn-sdk.hansel.io; connect-src data: 'self' https://*.nykaafashion.com https://*.nykaa.com https://*.googleapis.com https://*.netcoresmartech.com https://www.google-analytics.com https://stats.g.doubleclick.net https://dpm.demdex.net https://fsnecommerce.sc.omtrdc.net https://sdk.hansel.io https://ujm.hansel.io https://www.google.com https://d2z6mnjt6dr4j3.cloudfront.net https://*.verloop.io https://adservice.google.com https://ad.doubleclick.net; frame-src 'self' https://*.fls.doubleclick.net https://*.verloop.io https://bid.g.doubleclick.net https://tpc.googlesyndication.com https://www.youtube.com https://asset.nykaafashion.com https://nykaafashion.onelink.me; worker-src blob: https://*.nykaafashion.com; child-src blob: https://*.nykaafashion.com; manifest-src https://*.nykaafashion.com; media-src blob: https://*.nykaafashion.com https://d2z6mnjt6dr4j3.cloudfront.net https://*.verloop.io; object-src 'none';;report-uri https://o1.ingest.sentry-prod.nykaa.com/api/56/security/?sentry_key=2bff6f29a54542488a3af3ef7a732614&sentry_environment=production&sentry_release=6.38.0 1
frame-ancestors 'self'; report-uri https://ordermygear.report-uri.com/r/t/csp/wizard 1
report-uri https://www.yelp.com/csp_report_only?id=b6d657e28c1b2ae3&page=csp_report_frame_directives%2Cfull_site_ssl_csp_report_directives&policy_hash=3275ba4c5b0741fb6e8d1b21e9975e80&site=www&timestamp=1635135333; frame-ancestors 'self' https://*.yelp.com; default-src https:; img-src https: data: https://*.adsrvr.org; script-src https: data: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline' data:; connect-src https:; font-src data: 'self' https://*.yelp.com https://*.yelpcdn.com https://fonts.gstatic.com https://connect.facebook.net https://cdnjs.cloudflare.com https://apis.google.com https://www.google-analytics.com https://use.typekit.net https://player.ooyala.com https://use.fontawesome.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; frame-src https: yelp-webview://* yelp://* data:; child-src https: yelp-webview://* yelp://*; media-src https:; object-src 'self'; worker-src blob: https:; base-uri 'self' https://*.yelpcdn.com https://*.adsrvr.org https://6372968.fls.doubleclick.net; form-action https: 'self' 1
connect-src *.litix.io *.pusher.com 729-jty-427.mktoresp.com 729-jty-427.mktoutil.com api.bench.co api.segment.io bat.bing.com bench.co boards-api.greenhouse.io cdn.contentful.com cdn.getambassador.com content.proof-x.com data.cdnbasket.net distillery.wistia.com embed.wistia.com embedwistia-a.akamaihd.net https://*.hotjar.com https://heapanalytics.com ids.cdnwidget.com page.cdnbasket.net pipedream.wistia.com pro.ip-api.com requests.getambassador.com stats.g.doubleclick.net vc.hotjar.io view.cdnbasket.net ws://ws.pusherapp.com wss://*.hotjar.com wss://ws.pusherapp.com www.facebook.com www.google-analytics.com www.google.com; font-src bench-assets.imgix.net data: fonts.gstatic.com https://heapanalytics.com script.hotjar.com; frame-src app-ab17.marketo.com bid.g.doubleclick.net boards.greenhouse.io js.driftt.com vars.hotjar.com www.facebook.com www.youtube.com; img-src 'self' * alb.reddit.com app-ab17.marketo.com bat.bing.com bench-assets.imgix.net cx.atdmt.com data: e.cdnwidget.com embed.wistia.com fast.wistia.com hi.hellobar.com https://heapanalytics.com i.ytimg.com images.ctfassets.net s3.amazonaws.com stats.g.doubleclick.net www.facebook.com www.google-analytics.com www.googletagmanager.com; media-src blob: embed.wistia.com embedwistia-a.akamaihd.net; report-uri https://api.bench.co/api/v1/cspreport.json; script-src 'self' 'unsafe-eval' 'unsafe-inline' app-ab17.marketo.com bat.bing.com boards.greenhouse.io cdn.getambassador.com cdn.proof-x.com cdn.segment.com connect.facebook.net fast.wistia.com googleads.g.doubleclick.net https://cdn.heapanalytics.com https://heapanalytics.com js.driftt.com mbsy.co munchkin.marketo.net my.hellobar.com pixel.cdnwidget.com script.hotjar.com static.hotjar.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com www.redditstatic.com; style-src 'unsafe-inline' app-ab17.marketo.com bench.co fonts.googleapis.com https://heapanalytics.com; worker-src blob: 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.cloudflareinsights.com https://*.hotjar.com https://*.googleapis.com https://www.gstatic.com https://www.googletagmanager.com https://polyfill.io https://*.polyfill.io https://code.jquery.com https://www.google-analytics.com https://*.liveperson.net https://*.lpsnmedia.net https://www.google.com https://www.googleadservices.com https://*.doubleclick.net; style-src 'self' 'unsafe-inline' https://*.typekit.net https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://code.jquery.com https://*.googleapis.com; font-src 'self' https://*.hotjar.com https://*.typekit.net https://*.fontawesome.com  https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com; connect-src 'self' https://surveystats.hotjar.io https://*.gmc-uk.org https://vc.hotjar.io https://*.hotjar.com https://*.doubleclick.net https://www.google-analytics.com; frame-src 'self' https://*.hotjar.com https://lpcdn.lpsnmedia.net https://www.youtube.com https://player.vimeo.com https://www.google.com https://*.doubleclick.net; img-src 'self' https://*.hotjar.com https://*.gmc-uk.org https://dequeuniversity.com https://*.google.com https://*.google.co.uk https://www.google-analytics.com https://*.doubleclick.net https://*.adnxs.com 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; font-src https: data: 'unsafe-inline'; img-src https: data: 'unsafe-inline'; report-uri https://cspreport.report-uri.io/r/default/csp/reportOnly 1
script-src 'unsafe-inline' 'unsafe-eval' 'self' *.nr-data.net *.paypalobjects.com *.analytics-egain.com *.trustpilot.com *.newrelic.com *.kk-resources.com *.redditstatic.com *.chainreactioncycles.com *.google.com *.criteo.net *.melissadata.net *.mention-me.com *.bazaarvoice.com www.zenaps.com *.scene7.com the.sciencebehindecommerce.com *.adyen.com seal.digicert.com vars.hotjar.com *.hotjar.com *.criteo.com lantern.roeyecdn.com *.cloudfront.net *.bing.com tracker.marinsm.com *.facebook.net *.trustarc.com *.google-analytics.com www.googletagmanager.com *.scene7.com www.dwin1.com www.googleoptimize.com data:; style-src * 'unsafe-inline'; default-src *.melissadata.net *.sciencebehindecommerce.com *.truste.com *.chainreactioncycles.com *.facebook.com *.hotjar.com *.hotjar.io *.gstatic.com *.bing.com *.googleapis.com *.trustarc.com *.google-analytics.com *.cloudfront.net *.googleoptimize.com; img-src * data:; object-src 'none'; connect-src * ; frame-src * data:; script-src-elem 'unsafe-inline' *.chainreactioncycles.com *.digicert.com *.criteo.com *.google.com *.kk-resources.com www.redditstatic.com analytics.analytics-egain.com js-agent.newrelic.com widget.trustpilot.com bam.nr-data.net www.paypalobjects.com www.googleoptimize.com lantern.roeyecdn.com www.googleadservices.com media.chainreactioncycles.com tracker.marinsm.com *.adyen.com sslwidget.criteo.com *.bazaarvoice.com *.hotjar.com *.googletagmanager.com bat.bing.com www.zenaps.com *.cloudfront.net static.criteo.net *.google-analytics.com www.dwin1.com *.mention-me.com *.facebook.net *.trustarc.com the.sciencebehindecommerce.com *.scene7.com mpsnare.iesnare.com seal.digicert.com9 data:; style-src-elem * 'unsafe-inline'; font-src * data: ; media-src * data:; script-src-attr 'unsafe-inline'; style-src-attr 'unsafe-inline'; report-uri /csp-report.jsp; 1
report-uri /report-violation; form-action 'self' https://*.formlabs.com https://*.marketo.com https://www.facebook.com/tr/; base-uri 'self'; object-src https://formlabs.com https://*.formlabs.com http://localhost:3001; frame-ancestors https://partneruniversity-formlabs.talentlms.com https://university-formlabs.talentlms.com https://internal-formlabs.talentlms.com https://formlabs.com https://*.formlabs.com https://dental.formlabs.com https://careers.formlabs.com http://localhost:3000; upgrade-insecure-requests 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com siteimproveanalytics.com libraryh3lp.com liblab.utc.edu *.digitalmeasures.com *.visitdays.com *.bc0a.com cdn.b0e8.com *.siteimprove.net *.siteimprove.com *.cloudflareinsights.com *.shopwindow.io *.licdn.com *.app-us1.com script.crazyegg.com platform.twitter.com *.twimg.com *.libwizard.com *.libapps.com unpkg.com cdn.jsdelivr.net; object-src 'self'; style-src 'self' 'unsafe-inline' *.visitdays.com use.fontawesome.com fonts.googleapis.com  *.safetyhandler.com *.shopwindow.io *.digitalmeasures.com platform.twitter.com unpkg.com; img-src 'self' data: *.utc.edu *.bc0a.com *.siteimproveanalytics.io  *.safetyhandler.com *.shopwindow.io *.ads.linkedin.com *.adsymptotic.com *.digitalmeasures.com libapps.s3.amazonaws.com se-images.campuslabs.com *.twimg.com platform.twitter.com; media-src 'self' *.utc.edu *.safetyhandler.com *.digitaloceanspaces.com *.contentdm.oclc.org; frame-src 'self' iframe.utc.edu digital-collections.library.utc.edu libraryh3lp.com *.google.com *.googletagmanager.com *.youtube.com *.youtu.be *.issuu.com iframe.videodelivery.net *.concept3d.com platform.twitter.com syndication.twitter.com *.libwizard.com; frame-ancestors 'self' *.googletagmanager.com *.libwizard.com *.utc.edu *.utccloud.com chrisgilligan.com; child-src 'self' *.googletagmanager.com *.google.com; font-src 'self' data: use.fontawesome.com fonts.googleapis.com fonts.gstatic.com *.safetyhandler.com; connect-src 'self' libraryh3lp.com *.visitdays.com *.shopwindow.io *.safetyhandler.com script.crazyegg.com *.digitalmeasures.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self'; img-src 'self' *.siteimproveanalytics.io blob: data:; script-src 'self' 'sha256-oJ60dJ4QiXzfACDGc3RXXSr775j3dlDPxf+JxcdSMrc=' code.jquery.com ajax.aspnetcdn.com *.readspeaker.com *.siteimproveanalytics.com siteimproveanalytics.com *.datatables.net; font-src 'self' data: *.readspeaker.com; style-src 'self' 'unsafe-inline' *.readspeaker.com; connect-src 'self' *.readspeaker.com statistiek.api.dnb.nl; frame-src 'self' www.youtube.com www.vimeo.com; object-src 'none'; report-uri https://e4044bdf33a4c10e6f7e8a355b831229.report-uri.com/r/d/csp/reportOnly; report-to default; 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.jp&source%5Bsection%5D=brochure&source%5Buuid%5D=8df48f64dee6e598aa3ec8c98a4fd6c9 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.sportico.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://spy.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
default-src 'self' https://*.soraapp.com https://*.overdrive.com; connect-src 'self' https://*.soraapp.com https://*.overdrive.com https://api.duckduckgo.com https://*.od-cdn.com https://*.cachefly.net; font-src 'self' data:; frame-src 'self' https://*.soraapp.com https://*.google.com; img-src 'self' data: https://*.od-cdn.com https://*.overdrive.com https://duckduckgo.com https://biglibraryread.com; script-src 'self' 'nonce-81ad7f2646f01e37eced09436895b858' https://*.google.com; style-src 'self' 'unsafe-inline' https://*.google.com; require-trusted-types-for 'script'; trusted-types sanitizer unsafe dompurify scriptHelper 1
default-src https: 'unsafe-inline' 'unsafe-eval' wss://jobsv3.wort.lu/api/v1/sites/pt/latina/playlistUpdates; img-src https: data: blob:; media-src https: blob:; font-src https: data:; report-uri https://www.wort.lu/report 1
object-src 'self' *.flocabulary.com s3.amazonaws.com; frame-src 'self' www.facebook.com s3.amazonaws.com; style-src 'self' *.flocabulary.com use.typekit.net use.typekit.com p.typekit.net 'unsafe-inline'; media-src 'self' *.flocabulary.com flocabulary.s3.amazonaws.com; img-src 'self' *.flocabulary.com flocabulary.s3.amazonaws.com s3.amazonaws.com biggie-the-cat.s3.amazonaws.com www.facebook.com track.hubspot.com events.fivetran.com www.google-analytics.com cx.atdmt.com stats.g.doubleclick.net data:; font-src 'self' *.flocabulary.com use.typekit.net use.typekit.com data:; frame-ancestors 'self' nearpod.com *.nearpod.com *.nearpod.us; script-src 'self' *.flocabulary.com www.googletagmanager.com 'sha256-HFdkbTbP/ODJg7TUGg1mgRnM3kukDJcYzHQe4BmNznc=' 'sha256-ohIaS/k8a4vQLbSEhCDrAbLO3Sq06Fn7G7rhZLA+5Dk=' 'sha256-h8gG1uNWi02S00uhnnPan+IfTOULBEi0D46e6eAw/dk=' connect.facebook.net apis.google.com ajax.googleapis.com www.google-analytics.com js.hsleadflows.net js.hs-analytics.net bam.nr-data.net js-agent.newrelic.com d1fc8wv8zag5ca.cloudfront.net 'nonce-bvne79Uj5xChQ8Ex'; default-src 'self' *.flocabulary.com; connect-src 'self' flocabulary.s3.amazonaws.com www.google-analytics.com sessions.bugsnag.com forms.hubspot.com biggie-the-cat.s3.amazonaws.com bam.nr-data.net api.recurly.com nearpod.com blog.flocabulary.com; report-uri https://1790360b11fe0efc9c9d543e4d7dfa4d.report-uri.com/r/d/csp/reportOnly 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.dirt.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
img-src data: https://maps.googleapis.com/ https://maps.gstatic.com/ https://924vgradmin.boost.ai/ https://vgr1177.boost.ai/ https://*.amazonaws.com/ https://content.psplugin.com/ 'self'; connect-src https://cdn.cookielaw.org/ https://webanalytics.inera.se/ https://pwtapm.inera.se https://924vgradmin.boost.ai/ https://vgr1177.boost.ai/ https://account.psplugin.com/ https://ftvregionkalmar.psplugin.com/ https://klt-regionkalmar.psplugin.com/ 'self'; script-src https://cdn.cookielaw.org/ https://dl.episerver.net/ https://maps.googleapis.com/ https://924vgradmin.boost.ai/ https://vgr1177.boost.ai/ https://account.psplugin.com/ https://ftvregionkalmar.psplugin.com/ https://klt-regionkalmar.psplugin.com/ 'sha256-+Aq++ST2Ovr4mF339T+uuFF4xb/VVxOYB+HUBL174oI=' 'sha256-GjgfMA+6/m3/gDOB+Q1nFqtrXHl9uxjkt/aGY/u4AlI=' 'unsafe-inline' 'sha256-3/mNUpqF9X/gMYE+bOG6g8d6I32wdYdWwWuAk90mPCM=' 'sha256-KdrksQVVfPWUX99NitlEt4ABdXZmgoZpezLqt68xrRU=' 'sha256-NBS7EduG2pL/l2J3FKVM//a6/tkbjRXCbg6q7vBX/JQ=' 'sha256-9nbqryG6r8ah9AReuQJKTzRXvO4bc5sLyPTD9Ybevj8=' 'sha256-2wNadWMR9hLyeMvQobztXnaP12skTyqr5XlVKb3TcU8=' 'sha256-laWjrqJThFpSbf4H+IwSnwccrjKHaVCE1bYgwmmXevg=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-/6DtEWSe1TbeutSkcsYjQYlmYVuYOnWU7896llHePz0=' 'self'; frame-src https://play.mediaflowpro.com/ https://dreambroker.com/ https://924vgradmin.boost.ai/ https://vgr1177.boost.ai/; font-src https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://se-content-b.psplugin.com/ https://content.psplugin.com/ https://se-content-a.psplugin.com/ 'self'; style-src-elem https://fonts.googleapis.com/ https://se-content-b.psplugin.com/ https://se-content-a.psplugin.com/ 'unsafe-inline' 'self'; style-src 'unsafe-inline' 'self'; style-src-attr 'unsafe-inline'; default-src 'self'; report-to csp-endpoint 1
block-all-mixed-content ; base-uri   'self'; child-src   'self'   blob: ; connect-src   'self'   api.raiffeisen.ch   boerse.raiffeisen.ch   login.raiffeisen.ch   microsites.raiffeisen.ch   statistics.raiffeisen.ch   chat.aiaibot.com   api.aiaibot.com   export.highcharts.com   scene7.raiffeisen.ch   collect-eu-central-1.tealiumiq.com   dpm.demdex.net   raiffeisen.tt.omtrdc.net ; default-src   'self'   resource: ; font-src   'self'   fonts.googleapis.com   fonts.gstatic.com ; form-action   'self'; frame-ancestors   experience.adobe.com   chat.aiaibot.com   chat-pr823.aiaibot.dev   raiffeisen.experiencecloud.adobe.com ; frame-src   microsites.raiffeisen.ch   video.service.raiffeisen.ch   activitymap.adobe.com   chat.aiaibot.com   authorize.omniture.com   sitecatalyst.omniture.com   cdn.tt.omtrdc.net   media10.simplex.tv   nubes.simplex.tv ; img-src   'self'   data:   statistics.raiffeisen.ch   www.google.ch   www.facebook.com   www.google.com   khms0.googleapis.com   khms1.googleapis.com   maps.googleapis.com   csi.gstatic.com   maps.gstatic.com   export.highcharts.com   scene7.raiffeisen.ch   dmp.adform.net   dpm.demdex.net   raiffeisen.demdex.net   googleads.g.doubleclick.net   media10.simplex.tv ; manifest-src   'self'; media-src   'self'   blob:   ruz.ch   www.ruz.ch   scene7.raiffeisen.ch   media10.simplex.tv ; object-src   'self'; report-uri https://api.rreports.ch/svreport/v1/api/wwwrch/csp ; script-src   'self'   'unsafe-eval'   'unsafe-inline'   login.raiffeisen.ch   microsites.raiffeisen.ch   activitymap.adobe.com   www.googleadservices.com   maps.googleapis.com   scene7.raiffeisen.ch   chat.aiaibot.com   chat-pr823.aiaibot.dev   googleads.g.doubleclick.net   cdn.tt.omtrdc.net ; style-src   'self'   'unsafe-inline'   microsites.raiffeisen.ch   fonts.googleapis.com   scene7.raiffeisen.ch   cdn.tt.omtrdc.net ; worker-src   'self'; 1
script-src 'nonce-31nVu7Ap76GxH8MELYrRzg' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1
default-src https:; script-src https: 'self' 'unsafe-eval' 'unsafe-inline'; object-src none; style-src 'unsafe-inline' 'self' https:; report-uri https://www2.medline.com/cspreport.html 1
default-src 'self' i5.walmartimages.com; script-src 'self' 'strict-dynamic' drfdisvc.walmart.com cdn.quantummetric.com collector-pxu6b0qd2s.px-cloud.net *.wal.co beacon.developer.walmart.com beacon.walmart.com i5.walmartimages.com www.recaptcha.net connect.facebook.net *.paypal.com 'nonce-dacO7b97-pdgCH42'; style-src 'self' 'unsafe-inline' *.walmartimages.com *.wal.co; font-src 'self' i5.walmartimages.com *.wal.co fonts.gstatic.com fonts.googleapis.com; img-src 'self' i5.walmartimages.com *.zeekit.me i5-qa.walmartimages.com *.online-metrix.net drfdisvc.walmart.com tpc.googlesyndication.com crs.midas.stg.prod.us.walmart.net wrd.walmart.com receipts-query.edge.walmart.com data: *.wal.co www.facebook.com cyborg-wm-auth-service-v2.jet.com maps.googleapis.com maps.gstatic.com securepubads.g.doubleclick.net ad.doubleclick.net cdn-assets.affirm.com tps.doubleverify.com static.adsafeprotected.com pixel.adsafeprotected.com secure-gl.imrworldwide.com ir.surveywall-api.survata.com cdn.doubleverify.com s0.2mdn.net www.gstatic.com *.px-cloud.net collector-pxu6b0qd2s.px-cdn.net beacon.walmart.com *.paypal.com; connect-src 'self' i5.walmartimages.com maps.googleapis.com maps.gstatic.com beacon.walmart.com beacon.developer.walmart.com collector-pxu6b0qd2s.px-cloud.net collector-pxu6b0qd2s.px-cdn.net collector-pxu6b0qd2s.pxchk.net collector-pxu6b0qd2s.perimeterx.net drfdisvc.walmart.com *.quantummetric.com walmart-sync.quantummetric.com quimby.mobile.walmart.com csp.walmart.com *.wal.co www.facebook.com directline.botframework.com wss://directline.botframework.com chat-qa.walmart.com walmart-sync.quantummetric.com identity.walmart.com tps.doubleverify.com i.liadm.com i6.liadm.com dw.wmt.co idsync.rlcdn.com secure.adnxs.com azmatch.adsrvr.org api.waiting-room.walmart.com stats.g.doubleclick.net *.paypal.com *.acculynk.net *.affirm.com; object-src drfdisvc.walmart.com; frame-src 'self' i5.walmartimages.com adclick.g.doubleclick.net drfdisvc.walmart.com *.quantummetric.com tap.walmart.com identity.walmart.com www.facebook.com www.recaptcha.net wallet.walmart.com *.affirm.com *.paypal.com *.paypalobjects.com *.acculynk.net tpc.googlesyndication.com *.online-metrix.net www.google.com; report-uri https://csp.walmart.com/c/r/gl 1
font-src https://fonts.gstatic.com *.gstatic.com 'self' data: *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de https://pal-test.adyen.com https://pal-live.adyen.com https://test.adyen.com https://live.adyen.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com player.vimeo.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adyen.com *.dotdigital-pages.com *.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de cdn.dnky.co webchat.dotdigital.com https://consentcdn.cookiebot.com https://www.facebook.com https://www.google.com https://checkoutshopper-test.adyen.com https://checkoutshopper-live.adyen.com https://pal-test.adyen.com https://pal-live.adyen.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.adyen.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de https://checkoutshopper-test.adyen.com https://checkoutshopper-live.adyen.com https://maps.gstatic.com https://www.google.com https://www.google.it 'self' data: *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com https://checkoutshopper-live.adyen.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de cdn.dnky.co api.comapi.com webchat.dotdigital.com maps.googleapis.com https://www.googletagmanager.com *.google.com https://cdn.mouseflow.com https://www.gstatic.com https://apis.google.com http://connect.facebook.net https://connect.facebook.net https://consentcdn.cookiebot.com https://consent.cookiebot.com https://js-agent.newrelic.com https://bam.nr-data.net https://maps.googleapis.com https://chimpstatic.com https://www.mczbf.com *.gstatic.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com unsafe-inline cdn.dnky.co webchat.dotdigital.com https://fonts.googleapis.com https://www.gstatic.com *.googleapis.com *.gstatic.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de api.comapi.com webchat.dotdigital.com https://www.facebook.com https://www.google-analytics.com https://bam.nr-data.net https://www.mczbf.com https://stats.g.doubleclick.net https://checkoutshopper.adyen.com https://checkoutshopper-test.adyen.com *.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.omtrdc.net *.demdex.net *.2o7.net; frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: incommholdings.demdex.net; img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: bat.bing.com c.evidon.com l.evidon.com *.2o7.net cm.everesttech.net; font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: fonts.gstatic.com; child-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: incommholdings.demdex.net; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: incommholdings.demdex.net; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: bat.bing.com c.evidon.com assets.adobedtm.com ; form-action 'none' data: blob: ; report-uri /csp_report 1
form-action  syndication.twitter.com platform.twitter.com; media-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: content.totalwar.com; connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: content.totalwar.com secure-ds.serving-sys.com bam-cell.nr-data.net apikeys.civiccomputing.com www.google-analytics.com; frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.googletagmanager.com syndication.twitter.com www.youtube.com *.doubleclick.net player.bilibili.com platform.twitter.com; img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google.com www.googletagmanager.com www.google.co.uk www.google-analytics.com syndication.twitter.com pbs.twimg.com media.giphy.com cdn.creative-assembly.com alb.reddit.com platform.twitter.com content.totalwar.com www.facebook.com abs.twimg.com ton.twimg.com; font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: content.totalwar.com fonts.gstatic.com; style-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: content.totalwar.com ton.twimg.com *.googleapis.com platform.twitter.com; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob:; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.youtube.com secure-ds.serving-sys.com www.google-analytics.com cdn.syndication.twimg.com www.googletagmanager.com content.totalwar.com connect.facebook.net js-agent.newrelic.com platform.twitter.com bat.bing.com player.twitch.tv bam-cell.nr-data.net cc.cdn.civiccomputing.com *.ads-twitter.com *.doubleclick.net www.redditstatic.com; report-uri /csp_report 1
default-src 'self' *.acadiau.ca; img-src 'self' *.acadiau.ca *.index.digital *.sitescout.com *.gstatic.com *.bc0a.com *.twimg.com *.facebook.com *.twitter.com *.google.ca *.google.com www.google-analytics.com wl-pixel.index.digital pixel.sitescout.com s3.amazonaws.com *.b0e8.com; font-src 'self' *.fontawesome.com *.bootstrapcdn.com *.googleapis.com *.gstatic.com; style-src 'self' *.bootstrapcdn.com *.fontawesome.com *.twimg.com *.twitter.com *.googleapis.com widget.alongside.com 'unsafe-inline'; script-src 'self' *.acadiau.ca *.google.com *.googleapis.com acuityplatform.com *.jquery.com *.bootstrapcdn.com *.facebook.net *.google-analytics.com *.technolutions.net *.twitter.com *.twimg.com widget.alongside.com *.instagram.com *.cloudflare.com e.issuu.com *.pixel.ad *.hotjar.com *.bc0a.com *.b0e8.com theta360.com *.tiktok.com 'unsafe-inline'; connect-src 'self' *.hotjar.com *.doubleclick.net www.google-analytics.com *.doubleclick.com *.sitescout.com *.doubleclick.n; frame-src 'self' *.hotjar.com *.youtube.com *.vimeo.com *.twitter.com *.issuu.com *.facebook.com *.instagram.com *.sitescout.com theta360.com; frame-ancestors 'self'; 1
media-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: smedia.webcollage.net image.smythstoys.com content.syndigo.com; prefetch-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: js.klarna.com; font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: fonts.gstatic.com scontent.webcollage.net media.flixfacts.com media.flixcar.com; style-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.googleapis.com euc-widget.freshworks.com media.flixcar.com snippets.freshchat.com scontent.webcollage.net media.flixfacts.com wchat.freshchat.com display.ugc.bazaarvoice.com www.googletagmanager.com image.smythstoys.com cdnjs.cloudflare.com static.geetest.com; img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google.co.uk *.googleapis.com www.google.vg *.facebook.net www.google.com display.ugc.bazaarvoice.com www.google.ch network-eu.bazaarvoice.com scontent.webcollage.net i.ytimg.com *.online-metrix.net images.woosmap.com www.google.ie event.syndigo.cloud maps.googleapis.com cdnjs.cloudflare.com www.google.de www.google.at photos-eu.bazaarvoice.com *.doubleclick.net widgets.trustedshops.com maps.gstatic.com www.google-analytics.com smyths.circulator.com bat.bing.com api.woosmap.com content.syndigo.com media.flixcar.com www.googletagmanager.com www.facebook.com webapp.woosmap.com network-eu-a.bazaarvoice.com event.webcollage.net www.google.nl www.instagram.com static.geetest.com *.cloudfront.net eu.klarnaevt.com smedia.webcollage.net image.smythstoys.com rt.flix360.com media.flixfacts.com; frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: wchat.eu.freshchat.com display.ugc.bazaarvoice.com www.googletagmanager.com media.flixcar.com www.usemaxserver.de www.youtube.com www.youtube-nocookie.com *.online-metrix.net *.hotjar.com js.klarna.com www.google.com www.facebook.com www.recaptcha.net; connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: api.woosmap.com api.trustedshops.com bat.bing.com eu.klarnaevt.com www.google.com apps.bazaarvoice.com in.hotjar.com *.doubleclick.net smedia.webcollage.net www.instagram.com vc.hotjar.io image.smythstoys.com content.syndigo.com adservice.google.com www.facebook.com webapp-conf.woosmap.com www.google-analytics.com network-eu.bazaarvoice.com www.googletagmanager.com euc-widget.freshworks.com media.flixcar.com; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: display.ugc.bazaarvoice.com sdk.woosmap.com h.online-metrix.net www.myhermes.co.uk media.flixfacts.com scontent.webcollage.net content.webcollage.net image.smythstoys.com apps.bazaarvoice.com www.googleadservices.com www.google.com static.hotjar.com api.bazaarvoice.com bat.bing.com psf.myhermes.co.uk media.flixcar.com code.jquery.com api.geetest.com www.googletagmanager.com content.syndigo.com script.hotjar.com classic.myhermes.co.uk euc-widget.freshworks.com wchat.freshchat.com syndi.webcollage.net www.youtube.com webapp.woosmap.com www.recaptcha.net static.geetest.com analytics-static.ugc.bazaarvoice.com x.klarnacdn.net maps.googleapis.com connect.facebook.net network-eu.bazaarvoice.com widgets.trustedshops.com www.gstatic.com snippets.freshchat.com www.google-analytics.com prod.flixgvid.flix360.io cdnjs.cloudflare.com www.usemaxserver.de; form-action  www.smythstoys.com secureacceptance.cybersource.com www.facebook.com; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: js.klarna.com; report-uri /csp_report 1
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval' ; report-uri https://events.ocdn.eu/v2/csp-report?_ac=events&_fv=www.forbes.pl::PROD 1
script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: tpc.googlesyndication.com v1.addthisedge.com ajax.googleapis.com z.moatads.com snap.licdn.com www.googletagservices.com cdn.ampproject.org maps.googleapis.com adservice.google.com www.google-analytics.com m.addthis.com www.google.com adservice.google.ca www.googletagmanager.com s7.addthis.com *.doubleclick.net c.disquscdn.com hejarticles.disqus.com pagead2.googlesyndication.com api-public.addthis.com www.gstatic.com testserver.higheredjobs.com; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob:; frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: tpc.googlesyndication.com disqus.com *.doubleclick.net s7.addthis.com *.googlesyndication.com www.google.com; style-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: maxcdn.bootstrapcdn.com fonts.googleapis.com testserver.higheredjobs.com; form-action  www.higheredjobs.com; font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: testserver.higheredjobs.com fonts.gstatic.com maxcdn.bootstrapcdn.com tpc.googlesyndication.com; img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google-analytics.com px.ads.linkedin.com p.adsymptotic.com testserver.higheredjobs.com cdn.viglink.com maps.gstatic.com dc.ads.linkedin.com www.google.com www.jobelephant.com *.doubleclick.net m.addthis.com maps.googleapis.com px4.ads.linkedin.com links.services.disqus.com pagead2.googlesyndication.com tpc.googlesyndication.com www.googletagmanager.com www.higheredmilitary.com; connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: api-public.addthis.com www.google-analytics.com cdn.ampproject.org pagead2.googlesyndication.com links.services.disqus.com m.addthis.com tpc.googlesyndication.com *.doubleclick.net csi.gstatic.com; report-uri /csp_report 1
font-src *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.cordialdev.com *.cordial.com *.yotpo.com https://www.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com assets.braintreegateway.com player.vimeo.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.cordialdev.com *.cordial.com *.cordial.io cdn.dnky.co webchat.dotdigital.com *.yotpo.com https://d.news.rockler.com https://www.google.com https://www.youtube.com https://bid.g.doubleclick.net https://gum.criteo.com https://www.facebook.com  https://photos.pixlee.co 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.yotpo.com https://www.rockler.com https://hello.zonos.com https://www.adelixir.com https://www.lightboxcdn.com https://static-na.payments-amazon.com https://d2ldlvi1yef00y.cloudfront.net https://rockler.com https://wac.edgecastcdn.net https://www.googletagmanager.com https://d3cgm8py10hi0z.cloudfront.net https://rn129l.a.searchspring.io https://www.google.com https://ct.pinterest.com https://bat.bing.com https://www.facebook.com https://www.turnto.com https://storemapper-herokuapp-com.global.ssl.fastly.net https://maps.gstatic.com https://go.rockler.com https://maps.googleapis.com 'self' data:;' https://dis.criteo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com cdn-scripts.signifyd.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.cordialdev.com *.cordial.com track.cordial.io r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com https://cdn.searchspring.net *.yotpo.com https://www.googleoptimize.com https://hello.zonos.com https://js-agent.newrelic.com https://www.googletagmanager.com https://d.news.rockler.com https://www.googlecommerce.com https://www.google.com https://apis.google.com https://www.lightboxcdn.com https://www.gstatic.com https://lightboxapi.azurewebsites.net https://bam-cell.nr-data.net https://www.adelixir.com https://cdn.iglobalstores.com https://widgets.turnto.com https://cdn-ws.turnto.com https://bat.bing.com https://s.pinimg.com https://connect.facebook.net https://rum.layer0.co https://googleads.g.doubleclick.net https://static.criteo.net https://sslwidget.criteo.com https://www.storemapper.co https://storemapper-herokuapp-com.global.ssl.fastly.net https://maps.googleapis.com https://static.www.turnto.com https://maxcdn.bootstrapcdn.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.yotpo.com *.googleapis.com https://cdn.searchspring.net https://www.lightboxcdn.com https://widgets.turnto.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com payments.sandbox.braintree-api.com origin-analytics-sand.sandbox.braintree-api.com assets.braintreegateway.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.cordialdev.com *.cordial.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com *.yotpo.com https://hello.zonos.com https://track.cordial.io https://bam-cell.nr-data.net https://www.google-analytics.com https://rn129l.a.searchspring.io https://cdn-ws.turnto.com https://we.turnto.com https://beacon.searchspring.io https://stats.g.doubleclick.net https://ct.pinterest.com https://rum.ingress.layer0.co https://d.news.rockler.com https://www.paypal.com https://js.authorize.net https://api.keen.io https://ws.turnto.com https://se.news.rockler.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
media-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: cdn.discovery.co.za *.cloudfront.net; font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: fonts.gstatic.com static3.avast.com www.discovery.co.za; style-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.discovery.co.za www.googletagmanager.com fonts.googleapis.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com; img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: analytics.tiktok.com *.doubleclick.net maps.gstatic.com p.adsymptotic.com www.google.com px.ads.linkedin.com www.google-analytics.com www.googletagmanager.com cdn-ukwest.onetrust.com www.facebook.com t.co www.google.co.za www.google.co.in maps.googleapis.com www.instagram.com connect.facebook.net *.cloudfront.net www.discovery.co.za api.feefo.com analytics.google.com digital.discsrv.co.za; object-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.doubleclick.net; frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.cloudfront.net *.doubleclick.net www.googletagmanager.com www.youtube.com cdn-ukwest.onetrust.com universal.iperceptions.com www.discovery.co.za www.google.com www.facebook.com maps.google.co.za; connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: px.ads.linkedin.com analytics.google.com fonts.googleapis.com collect.feefo.com maps.googleapis.com www.google.co.in www.google.com cdn.ampproject.org connect.facebook.net maps.gstatic.com www.google.co.za privacyatdiscovery.my.onetrust.com *.doubleclick.net fonts.gstatic.com api.feefo.com analytics.tiktok.com cdn-ukwest.onetrust.com adservice.google.com www.facebook.com www.discovery.co.za www.google-analytics.com www.googletagmanager.com api.iperceptions.com; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.googletagmanager.com register.feefo.com www.youtube.com *.doubleclick.net www.google.co.za analytics.tiktok.com cdn.ampproject.org www.googleadservices.com maps.googleapis.com connect.facebook.net universal.iperceptions.com api.feefo.com www.google.com 20584727p.rfihub.com analytics.twitter.com *.ads-twitter.com snap.licdn.com cdn-ukwest.onetrust.com localhost:8000 www.google-analytics.com geolocation.onetrust.com ajax.googleapis.com; form-action  www.discovery.co.za www.facebook.com; manifest-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.discovery.co.za; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob:; report-uri /csp_report 1
default-src 'self'; base-uri 'self'; object-src 'none'; upgrade-insecure-requests; connect-src 'self' 'unsafe-inline' https://www.google-analytics.com https://geo.geo-svc.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://geo.geo-svc.com https://www.google-analytics.com/analytics.js https://ssl.google-analytics.com https://api.bing.com https://www.google.com *.homepage-web.com; img-src 'self' https://www.google-analytics.com https://ssl.google-analytics.com; style-src 'self' 'unsafe-inline'; Form-action 'self'; Frame-ancestors 'none'; worker-src 'none'; report-uri https://csp.d47wgg8.com 1
script-src 'nonce-3c488af65b4ab4e00cfbfa42834a9581' 'strict-dynamic' 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'unsafe-inline'; report-uri /_/_/csp_report/?reportonly , script-src 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'unsafe-inline'; default-src 'self' 'unsafe-inline' blob: data: *.pinimg.com *.pinterest.com accounts.google.com fonts.gstatic.com fonts.googleapis.com use.typekit.net; frame-src *; img-src * data: blob:; connect-src *; worker-src * blob:; report-uri /_/_/csp_report/?reportonly 1
script-src 'self' https://cloud.typography.com/7315076/7256812/css/fonts.css; object-src 'none'; report-uri /report-csp-violation 1
base-uri 'self'; object-src 'none'; default-src 'self' *.goconqr.com; font-src 'self' *.goconqr.com cdnjs.cloudflare.com/ajax/libs/mathjax/ fonts.gstatic.com use.typekit.net static3.avast.com; img-src 'self' *.goconqr.com www.google-analytics.com googleads.g.doubleclick.net www.google.com https: http: data: blob:; style-src 'self' *.goconqr.com cdn.ckeditor.com 'unsafe-inline'; media-src 'self' *.goconqr.com examtimeassets.s3.amazonaws.com blob:; frame-src 'self' cdn.embedly.com www.facebook.com www.google.com bid.g.doubleclick.net *.safeframe.googlesyndication.com tpc.googlesyndication.com console.googletagservices.com *.adyen.com; frame-ancestors 'self' teams.microsoft.com; connect-src 'self' *.goconqr.com examtimeassets.s3.amazonaws.com cdn.ampproject.org https://www.google-analytics.com www.google-analytics.com cdnjs.cloudflare.com/ajax/libs/mathjax/ *.g.doubleclick.net currency.prebid.org fastlane.rubiconproject.com ap.lijit.com pagead2.googlesyndication.com quantcast.mgr.consensu.org quantcount.com csi.gstatic.com *.quantcast.mgr.consensu.org bam-cell.nr-data.net sentry.io www.google.com/ads/ga-audiences www.google.co.uk/ads/ga-audiences https://attestation.android.com https://www.google.com.mx https://www.google.com.br https://www.google.es https://www.google.com.co; script-src 'strict-dynamic' 'unsafe-eval' http: https: 'sha256-d9XnPH2UeLE4ZIxAW92XxljxF6iRBQ2hcRK747NtUU0=' 'sha256-5pEs+3B/Gp24r5V8KZOMyyRObfhC7m/Wmex073IDg9c=' 'sha256-viXT3F55iT37gzZK3ODZfO/Kk6RtVi+Jlci1pQ0WNRc=' 'sha256-G2XP5HnImy8n0twdXd1PZxOYrOdF7wXhQ85A13aMhH4=' 'sha256-5uOh23h3UDh0Yb4Pal+G8VzAncGyFu956FzWZrtvNNo=' 'sha256-pG43LwrJnkOxJaTWF09Hf6g/y/Wfc3YVI4TBz5ucHHc=' 'sha256-HTObvTsMIGENrwrcLAfuyOucH0QDOYW/bs1Obfl+hsE=' 'sha256-JmfSYL21kVeagzQNLulbpuX6o0cOcO4wMm/7HpGXA1M=' 'sha256-UfWb8O5fhmKfFM10h8XZ4LEmhrIqdDIrfhQ2bacKoBc=' 'sha256-X2EXVv2rAEUEjdhV1AwVungcNMr/h70PtyVdCFUGAYw=' 'sha256-XV6mbxNow3cIrpotJTCibobCPNYsmLdD1CmuA7hZ80I=' 'sha256-cWZXN+qdVmJBwQMWEVtUJ7N7UUs8dyV5uBEBrdTiRJE=' 'sha256-HEowXtWIMynWjCVhCnvmDvRDoH2dhabLIj8RJiLd4M8=' 'sha256-G9N9nGHPjf2OBnDUpAV5kc383oHQkhlsa0rmMOt2RPk=' 'sha256-yQ16fjos7I8f/f2M+G58NeiNQaMjnPWH8qF+15AYLCQ=' 'sha256-h6+c7gUBCZzTZF5MHljrlin+kkRPtgPdmL3WaV7+r+I=' 'sha256-NldEQx25+MVbLsjjhdLy+UiMNOFuENi9K7Iih1EPraA=' 'sha256-aoSOP9NMIbV9x5zzee3HpDNAfFK0O/+TmVwmWAW8iQ8=' 'sha256-zL4kGoGsxqKEdjsrawBmCIR2abZGoAdmXkppzAYmmi4=' 'sha256-wgv5UuzgDDpRuwmG9q+wCgQoUMu5H0dP7S1ZBEU754E=' 'sha256-cNCBMHrkELHwU+zaTvRR3Fk75drBTg64cHnC1raAkEU=' 'sha256-LhQbIL5NiB1TKafUN6+l6nmWtbf7DfK6cjAieyxV4ws=' 'sha256-sEDLL+QP//lET3aM4TpiGW1nZnFDR0hafnMPrXDBYzI=' 'sha256-tNW6B1FDKIpb5cNXmd5oh8xDPPa3VsNnRWPf14eHRR0=' 'sha256-E+vIM/MTGXZIu2jKOs57bOzFVdAMzo3ToZfpMh3tj30=' 'sha256-TxH4c4cWnf/BA+tEuUpBKD5Mb+UHUseXNdy6oSz+fQk=' 'sha256-RkcZ4sqaMI6MaYHm7w5Yt0r1VnguE+vGXzY3G/s2odU=' 'sha256-5JILXzvSbc32m0UDL+8dR+mM6A8UcpSArg69yTqszHk=' 'nonce-Pm2yORkUNAFCrTGOrcXSgg=='; report-uri /csp_reports 1
default-src 'self' blob: data: https: *.px-cloud.net pxchk.net px-client.net *.google.com *.criteo.com *.facebook.com *.pinterest.com *.fullstory.com *.bing.com *.gstatic.com 'unsafe-inline' 'unsafe-eval'; object-src *.online-metrix.net; script-src *.discovercard.com *.discover.com *.aexp-static.com *.mastercard.com d3eaqalnfsy4sn.cloudfront.net woobox.com *.instagram.com *.jquery.com *.px-cdn.net *.perimeterx.net *.iesnare.com d29usylhdk1xyu.cloudfront.net rpxnow.com *.googleapis.com *.bazaarvoice.com *.youtube.com *.truefitcorp.com *.getsidecar.com *.verisign.com d3m83gvgzupli.cloudfront.net *.pcapredict.com *.visa.com *.online-metrix.net *.agkn.com *.agilone.com *.gstatic.com 'unsafe-inline' 'unsafe-eval' 'self' *.affirm.com *.postcodeanywhere.co.uk *.attn.tv *.yottaa.net *.coremetrics.com *.monetate.net *.googletagmanager.com *.google-analytics.com *.criteo.net *.murdoog.com *.facebook.net *.ads-twitter.com *.pinimg.com fullstory.com *.signifyd.com *.bing.com *.rejoiner.com d3v27wwd40f0xu.cloudfront.net *.google.com *.impactradius-event.com *.googlecommerce.com *.liveperson.net *.fullstory.com *.twitter.com *.criteo.com *.lpsnmedia.net *.moosejaw.com googleads.g.doubleclick.net *.googleadservices.com *.xg4ken.com; report-uri https://qoe-1.yottaa.net/_/csp-reports?siteKey=g3UgcLo4h3Ycdg 1
child-src 'self'; connect-src 'self' https://*.amazonaws.com https://*.are.na https://*.cloudfront.net https://*.google-analytics.com https://*.pusher.com wss://*.pusherapp.com; default-src 'self'; font-src 'self' chrome-extension: data: http://*.gstatic.com https://*.cloudfront.net https://*.gstatic.com; frame-src 'self' https://*.are.na https://*.embedly.com https://*.google.com https://*.instagram.com https://*.s3.amazonaws.com https://*.stripe.com https://*.vimeo.com; img-src 'self' data: http://*.gstatic.com https://*.are.na https://*.cloudfront.net https://*.ctfassets.net https://*.google-analytics.com https://*.gstatic.com https://*.s3.amazonaws.com https://*.ytimg.com https://gravatar.com; manifest-src 'self'; media-src 'self' http://*.gstatic.com https://*.gstatic.com; object-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: http://*.gstatic.com https://*.are.na https://*.cloudfront.net https://*.google-analytics.com https://*.google.com https://*.gstatic.com https://*.pusher.com https://*.stripe.com https://instant.page; style-src 'self' 'unsafe-inline' https://*.are.na https://*.cloudfront.net; worker-src 'self'; prefetch-src 'self'; report-uri https://reports-api.sqreen.io/browser/v0/csp-violations/csp_c2f690c70bd2203791fa5b65771c7bbb 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data: 'unsafe-inline'; report-uri /csp-report 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' https:; report-uri https://usercontent.mobileread.org/csp-report 1
script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: cdn.pricespider.com d10lpsik1i8c69.cloudfront.net code.jquery.com analytics.twitter.com e.cquotient.com ws.rightonin.com bat.bing.com m.addthis.com www.google-analytics.com apps.bazaarvoice.com www.googletagmanager.com *.doubleclick.net display.ugc.bazaarvoice.com *.googleapis.com ww.steelhousemedia.com 514007238.collect.igodigital.com js.adsrvr.org px.steelhous